From patchwork Mon Feb 17 10:18:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Teddy Astie X-Patchwork-Id: 13977470 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7399FC021AA for ; Mon, 17 Feb 2025 10:18:37 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.890008.1299093 (Exim 4.92) (envelope-from ) id 1tjyCr-0001fo-Ni; Mon, 17 Feb 2025 10:18:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 890008.1299093; Mon, 17 Feb 2025 10:18:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjyCr-0001ec-Hd; Mon, 17 Feb 2025 10:18:29 +0000 Received: by outflank-mailman (input) for mailman id 890008; Mon, 17 Feb 2025 10:18:27 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjyCp-0008Nl-8x for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 10:18:27 +0000 Received: from mail178-27.suw51.mandrillapp.com (mail178-27.suw51.mandrillapp.com [198.2.178.27]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 861780a1-ed18-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 11:18:25 +0100 (CET) Received: from pmta13.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail178-27.suw51.mandrillapp.com (Mailchimp) with ESMTP id 4YxJWz3Wf3z6CPyQP for ; Mon, 17 Feb 2025 10:18:23 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 0b3be3f917cc4109bfb1d6d54bfdd02d; Mon, 17 Feb 2025 10:18:23 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 861780a1-ed18-11ef-9aa6-95dc52dad729 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1739787503; x=1740057503; bh=gXb3wUVO5oKXKkBCZARASVXNl7WclyPN6YadW2p3Vio=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=2DN702Xxo5b15o1FfO5cWPPO8ZFH20Iq3E21m5DpGIuLIUqcith/VMajomMM1Sk2Z rfc2zUp00DqGaBx0ZfCJihaxdfZXvzkfKQw+jkcsxEVJIEF53MJ/IvFDEzmjfFklLV GQejxcZ6EIUQSwQAqgtWBdtRg8nRwwuUNg4M5t+A3YvmDpzQzPm+OMHnCMrvdeMjOI KEf0xRuUYoJEzHy7bDm8csCtn2CVfywYOWTG8T7otF/5mIyUZnTv4IB12OSyU0SsUe xxe8sCckIEm39nScwzM6zCuyKp9fR+v5C7TQQ9klDnmL4EkVIe6vqZNixcFRk9bIRc ZJKM2I/zpXR9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1739787503; x=1740048003; i=teddy.astie@vates.tech; bh=gXb3wUVO5oKXKkBCZARASVXNl7WclyPN6YadW2p3Vio=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=EBfgtgH6T162c1dLEThxISHY/VP9+Dw2nJuoTtsytkSS0nu3aMkSPzBcwdn6d3Kcp K9RJC2tThFwC1ZdXfpGobi+xGUXPWNmzZRGqftAfSbZMS841UhEXukj8wVbjqxzzpT ZAMrEhkvUgalfh4vd8TRtvWfLF5GbeGcjEqtbIrZJ8/hxzNfM6CVVPaViVXP88ILfz En/0fzA4RCh14rc9Kh1n76muCA7qTbRFLYQ5KxwLc++msILLZnIo+fhaJvGSC6Cgs3 s9g3JZaSlgMCkT9sNBE9APBpiGRN6fJV2fOf/DrY1L3jEyR0fj8IJCeHnyuXZP4R5z MMLMdmpExg7Nw== From: "Teddy Astie" Subject: =?utf-8?q?=5BXEN_RFC_PATCH_v6_11/11=5D_iommu=3A_Introduce_no-dma_fe?= =?utf-8?q?ature?= X-Mailer: git-send-email 2.47.2 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1739787502340 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Andrew Cooper" , "Anthony PERARD" , "Michal Orzel" , "Jan Beulich" , "Julien Grall" , " =?utf-8?q?Roger_Pau_Monn=C3=A9?= " , "Stefano Stabellini" Message-Id: <998adb8e82b0b4610d800b12b89d47e6341e565a.1739785339.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?utf-8?q?Please_forward_a_copy_of_this_message=2C_including?= =?utf-8?q?_all_headers=2C_to_abuse=40mandrill=2Ecom=2E_You_can_also_report_?= =?utf-8?q?abuse_here=3A_https=3A//mandrillapp=2Ecom/contact/abuse=3Fid=3D30?= =?utf-8?q?504962=2E0b3be3f917cc4109bfb1d6d54bfdd02d?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250217:md Date: Mon, 17 Feb 2025 10:18:23 +0000 MIME-Version: 1.0 This feature exposed through `dom0-iommu=no-dma` prevents the devices of default context to have access to domain's memory. This basically enforces DMA protection by default. The domain will need to prepare a specific IOMMU context to do DMA. This feature needs the guest to provide a PV-IOMMU driver. Signed-off-by: Teddy Astie --- xen/common/pv-iommu.c | 3 +++ xen/drivers/passthrough/iommu.c | 10 ++++++++++ xen/drivers/passthrough/x86/iommu.c | 4 ++++ xen/include/xen/iommu.h | 3 +++ 4 files changed, 20 insertions(+) diff --git a/xen/common/pv-iommu.c b/xen/common/pv-iommu.c index a1315bf582..9c7d04b4c7 100644 --- a/xen/common/pv-iommu.c +++ b/xen/common/pv-iommu.c @@ -99,6 +99,9 @@ static long capabilities_op(struct pv_iommu_capabilities *cap, struct domain *d) cap->max_pasid = 0; /* TODO */ cap->cap_flags = 0; + if ( !dom_iommu(d)->no_dma ) + cap->cap_flags |= IOMMUCAP_default_identity; + cap->pgsize_mask = PAGE_SIZE_4K; return 0; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index c26a2160f9..59a4c64915 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -55,6 +55,7 @@ static bool __hwdom_initdata iommu_hwdom_none; bool __hwdom_initdata iommu_hwdom_strict; bool __read_mostly iommu_hwdom_passthrough; bool __hwdom_initdata iommu_hwdom_inclusive; +bool __read_mostly iommu_hwdom_no_dma = false; int8_t __hwdom_initdata iommu_hwdom_reserved = -1; #ifndef iommu_hap_pt_share @@ -172,6 +173,8 @@ static int __init cf_check parse_dom0_iommu_param(const char *s) iommu_hwdom_reserved = val; else if ( !cmdline_strcmp(s, "none") ) iommu_hwdom_none = true; + else if ( (val = parse_boolean("dma", s, ss)) >= 0 ) + iommu_hwdom_no_dma = !val; else rc = -EINVAL; @@ -329,6 +332,13 @@ int iommu_domain_init(struct domain *d, unsigned int opts) if ( !is_hardware_domain(d) || iommu_hwdom_strict ) hd->need_sync = !iommu_use_hap_pt(d); + if ( hd->no_dma ) + { + /* No-DMA mode is exclusive with HAP and sync_pt. */ + hd->hap_pt_share = false; + hd->need_sync = false; + } + ASSERT(!(hd->need_sync && hd->hap_pt_share)); hd->allow_pv_iommu = true; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 79efc6ad47..174c218b9b 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -529,6 +529,10 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) if ( iommu_hwdom_reserved == -1 ) iommu_hwdom_reserved = 1; + if ( iommu_hwdom_no_dma ) + /* Skip special mappings with no-dma mode */ + return; + if ( iommu_hwdom_inclusive ) { printk(XENLOG_WARNING diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index e115642b86..fb38c1be86 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -106,6 +106,7 @@ extern bool iommu_debug; extern bool amd_iommu_perdev_intremap; extern bool iommu_hwdom_strict, iommu_hwdom_passthrough, iommu_hwdom_inclusive; +extern bool iommu_hwdom_no_dma; extern int8_t iommu_hwdom_reserved; extern unsigned int iommu_dev_iotlb_timeout; @@ -411,6 +412,8 @@ struct domain_iommu { /* SAF-2-safe enum constant in arithmetic operation */ DECLARE_BITMAP(features, IOMMU_FEAT_count); + /* Do the IOMMU block all DMA on default context (implies !has_pt_share) ? */ + bool no_dma; /* Is the domain allowed to use PV-IOMMU ? */ bool allow_pv_iommu;