Xen project Mailing List

Re: [PATCH for-4.20?] x86/dom0: be less restrictive with the Interrupt Address Range

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Thu, 13 Feb 2025 10:06:26 +0100

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: oleksii.kurochko@xxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jürgen Groß <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 13 Feb 2025 09:06:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 12.02.2025 16:38, Roger Pau Monne wrote: > --- a/xen/arch/x86/dom0_build.c > +++ b/xen/arch/x86/dom0_build.c > @@ -555,10 +555,6 @@ int __init dom0_setup_permissions(struct domain *d) > if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) > rc |= iomem_deny_access(d, mfn, mfn); > } > - /* MSI range. */ > - rc |= iomem_deny_access(d, paddr_to_pfn(MSI_ADDR_BASE_LO), > - paddr_to_pfn(MSI_ADDR_BASE_LO + > - MSI_ADDR_DEST_ID_MASK)); For this one, yes, I can see the LAPIC counterpart a few lines up from here (as the description says). In arch_iommu_hwdom_init(), however, I can't. Where's that? > --- a/xen/drivers/passthrough/x86/iommu.c > +++ b/xen/drivers/passthrough/x86/iommu.c > @@ -475,11 +475,6 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) > if ( rc ) > panic("IOMMU failed to remove Xen ranges: %d\n", rc); > > - /* Remove any overlap with the Interrupt Address Range. */ > - rc = rangeset_remove_range(map, 0xfee00, 0xfeeff); > - if ( rc ) > - panic("IOMMU failed to remove Interrupt Address Range: %d\n", rc); Besides being puzzled by the use of literal numbers here, why was this necessary in the first place? Or in other words, why do we not respect the domain's ->iomem_caps here (irrespective of iommu_hwdom_{inclusive,reserved}), thus making sure we don't allow access to anything dom0_setup_permissions() denies? There is iomem_access_permitted() checking in identity_map() for PV, but no equivalent for PVH that I could spot. If that was checked somewhere, my question on the earlier hunk would then also be addressed, of course. Further, with the expectation for the UCSI region to eventually be marked ACPI_NVS, how's that going to help here? The loop over the E820 map a few lines up from here doesn't make any mappings for E820_{ACPI,NVS}. (later) Oh, pvh_setup_acpi() does map them, and it running after iommu_hwdom_init() the mappings should be made in both page tables (if not shared). Which gets me to a tangential question though: Am I failing to spot where we avoid, for the shared page tables case, doing all the work arch_iommu_hwdom_init() does? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.