diff options
| author | Jan Beulich <jbeulich@suse.com> | 2014-10-06 11:15:01 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2014-10-06 11:15:01 +0200 |
| commit | fdf30377fbc4fa6798bfda7d69e5d448c2b8e834 (patch) | |
| tree | 2592eb3fe6ea0b3eaf010c84c9d6e7595f0e0a29 | |
| parent | 9d8edc5a8b4a0937193f80da72abdb44c5aeaec6 (diff) | |
don't allow Dom0 access to IOMMUs' MMIO pages
Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0
access to these. This implicitly results in these pages also getting
marked reserved in the machine memory map Dom0 uses to determine the
ranges where PCI devices can have their MMIO ranges placed.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
| -rw-r--r-- | xen/drivers/passthrough/amd/pci_amd_iommu.c | 8 | ||||
| -rw-r--r-- | xen/drivers/passthrough/vtd/iommu.c | 4 |
2 files changed, 12 insertions, 0 deletions
diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 0b301b3556..e83bb35e48 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -19,6 +19,7 @@ */ #include <xen/sched.h> +#include <xen/iocap.h> #include <xen/pci.h> #include <xen/pci_regs.h> #include <xen/paging.h> @@ -283,6 +284,7 @@ static int amd_iommu_domain_init(struct domain *d) static void __hwdom_init amd_iommu_hwdom_init(struct domain *d) { unsigned long i; + const struct amd_iommu *iommu; if ( !iommu_passthrough && !need_iommu(d) ) { @@ -304,6 +306,12 @@ static void __hwdom_init amd_iommu_hwdom_init(struct domain *d) } } + for_each_amd_iommu ( iommu ) + if ( iomem_deny_access(d, PFN_DOWN(iommu->mmio_base_phys), + PFN_DOWN(iommu->mmio_base_phys + + IOMMU_MMIO_REGION_LENGTH - 1)) ) + BUG(); + setup_hwdom_pci_devices(d, amd_iommu_setup_hwdom_device); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 63038d9394..98fb2950c6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -23,6 +23,7 @@ #include <xen/sched.h> #include <xen/xmalloc.h> #include <xen/domain_page.h> +#include <xen/iocap.h> #include <xen/iommu.h> #include <asm/hvm/iommu.h> #include <xen/numa.h> @@ -1258,6 +1259,9 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) for_each_drhd_unit ( drhd ) { + if ( iomem_deny_access(d, PFN_DOWN(drhd->address), + PFN_DOWN(drhd->address)) ) + BUG(); iommu_enable_translation(drhd); } } |