xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Paul Durrant <Paul.Durrant@citrix.com>
To: Kevin Tian <kevin.tian@intel.com>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	Andrew Cooper <Andrew.Cooper3@citrix.com>,
	"Tim (Xen.org)" <tim@xen.org>,
	George Dunlap <George.Dunlap@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Ian Jackson <Ian.Jackson@citrix.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH 5/7] public / x86: introduce __HYPERCALL_iommu_op
Date: Tue, 13 Feb 2018 09:22:33 +0000	[thread overview]
Message-ID: <5ed4994c89994703b24e607c5f183e68@AMSPEX02CL03.citrite.net> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D191002712@SHSMSX101.ccr.corp.intel.com>

> -----Original Message-----
> From: Tian, Kevin [mailto:kevin.tian@intel.com]
> Sent: 13 February 2018 06:43
> To: Paul Durrant <Paul.Durrant@citrix.com>; xen-devel@lists.xenproject.org
> Cc: Stefano Stabellini <sstabellini@kernel.org>; Wei Liu
> <wei.liu2@citrix.com>; George Dunlap <George.Dunlap@citrix.com>;
> Andrew Cooper <Andrew.Cooper3@citrix.com>; Ian Jackson
> <Ian.Jackson@citrix.com>; Tim (Xen.org) <tim@xen.org>; Jan Beulich
> <jbeulich@suse.com>; Daniel De Graaf <dgdegra@tycho.nsa.gov>
> Subject: RE: [Xen-devel] [PATCH 5/7] public / x86: introduce
> __HYPERCALL_iommu_op
> 
> > From: Paul Durrant
> > Sent: Monday, February 12, 2018 6:47 PM
> >
> > This patch introduces the boilerplate for a new hypercall to allow a
> > domain to control IOMMU mappings for its own pages.
> > Whilst there is duplication of code between the native and compat entry
> > points which appears ripe for some form of combination, I think it is
> > better to maintain the separation as-is because the compat entry point
> > will necessarily gain complexity in subsequent patches.
> >
> > NOTE: This hypercall is only implemented for x86 and is currently
> >       restricted by XSM to dom0 since it could be used to cause IOMMU
> >       faults which may bring down a host.
> >
> > Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
> [...]
> > +
> > +
> > +static bool can_control_iommu(void)
> > +{
> > +    struct domain *currd = current->domain;
> > +
> > +    /*
> > +     * IOMMU mappings cannot be manipulated if:
> > +     * - the IOMMU is not enabled or,
> > +     * - the IOMMU is passed through or,
> > +     * - shared EPT configured or,
> > +     * - Xen is maintaining an identity map.
> 
> "for dom0"
> 
> > +     */
> > +    if ( !iommu_enabled || iommu_passthrough ||
> > +         iommu_use_hap_pt(currd) || need_iommu(currd) )
> 
> I guess it's clearer to directly check iommu_dom0_strict here

Well, the problem with that is that it totally ties this interface to dom0. Whilst, in practice, that is the case at the moment (because of the xsm check) I do want to leave the potential to allow other PV domains to control their IOMMU mappings, if that make sense in future.

  Paul

> 
> > +        return false;
> > +
> > +    return true;
> > +}
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2018-02-13  9:22 UTC|newest]

Thread overview: 68+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-12 10:47 [PATCH 0/7] paravirtual IOMMU interface Paul Durrant
2018-02-12 10:47 ` [PATCH 1/7] iommu: introduce the concept of BFN Paul Durrant
2018-03-15 13:39   ` Jan Beulich
2018-03-16 10:31     ` Paul Durrant
2018-03-16 10:39       ` Jan Beulich
2018-02-12 10:47 ` [PATCH 2/7] iommu: make use of type-safe BFN and MFN in exported functions Paul Durrant
2018-03-15 15:44   ` Jan Beulich
2018-03-16 10:26     ` Paul Durrant
2018-07-10 14:29     ` George Dunlap
2018-07-10 14:34       ` Jan Beulich
2018-07-10 14:37         ` Andrew Cooper
2018-07-10 14:58         ` George Dunlap
2018-07-10 15:19           ` Jan Beulich
2018-02-12 10:47 ` [PATCH 3/7] iommu: push use of type-safe BFN and MFN into iommu_ops Paul Durrant
2018-03-15 16:15   ` Jan Beulich
2018-03-16 10:22     ` Paul Durrant
2018-02-12 10:47 ` [PATCH 4/7] vtd: add lookup_page method to iommu_ops Paul Durrant
2018-03-15 16:54   ` Jan Beulich
2018-03-16 10:19     ` Paul Durrant
2018-03-16 10:28       ` Jan Beulich
2018-03-16 10:41         ` Paul Durrant
2018-02-12 10:47 ` [PATCH 5/7] public / x86: introduce __HYPERCALL_iommu_op Paul Durrant
2018-02-13  6:43   ` Tian, Kevin
2018-02-13  9:22     ` Paul Durrant [this message]
2018-02-23  5:17       ` Tian, Kevin
2018-02-23  9:41         ` Paul Durrant
2018-02-24  2:57           ` Tian, Kevin
2018-02-26  9:57             ` Paul Durrant
2018-02-26 11:55               ` Tian, Kevin
2018-02-27  5:05               ` Tian, Kevin
2018-02-27  9:32                 ` Paul Durrant
2018-02-28  2:53                   ` Tian, Kevin
2018-02-28  8:55                     ` Paul Durrant
2018-03-16 12:25   ` Jan Beulich
2018-06-07 11:42     ` Paul Durrant
2018-06-07 13:21       ` Jan Beulich
2018-06-07 13:45         ` George Dunlap
2018-06-07 14:06           ` Paul Durrant
2018-06-07 14:21             ` Ian Jackson
2018-06-07 15:21               ` Paul Durrant
2018-06-07 15:41                 ` Jan Beulich
2018-02-12 10:47 ` [PATCH 6/7] x86: add iommu_op to query reserved ranges Paul Durrant
2018-02-13  6:51   ` Tian, Kevin
2018-02-13  9:25     ` Paul Durrant
2018-02-23  5:23       ` Tian, Kevin
2018-02-23  9:02         ` Jan Beulich
2018-03-19 14:10   ` Jan Beulich
2018-03-19 15:13     ` Paul Durrant
2018-03-19 16:30       ` Jan Beulich
2018-03-19 15:13   ` Jan Beulich
2018-03-19 15:36     ` Paul Durrant
2018-03-19 16:31       ` Jan Beulich
2018-02-12 10:47 ` [PATCH 7/7] x86: add iommu_ops to map and unmap pages, and also to flush the IOTLB Paul Durrant
2018-02-13  6:55   ` Tian, Kevin
2018-02-13  9:55     ` Paul Durrant
2018-02-23  5:35       ` Tian, Kevin
2018-02-23  9:35         ` Paul Durrant
2018-02-24  3:01           ` Tian, Kevin
2018-02-26  9:38             ` Paul Durrant
2018-03-19 15:11   ` Jan Beulich
2018-03-19 15:34     ` Paul Durrant
2018-03-19 16:49       ` Jan Beulich
2018-03-19 16:57         ` Paul Durrant
2018-03-20  8:11           ` Jan Beulich
2018-03-20  9:32             ` Paul Durrant
2018-03-20  9:49               ` Jan Beulich
2018-02-13  6:21 ` [PATCH 0/7] paravirtual IOMMU interface Tian, Kevin
2018-02-13  9:18   ` Paul Durrant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5ed4994c89994703b24e607c5f183e68@AMSPEX02CL03.citrite.net \
    --to=paul.durrant@citrix.com \
    --cc=Andrew.Cooper3@citrix.com \
    --cc=George.Dunlap@citrix.com \
    --cc=Ian.Jackson@citrix.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=jbeulich@suse.com \
    --cc=kevin.tian@intel.com \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).