User could do device passthrough, with "xen,force-assign-without-iommu" in the device tree snippet, on trusted guest through 1:1 direct-map, if IOMMU absent or disabled on hardware.
In order to achieve that, this patch adds 1:1 direct-map check and disables iommu-related action. Signed-off-by: Penny Zheng <[email protected]> --- xen/arch/arm/domain_build.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index c92e510ae7..9a9d2522b7 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2070,14 +2070,18 @@ static int __init handle_passthrough_prop(struct kernel_info *kinfo, if ( res < 0 ) return res; + /* + * If xen_force, we allow assignment of devices without IOMMU protection. + * And if IOMMU is disabled or absent, 1:1 direct-map is necessary + */ + if ( xen_force && is_domain_direct_mapped(kinfo->d) && + !dt_device_is_protected(node) ) + return 0; + res = iommu_add_dt_device(node); if ( res < 0 ) return res; - /* If xen_force, we allow assignment of devices without IOMMU protection. */ - if ( xen_force && !dt_device_is_protected(node) ) - return 0; - return iommu_assign_dt_device(kinfo->d, node); } -- 2.25.1
