From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Tiejun Chen <tiejun.chen@intel.com>
Cc: kevin.tian@intel.com, wei.liu2@citrix.com,
ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com,
tim@xen.org, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org,
jbeulich@suse.com, yang.z.zhang@intel.com
Subject: Re: [v8][PATCH 16/17] xen/vtd: group assigned device with RMRR
Date: Tue, 2 Dec 2014 15:40:16 -0500 [thread overview]
Message-ID: <20141202204016.GN357@laptop.dumpdata.com> (raw)
In-Reply-To: <1417425875-9634-17-git-send-email-tiejun.chen@intel.com>
On Mon, Dec 01, 2014 at 05:24:34PM +0800, Tiejun Chen wrote:
> Sometimes different devices may share RMRR range so in this
s/Sometimes//
s/range/ranges/
> case we shouldn't assign these devices into different VMs
> since they may have potential leakage even damage between VMs.
s/potential leak../corrupt each other/?
I am actually not sure what they would leak? Security data?
>
> So we need to group all devices as RMRR range to make sure they
s/So//
s/range/ranges/
> are just assigned into the same VM.
>
> Here we introduce two field, gid and domid, in struct,
> acpi_rmrr_unit:
> gid: indicate which group this device owns. "0" is invalid so
> just start from "1".
> domid: indicate which domain this device owns currently. Firstly
> the hardware domain should own it.
>
> Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
> ---
> xen/drivers/passthrough/vtd/dmar.c | 28 ++++++++++++++-
> xen/drivers/passthrough/vtd/dmar.h | 2 ++
> xen/drivers/passthrough/vtd/iommu.c | 68 +++++++++++++++++++++++++++++++++----
> 3 files changed, 91 insertions(+), 7 deletions(-)
>
> diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c
> index c5bc8d6..8d3406f 100644
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -572,10 +572,11 @@ acpi_parse_one_rmrr(struct acpi_dmar_header *header)
> {
> struct acpi_dmar_reserved_memory *rmrr =
> container_of(header, struct acpi_dmar_reserved_memory, header);
> - struct acpi_rmrr_unit *rmrru;
> + struct acpi_rmrr_unit *rmrru, *cur_rmrr;
> void *dev_scope_start, *dev_scope_end;
> u64 base_addr = rmrr->base_address, end_addr = rmrr->end_address;
> int ret;
> + static unsigned int group_id = 0;
>
> if ( (ret = acpi_dmar_check_length(header, sizeof(*rmrr))) != 0 )
> return ret;
> @@ -611,6 +612,8 @@ acpi_parse_one_rmrr(struct acpi_dmar_header *header)
> rmrru->base_address = base_addr;
> rmrru->end_address = end_addr;
> rmrru->segment = rmrr->segment;
> + /* "0" is an invalid group id. */
> + rmrru->gid = 0;
>
> dev_scope_start = (void *)(rmrr + 1);
> dev_scope_end = ((void *)rmrr) + header->length;
> @@ -682,7 +685,30 @@ acpi_parse_one_rmrr(struct acpi_dmar_header *header)
> "So please set pci_rdmforce to reserve these ranges"
> " if you need such a device in hotplug case.\n");
>
> + list_for_each_entry(cur_rmrr, &acpi_rmrr_units, list)
> + {
> + /*
> + * Any same or overlap range mean they should be
> + * at same group.
Same or overlap ranges must be in the same group.
> + */
> + if ( ((base_addr >= cur_rmrr->base_address) &&
> + (end_addr <= cur_rmrr->end_address)) ||
> + ((base_addr <= cur_rmrr->base_address) &&
> + (end_addr >= cur_rmrr->end_address)) )
> + {
> + rmrru->gid = cur_rmrr->gid;
> + continue;
> + }
> + }
> +
> acpi_register_rmrr_unit(rmrru);
> +
> + /* Allocate group id from gid:1. */
> + if ( !rmrru->gid )
> + {
> + group_id++;
> + rmrru->gid = group_id;
> + }
> }
> }
>
> diff --git a/xen/drivers/passthrough/vtd/dmar.h b/xen/drivers/passthrough/vtd/dmar.h
> index af1feef..a57c0d4 100644
> --- a/xen/drivers/passthrough/vtd/dmar.h
> +++ b/xen/drivers/passthrough/vtd/dmar.h
> @@ -76,6 +76,8 @@ struct acpi_rmrr_unit {
> u64 end_address;
> u16 segment;
> u8 allow_all:1;
> + int gid;
unsigned int?
> + domid_t domid;
> };
>
> struct acpi_atsr_unit {
> diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
> index a54c6eb..ba40209 100644
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1882,9 +1882,9 @@ static int rmrr_identity_mapping(struct domain *d, bool_t map,
>
> static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev)
> {
> - struct acpi_rmrr_unit *rmrr;
> - u16 bdf;
> - int ret, i;
> + struct acpi_rmrr_unit *rmrr, *g_rmrr;
> + u16 bdf, g_bdf;
> + int ret, i, j;
>
> ASSERT(spin_is_locked(&pcidevs_lock));
>
> @@ -1905,6 +1905,32 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev)
> PCI_BUS(bdf) == pdev->bus &&
> PCI_DEVFN2(bdf) == devfn )
> {
> + if ( rmrr->domid == hardware_domain->domain_id )
> + {
> + for_each_rmrr_device ( g_rmrr, g_bdf, j )
> + {
> + if ( g_rmrr->gid == rmrr->gid )
> + {
> + if ( g_rmrr->domid == hardware_domain->domain_id )
> + g_rmrr->domid = pdev->domain->domain_id;
> + else if ( g_rmrr->domid != pdev->domain->domain_id )
> + {
> + rmrr->domid = g_rmrr->domid;
> + continue;
> + }
> + }
> + }
> + }
> +
> + if ( rmrr->domid != pdev->domain->domain_id )
> + {
> + domain_context_unmap(pdev->domain, devfn, pdev);
> + dprintk(XENLOG_ERR VTDPREFIX, "d%d: this is a group device owned by d%d\n",
> + pdev->domain->domain_id, rmrr->domid);
> + rmrr->domid = 0;
> + return -EINVAL;
> + }
> +
> ret = rmrr_identity_mapping(pdev->domain, 1, rmrr);
> if ( ret )
> dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n",
> @@ -1946,6 +1972,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev)
> PCI_DEVFN2(bdf) != devfn )
> continue;
>
> + /* Just release to hardware domain. */
> + rmrr->domid = hardware_domain->domain_id;
> rmrr_identity_mapping(pdev->domain, 0, rmrr);
> }
>
> @@ -2104,6 +2132,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d)
> spin_lock(&pcidevs_lock);
> for_each_rmrr_device ( rmrr, bdf, i )
> {
> + /* hwdom should own all devices at first. */
> + rmrr->domid = d->domain_id;
> ret = rmrr_identity_mapping(d, 1, rmrr);
> if ( ret )
> dprintk(XENLOG_ERR VTDPREFIX,
> @@ -2273,9 +2303,9 @@ static int reassign_device_ownership(
> static int intel_iommu_assign_device(
> struct domain *d, u8 devfn, struct pci_dev *pdev)
> {
> - struct acpi_rmrr_unit *rmrr;
> - int ret = 0, i;
> - u16 bdf, seg;
> + struct acpi_rmrr_unit *rmrr, *g_rmrr;
> + int ret = 0, i, j;
> + u16 bdf, seg, g_bdf;
> u8 bus;
>
> if ( list_empty(&acpi_drhd_units) )
> @@ -2300,6 +2330,32 @@ static int intel_iommu_assign_device(
> PCI_BUS(bdf) == bus &&
> PCI_DEVFN2(bdf) == devfn )
> {
> + if ( rmrr->domid == hardware_domain->domain_id )
> + {
> + for_each_rmrr_device ( g_rmrr, g_bdf, j )
> + {
> + if ( g_rmrr->gid == rmrr->gid )
> + {
> + if ( g_rmrr->domid == hardware_domain->domain_id )
> + g_rmrr->domid = pdev->domain->domain_id;
> + else if ( g_rmrr->domid != pdev->domain->domain_id )
> + {
> + rmrr->domid = g_rmrr->domid;
> + continue;
> + }
> + }
> + }
> + }
> +
> + if ( rmrr->domid != pdev->domain->domain_id )
> + {
> + domain_context_unmap(pdev->domain, devfn, pdev);
> + dprintk(XENLOG_ERR VTDPREFIX, "d%d: this is a group device owned by d%d\n",
> + pdev->domain->domain_id, rmrr->domid);
> + rmrr->domid = 0;
> + return -EINVAL;
> + }
> +
Please make this a function.
> ret = rmrr_identity_mapping(d, 1, rmrr);
> if ( ret )
> {
> --
> 1.9.1
>
next prev parent reply other threads:[~2014-12-02 20:40 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 9:24 [v8][PATCH 00/17] xen: RMRR fix Tiejun Chen
2014-12-01 9:24 ` [v8][PATCH 01/17] tools/hvmloader: link errno.h from xen internal Tiejun Chen
2014-12-01 9:24 ` [v8][PATCH 02/17] introduce XEN_DOMCTL_set_rdm Tiejun Chen
2014-12-02 8:33 ` Tian, Kevin
2014-12-08 1:30 ` Chen, Tiejun
2014-12-02 19:39 ` Konrad Rzeszutek Wilk
2014-12-08 3:16 ` Chen, Tiejun
2014-12-08 15:57 ` Konrad Rzeszutek Wilk
2014-12-09 1:06 ` Chen, Tiejun
2014-12-09 8:33 ` Jan Beulich
2014-12-09 16:36 ` Konrad Rzeszutek Wilk
2014-12-04 15:33 ` Jan Beulich
2014-12-05 6:13 ` Tian, Kevin
2014-12-08 6:06 ` Chen, Tiejun
2014-12-08 8:43 ` Jan Beulich
2014-12-09 2:38 ` Chen, Tiejun
2014-12-09 7:29 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 03/17] introduce XENMEM_reserved_device_memory_map Tiejun Chen
2014-12-02 19:47 ` Konrad Rzeszutek Wilk
2014-12-08 6:17 ` Chen, Tiejun
2014-12-08 10:00 ` Jan Beulich
2014-12-08 16:45 ` Daniel De Graaf
2014-12-08 16:54 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 04/17] update the existing hypercall to support XEN_DOMCTL_set_rdm Tiejun Chen
2014-12-02 8:46 ` Tian, Kevin
2014-12-08 6:22 ` Chen, Tiejun
2014-12-04 15:50 ` Jan Beulich
2014-12-08 7:11 ` Chen, Tiejun
2014-12-08 8:51 ` Jan Beulich
2014-12-09 7:47 ` Chen, Tiejun
2014-12-09 8:19 ` Jan Beulich
2014-12-09 9:12 ` Chen, Tiejun
2014-12-09 9:21 ` Jan Beulich
2014-12-09 9:35 ` Chen, Tiejun
2014-12-09 10:11 ` Tim Deegan
2014-12-09 10:22 ` Jan Beulich
2014-12-10 1:59 ` Chen, Tiejun
2014-12-10 20:21 ` Konrad Rzeszutek Wilk
2014-12-10 3:39 ` Tian, Kevin
2014-12-10 9:01 ` Jan Beulich
2014-12-10 9:57 ` Tian, Kevin
2014-12-10 11:12 ` Tim Deegan
2014-12-11 2:03 ` Tian, Kevin
2014-12-11 13:09 ` Tim Deegan
2014-12-18 16:13 ` Tim Deegan
2014-12-19 1:03 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 05/17] tools/libxc: introduce hypercall for xc_reserved_device_memory_map Tiejun Chen
2014-12-02 8:46 ` Tian, Kevin
2014-12-02 19:50 ` Konrad Rzeszutek Wilk
2014-12-08 7:25 ` Chen, Tiejun
2014-12-08 15:52 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 06/17] tools/libxc: check if modules space is overlapping with reserved device memory Tiejun Chen
2014-12-02 8:54 ` Tian, Kevin
2014-12-02 19:55 ` Konrad Rzeszutek Wilk
2014-12-08 7:49 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 07/17] hvmloader/util: get reserved device memory maps Tiejun Chen
2014-12-02 8:59 ` Tian, Kevin
2014-12-08 7:55 ` Chen, Tiejun
2014-12-02 20:01 ` Konrad Rzeszutek Wilk
2014-12-08 8:09 ` Chen, Tiejun
2014-12-08 8:45 ` Chen, Tiejun
2014-12-04 15:52 ` Jan Beulich
2014-12-08 8:52 ` Chen, Tiejun
2014-12-08 9:18 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 08/17] hvmloader/mmio: reconcile guest mmio with reserved device memory Tiejun Chen
2014-12-02 9:11 ` Tian, Kevin
2014-12-08 9:04 ` Chen, Tiejun
2014-12-04 16:04 ` Jan Beulich
2014-12-08 9:10 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 09/17] hvmloader/ram: check if guest memory is out of reserved device memory maps Tiejun Chen
2014-12-02 9:42 ` Tian, Kevin
2014-12-02 20:17 ` Konrad Rzeszutek Wilk
2014-12-04 16:20 ` Jan Beulich
2014-12-05 6:23 ` Tian, Kevin
2014-12-05 7:43 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 10/17] hvmloader/mem_hole_alloc: skip any overlap with reserved device memory Tiejun Chen
2014-12-02 9:48 ` Tian, Kevin
2014-12-02 20:23 ` Konrad Rzeszutek Wilk
2014-12-04 16:28 ` Jan Beulich
2014-12-05 6:24 ` Tian, Kevin
2014-12-05 7:46 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 11/17] xen/x86/p2m: reject populating for reserved device memory mapping Tiejun Chen
2014-12-02 9:57 ` Tian, Kevin
2014-12-04 16:42 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation Tiejun Chen
2014-12-02 9:59 ` Tian, Kevin
2014-12-02 20:26 ` Konrad Rzeszutek Wilk
2014-12-04 16:46 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 13/17] xen/mem_access: don't allow accessing reserved device memory Tiejun Chen
2014-12-02 14:54 ` Julien Grall
2014-12-18 22:56 ` Tamas K Lengyel
2014-12-02 20:27 ` Konrad Rzeszutek Wilk
2014-12-04 16:51 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 14/17] xen/x86/p2m: introduce set_identity_p2m_entry Tiejun Chen
2014-12-02 10:00 ` Tian, Kevin
2014-12-02 20:29 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 15/17] xen:vtd: create RMRR mapping Tiejun Chen
2014-12-02 10:02 ` Tian, Kevin
2014-12-02 20:30 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 16/17] xen/vtd: group assigned device with RMRR Tiejun Chen
2014-12-02 10:11 ` Tian, Kevin
2014-12-02 20:40 ` Konrad Rzeszutek Wilk [this message]
2014-12-04 17:05 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 17/17] xen/vtd: re-enable USB device assignment if enable pci_force Tiejun Chen
2014-12-05 16:12 ` Konrad Rzeszutek Wilk
2014-12-02 19:17 ` [v8][PATCH 00/17] xen: RMRR fix Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202204016.GN357@laptop.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tiejun.chen@intel.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.