From nobody Mon Feb 9 17:36:09 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1701683014; cv=none; d=zohomail.com; s=zohoarc; b=fxpBL3wB7C8ooUc91S3XUc7J9wo+7jlqb9EdBBlDtfT/dF3/ndqr62//CN5xTxhJjtqDVlIkA+2JgIlJVRhFOlOyvTbdkVaQwaU7lWh/msQwLws+RFulnlqRXvmcOFRLbbt5qky+KvnV1vEy0nAsoJCl6HshC+WFshIp006W32c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1701683014; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=9CBBn/nfJfW5I5gQfew3uGEClXixqREpb7mxes5nWVE=; b=QjxeGUSGLDWfRaKas6lWzCrYq/eRweJ9kCLEswCgqTmfEf7itzubp1EzD2ba/xWxTygXM48yt8KRvVNkZjxA44KR1mhRp6o6PM4EVoeC9EwHyLCoBcS4jd2vG7wKhzGEAyjp5yrxm3XmiSNjv5tfO/97IP+7V1eJPRdt2nu1s3o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1701683014099415.8346187283023; Mon, 4 Dec 2023 01:43:34 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.646678.1009212 (Exim 4.92) (envelope-from ) id 1rA5Tw-0003yg-Lj; Mon, 04 Dec 2023 09:43:16 +0000 Received: by outflank-mailman (output) from mailman id 646678.1009212; Mon, 04 Dec 2023 09:43:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tw-0003yV-HJ; Mon, 04 Dec 2023 09:43:16 +0000 Received: by outflank-mailman (input) for mailman id 646678; Mon, 04 Dec 2023 09:43:14 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rA5Tu-0003Ag-NN for xen-devel@lists.xenproject.org; Mon, 04 Dec 2023 09:43:14 +0000 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [2a00:1450:4864:20::329]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8b3da560-9289-11ee-98e5-6d05b1d4d9a1; Mon, 04 Dec 2023 10:43:14 +0100 (CET) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-40bda47c489so21569455e9.3 for ; Mon, 04 Dec 2023 01:43:14 -0800 (PST) Received: from localhost ([213.195.113.99]) by smtp.gmail.com with ESMTPSA id fb13-20020a05600c520d00b0040b3e7569fcsm17876713wmb.11.2023.12.04.01.43.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 01:43:12 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8b3da560-9289-11ee-98e5-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1701682993; x=1702287793; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9CBBn/nfJfW5I5gQfew3uGEClXixqREpb7mxes5nWVE=; b=io+DVSp4WpQd8qFDFNJq6dqRHw+1NqSHgdCK3EN9mytl4JnlNEldcK9r1O0VqzrRo2 uf8MCqJ8a8yKPRxPszbrO+tZjpu3elX4ChC9MWcGesaecnlDn+YbC4uIjuGNz7ENuJp5 dgTuKkX1Pa1mwLez9ExxJ3AdzOyi7rQ0Vpt0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701682993; x=1702287793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9CBBn/nfJfW5I5gQfew3uGEClXixqREpb7mxes5nWVE=; b=EZfgt6/zaLn5XX58EKF1h3qESnVTG36LJu6f6QEWRIystSohsewlf9sl4Mb+N2Xf16 KhqeYBhBhJZDz8G7Z6tb0oZF2XVQyDSMMwsWN6ZLsIOMeZcSOrnnShTDQ5T+Zunal2Wn yt4w9d8clmjwUGYabNwb4Q7ig5/ud8TykJBOtQtgJc3QXA5S059Qp/X+S2LdBazXrPmu 7nrYvtvDf4H1Czkh/mpSlRyajFsMtq+ZbQyoffIOo4VfQnQkkO3VQIuMCHZo4oIN6QMt h01aqpL1qp4oPHBLzhrYRg33NMScLVEnoLpTAGN3Lwp9HcKp4kx/hQQDDDKxxPlypoAW N92g== X-Gm-Message-State: AOJu0YyOw/1xi0WC1YEXyaBcMumdvmb4iuXJRXoLAeKygzWlxTNU/JLA OufmGKo0+I7n2eA6843HOgwbHTvAgLN8Ddf1ggw= X-Google-Smtp-Source: AGHT+IGOQdlSMXC0XrmskVGzoU5BsJXwCuzOpMBMeVb88PJfiULLufbdNiH+rPUje5K1xKKA4OPjHQ== X-Received: by 2002:a05:600c:46ca:b0:40b:5e1e:cf6 with SMTP id q10-20020a05600c46ca00b0040b5e1e0cf6mr2360700wmo.49.1701682993282; Mon, 04 Dec 2023 01:43:13 -0800 (PST) From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Paul Durrant , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v2 4/6] x86/iommu: remove regions not to be mapped Date: Mon, 4 Dec 2023 10:43:03 +0100 Message-ID: <20231204094305.59267-5-roger.pau@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231204094305.59267-1-roger.pau@citrix.com> References: <20231204094305.59267-1-roger.pau@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1701683016368100003 Introduce the code to remove regions not to be mapped from the rangeset that will be used to setup the IOMMU page tables for the hardware domain. This change also introduces two new functions: remove_xen_ranges() and vpci_subtract_mmcfg() that copy the logic in xen_in_range() and vpci_is_mmcfg_address() respectively and remove the ranges that would other= wise be intercepted by the original functions. Note that the rangeset is still not populated. Signed-off-by: Roger Pau Monn=C3=A9 --- Changes since v1: - Split from bigger patch. --- xen/arch/x86/hvm/io.c | 16 ++++++++ xen/arch/x86/include/asm/hvm/io.h | 3 ++ xen/arch/x86/include/asm/setup.h | 1 + xen/arch/x86/setup.c | 48 ++++++++++++++++++++++ xen/drivers/passthrough/x86/iommu.c | 64 +++++++++++++++++++++++++++++ 5 files changed, 132 insertions(+) diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c index d75af83ad01f..a42854c52b65 100644 --- a/xen/arch/x86/hvm/io.c +++ b/xen/arch/x86/hvm/io.c @@ -369,6 +369,22 @@ bool vpci_is_mmcfg_address(const struct domain *d, pad= dr_t addr) return vpci_mmcfg_find(d, addr); } =20 +int __hwdom_init vpci_subtract_mmcfg(const struct domain *d, struct ranges= et *r) +{ + const struct hvm_mmcfg *mmcfg; + + list_for_each_entry ( mmcfg, &d->arch.hvm.mmcfg_regions, next ) + { + int rc =3D rangeset_remove_range(r, PFN_DOWN(mmcfg->addr), + PFN_DOWN(mmcfg->addr + mmcfg->size = - 1)); + + if ( rc ) + return rc; + } + + return 0; +} + static unsigned int vpci_mmcfg_decode_addr(const struct hvm_mmcfg *mmcfg, paddr_t addr, pci_sbdf_t *sbdf) { diff --git a/xen/arch/x86/include/asm/hvm/io.h b/xen/arch/x86/include/asm/h= vm/io.h index a97731657801..e1e5e6fe7491 100644 --- a/xen/arch/x86/include/asm/hvm/io.h +++ b/xen/arch/x86/include/asm/hvm/io.h @@ -156,6 +156,9 @@ void destroy_vpci_mmcfg(struct domain *d); /* Check if an address is between a MMCFG region for a domain. */ bool vpci_is_mmcfg_address(const struct domain *d, paddr_t addr); =20 +/* Remove MMCFG regions from a given rangeset. */ +int vpci_subtract_mmcfg(const struct domain *d, struct rangeset *r); + #endif /* __ASM_X86_HVM_IO_H__ */ =20 =20 diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/se= tup.h index 9a460e4db8f4..cd07d98101d8 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -37,6 +37,7 @@ void discard_initial_images(void); void *bootstrap_map(const module_t *mod); =20 int xen_in_range(unsigned long mfn); +int remove_xen_ranges(struct rangeset *r); =20 extern uint8_t kbd_shift_flags; =20 diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 3cba2be0af6c..71fa0b46f181 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2136,6 +2136,54 @@ int __hwdom_init xen_in_range(unsigned long mfn) return 0; } =20 +int __hwdom_init remove_xen_ranges(struct rangeset *r) +{ + paddr_t start, end; + int rc; + + /* S3 resume code (and other real mode trampoline code) */ + rc =3D rangeset_remove_range(r, PFN_DOWN(bootsym_phys(trampoline_start= )), + PFN_DOWN(bootsym_phys(trampoline_end))); + if ( rc ) + return rc; + + /* + * This needs to remain in sync with the uses of the same symbols in + * - __start_xen() + * - is_xen_fixed_mfn() + * - tboot_shutdown() + */ + /* hypervisor .text + .rodata */ + rc =3D rangeset_remove_range(r, PFN_DOWN(__pa(&_stext)), + PFN_DOWN(__pa(&__2M_rodata_end))); + if ( rc ) + return rc; + + /* hypervisor .data + .bss */ + if ( efi_boot_mem_unused(&start, &end) ) + { + ASSERT(__pa(start) >=3D __pa(&__2M_rwdata_start)); + rc =3D rangeset_remove_range(r, PFN_DOWN(__pa(&__2M_rwdata_start)), + PFN_DOWN(__pa(start))); + if ( rc ) + return rc; + ASSERT(__pa(end) <=3D __pa(&__2M_rwdata_end)); + rc =3D rangeset_remove_range(r, PFN_DOWN(__pa(end)), + PFN_DOWN(__pa(&__2M_rwdata_end))); + if ( rc ) + return rc; + } + else + { + rc =3D rangeset_remove_range(r, PFN_DOWN(__pa(&__2M_rwdata_start)), + PFN_DOWN(__pa(&__2M_rwdata_end))); + if ( rc ) + return rc; + } + + return 0; +} + static int __hwdom_init cf_check io_bitmap_cb( unsigned long s, unsigned long e, void *ctx) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/= x86/iommu.c index 531a428f6496..7e97805fccec 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -370,6 +370,14 @@ static unsigned int __hwdom_init hwdom_iommu_map(const= struct domain *d, return perms; } =20 +static int __hwdom_init cf_check map_subtract(unsigned long s, unsigned lo= ng e, + void *data) +{ + struct rangeset *map =3D data; + + return rangeset_remove_range(map, s, e); +} + struct map_data { struct domain *d; unsigned int flush_flags; @@ -522,6 +530,62 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain = *d) goto commit; } =20 + /* Remove any areas in-use by Xen. */ + rc =3D remove_xen_ranges(map); + if ( rc ) + panic("IOMMU failed to remove Xen ranges: %d\n", rc); + + /* Remove any overlap with the Interrupt Address Range. */ + rc =3D rangeset_remove_range(map, 0xfee00, 0xfeeff); + if ( rc ) + panic("IOMMU failed to remove Interrupt Address Range: %d\n", + rc); + + /* If emulating IO-APIC(s) make sure the base address is unmapped. */ + if ( has_vioapic(d) ) + { + for ( i =3D 0; i < d->arch.hvm.nr_vioapics; i++ ) + { + rc =3D rangeset_remove_singleton(map, + PFN_DOWN(domain_vioapic(d, i)->base_address)); + if ( rc ) + panic("IOMMU failed to remove IO-APIC: %d\n", + rc); + } + } + + if ( is_pv_domain(d) ) + { + /* + * Be consistent with CPU mappings: Dom0 is permitted to establish= r/o + * ones there (also for e.g. HPET in certain cases), so it should = also + * have such established for IOMMUs. Remove any read-only ranges = here, + * since ranges in mmio_ro_ranges are already explicitly mapped be= low + * in read-only mode. + */ + rc =3D rangeset_report_ranges(mmio_ro_ranges, 0, ~0UL, map_subtrac= t, map); + if ( rc ) + panic("IOMMU failed to remove read-only regions: %d\n", + rc); + } + + if ( has_vpci(d) ) + { + /* + * TODO: runtime added MMCFG regions are not checked to make sure = they + * don't overlap with already mapped regions, thus preventing trap= ping. + */ + rc =3D vpci_subtract_mmcfg(d, map); + if ( rc ) + panic("IOMMU unable to remove MMCFG areas: %d\n", rc); + } + + /* Remove any regions past the last address addressable by the domain.= */ + rc =3D rangeset_remove_range(map, PFN_DOWN(1UL << paging_max_paddr_bit= s(d)), + ~0UL); + if ( rc ) + panic("IOMMU unable to remove unaddressable ranges: %d\n", rc); + if ( iommu_verbose ) printk(XENLOG_INFO "d%u: identity mappings for IOMMU:\n", d->domain_id); --=20 2.43.0