From patchwork Mon Dec 4 09:43:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478016 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C0EB1C4167B for ; Mon, 4 Dec 2023 09:43:30 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646677.1009199 (Exim 4.92) (envelope-from ) id 1rA5Tu-0003Vf-FX; Mon, 04 Dec 2023 09:43:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646677.1009199; Mon, 04 Dec 2023 09:43:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tu-0003Ux-8n; Mon, 04 Dec 2023 09:43:14 +0000 Received: by outflank-mailman (input) for mailman id 646677; Mon, 04 Dec 2023 09:43:12 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Ts-0003MS-OW for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:12 +0000 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [2a00:1450:4864:20::42c]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 89435b09-9289-11ee-9b0f-b553b5be7939; Mon, 04 Dec 2023 10:43:10 +0100 (CET) Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-3332ad5b3e3so2854818f8f.2 for ; Mon, 04 Dec 2023 01:43:10 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id z18-20020a5d44d2000000b003333dd777a4sm5331294wrr.46.2023.12.04.01.43.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:09 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 89435b09-9289-11ee-9b0f-b553b5be7939 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682989; x=1702287789; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ULwH7EoidMy9ekcGhF87RMh2vNMamy8OPFxqY9qAnWs=; b=I9WrZTr/Ll8kQrt9BXZZyPifFQV6V6hSXqhGIkEP9L3E/Pak6FSoK3cugnqhMOGE1e Db78y/SvSsc+VrCNZsjQIv6rLuddlhp5fi+maNv3FvwEz4KHOA7aXzYbp+aYftnREFri XPmp5GpYJNnCwlJon8Daj4fUL86x0zUNmIOOU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682989; x=1702287789; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ULwH7EoidMy9ekcGhF87RMh2vNMamy8OPFxqY9qAnWs=; b=gPbXUwUtozs3CMciTnfBHI8G9quj0/XmpwgyfEdBfRtpwatDzQKKWB2y0FNEJp9cEA YeQtSkaKrIqi/XtpYml1hm8+iLQI0QjEyNYfD/s82AXWT+HsNdXuI3qOMBiguH3E9oVq cH3aoGrQ0rAIS+6Eu2K7nEE+S+Aq2N1ekG4498gG8Tkw7g7trCnYBP6D82Ng5UvM/cGV cqZLSLprhhxiTmKyzk+6xpYY4Qz6H1hrP60OCZm7mQMe4hcvFo3zAsT/A1BsHrH7cbEQ h22vyais9RLnLY1dG1Upzz995HW6bHaHTDrII4OpmPYI8T5q5MNUm/JROikwTacr1WiD b/KA== X-Gm-Message-State: AOJu0YxqUqdPjwqrw666ItW5GfDO60cYPdrc2lWJMduO6ymoT0kpSJPN CmFgdM8GUzfggGcKmB3OyAV91kYvRnMfzYVG8Ew= X-Google-Smtp-Source: AGHT+IHtmHJlmpV7+cbxj7f0oOEvGeRQshSi1pJpnGVGwoy79El2rTGA1sxG4112l88AgAbSsmcxGw== X-Received: by 2002:a05:6000:100d:b0:333:2fd2:51e6 with SMTP id a13-20020a056000100d00b003332fd251e6mr2920439wrx.95.1701682989550; Mon, 04 Dec 2023 01:43:09 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Kevin Tian Subject: [PATCH v2 1/6] iommu/vt-d: do not assume page table levels for quarantine domain Date: Mon, 4 Dec 2023 10:43:00 +0100 Message-ID: <20231204094305.59267-2-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 Like XSA-445, do not assume IOMMU page table levels on VT-d are always set based on DEFAULT_DOMAIN_ADDRESS_WIDTH and instead fetch the value set by intel_iommu_hwdom_init() from the domain iommu structure. This prevents changes to intel_iommu_hwdom_init() possibly getting the levels out of sync with what intel_iommu_quarantine_init() expects. No functional change, since on Intel domains are hardcoded to use DEFAULT_DOMAIN_ADDRESS_WIDTH. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- Changes since v1: - New in this version. --- xen/drivers/passthrough/vtd/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e13b7d99db40..bc6181c9f911 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -3162,7 +3162,7 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, { struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); + unsigned int agaw = hd->arch.vtd.agaw; unsigned int level = agaw_to_level(agaw); const struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; From patchwork Mon Dec 4 09:43:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478013 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 57B33C4167B for ; Mon, 4 Dec 2023 09:43:23 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646676.1009192 (Exim 4.92) (envelope-from ) id 1rA5Tu-0003SB-4D; Mon, 04 Dec 2023 09:43:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646676.1009192; Mon, 04 Dec 2023 09:43:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tu-0003Ry-0m; Mon, 04 Dec 2023 09:43:14 +0000 Received: by outflank-mailman (input) for mailman id 646676; Mon, 04 Dec 2023 09:43:12 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Ts-0003Ag-9b for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:12 +0000 Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [2a00:1450:4864:20::336]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 89e2e47a-9289-11ee-98e5-6d05b1d4d9a1; Mon, 04 Dec 2023 10:43:11 +0100 (CET) Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-40c0e7b8a9bso2011305e9.3 for ; Mon, 04 Dec 2023 01:43:11 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id ay10-20020a05600c1e0a00b0040b397787d3sm18118985wmb.24.2023.12.04.01.43.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:10 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 89e2e47a-9289-11ee-98e5-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682990; x=1702287790; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MxO8kpq0zK2+9/dmZfmOLjwVt6zHQvWLIdUhj8WPZVM=; b=o+ag6wX358A0L9bC1SFExuqSuOXKIlaivYVl9JA9b2yCQjn2V8LotZ5dw62LSgqBGz 4mxHNr8or8N+UwYZMBhwpBW2BrSBKZXJokluYwOkgEhfnymwJ2mvecDV/DjkeX/LJ/HN rCOPq9KIN7Rlwko4q6ef2DnI5WFef6gMcST+k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682990; x=1702287790; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MxO8kpq0zK2+9/dmZfmOLjwVt6zHQvWLIdUhj8WPZVM=; b=CRNbGBK+RG2z/f5z5aQiH167hz/jHaiviBZZJ7c56zUcibE4OWK/GXrjK5cO8s/7hE mHBQ4rRiCAHmh3ngFMhS9AiH73tot9mq0B0OdoEiXkdjLv9Cf6ssNx3ReqeVTruF8E11 wddEMOB3npi6bQH80QrzKlHqPwwQUYzybQhmWkilvjPtJQQ1UKNLtslrF0drL8jgHQbv BjP5E2e5lAH3poyH5Lp6rxrQyf1osoX0ERi24z6hAGmfph1Z2v8MPGdSNP+H/Y7R00xE hbnfd7RkbI5Gwq4nQ6OZY+QhOLY7QxILVfgY8pl+3EE1Bag4AMrYmd8CkAK14MACJeQ6 mSNg== X-Gm-Message-State: AOJu0YykvtM6qI5XiVjAH8VE7MWuP7hd9xV0Zupq0pv0RSUsIfrI2utS ax8j4zeZw1aW2co4VMp+SJ+46rTxdeg7j3XT4ZM= X-Google-Smtp-Source: AGHT+IGNDDJBhs2J/PSzOTWY71/KIecXkzghzzN/EJTD2aDL9SiW7LnxYg4whlqxv6/bRoeVEDKriQ== X-Received: by 2002:a05:600c:2946:b0:40b:5e21:dd19 with SMTP id n6-20020a05600c294600b0040b5e21dd19mr2293899wmd.71.1701682990720; Mon, 04 Dec 2023 01:43:10 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Jan Beulich , Andrew Cooper Subject: [PATCH v2 2/6] amd-vi: set IOMMU page table levels based on guest reported paddr width Date: Mon, 4 Dec 2023 10:43:01 +0100 Message-ID: <20231204094305.59267-3-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 However take into account the minimum number of levels required by unity maps when setting the page table levels. The previous setting of the page table levels for PV guests based on the highest RAM address was bogus, as there can be other non-RAM regions past the highest RAM address that need to be mapped, for example device MMIO. For HVM we also take amd_iommu_min_paging_mode into account, however if unity maps require more than 4 levels attempting to add those will currently fail at the p2m level, as 4 levels is the maximum supported. Fixes: 0700c962ac2d ('Add AMD IOMMU support into hypervisor') Signed-off-by: Roger Pau Monné --- changes since v1: - Use paging_max_paddr_bits() instead of hardcoding DEFAULT_DOMAIN_ADDRESS_WIDTH. --- xen/drivers/passthrough/amd/pci_amd_iommu.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 6bc73dc21052..00a25e649f22 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -359,21 +359,17 @@ int __read_mostly amd_iommu_min_paging_mode = 1; static int cf_check amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); + int pglvl = amd_iommu_get_paging_mode( + PFN_DOWN(1UL << paging_max_paddr_bits(d))); + + if ( pglvl < 0 ) + return pglvl; /* - * Choose the number of levels for the IOMMU page tables. - * - PV needs 3 or 4, depending on whether there is RAM (including hotplug - * RAM) above the 512G boundary. - * - HVM could in principle use 3 or 4 depending on how much guest - * physical address space we give it, but this isn't known yet so use 4 - * unilaterally. - * - Unity maps may require an even higher number. + * Choose the number of levels for the IOMMU page tables, taking into + * account unity maps. */ - hd->arch.amd.paging_mode = max(amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1UL << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1), - amd_iommu_min_paging_mode); + hd->arch.amd.paging_mode = max(pglvl, amd_iommu_min_paging_mode); return 0; } From patchwork Mon Dec 4 09:43:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478018 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1543CC10F05 for ; Mon, 4 Dec 2023 09:43:32 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646679.1009218 (Exim 4.92) (envelope-from ) id 1rA5Tx-00042f-2e; Mon, 04 Dec 2023 09:43:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646679.1009218; Mon, 04 Dec 2023 09:43:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tw-00042C-Sm; Mon, 04 Dec 2023 09:43:16 +0000 Received: by outflank-mailman (input) for mailman id 646679; Mon, 04 Dec 2023 09:43:15 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tu-0003MS-VC for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:14 +0000 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [2a00:1450:4864:20::32b]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8abe08a9-9289-11ee-9b0f-b553b5be7939; Mon, 04 Dec 2023 10:43:13 +0100 (CET) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-40c0e37cfafso1939595e9.0 for ; Mon, 04 Dec 2023 01:43:13 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id jg23-20020a05600ca01700b0040b30be6244sm14376982wmb.24.2023.12.04.01.43.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:11 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8abe08a9-9289-11ee-9b0f-b553b5be7939 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682992; x=1702287792; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uhvbsGVggmpzL6VhFDTXJNRWZSL+PUA9PR1Ri8iXGLA=; b=CliS9MysGcFD0fTcqL/ZY5smT34J9ksrIrzqr5q94/gJXy2oU8Mzq7lVp0EogdMQGC eyIOI8NoY37snuQAYv/E/77IzGHiDKnsHkAfCnRhTA2oeqVB7C63OMyWwuFqcuB4Xumr BmrF1k9nUIx0Ixz8OztsnuBgIbHtb5Wpd8HjA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682992; x=1702287792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uhvbsGVggmpzL6VhFDTXJNRWZSL+PUA9PR1Ri8iXGLA=; b=arxf30jkxw+06ZkiByNjxbhcsp9658smc2WK2yV/1aQdB/Qr3S9GO4e10qR+x+Xfgt VYZwjer4FyVFGVMy72RDOxqg2Mm99VUL67TNcMb6EJoBnhj1FqdUTcmAl3VAIT2pZTBX OpwMX1wwqibEFX4jXfxx6RUwfcUUikpUyfi00CN/KuEgGqdrXObo0Sdkb7RTUOOiNf6B KnusvQWsnc+JMwG8YpliSQH6jkOGYOIRbVraf+XAWlveFH91sGRu6pJRQhJdg6/h+BfB Mm2WF1b1YzDOWugi4hkhQhK+Yr4GjXUKCuYlvtO9PV3qXzpGp/z48yLatrUud8HVgBD6 Mktg== X-Gm-Message-State: AOJu0YyEjpAW29EOB6nmRpcQPIPNV3/s/zbuWMSqv542wTk4Qm5YK30L YGajOpg9iDnXtzSVzXQStcd4582/loFrujFgDZE= X-Google-Smtp-Source: AGHT+IHGbm6svOID28oBbJ+PecxwhKiaRzO5RQK1pDm0gQJ0G0iWUsdq17d4C0+yP1bsmBSFLCBdoA== X-Received: by 2002:a05:600c:601a:b0:40b:5e59:c557 with SMTP id az26-20020a05600c601a00b0040b5e59c557mr2262756wmb.129.1701682991843; Mon, 04 Dec 2023 01:43:11 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Jan Beulich , Paul Durrant Subject: [PATCH v2 3/6] x86/iommu: introduce a rangeset to perform hwdom IOMMU setup Date: Mon, 4 Dec 2023 10:43:02 +0100 Message-ID: <20231204094305.59267-4-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 This change just introduces the boilerplate code in order to use a rangeset when setting up the hardware domain IOMMU mappings. The rangeset is never populated in this patch, so it's a non-functional change as far as the mappings the domain gets established. Note there's a change for HVM domains (ie: PVH dom0) that will get switched to create the p2m mappings using map_mmio_regions() instead of p2m_add_identity_entry(), so that ranges can be mapped with a single function call if possible. Note that the interface of map_mmio_regions() doesn't allow creating read-only mappings, but so far there are no such mappings created for PVH dom0 in arch_iommu_hwdom_init(). Signed-off-by: Roger Pau Monné --- Changes since v1: - Split from bigger patch. --- xen/drivers/passthrough/x86/iommu.c | 89 +++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 857dccb6a465..531a428f6496 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -370,10 +370,77 @@ static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, return perms; } +struct map_data { + struct domain *d; + unsigned int flush_flags; + bool ro; +}; + +static int __hwdom_init cf_check identity_map(unsigned long s, unsigned long e, + void *data) +{ + struct map_data *info = data; + struct domain *d = info->d; + long rc; + + if ( iommu_verbose ) + printk(XENLOG_INFO " [%010lx, %010lx] R%c\n", + s, e, info->ro ? 'O' : 'W'); + + if ( paging_mode_translate(d) ) + { + if ( info->ro ) + { + ASSERT_UNREACHABLE(); + return 0; + } + while ( (rc = map_mmio_regions(d, _gfn(s), e - s + 1, _mfn(s))) > 0 ) + { + s += rc; + process_pending_softirqs(); + } + } + else + { + const unsigned int perms = IOMMUF_readable | IOMMUF_preempt | + (info->ro ? 0 : IOMMUF_writable); + + if ( info->ro && !iomem_access_permitted(d, s, e) ) + { + /* + * Should be more fine grained in order to not map the forbidden + * frame instead of rejecting the region as a whole, but it's only + * for read-only MMIO regions, which are very limited. + */ + printk(XENLOG_DEBUG + "IOMMU read-only mapping of region [%lx, %lx] forbidden\n", + s, e); + return 0; + } + while ( (rc = iommu_map(d, _dfn(s), _mfn(s), e - s + 1, + perms, &info->flush_flags)) > 0 ) + { + s += rc; + process_pending_softirqs(); + } + } + ASSERT(rc <= 0); + if ( rc ) + printk(XENLOG_WARNING + "IOMMU identity mapping of [%lx, %lx] failed: %ld\n", + s, e, rc); + + /* Ignore errors and attempt to map the remaining regions. */ + return 0; +} + void __hwdom_init arch_iommu_hwdom_init(struct domain *d) { unsigned long i, top, max_pfn, start, count; unsigned int flush_flags = 0, start_perms = 0; + struct rangeset *map; + struct map_data map_data = { .d = d }; + int rc; BUG_ON(!is_hardware_domain(d)); @@ -397,6 +464,10 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) if ( iommu_hwdom_passthrough ) return; + map = rangeset_new(NULL, NULL, 0); + if ( !map ) + panic("IOMMU init: unable to allocate rangeset\n"); + max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); @@ -451,6 +522,24 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) goto commit; } + if ( iommu_verbose ) + printk(XENLOG_INFO "d%u: identity mappings for IOMMU:\n", + d->domain_id); + + rc = rangeset_report_ranges(map, 0, ~0UL, identity_map, &map_data); + if ( rc ) + panic("IOMMU unable to create mappings: %d\n", rc); + if ( is_pv_domain(d) ) + { + map_data.ro = true; + rc = rangeset_report_ranges(mmio_ro_ranges, 0, ~0UL, identity_map, + &map_data); + if ( rc ) + panic("IOMMU unable to create read-only mappings: %d\n", rc); + } + + rangeset_destroy(map); + /* Use if to avoid compiler warning */ if ( iommu_iotlb_flush_all(d, flush_flags) ) return; From patchwork Mon Dec 4 09:43:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478014 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4AD2CC4167B for ; Mon, 4 Dec 2023 09:43:26 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646678.1009212 (Exim 4.92) (envelope-from ) id 1rA5Tw-0003yg-Lj; Mon, 04 Dec 2023 09:43:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646678.1009212; Mon, 04 Dec 2023 09:43:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tw-0003yV-HJ; Mon, 04 Dec 2023 09:43:16 +0000 Received: by outflank-mailman (input) for mailman id 646678; Mon, 04 Dec 2023 09:43:14 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tu-0003Ag-NN for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:14 +0000 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [2a00:1450:4864:20::329]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8b3da560-9289-11ee-98e5-6d05b1d4d9a1; Mon, 04 Dec 2023 10:43:14 +0100 (CET) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-40bda47c489so21569455e9.3 for ; Mon, 04 Dec 2023 01:43:14 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id fb13-20020a05600c520d00b0040b3e7569fcsm17876713wmb.11.2023.12.04.01.43.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:12 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8b3da560-9289-11ee-98e5-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682993; x=1702287793; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9CBBn/nfJfW5I5gQfew3uGEClXixqREpb7mxes5nWVE=; b=io+DVSp4WpQd8qFDFNJq6dqRHw+1NqSHgdCK3EN9mytl4JnlNEldcK9r1O0VqzrRo2 uf8MCqJ8a8yKPRxPszbrO+tZjpu3elX4ChC9MWcGesaecnlDn+YbC4uIjuGNz7ENuJp5 dgTuKkX1Pa1mwLez9ExxJ3AdzOyi7rQ0Vpt0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682993; x=1702287793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9CBBn/nfJfW5I5gQfew3uGEClXixqREpb7mxes5nWVE=; b=EZfgt6/zaLn5XX58EKF1h3qESnVTG36LJu6f6QEWRIystSohsewlf9sl4Mb+N2Xf16 KhqeYBhBhJZDz8G7Z6tb0oZF2XVQyDSMMwsWN6ZLsIOMeZcSOrnnShTDQ5T+Zunal2Wn yt4w9d8clmjwUGYabNwb4Q7ig5/ud8TykJBOtQtgJc3QXA5S059Qp/X+S2LdBazXrPmu 7nrYvtvDf4H1Czkh/mpSlRyajFsMtq+ZbQyoffIOo4VfQnQkkO3VQIuMCHZo4oIN6QMt h01aqpL1qp4oPHBLzhrYRg33NMScLVEnoLpTAGN3Lwp9HcKp4kx/hQQDDDKxxPlypoAW N92g== X-Gm-Message-State: AOJu0YyOw/1xi0WC1YEXyaBcMumdvmb4iuXJRXoLAeKygzWlxTNU/JLA OufmGKo0+I7n2eA6843HOgwbHTvAgLN8Ddf1ggw= X-Google-Smtp-Source: AGHT+IGOQdlSMXC0XrmskVGzoU5BsJXwCuzOpMBMeVb88PJfiULLufbdNiH+rPUje5K1xKKA4OPjHQ== X-Received: by 2002:a05:600c:46ca:b0:40b:5e1e:cf6 with SMTP id q10-20020a05600c46ca00b0040b5e1e0cf6mr2360700wmo.49.1701682993282; Mon, 04 Dec 2023 01:43:13 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Paul Durrant , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v2 4/6] x86/iommu: remove regions not to be mapped Date: Mon, 4 Dec 2023 10:43:03 +0100 Message-ID: <20231204094305.59267-5-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 Introduce the code to remove regions not to be mapped from the rangeset that will be used to setup the IOMMU page tables for the hardware domain. This change also introduces two new functions: remove_xen_ranges() and vpci_subtract_mmcfg() that copy the logic in xen_in_range() and vpci_is_mmcfg_address() respectively and remove the ranges that would otherwise be intercepted by the original functions. Note that the rangeset is still not populated. Signed-off-by: Roger Pau Monné --- Changes since v1: - Split from bigger patch. --- xen/arch/x86/hvm/io.c | 16 ++++++++ xen/arch/x86/include/asm/hvm/io.h | 3 ++ xen/arch/x86/include/asm/setup.h | 1 + xen/arch/x86/setup.c | 48 ++++++++++++++++++++++ xen/drivers/passthrough/x86/iommu.c | 64 +++++++++++++++++++++++++++++ 5 files changed, 132 insertions(+) diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c index d75af83ad01f..a42854c52b65 100644 --- a/xen/arch/x86/hvm/io.c +++ b/xen/arch/x86/hvm/io.c @@ -369,6 +369,22 @@ bool vpci_is_mmcfg_address(const struct domain *d, paddr_t addr) return vpci_mmcfg_find(d, addr); } +int __hwdom_init vpci_subtract_mmcfg(const struct domain *d, struct rangeset *r) +{ + const struct hvm_mmcfg *mmcfg; + + list_for_each_entry ( mmcfg, &d->arch.hvm.mmcfg_regions, next ) + { + int rc = rangeset_remove_range(r, PFN_DOWN(mmcfg->addr), + PFN_DOWN(mmcfg->addr + mmcfg->size - 1)); + + if ( rc ) + return rc; + } + + return 0; +} + static unsigned int vpci_mmcfg_decode_addr(const struct hvm_mmcfg *mmcfg, paddr_t addr, pci_sbdf_t *sbdf) { diff --git a/xen/arch/x86/include/asm/hvm/io.h b/xen/arch/x86/include/asm/hvm/io.h index a97731657801..e1e5e6fe7491 100644 --- a/xen/arch/x86/include/asm/hvm/io.h +++ b/xen/arch/x86/include/asm/hvm/io.h @@ -156,6 +156,9 @@ void destroy_vpci_mmcfg(struct domain *d); /* Check if an address is between a MMCFG region for a domain. */ bool vpci_is_mmcfg_address(const struct domain *d, paddr_t addr); +/* Remove MMCFG regions from a given rangeset. */ +int vpci_subtract_mmcfg(const struct domain *d, struct rangeset *r); + #endif /* __ASM_X86_HVM_IO_H__ */ diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index 9a460e4db8f4..cd07d98101d8 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -37,6 +37,7 @@ void discard_initial_images(void); void *bootstrap_map(const module_t *mod); int xen_in_range(unsigned long mfn); +int remove_xen_ranges(struct rangeset *r); extern uint8_t kbd_shift_flags; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 3cba2be0af6c..71fa0b46f181 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2136,6 +2136,54 @@ int __hwdom_init xen_in_range(unsigned long mfn) return 0; } +int __hwdom_init remove_xen_ranges(struct rangeset *r) +{ + paddr_t start, end; + int rc; + + /* S3 resume code (and other real mode trampoline code) */ + rc = rangeset_remove_range(r, PFN_DOWN(bootsym_phys(trampoline_start)), + PFN_DOWN(bootsym_phys(trampoline_end))); + if ( rc ) + return rc; + + /* + * This needs to remain in sync with the uses of the same symbols in + * - __start_xen() + * - is_xen_fixed_mfn() + * - tboot_shutdown() + */ + /* hypervisor .text + .rodata */ + rc = rangeset_remove_range(r, PFN_DOWN(__pa(&_stext)), + PFN_DOWN(__pa(&__2M_rodata_end))); + if ( rc ) + return rc; + + /* hypervisor .data + .bss */ + if ( efi_boot_mem_unused(&start, &end) ) + { + ASSERT(__pa(start) >= __pa(&__2M_rwdata_start)); + rc = rangeset_remove_range(r, PFN_DOWN(__pa(&__2M_rwdata_start)), + PFN_DOWN(__pa(start))); + if ( rc ) + return rc; + ASSERT(__pa(end) <= __pa(&__2M_rwdata_end)); + rc = rangeset_remove_range(r, PFN_DOWN(__pa(end)), + PFN_DOWN(__pa(&__2M_rwdata_end))); + if ( rc ) + return rc; + } + else + { + rc = rangeset_remove_range(r, PFN_DOWN(__pa(&__2M_rwdata_start)), + PFN_DOWN(__pa(&__2M_rwdata_end))); + if ( rc ) + return rc; + } + + return 0; +} + static int __hwdom_init cf_check io_bitmap_cb( unsigned long s, unsigned long e, void *ctx) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 531a428f6496..7e97805fccec 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -370,6 +370,14 @@ static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, return perms; } +static int __hwdom_init cf_check map_subtract(unsigned long s, unsigned long e, + void *data) +{ + struct rangeset *map = data; + + return rangeset_remove_range(map, s, e); +} + struct map_data { struct domain *d; unsigned int flush_flags; @@ -522,6 +530,62 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) goto commit; } + /* Remove any areas in-use by Xen. */ + rc = remove_xen_ranges(map); + if ( rc ) + panic("IOMMU failed to remove Xen ranges: %d\n", rc); + + /* Remove any overlap with the Interrupt Address Range. */ + rc = rangeset_remove_range(map, 0xfee00, 0xfeeff); + if ( rc ) + panic("IOMMU failed to remove Interrupt Address Range: %d\n", + rc); + + /* If emulating IO-APIC(s) make sure the base address is unmapped. */ + if ( has_vioapic(d) ) + { + for ( i = 0; i < d->arch.hvm.nr_vioapics; i++ ) + { + rc = rangeset_remove_singleton(map, + PFN_DOWN(domain_vioapic(d, i)->base_address)); + if ( rc ) + panic("IOMMU failed to remove IO-APIC: %d\n", + rc); + } + } + + if ( is_pv_domain(d) ) + { + /* + * Be consistent with CPU mappings: Dom0 is permitted to establish r/o + * ones there (also for e.g. HPET in certain cases), so it should also + * have such established for IOMMUs. Remove any read-only ranges here, + * since ranges in mmio_ro_ranges are already explicitly mapped below + * in read-only mode. + */ + rc = rangeset_report_ranges(mmio_ro_ranges, 0, ~0UL, map_subtract, map); + if ( rc ) + panic("IOMMU failed to remove read-only regions: %d\n", + rc); + } + + if ( has_vpci(d) ) + { + /* + * TODO: runtime added MMCFG regions are not checked to make sure they + * don't overlap with already mapped regions, thus preventing trapping. + */ + rc = vpci_subtract_mmcfg(d, map); + if ( rc ) + panic("IOMMU unable to remove MMCFG areas: %d\n", rc); + } + + /* Remove any regions past the last address addressable by the domain. */ + rc = rangeset_remove_range(map, PFN_DOWN(1UL << paging_max_paddr_bits(d)), + ~0UL); + if ( rc ) + panic("IOMMU unable to remove unaddressable ranges: %d\n", rc); + if ( iommu_verbose ) printk(XENLOG_INFO "d%u: identity mappings for IOMMU:\n", d->domain_id); From patchwork Mon Dec 4 09:43:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478015 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D7C9C10DC1 for ; Mon, 4 Dec 2023 09:43:28 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646680.1009225 (Exim 4.92) (envelope-from ) id 1rA5Tx-0004Cc-Ju; Mon, 04 Dec 2023 09:43:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646680.1009225; Mon, 04 Dec 2023 09:43:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tx-0004BU-Df; Mon, 04 Dec 2023 09:43:17 +0000 Received: by outflank-mailman (input) for mailman id 646680; Mon, 04 Dec 2023 09:43:15 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tv-0003Ag-SR for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:15 +0000 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [2a00:1450:4864:20::432]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8be4d92e-9289-11ee-98e5-6d05b1d4d9a1; Mon, 04 Dec 2023 10:43:15 +0100 (CET) Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-3334254cfa3so586336f8f.1 for ; Mon, 04 Dec 2023 01:43:15 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id w7-20020a5d6087000000b0033340937da6sm4467635wrt.95.2023.12.04.01.43.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:14 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8be4d92e-9289-11ee-98e5-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682994; x=1702287794; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nBxUOp4k8iF04PfE5JQxxLRa/lZUdCotTQUWqLt7x1U=; b=Xk+lcZdR3Ef5O4GHZdTFrQXcY0ELxOIPoaeOovburPx8YQg1pXhlPrG91WhrHqa8tn WP64db2NAJ2ZRb9WeruXhzl13FksA3BFT6P1eLrsHJNjTVvvM1b2VT/Rgc487xn41yOR g1/qliUEFjfS+x7RV8G2UPzza10r2qIyifa+w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682994; x=1702287794; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nBxUOp4k8iF04PfE5JQxxLRa/lZUdCotTQUWqLt7x1U=; b=h8iKT/D6zgpEUkQIEp4jkONg5uHPNo37I7ZAtbSVviL0hZBjE+n+V+3/1uyRV2Cn6f kYj0yzRIsBazbTBjeSHfttWsGSwXgMQK4/6ZTOjAebd+Hsjl3xNI+LkAEgkUAyfBS6CR 36iqD2fcUaeItsx3Gi/zeRumWy9Sf2XaRQox2HUE3w+GuvrzQAhupKrtSwihQrC70XpJ x7fgEMahGeC+h6JrixzZT0P5gdTNGIxBOFiAE4fVA3EO7kMfm7kSRrOwOx30gA/cuAzg PI6Go0J9yDtxB6m1hDCW4RYaXI16gglLbzI/LCRkc8neHI4lCdT4LP7dbhhaZiqguZcZ PT6g== X-Gm-Message-State: AOJu0YwV/cYmONVQK7s//XsFA0ZaYT9fjr6RrYA4iFkY5khF6hsnYXke VmM/Wql6h9byqHbH5wYJHAekuRLDoMGj3fkuABw= X-Google-Smtp-Source: AGHT+IGt10H1vLQ1ypcgx44pGrMANAyATfBxCWQXY+1f41YKPzKnWdOsUgoBXmadZnPVGkXFL0B5Xg== X-Received: by 2002:a5d:44c9:0:b0:332:eae9:1db1 with SMTP id z9-20020a5d44c9000000b00332eae91db1mr2409608wrr.4.1701682994342; Mon, 04 Dec 2023 01:43:14 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Jan Beulich , Paul Durrant Subject: [PATCH v2 5/6] x86/iommu: switch hwdom IOMMU to use a rangeset Date: Mon, 4 Dec 2023 10:43:04 +0100 Message-ID: <20231204094305.59267-6-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 The current loop that iterates from 0 to the maximum RAM address in order to setup the IOMMU mappings is highly inefficient, and it will get worse as the amount of RAM increases. It's also not accounting for any reserved regions past the last RAM address. Instead of iterating over memory addresses, iterate over the memory map regions and use a rangeset in order to keep track of which ranges need to be identity mapped in the hardware domain physical address space. On an AMD EPYC 7452 with 512GiB of RAM, the time to execute arch_iommu_hwdom_init() in nanoseconds is: x old + new N Min Max Median Avg Stddev x 5 2.2364154e+10 2.338244e+10 2.2474685e+10 2.2622409e+10 4.2949869e+08 + 5 1025012 1033036 1026188 1028276.2 3623.1194 Difference at 95.0% confidence -2.26214e+10 +/- 4.42931e+08 -99.9955% +/- 9.05152e-05% (Student's t, pooled s = 3.03701e+08) Execution time of arch_iommu_hwdom_init() goes down from ~22s to ~0.001s. Note there's a change for HVM domains (ie: PVH dom0) that get switched to create the p2m mappings using map_mmio_regions() instead of p2m_add_identity_entry(), so that ranges can be mapped with a single function call if possible. Note that the interface of map_mmio_regions() doesn't allow creating read-only mappings, but so far there are no such mappings created for PVH dom0 in arch_iommu_hwdom_init(). No change intended in the resulting mappings that a hardware domain gets. Signed-off-by: Roger Pau Monné --- Changes since v1: - Split from bigger patch. - Remove unneeded default case. --- xen/drivers/passthrough/x86/iommu.c | 157 ++++++++-------------------- 1 file changed, 42 insertions(+), 115 deletions(-) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 7e97805fccec..81d6129189d0 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -300,76 +300,6 @@ void iommu_identity_map_teardown(struct domain *d) } } -static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, - unsigned long pfn, - unsigned long max_pfn) -{ - mfn_t mfn = _mfn(pfn); - unsigned int i, type, perms = IOMMUF_readable | IOMMUF_writable; - - /* - * Set up 1:1 mapping for dom0. Default to include only conventional RAM - * areas and let RMRRs include needed reserved regions. When set, the - * inclusive mapping additionally maps in every pfn up to 4GB except those - * that fall in unusable ranges for PV Dom0. - */ - if ( (pfn > max_pfn && !mfn_valid(mfn)) || xen_in_range(pfn) ) - return 0; - - switch ( type = page_get_ram_type(mfn) ) - { - case RAM_TYPE_UNUSABLE: - return 0; - - case RAM_TYPE_CONVENTIONAL: - if ( iommu_hwdom_strict ) - return 0; - break; - - default: - if ( type & RAM_TYPE_RESERVED ) - { - if ( !iommu_hwdom_inclusive && !iommu_hwdom_reserved ) - perms = 0; - } - else if ( is_hvm_domain(d) ) - return 0; - else if ( !iommu_hwdom_inclusive || pfn > max_pfn ) - perms = 0; - } - - /* Check that it doesn't overlap with the Interrupt Address Range. */ - if ( pfn >= 0xfee00 && pfn <= 0xfeeff ) - return 0; - /* ... or the IO-APIC */ - if ( has_vioapic(d) ) - { - for ( i = 0; i < d->arch.hvm.nr_vioapics; i++ ) - if ( pfn == PFN_DOWN(domain_vioapic(d, i)->base_address) ) - return 0; - } - else if ( is_pv_domain(d) ) - { - /* - * Be consistent with CPU mappings: Dom0 is permitted to establish r/o - * ones there (also for e.g. HPET in certain cases), so it should also - * have such established for IOMMUs. - */ - if ( iomem_access_permitted(d, pfn, pfn) && - rangeset_contains_singleton(mmio_ro_ranges, pfn) ) - perms = IOMMUF_readable; - } - /* - * ... or the PCIe MCFG regions. - * TODO: runtime added MMCFG regions are not checked to make sure they - * don't overlap with already mapped regions, thus preventing trapping. - */ - if ( has_vpci(d) && vpci_is_mmcfg_address(d, pfn_to_paddr(pfn)) ) - return 0; - - return perms; -} - static int __hwdom_init cf_check map_subtract(unsigned long s, unsigned long e, void *data) { @@ -444,8 +374,8 @@ static int __hwdom_init cf_check identity_map(unsigned long s, unsigned long e, void __hwdom_init arch_iommu_hwdom_init(struct domain *d) { - unsigned long i, top, max_pfn, start, count; - unsigned int flush_flags = 0, start_perms = 0; + const unsigned long max_pfn = PFN_DOWN(GB(4)) - 1; + unsigned int i; struct rangeset *map; struct map_data map_data = { .d = d }; int rc; @@ -476,58 +406,55 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) if ( !map ) panic("IOMMU init: unable to allocate rangeset\n"); - max_pfn = (GB(4) >> PAGE_SHIFT) - 1; - top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); + if ( iommu_hwdom_inclusive ) + { + /* Add the whole range below 4GB, UNUSABLE regions will be removed. */ + rc = rangeset_add_range(map, 0, max_pfn); + if ( rc ) + panic("IOMMU inclusive mappings can't be added: %d\n", + rc); + } - for ( i = 0, start = 0, count = 0; i < top; ) + for ( i = 0; i < e820.nr_map; i++ ) { - unsigned long pfn = pdx_to_pfn(i); - unsigned int perms = hwdom_iommu_map(d, pfn, max_pfn); + struct e820entry entry = e820.map[i]; - if ( !perms ) - /* nothing */; - else if ( paging_mode_translate(d) ) + switch ( entry.type ) { - int rc; + case E820_UNUSABLE: + if ( !iommu_hwdom_inclusive || PFN_DOWN(entry.addr) > max_pfn ) + continue; - rc = p2m_add_identity_entry(d, pfn, - perms & IOMMUF_writable ? p2m_access_rw - : p2m_access_r, - 0); + rc = rangeset_remove_range(map, PFN_DOWN(entry.addr), + PFN_DOWN(entry.addr + entry.size - 1)); if ( rc ) - printk(XENLOG_WARNING - "%pd: identity mapping of %lx failed: %d\n", - d, pfn, rc); - } - else if ( pfn != start + count || perms != start_perms ) - { - long rc; + panic("IOMMU failed to remove unusable memory: %d\n", + rc); + continue; - commit: - while ( (rc = iommu_map(d, _dfn(start), _mfn(start), count, - start_perms | IOMMUF_preempt, - &flush_flags)) > 0 ) - { - start += rc; - count -= rc; - process_pending_softirqs(); - } - if ( rc ) - printk(XENLOG_WARNING - "%pd: IOMMU identity mapping of [%lx,%lx) failed: %ld\n", - d, start, start + count, rc); - start = pfn; - count = 1; - start_perms = perms; + case E820_RESERVED: + if ( !iommu_hwdom_inclusive && !iommu_hwdom_reserved ) + continue; + break; + + case E820_RAM: + if ( iommu_hwdom_strict ) + continue; + break; } - else - ++count; - if ( !(++i & 0xfffff) ) - process_pending_softirqs(); + if ( iommu_hwdom_inclusive && + PFN_DOWN(entry.addr + entry.size - 1) <= max_pfn ) + /* + * Any range below 4GB is already in the rangeset if using inclusive + * mode. + */ + continue; - if ( i == top && count ) - goto commit; + rc = rangeset_add_range(map, PFN_DOWN(entry.addr), + PFN_DOWN(entry.addr + entry.size - 1)); + if ( rc ) + panic("IOMMU failed to add identity range: %d\n", rc); } /* Remove any areas in-use by Xen. */ @@ -605,7 +532,7 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) rangeset_destroy(map); /* Use if to avoid compiler warning */ - if ( iommu_iotlb_flush_all(d, flush_flags) ) + if ( iommu_iotlb_flush_all(d, map_data.flush_flags) ) return; } From patchwork Mon Dec 4 09:43:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13478019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F2D81C4167B for ; Mon, 4 Dec 2023 09:43:32 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.646681.1009242 (Exim 4.92) (envelope-from ) id 1rA5Tz-0004jo-20; Mon, 04 Dec 2023 09:43:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 646681.1009242; Mon, 04 Dec 2023 09:43:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Ty-0004ih-T0; Mon, 04 Dec 2023 09:43:18 +0000 Received: by outflank-mailman (input) for mailman id 646681; Mon, 04 Dec 2023 09:43:18 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tx-0003MS-VT for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:17 +0000 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [2a00:1450:4864:20::434]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8c9171d0-9289-11ee-9b0f-b553b5be7939; Mon, 04 Dec 2023 10:43:16 +0100 (CET) Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-3333b46f26aso1602431f8f.1 for ; Mon, 04 Dec 2023 01:43:16 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id d7-20020a05600c3ac700b0040b632f31d2sm9370573wms.5.2023.12.04.01.43.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:15 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8c9171d0-9289-11ee-9b0f-b553b5be7939 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682995; x=1702287795; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dxD/xIKIZNY1Gd+udPylENsx3szHutH/fapKCoFaITg=; b=c2MH7ZNoZwZP90Z0dFD7stBvxBoFVPXHD6/Og9rfg9Liw/LCOcK/sCf9/fElYytCJM /j+1NcTZWl1LpFCGtEJZiWEeudoVF/Bt04vaCzwGvj+n2b3zAw44qncXT4JS/dcmjJ1K MdabpxhRJOzxQim1NImjhz4W0XcdS8VGvlW6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682995; x=1702287795; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dxD/xIKIZNY1Gd+udPylENsx3szHutH/fapKCoFaITg=; b=uuLidUkhjCofsJ0olzK9orfEDV63CKBETbo9ByRkV4CpagEldXJEO3jukHP10nVI4q TK9tdKmlTX/Tc+r7xJSMu8IazHr0RabdR7MZ/y+vKZIv9ZzD/JjzY/j38f3SjNQpn+gY i3tLbvw5Ph9HuLMvtWcVn5LQqpiYo0Wnv+xMr6Z4h1zKBV+KjzDuogJuv9U5pJSOe99g fc/HmquB/zs7OOHId3QNcuvpRHRHuGZEtD21PrZZ4KEzocdN6NGiKDrrYh7S+VUqFYW3 fQbNU44OaRwEyPo3IqkJ/14Oz+6U/6ypEQy84rS17Ye7kg+ZzAWPSWR9PdqloCKDsMvE hKbA== X-Gm-Message-State: AOJu0YwwwmDt9Maeir1irNkq8xVT1S1DDEhK1s6r79ut1KdhFUX9tBs+ x5okhmBbx5s2wLJ8UuDsyDoxwAhiVJrvU1BpPgo= X-Google-Smtp-Source: AGHT+IHC4vfktUCR6jsvd+9qQfs94hYFg8QP5pZ0Uo7toZQiieUuEjnP32WLZ2tIqVAz6IBf96RBXQ== X-Received: by 2002:a05:600c:181c:b0:40b:5e59:b7af with SMTP id n28-20020a05600c181c00b0040b5e59b7afmr2209866wmp.140.1701682995478; Mon, 04 Dec 2023 01:43:15 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Paul Durrant , Jan Beulich , Andrew Cooper , Wei Liu , Lukasz Hawrylko , "Daniel P. Smith" , =?utf-8?q?Mateusz_M=C3=B3?= =?utf-8?q?wka?= Subject: [PATCH v2 6/6] x86/iommu: cleanup unused functions Date: Mon, 4 Dec 2023 10:43:05 +0100 Message-ID: <20231204094305.59267-7-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 Remove xen_in_range() and vpci_is_mmcfg_address() now that hey are unused. Adjust comments to point to the new functions that replace the existing ones. No functional change. Signed-off-by: Roger Pau Monné --- Can be squashed with the previous patch if desired, split as a separate patch for clarity. --- xen/arch/x86/include/asm/hvm/io.h | 3 -- xen/arch/x86/include/asm/setup.h | 1 - xen/arch/x86/setup.c | 53 ++----------------------------- xen/arch/x86/tboot.c | 2 +- 4 files changed, 3 insertions(+), 56 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/io.h b/xen/arch/x86/include/asm/hvm/io.h index e1e5e6fe7491..24d1b6134f02 100644 --- a/xen/arch/x86/include/asm/hvm/io.h +++ b/xen/arch/x86/include/asm/hvm/io.h @@ -153,9 +153,6 @@ int register_vpci_mmcfg_handler(struct domain *d, paddr_t addr, /* Destroy tracked MMCFG areas. */ void destroy_vpci_mmcfg(struct domain *d); -/* Check if an address is between a MMCFG region for a domain. */ -bool vpci_is_mmcfg_address(const struct domain *d, paddr_t addr); - /* Remove MMCFG regions from a given rangeset. */ int vpci_subtract_mmcfg(const struct domain *d, struct rangeset *r); diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index cd07d98101d8..1ced1299c77b 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -36,7 +36,6 @@ unsigned long initial_images_nrpages(nodeid_t node); void discard_initial_images(void); void *bootstrap_map(const module_t *mod); -int xen_in_range(unsigned long mfn); int remove_xen_ranges(struct rangeset *r); extern uint8_t kbd_shift_flags; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 71fa0b46f181..7d2cb61a2a4a 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1343,7 +1343,7 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) relocated = true; /* - * This needs to remain in sync with xen_in_range() and the + * This needs to remain in sync with remove_xen_ranges() and the * respective reserve_e820_ram() invocation below. No need to * query efi_boot_mem_unused() here, though. */ @@ -1495,7 +1495,7 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) if ( using_2M_mapping() ) efi_boot_mem_unused(NULL, NULL); - /* This needs to remain in sync with xen_in_range(). */ + /* This needs to remain in sync with remove_xen_ranges(). */ if ( efi_boot_mem_unused(&eb_start, &eb_end) ) { reserve_e820_ram(&boot_e820, __pa(_stext), __pa(eb_start)); @@ -2087,55 +2087,6 @@ void arch_get_xen_caps(xen_capabilities_info_t *info) } } -int __hwdom_init xen_in_range(unsigned long mfn) -{ - paddr_t start, end; - int i; - - enum { region_s3, region_ro, region_rw, region_bss, nr_regions }; - static struct { - paddr_t s, e; - } xen_regions[nr_regions] __hwdom_initdata; - - /* initialize first time */ - if ( !xen_regions[0].s ) - { - /* S3 resume code (and other real mode trampoline code) */ - xen_regions[region_s3].s = bootsym_phys(trampoline_start); - xen_regions[region_s3].e = bootsym_phys(trampoline_end); - - /* - * This needs to remain in sync with the uses of the same symbols in - * - __start_xen() (above) - * - is_xen_fixed_mfn() - * - tboot_shutdown() - */ - - /* hypervisor .text + .rodata */ - xen_regions[region_ro].s = __pa(&_stext); - xen_regions[region_ro].e = __pa(&__2M_rodata_end); - /* hypervisor .data + .bss */ - xen_regions[region_rw].s = __pa(&__2M_rwdata_start); - xen_regions[region_rw].e = __pa(&__2M_rwdata_end); - if ( efi_boot_mem_unused(&start, &end) ) - { - ASSERT(__pa(start) >= xen_regions[region_rw].s); - ASSERT(__pa(end) <= xen_regions[region_rw].e); - xen_regions[region_rw].e = __pa(start); - xen_regions[region_bss].s = __pa(end); - xen_regions[region_bss].e = __pa(&__2M_rwdata_end); - } - } - - start = (paddr_t)mfn << PAGE_SHIFT; - end = start + PAGE_SIZE; - for ( i = 0; i < nr_regions; i++ ) - if ( (start < xen_regions[i].e) && (end > xen_regions[i].s) ) - return 1; - - return 0; -} - int __hwdom_init remove_xen_ranges(struct rangeset *r) { paddr_t start, end; diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 86c4c22cacb8..4c254b4e34b4 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -321,7 +321,7 @@ void tboot_shutdown(uint32_t shutdown_type) /* * Xen regions for tboot to MAC. This needs to remain in sync with - * xen_in_range(). + * remove_xen_ranges(). */ g_tboot_shared->num_mac_regions = 3; /* S3 resume code (and other real mode trampoline code) */