From patchwork Mon Apr 25 08:34:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 12825391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E463DC433F5 for ; Mon, 25 Apr 2022 08:34:45 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.312512.529775 (Exim 4.92) (envelope-from ) id 1niuAu-00076y-Hn; Mon, 25 Apr 2022 08:34:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 312512.529775; Mon, 25 Apr 2022 08:34:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niuAu-00076r-Ef; Mon, 25 Apr 2022 08:34:28 +0000 Received: by outflank-mailman (input) for mailman id 312512; Mon, 25 Apr 2022 08:34:26 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niuAs-0005mk-D8 for xen-devel@lists.xenproject.org; Mon, 25 Apr 2022 08:34:26 +0000 Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [194.104.111.102]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8385b456-c472-11ec-a405-831a346695d4; Mon, 25 Apr 2022 10:34:25 +0200 (CEST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05lp2106.outbound.protection.outlook.com [104.47.17.106]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id de-mta-18-ToR_TdrHMMC6fmfo9YEqkA-1; Mon, 25 Apr 2022 10:34:23 +0200 Received: from DU2PR04MB8616.eurprd04.prod.outlook.com (2603:10a6:10:2db::16) by PA4PR04MB9567.eurprd04.prod.outlook.com (2603:10a6:102:26d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Mon, 25 Apr 2022 08:34:22 +0000 Received: from DU2PR04MB8616.eurprd04.prod.outlook.com ([fe80::5cb0:5195:4203:7c2f]) by DU2PR04MB8616.eurprd04.prod.outlook.com ([fe80::5cb0:5195:4203:7c2f%9]) with mapi id 15.20.5186.021; Mon, 25 Apr 2022 08:34:22 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8385b456-c472-11ec-a405-831a346695d4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=mimecast20200619; t=1650875665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vWBl6T/hSAOh0rV2Tz0Vc2i51OiQePKLr7zssMhmHEk=; b=iJiO3at5AyhaD0pkDvAEjgaCB5m8onj+KmNiCfFcLDWcZoMRrct/X6zKtMoJLivPRPtRu6 ap5MJEkS7H3C5i3SISR2GIBH6LsKtsEkHdlsk8B9UzLZVQijgI7kOqMVn4kwDFLsZ23oZK +1+I+Igtk3OAmSXyNwwYyJrYJndFtuc= X-MC-Unique: ToR_TdrHMMC6fmfo9YEqkA-1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V0iGxl19zlvHtS3x5PhrvJpKskoHfSjw4QFkmEUlnoe4XsXV1kd15gmM3wGd/HxYM5Q8Vy3yk0ubzTMBmdEdvRu1m4NypasjLdznmNxepBO4sGSLuPVq0v/LzibQPEls9j95zZEs0wWbBkVYP6Yt88ji60T16PnAkHWiNLSsPFzgZ8+uTLySvhCAz+RBQuTNzJJDD7Vycxn6J+9GTvSb7NvvrIO7oarSs1FaLiYoQR+EnjYBV6Dq+svZ7PChMQF/raZQmjjbiqu4LFyxzDQW4cuqVPOMPDAlEpnSjqGzLvdkPDPqegSXsbiiW+vnN/oMsPB8u64SV93QoVob2WpMxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vWBl6T/hSAOh0rV2Tz0Vc2i51OiQePKLr7zssMhmHEk=; b=k+Fk7Qn+W8Fsa4Er9wdyHjq93t096ejQv6HNToG/ihkdjbPAxKbJ3N8Wu6pKb19MyyNivpQ32CATspIUGN7MV7n56bBWTyGXdncVgTi1ekkPCAMmD61ynEsIe/1CDpliXNLg2WPYjhEmUrCp5z79BB5ll0dBYgSh8ecDu3cc3IvC73Dv1VZeg0ohCpBkZkuZajCqQ1liZ+gP604Nj6GqAjdjtnalNvC6cbnL4BSWfTo7g1Qx7MpClZK2lj2Dt38uuAKwBJAvYbZ9968XwjKTc7Ltx+G6AqZDVnK03WhiuD47pnX8dEeXtdFVeFNVUYiF6xNMz12Dm4NrVoB736yZXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <5cb4dc1b-f6b0-89cc-e21c-a27a5daf0290@suse.com> Date: Mon, 25 Apr 2022 10:34:23 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: [PATCH v4 05/21] IOMMU/x86: restrict IO-APIC mappings for PV Dom0 Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Paul Durrant , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: In-Reply-To: X-ClientProxiedBy: AS9PR0301CA0011.eurprd03.prod.outlook.com (2603:10a6:20b:468::32) To DU2PR04MB8616.eurprd04.prod.outlook.com (2603:10a6:10:2db::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6f64066d-4dbd-41a9-cb13-08da269665f7 X-MS-TrafficTypeDiagnostic: PA4PR04MB9567:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oFkPV4GsiJRxgpE1BeGJBz8SYMYoymPfzbD69Z2LcS11JqaXwU1lENuhXfwNEIQU53YZu8RdqqL17vesN8IibrTjGHbBNEUn+0yHin/hhO8Ynp+pWC7zOyKOp9/bFzCONNiALZ8+f1xB/8q9XDtcIAzIS/yh76TUClHpBGsj6u0iZylbfvrxh3eeFswBabaU/hartMgJpA1b1bCDw4UxME1L1/XQC/JTD3PZJRCPSufqQ7spV11Q95XMkTaIkq5v3MMkdBNj77o0fInzY2SSRzRupaMK8WzcCgn3FyvogJTqssDGKpOG5Wc4ZmSyIZqK3fymW1hnawI19+0e6z52hNumEQqu+eTwtWTkjrme4MpoJGa5mhCHwvi6EG+oXwufdppHfg5VzEsrx9EsnxZ6gdm8QEx12Vu8QimQVnF6llOiEA/arDgwiQzE2U2YYPEJ+ZL0dzhCM1O5XPR+wyt2m3O8YkLGcthYbP1vrEniRfk951rr1g3vheg4rvKIrgKVWGmej3vPpqLi87VM58H8NoXTifg2P5cuo1WoD9ftxTvFvQBE07j1Hm9Lr2VHf4ZEhtQr9JkzCsXOMSWm9PC2KMweSA9pHz/68MjrGNgC0XfBHIJDDAttnqN7hfsBLdn4E/zcwJ1B8/9jhv6SISOPtmHUrkffQyhL60MF/AqHYCQEAE2tDGnYzPbcTErBJlyjNajsg/+ZdW/47gDrNEAWQu9aFT/sewfAm6LkvxC+PTA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8616.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(36756003)(31696002)(5660300002)(508600001)(31686004)(54906003)(6512007)(2616005)(66476007)(6916009)(316002)(186003)(2906002)(83380400001)(4326008)(8676002)(86362001)(38100700002)(6486002)(66556008)(26005)(66946007)(6506007)(8936002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?CK/1eJNOlSqCrdxovQppPSdhdhf9?= =?utf-8?q?UzwDo2nQJe51YSZuJYH+vAXhGNcke8sPhryERs1vFyLZ81qvUqAnqPydJAcDuVC3L?= =?utf-8?q?+ZMFkcq1eoqImHfw2kYTbsaE3h4MKOBlSUcasGYAPL3OXz7OUqwLyPjhg8v1XNjC3?= =?utf-8?q?e+xOrwPgEtY428w3faKgswshy5QN/QfYtWsvSZC6QZdb6BygbWKwBu8onTOm/SZ91?= =?utf-8?q?8gJMVr9vIY9H9U/W/nMzgWcLTtJFm4TJI3P4PsKLh+O1m8UTL2pGqjGYgD1I34xQF?= =?utf-8?q?znuQEykCwR9wKMKE0kL8hSGbkzNmoF/JG391A5pcB7+YmM3fG6vX9WZiCYvM1REQf?= =?utf-8?q?Cc9iFVjuUAhzy+foBGuI0XfWf2xP4hkrAZscanyDqp/LJyeAEPSyCktFnHgWsCJh+?= =?utf-8?q?4jwAJ2gDmiSWkArifWVkDiVpnLHMiOJm6SaKss4LwY8PshcczQeNa9RkGgY7wO7Lt?= =?utf-8?q?JSFhWZzKkpK5kQS16V/m729hIoMcY98nenYwwgTqWGaX0HaE+IUYjM9xhVmnTBHDK?= =?utf-8?q?q3UWwTNZLtLLwf+pWbCMP1dzukNkj7q4iU/sVGK21QMq0ki7Fq+iSQ8WpftR+9hLq?= =?utf-8?q?Q85c7L9UMSx/zbX+G9+e8UtTaf/jJPHtOsmX0JLeoI/uWDXnhgF/E0Fnot8JD8lMw?= =?utf-8?q?A96I7ClkH4zYNkbrqxlAq6lcXjM/P6vGlUUo4yGKXip8mSJZDoSnCK0y1+FHmdr8F?= =?utf-8?q?MUgfX0QrSTGLo4W6yhpWJtoOqLjuEYehySwsH/UQPLToL8r1iOA2db/kKiOayc/Lv?= =?utf-8?q?aFv1BGVB4d26J6ghc0UUzcY5h34UJRj/xtlX4zD5XH6gx9vDoKLEPrjeWGzDK/0T1?= =?utf-8?q?LEvt0ZXiA+iKyPzcptKvuBG8CJ3AeAhfwUkJaqmppFLDc6p7w9VS5bKlQpYPPgl7H?= =?utf-8?q?NxNZbyGW2yaX7w4eHKOW9t5Spn4flw7gqgxgTp22Hnc7nMJiFfT8vFKc1d8uQH3Fg?= =?utf-8?q?RzYq5bB+txZUzdYsajUEmLS/hThdq077s720mPWVKqFMqHWF2sj7RDhg02zYLMlM9?= =?utf-8?q?EOHVX/VZ+RggJdJHo9TdCL/MApfslVB0S/INYHKgckh6FGRWKnNruWTkekuy75760?= =?utf-8?q?U3wd31ni6pBFimfa3uv89ghI0FcH8wjm0tcQStrI1g/wttKTeNhx8YHVc+tlXNSRX?= =?utf-8?q?Hg9ba7p0jGN47KqNXo/Ywl5x8dT3FJrgJ+dtOXtRhBAHAcAJJrvCI287zgzoLEVO6?= =?utf-8?q?2nca827Ai47PYh55VcWt7Z1V0mJS72CmxgrbPZAto3GQp+/6CNIXE9Iv0cwMylAAe?= =?utf-8?q?WkSY3qBWDNjNmNxoVLvEDitzIC1s6sAvfbJenc7bMPWF1Or3ptRDb27Wpp7DvqUTf?= =?utf-8?q?2SEweY+iWytguOyVY3/TQlZNtaOEGWo/VUM5Es2TyKJV8LeSDQ3PKdvNjOV+0YrJ9?= =?utf-8?q?HTQKwr8mvLrNhby+XhDHADCdpsb1ag2aec9KdIi0OQJUmCsC0ra1shghoNPPNM6Pi?= =?utf-8?q?rT/uNVqe5bObveslbxh9O/o2XXuVn/zkVNmlXwRmZXFH9JJVuBRzwxmgtHOsUnItd?= =?utf-8?q?4tc7hrM6MnxxGSjLhXd9z8tIGoXrhXVDWqFmI9GyqUT57kr8Mg6r+vTMSqSXrjIc1?= =?utf-8?q?c5hB1hsEKBN24Y7j9cwtDOxOM/MRUH0GSQDXKHsRn8C4kyPJfxxftw3Rl9Fb5A1hD?= =?utf-8?q?xqyOlYTgsj01dmOr68kNzylll+BXWkzw=3D=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f64066d-4dbd-41a9-cb13-08da269665f7 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8616.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2022 08:34:22.5596 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TciKBrwbBpsQ3N6GgoXP7HCYONyH21uWr1sC4JSnk0xhUhrH4Nw5vpj9X3loRaj71v4NcTbIYvPS/Ll4llKr8w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR04MB9567 While already the case for PVH, there's no reason to treat PV differently here, though of course the addresses get taken from another source in this case. Except that, to match CPU side mappings, by default we permit r/o ones. This then also means we now deal consistently with IO-APICs whose MMIO is or is not covered by E820 reserved regions. Signed-off-by: Jan Beulich --- [integrated] v1: Integrate into series. [standalone] v2: Keep IOMMU mappings in sync with CPU ones. --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -275,12 +275,12 @@ void iommu_identity_map_teardown(struct } } -static bool __hwdom_init hwdom_iommu_map(const struct domain *d, - unsigned long pfn, - unsigned long max_pfn) +static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, + unsigned long pfn, + unsigned long max_pfn) { mfn_t mfn = _mfn(pfn); - unsigned int i, type; + unsigned int i, type, perms = IOMMUF_readable | IOMMUF_writable; /* * Set up 1:1 mapping for dom0. Default to include only conventional RAM @@ -289,44 +289,60 @@ static bool __hwdom_init hwdom_iommu_map * that fall in unusable ranges for PV Dom0. */ if ( (pfn > max_pfn && !mfn_valid(mfn)) || xen_in_range(pfn) ) - return false; + return 0; switch ( type = page_get_ram_type(mfn) ) { case RAM_TYPE_UNUSABLE: - return false; + return 0; case RAM_TYPE_CONVENTIONAL: if ( iommu_hwdom_strict ) - return false; + return 0; break; default: if ( type & RAM_TYPE_RESERVED ) { if ( !iommu_hwdom_inclusive && !iommu_hwdom_reserved ) - return false; + perms = 0; } - else if ( is_hvm_domain(d) || !iommu_hwdom_inclusive || pfn > max_pfn ) - return false; + else if ( is_hvm_domain(d) ) + return 0; + else if ( !iommu_hwdom_inclusive || pfn > max_pfn ) + perms = 0; } /* Check that it doesn't overlap with the Interrupt Address Range. */ if ( pfn >= 0xfee00 && pfn <= 0xfeeff ) - return false; + return 0; /* ... or the IO-APIC */ - for ( i = 0; has_vioapic(d) && i < d->arch.hvm.nr_vioapics; i++ ) - if ( pfn == PFN_DOWN(domain_vioapic(d, i)->base_address) ) - return false; + if ( has_vioapic(d) ) + { + for ( i = 0; i < d->arch.hvm.nr_vioapics; i++ ) + if ( pfn == PFN_DOWN(domain_vioapic(d, i)->base_address) ) + return 0; + } + else if ( is_pv_domain(d) ) + { + /* + * Be consistent with CPU mappings: Dom0 is permitted to establish r/o + * ones there, so it should also have such established for IOMMUs. + */ + for ( i = 0; i < nr_ioapics; i++ ) + if ( pfn == PFN_DOWN(mp_ioapics[i].mpc_apicaddr) ) + return rangeset_contains_singleton(mmio_ro_ranges, pfn) + ? IOMMUF_readable : 0; + } /* * ... or the PCIe MCFG regions. * TODO: runtime added MMCFG regions are not checked to make sure they * don't overlap with already mapped regions, thus preventing trapping. */ if ( has_vpci(d) && vpci_is_mmcfg_address(d, pfn_to_paddr(pfn)) ) - return false; + return 0; - return true; + return perms; } void __hwdom_init arch_iommu_hwdom_init(struct domain *d) @@ -368,15 +384,19 @@ void __hwdom_init arch_iommu_hwdom_init( for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); + unsigned int perms = hwdom_iommu_map(d, pfn, max_pfn); int rc; - if ( !hwdom_iommu_map(d, pfn, max_pfn) ) + if ( !perms ) rc = 0; else if ( paging_mode_translate(d) ) - rc = p2m_add_identity_entry(d, pfn, p2m_access_rw, 0); + rc = p2m_add_identity_entry(d, pfn, + perms & IOMMUF_writable ? p2m_access_rw + : p2m_access_r, + 0); else rc = iommu_map(d, _dfn(pfn), _mfn(pfn), 1ul << PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable, &flush_flags); + perms, &flush_flags); if ( rc ) printk(XENLOG_WARNING "%pd: identity %smapping of %lx failed: %d\n",