|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [v8][PATCH 11/17] xen/x86/p2m: reject populating for reserved device memory mapping
> From: Chen, Tiejun
> Sent: Monday, December 01, 2014 5:24 PM
>
> We need to reject to populate reserved device memory mapping, and
> then make sure all reserved device memory can't be accessed by any
> !iommu approach.
>
> Signed-off-by: Tiejun Chen <tiejun.chen@xxxxxxxxx>
> ---
> xen/arch/x86/mm/p2m.c | 59
> +++++++++++++++++++++++++++++++++++++++++++++--
> xen/include/asm-x86/p2m.h | 9 ++++++++
> 2 files changed, 66 insertions(+), 2 deletions(-)
>
> diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
> index efa49dd..607ecd0 100644
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -556,6 +556,40 @@ guest_physmap_remove_page(struct domain *d,
> unsigned long gfn,
> gfn_unlock(p2m, gfn, page_order);
> }
>
> +/* Check if we are accessing rdm. */
> +int p2m_check_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr,
> + u32 id, void *ctxt)
> +{
> + xen_pfn_t end = start + nr;
> + unsigned int i;
> + u32 sbdf;
> + struct p2m_get_reserved_device_memory *pgrdm = ctxt;
> + struct domain *d = pgrdm->domain;
> +
> + if ( d->arch.hvm_domain.pci_force )
> + {
> + if ( pgrdm->gfn >= start && pgrdm->gfn < end )
> + return 1;
> + }
> + else
> + {
> + for ( i = 0; i < d->arch.hvm_domain.num_pcidevs; i++ )
> + {
> + sbdf = PCI_SBDF2(d->arch.hvm_domain.pcidevs[i].seg,
> + d->arch.hvm_domain.pcidevs[i].bus,
> + d->arch.hvm_domain.pcidevs[i].devfn);
> +
> + if ( sbdf == id )
> + {
> + if ( pgrdm->gfn >= start && pgrdm->gfn < end )
> + return 1;
> + }
> + }
> + }
> +
> + return 0;
> +}
> +
> int
> guest_physmap_add_entry(struct domain *d, unsigned long gfn,
> unsigned long mfn, unsigned int page_order,
> @@ -568,6 +602,7 @@ guest_physmap_add_entry(struct domain *d, unsigned
> long gfn,
> mfn_t omfn;
> int pod_count = 0;
> int rc = 0;
> + struct p2m_get_reserved_device_memory pgrdm;
>
> if ( !paging_mode_translate(d) )
> {
> @@ -686,8 +721,28 @@ guest_physmap_add_entry(struct domain *d,
> unsigned long gfn,
> /* Now, actually do the two-way mapping */
> if ( mfn_valid(_mfn(mfn)) )
> {
> - rc = p2m_set_entry(p2m, gfn, _mfn(mfn), page_order, t,
> - p2m->default_access);
> + pgrdm.gfn = gfn;
> + pgrdm.domain = d;
> + if ( !is_hardware_domain(d) && iommu_use_hap_pt(d) )
why is this check only for shared case?
> + {
> + rc =
> iommu_get_reserved_device_memory(p2m_check_reserved_device_memory,
> + &pgrdm);
> + /* We always avoid populating reserved device memory. */
> + if ( rc == 1 )
> + {
> + rc = -EBUSY;
> + goto out;
> + }
> + else if ( rc < 0 )
> + {
> + printk(XENLOG_G_WARNING
> + "Can't check reserved device memory for
> Dom%d.\n",
> + d->domain_id);
> + goto out;
> + }
> + }
> +
> + rc = p2m_set_entry(p2m, gfn, _mfn(mfn), page_order, t,
> p2m->default_access);
> if ( rc )
> goto out; /* Failed to update p2m, bail without updating m2p.
> */
>
> diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
> index 5f7fe71..99f7fb7 100644
> --- a/xen/include/asm-x86/p2m.h
> +++ b/xen/include/asm-x86/p2m.h
> @@ -709,6 +709,15 @@ static inline unsigned int
> p2m_get_iommu_flags(p2m_type_t p2mt)
> return flags;
> }
>
> +struct p2m_get_reserved_device_memory {
> + unsigned long gfn;
> + struct domain *domain;
> +};
> +
> +/* Check if we are accessing rdm. */
> +extern int p2m_check_reserved_device_memory(xen_pfn_t start,
> xen_ulong_t nr,
> + u32 id, void *ctxt);
> +
> #endif /* _XEN_P2M_H */
>
> /*
> --
> 1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |