From nobody Tue Nov 11 06:58:46 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1569584916; cv=none; d=zoho.com; s=zohoarc; b=daUckjfYmkq9utg/1GJgr366wqDJPtZ9LQ2sLP0d2dEXngsJIgbuvUnmWcH9/v2tHfDM0UAGo79tceIs1eTO4eByVlVjI3Erf5Y2eC+oP7EmfgdQ0KnlpdqaIV8u7LNwU+sWDCOoWemKYuZVkcFa+8NU6i2bJYzpC2dpwM1EYSQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569584916; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=JLbU/c6+Q1un6+l9ruc7TY/DieYH+Y6mNvuKtUNA2pw=; b=Zf4Fnh1+OX6BQfghFjO+b6w7KIGTdSUs/bk615kqSVZi1URLY9TexYjZjLA8BqBjKMVvzRwXeCaF7NxirsoROurz2VLAyFm3faAGTrqacp7/g+k8OhHGHDkoDmjqaVnmigo1D4fsu1LhjkYvTIGEtgX9+BNweEp/ux5HGOFwaJA= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1569584916340464.3457331318334; Fri, 27 Sep 2019 04:48:36 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDohU-0000pe-0R; Fri, 27 Sep 2019 11:46:16 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDohS-0000pQ-Bj for xen-devel@lists.xenproject.org; Fri, 27 Sep 2019 11:46:14 +0000 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by localhost (Halon) with ESMTPS id 67ea7770-e11c-11e9-9676-12813bfff9fa; Fri, 27 Sep 2019 11:46:13 +0000 (UTC) X-Inumbo-ID: 67ea7770-e11c-11e9-9676-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1569584773; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=r8aYpU7uwlgMG5SeexwbNPXBQ/FHaGSLa2qK8HXoZf4=; b=WwwLivBhbpM6zEJbSPrK4BfCWnSFuuc1mUKXnfp7xFXYXmD+Gc1QFUNW S8UqtvFvSsQcVQIvIzFzsj134LZcDIG6ckTgCTxZ6q0wxiRSgnlazS/uR Ng6HDTDSlurCteNMYwq8ouHBFdrIwzorBwAMoov5v6AkmC93r46iaBySH c=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=paul.durrant@citrix.com; spf=Pass smtp.mailfrom=Paul.Durrant@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of paul.durrant@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="paul.durrant@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa2.hc3370-68.iphmx.com: domain of Paul.Durrant@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="Paul.Durrant@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: zjOlCGnM1p9Egilvr0q8h0VQDxoyTlcD/LRtLJQjoVkavb2Ucc8l0PfAEOMTj53GLjTCpByPjK UJGFThs1mK+tLhikaBQMUXXdDAjBOAXbK9+p//29f7fzrpTp6v9d8aM0V/733m4+Z8BqvmdjlW zH9NQDSm+i5z5+s6tgF3R+AD7u1bxOCfiqMBcTdWe/L7rn69AAv3eBrtaOtEMxv8LiBdUMN3FV K+SXU3PDZ5NNco2rd8RHmfqRDz9jGRo72AR4h/V0P51b59qHBvhgRZth3IYCqPmtPTE8Mj/Gaa APA= X-SBRS: 2.7 X-MesageID: 6164558 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,555,1559534400"; d="scan'208";a="6164558" From: Paul Durrant To: Date: Fri, 27 Sep 2019 12:45:54 +0100 Message-ID: <20190927114554.11513-1-paul.durrant@citrix.com> X-Mailer: git-send-email 2.20.1.2.gb21ebb671 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] iommu: fix PVH dom0 settings X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Paul Durrant , Jan Beulich , Roger Pau Monne Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) PVH dom0 must operate with the iommu settings in 'strict' mode i.e. only the domain's own pages will be mapped in the IOMMU. The check_hwdom_reqs() is supposed to ensure this. Unfortunately the test for a PVH dom0 is made using paging_mode_translate() and, when commit f89f5558 "remove late (on-demand) construction of IOMMU page tables" moved the call of check_hwdom_reqs() from iommu_hwdom_init() to iommu_domain_init(), that test became ineffective (because iommu_domain_init() is called before paging_enable()). This patch replaces the test of paging_mode_translate() with a test of hap_enabled(), and also verifies 'strict' mode is turned on in arch_iommu_check_autotranslated_hwdom(). Signed-off-by: Paul Durrant Reported-by: Roger Pau Monne Reviewed-by: Jan Beulich --- Cc: Jan Beulich --- xen/drivers/passthrough/iommu.c | 6 +++--- xen/drivers/passthrough/x86/iommu.c | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iomm= u.c index 2733b320ec..8b550f909b 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -154,13 +154,13 @@ custom_param("dom0-iommu", parse_dom0_iommu_param); =20 static void __hwdom_init check_hwdom_reqs(struct domain *d) { - if ( iommu_hwdom_none || !paging_mode_translate(d) ) + if ( iommu_hwdom_none || !hap_enabled(d) ) return; =20 - arch_iommu_check_autotranslated_hwdom(d); - iommu_hwdom_passthrough =3D false; iommu_hwdom_strict =3D true; + + arch_iommu_check_autotranslated_hwdom(d); } =20 int iommu_domain_init(struct domain *d, unsigned int opts) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/= x86/iommu.c index 47a3e55213..f54805babd 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -85,6 +85,9 @@ void __hwdom_init arch_iommu_check_autotranslated_hwdom(s= truct domain *d) { if ( !is_iommu_enabled(d) ) panic("Presently, iommu must be enabled for PVH hardware domain\n"= ); + + if ( !iommu_hwdom_strict ) + panic("PVH hardware domain iommu must be set in 'strict' mode\n"); } =20 int arch_iommu_domain_init(struct domain *d) --=20 2.20.1.2.gb21ebb671 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel