[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH for-4.9] xen/arm: acpi: Map MMIO on fault in stage-2 page table for the hardware domain
On Thu, 30 Mar 2017, Julien Grall wrote: > When booting using ACPI, not all MMIOs can be discovered by parsing the > static tables or the UEFI memory map. A lot of them will be described in > the DSDT. However, Xen does not have an AML parser which requires us to > find a different approach. > > During the first discussions on supporting ACPI (see design doc [1]), it > was decided to rely on the hardware domain to make a request to the > hypervisor to map the MMIO region in stage-2 page table before accessing > it. This approach works fine if the OS has limited hooks to modify the > page tables. > > In the case of Linux kernel, notifiers have been added to map > the MMIO regions when adding a new AMBA/platform device. Whilst this is > covering most of the MMIOs, some of them (e.g OpRegion, ECAM...) are not > related to a specific device or the driver is not using the > AMBA/platform API. So more hooks would need to be added in the code. > > Various approaches have been discussed (see [2]), one of them was to > create stage-2 mappings seamlessly in Xen upon hardware memory faults. > This approach was first ruled out because it relies on the hardware > domain to probe the region before any use. So this would not work when > DMA'ing to another device's MMIO region when the device is protected by > an SMMU. It has been pointed out that this is a limited use case compare > to DMA'ing between MMIO and RAM. > > This patch implements this approach. All MMIOs region will be mapped in > stage-2 using p2m_mmio_direct_c (i.e normal memory outer and inner > write-back cacheable). The stage-1 page table will be in control of the > memory attribute. This is fine because the hardware domain is a trusted > domain. > > Note that MMIO will only be mapped on a data abort fault. It is assumed > that it will not be possible to execute code from MMIO > (p2m_mmio_direct_c will forbid that). > > As mentioned above, this solution will cover most of the cases. If a > platform requires to do DMA'ing to another device's MMIO region without > any access performed by the OS. Then it will be expected to have > specific platform code in the hypervisor to map the MMIO at boot time or > the OS to use the existing hypercalls (i.e XENMEM_add_to_add_physmap{,_batch}) > before any access. > > [1] https://lists.xen.org/archives/html/xen-devel/2015-11/msg00488.html > [2] https://marc.info/?l=linux-arm-kernel&m=148469169210500&w=2 > > Signed-off-by: Julien Grall <julien.grall@xxxxxxx> > > --- > This patch is a candidate for Xen 4.9. Whilst the last posting date > was few days ago, I think it would be good to have this patch in the > next release. Although ACPI support for ARM64 is still a technical > preview, it would help servers to test Xen upstream on their platform > with ACPI and provide feedback on missing features. > > All the code is gated by !acpi_disabled and therefore will not be > executed on when using Device Tree. > > RM hat on: I will leave the decision to Stefano. > > Shanker: You mentioned offline that you tested the patch. May I add > your tested-by? > > --- > xen/arch/arm/traps.c | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c > index 614501f761..ebf915bb3b 100644 > --- a/xen/arch/arm/traps.c > +++ b/xen/arch/arm/traps.c > @@ -32,6 +32,7 @@ > #include <xen/perfc.h> > #include <xen/virtual_region.h> > #include <xen/mem_access.h> > +#include <xen/iocap.h> > #include <public/sched.h> > #include <public/xen.h> > #include <asm/debugger.h> > @@ -49,6 +50,7 @@ > #include <asm/gic.h> > #include <asm/vgic.h> > #include <asm/cpuerrata.h> > +#include <asm/acpi.h> > > /* The base of the stack must always be double-word aligned, which means > * that both the kernel half of struct cpu_user_regs (which is pushed in > @@ -2534,6 +2536,35 @@ static bool try_handle_mmio(struct cpu_user_regs *regs, > return !!handle_mmio(info); > } > > +/* > + * When using ACPI, most of the MMIO regions will be mapped on-demand > + * in stage-2 page tables for the hardware domain because Xen is not > + * able to know from the EFI memory map the MMIO regions. > + */ > +static bool try_map_mmio(gfn_t gfn) > +{ > + struct domain *d = current->domain; > + > + /* For the hardware domain, all MMIOs are mapped with GFN == MFN */ > + mfn_t mfn = _mfn(gfn_x(gfn)); > + > + /* > + * Device-Tree should already have everything mapped when building > + * the hardware domain. > + */ > + if ( acpi_disabled ) > + return false; > + > + if ( d != hardware_domain ) is_hardware_domain(d) > + return false; > + > + /* The hardware domain can only map permitted MMIO regions */ > + if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn) + 1) ) > + return false; Because of the potential of causing problems with DMA to device MMIO, I would add a warning here, something like: dprintk(XENLOG_WARNING, "Mapping gfn=mfn=%"PRI_gfn" to Dom%d\n", d->domain_id); I hope that it will help us debug issues when/if we'll actually encounter such a case. > + return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); > +} > + > static void do_trap_data_abort_guest(struct cpu_user_regs *regs, > const union hsr hsr) > { > @@ -2611,6 +2642,9 @@ static void do_trap_data_abort_guest(struct > cpu_user_regs *regs, > if ( !mfn_eq(mfn, INVALID_MFN) ) > return; > > + if ( try_map_mmio(_gfn(paddr_to_pfn(info.gpa))) ) > + return; > + > break; > default: > gprintk(XENLOG_WARNING, "Unsupported DFSC: HSR=%#x DFSC=%#x\n", > -- > 2.11.0 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |