On 08/08/2019 12:23, Oleksandr wrote:
On 08.08.19 14:01, Roger Pau Monné wrote:
Hi, Roger.
On Thu, Aug 08, 2019 at 01:53:23PM +0300, Oleksandr Tyshchenko wrote:
From: Oleksandr Tyshchenko <[email protected]>
Don't skip IOMMU nodes when creating DT for Dom0 if IOMMU has been
forcibly disabled in bootargs (e.g. "iommu=0") in order to let
the IOMMU be accessible by DOM0.
I don't think your code is doing what you expect... If iommu=0, then Xen will
not lookup for IOMMUs (iommu_hardware_setup() will not be called). So none of
the device will have DEVICE_IOMMU set and hence they are already given to dom0.
But I think it is wrong to give the IOMMUs to Dom0 when iommu=0. This is not the
goal of this option. If you want to passthrough the IOMMU to Dom0, then you
should use the parameter iommu_hwdom_passthrough.
However, I agree with Roger that giving the IOMMU to dom0 is a pretty bad idea.
So this should be fixed.
Signed-off-by: Oleksandr Tyshchenko <[email protected]>
---
I have heard there is a "possible" case when the IOMMU could be accessible by
DOM0.
So, I think, for this to work we need to create corresponding DT nodes in the DT
at least.
dom0 on ARM being an autotranslated guest I'm not sure how it's going
to program the DMA remapping in the iommu, since it doesn't know the
mfns of the memory it uses at all, hence I don't see the point in
exposing the hardware iommu to dom0 unless there's some emulation done
to make dom0 able to access it.
Currently, Dom0 on ARM is always 1:1 mapped (gfn == mfn). However, I don't
really know how long this assumption it is going to be true.
The 1:1 mapped is only correct for Dom0 RAM. Any foreign mapping will not be
mapped 1:1.
We actually have code in Linux to keep track of the foreign mapping as any DMA
access should be using the machine physical address (and not Dom0 physical address).
This brings some headache when IOMMU is used in Xen because we have to add a 1:1
mapping for foreign page so you can still DMA in it. This will be fun trying to
fix XSA-300 because of that...
Ideally the 1:1 mapping should only be used when necessary. Unfortunately this
is not trivial to remove. For a first, Linux is assuming the 1:1 mapping so you
need to teach Linux to not assume that anymore. So we need to know if the kernel
is able to deal with it when building dom0.
Furthermore, having an IOMMU on a platform sadly doesn't mean all DMA-capable
devices will be behind it. This is a bit difficult to find out in Xen.
In short, this is quite a mess to resolve :/.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xenproject.org/mailman/listinfo/xen-devel
