@@ -26,6 +26,7 @@
#include <xen/serial.h>
#include <xen/timer.h>
#include <xen/param.h>
+#include <xen/iommu.h>
#include <asm/fixmap.h>
#include <asm/io.h>
#include <xen/mm.h>
@@ -995,13 +996,21 @@ static struct uart_driver xue_uart_driver = {
.getc = NULL
};
-static struct xue_trb evt_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
-static struct xue_trb out_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
-static struct xue_trb in_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
-static struct xue_erst_segment erst __aligned(64);
-static struct xue_dbc_ctx ctx __aligned(64);
-static uint8_t wrk_buf[XUE_WORK_RING_CAP] __aligned(XUE_PAGE_SIZE);
-static char str_buf[XUE_PAGE_SIZE] __aligned(64);
+struct xue_dma_bufs {
+ struct xue_trb evt_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
+ struct xue_trb out_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
+ struct xue_trb in_trb[XUE_TRB_RING_CAP] __aligned(XUE_PAGE_SIZE);
+ struct xue_erst_segment erst __aligned(64);
+ struct xue_dbc_ctx ctx __aligned(64);
+ uint8_t wrk_buf[XUE_WORK_RING_CAP] __aligned(XUE_PAGE_SIZE);
+ char str_buf[XUE_PAGE_SIZE] __aligned(64);
+ /*
+ * Don't place anything else on this page - it will be
+ * DMA-reachable by the USB controller.
+ */
+ char _pad[0] __aligned(XUE_PAGE_SIZE);
+};
+static struct xue_dma_bufs xue_dma_bufs __aligned(XUE_PAGE_SIZE);
static char __initdata opt_dbgp[30];
string_param("dbgp", opt_dbgp);
@@ -1033,15 +1042,21 @@ void __init xue_uart_init(void)
xue->sbdf = PCI_SBDF(0, bus, slot, func);
}
- xue->dbc_ctx = &ctx;
- xue->dbc_erst = &erst;
- xue->dbc_ering.trb = evt_trb;
- xue->dbc_oring.trb = out_trb;
- xue->dbc_iring.trb = in_trb;
- xue->dbc_owork.buf = wrk_buf;
- xue->dbc_str = str_buf;
+ xue->dbc_ctx = &xue_dma_bufs.ctx;
+ xue->dbc_erst = &xue_dma_bufs.erst;
+ xue->dbc_ering.trb = xue_dma_bufs.evt_trb;
+ xue->dbc_oring.trb = xue_dma_bufs.out_trb;
+ xue->dbc_iring.trb = xue_dma_bufs.in_trb;
+ xue->dbc_owork.buf = xue_dma_bufs.wrk_buf;
+ xue->dbc_str = xue_dma_bufs.str_buf;
- xue_open(xue);
+ if ( xue_open(xue) )
+ {
+ iommu_add_extra_reserved_device_memory(
+ PFN_DOWN(virt_to_maddr(&xue_dma_bufs)),
+ PFN_UP(sizeof(xue_dma_bufs)),
+ uart->xue.sbdf.sbdf);
+ }
serial_register_uart(SERHND_DBGP, &xue_uart_driver, &xue_uart);
}
@@ -845,7 +845,7 @@ out:
return ret;
}
-#define MAX_USER_RMRR_PAGES 16
+#define MAX_USER_RMRR_PAGES 64
#define MAX_USER_RMRR 10
/* RMRR units derived from command line rmrr option. */
The important part is to include those buffers in IOMMU page table relevant for the USB controller. Otherwise, DbC will stop working as soon as IOMMU is enabled, regardless of to which domain device assigned (be it xen or dom0). If the device is passed through to dom0 or other domain (see later patches), that domain will effectively have access to those buffers too. It does give such domain yet another way to DoS the system (as is the case when having PCI device assigned already), but also possibly steal the console ring content. Thus, such domain should be a trusted one. In any case, prevent anything else being placed on those pages by adding artificial padding. Using this API for DbC pages requires raising MAX_USER_RMRR_PAGES. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> --- xen/drivers/char/xue.c | 45 ++++++++++++++++++++----------- xen/drivers/passthrough/vtd/dmar.c | 2 +- 2 files changed, 31 insertions(+), 16 deletions(-)