From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [RFC PATCH 2/3] arch,
 arm32: add the XEN_DOMCTL_memory_mapping hypercall
Date: Tue, 04 Mar 2014 10:42:55 +0800
Message-ID: <53153DAF.7030207@linaro.org>
References: <1393721365-22458-1-git-send-email-avanzini.arianna@gmail.com>		
	<1393721365-22458-3-git-send-email-avanzini.arianna@gmail.com>		
	<53130053.9050801@linaro.org> <1393847789.4058.62.camel@Solace>	
	<53149DDA.2030706@linaro.org> <1393860831.4058.103.camel@Solace>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1393860831.4058.103.camel@Solace>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Dario Faggioli <dario.faggioli@citrix.com>
Cc: paolo.valente@unimore.it, Ian Campbell <Ian.Campbell@citrix.com>, stefano.stabellini@eu.citrix.com, Tim Deegan <tim@xen.org>, xen-devel@lists.xen.org, julien.grall@citrix.com, etrudeau@broadcom.com, Arianna Avanzini <avanzini.arianna@gmail.com>, viktor.kleinik@globallogic.com
List-Id: xen-devel@lists.xenproject.org

Hi Dario,

On 03/03/14 23:33, Dario Faggioli wrote:
> On lun, 2014-03-03 at 23:20 +0800, Julien Grall wrote:
>> On 03/03/14 19:56, Dario Faggioli wrote:
>
>>> Right. FTR, xen/arch/x86/domain_build.c, has this (also in
>>> construct_dom0):
>>>
>>>       /* DOM0 is permitted full I/O capabilities. */
>>>       rc |= ioports_permit_access(dom0, 0, 0xFFFF);
>>>       rc |= iomem_permit_access(dom0, 0UL, ~0UL);
>>>       rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1);
>>>
>>> Do you want a patch to that/similar effect?
>>
>> Yes. Maybe a bit more smarter than permitting full I/0 caps for dom0.
>>
> EhEh... do you mean to say that x86 is "not smart" ? :-)

No :).

>
>>> So, this is probably me messing up with the terminology, but what
>>> 'devices passthrough to it [dom0]' would mean, for example in cases
>>> where we don't have an IOMMU (like cubie* boards), and hence where
>>> proper passtrhogh will never be, I think, supported? Or do we plan to
>>> have it working there too?
>>
>> My term seems to be wrong for dom0 :).
>>
>> On ARM, some device is used by Xen and therefore not exposed to dom0. By
>> passthrough to dom0 I meant every device that are given to dom0, no
>> matter if the platform has an IOMMU.
>>
> Ok, now I got it.
>
>> I think DOM0 should only be able to map theses devices to a guest. It
>> seems stupid to allow dom0 mapping RAM or the UART used by Xen.
>>
> I see, and it does make sense.
>
> Of course, I really don't know what these devices are and what the best
> approach would be to hide/revoke permissions to their iomem/irqs (e.g.,
> allow everything and then revoke some, allow selectively in the first
> place, etc.).

I think the best place to permit access is in map_device 
(xen/arch/arm/domain_build.c).

This function is called for every devices used  by dom0 to map I/O mem 
and IRQ.

>
> I'm quite sure Arianna is keen on helping with this, but it better be,
> if possible, someone of you ARM folks suggesting her what, where and
> how. :-)

Either the ML or #xenarm channel on Freenode are the best to ask question.
Arianna, I advice you to join the IRC channel if it's not already the 
case ;).

Cheers,

-- 
Julien Grall