From nobody Sun Nov 2 12:40:49 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1739787533; cv=none; d=zohomail.com; s=zohoarc; b=buJFnkgkW1BplVGlFsGdwqr9bTZiDDThNxEE3qsGnl5Fq5hvZ1hsZVPL82Mr65pRg2q1qDETblwR7XTl+qRT/hN7IBqohhLpzgOUskk4922wOEA+03DCC3aj2FoH8OitWOp1FsS/N/ElRJKHEL4EpWryriGtLHOc6NQvbG24D1g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1739787533; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gXb3wUVO5oKXKkBCZARASVXNl7WclyPN6YadW2p3Vio=; b=mY1T8eeIUW/6p3q8juREn6em6sfRBGs5+m5rPn5D5uMXNgOs3HSEgM8ek5BKJk1nwAQND0wnwK2ilOFPeB/T5JY9s7OLO+eOBcP/nTqKcJtbblwW4OuUCl1G4XRnjdia9CIFPbqf/f4/rkJNW7lM7PB0UpA9hW9Et3qBl3Qwd+w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1739787533558442.728644733363; Mon, 17 Feb 2025 02:18:53 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.890008.1299093 (Exim 4.92) (envelope-from ) id 1tjyCr-0001fo-Ni; Mon, 17 Feb 2025 10:18:29 +0000 Received: by outflank-mailman (output) from mailman id 890008.1299093; Mon, 17 Feb 2025 10:18:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjyCr-0001ec-Hd; Mon, 17 Feb 2025 10:18:29 +0000 Received: by outflank-mailman (input) for mailman id 890008; Mon, 17 Feb 2025 10:18:27 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjyCp-0008Nl-8x for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 10:18:27 +0000 Received: from mail178-27.suw51.mandrillapp.com (mail178-27.suw51.mandrillapp.com [198.2.178.27]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 861780a1-ed18-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 11:18:25 +0100 (CET) Received: from pmta13.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail178-27.suw51.mandrillapp.com (Mailchimp) with ESMTP id 4YxJWz3Wf3z6CPyQP for ; Mon, 17 Feb 2025 10:18:23 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 0b3be3f917cc4109bfb1d6d54bfdd02d; Mon, 17 Feb 2025 10:18:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 861780a1-ed18-11ef-9aa6-95dc52dad729 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1739787503; x=1740057503; bh=gXb3wUVO5oKXKkBCZARASVXNl7WclyPN6YadW2p3Vio=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=2DN702Xxo5b15o1FfO5cWPPO8ZFH20Iq3E21m5DpGIuLIUqcith/VMajomMM1Sk2Z rfc2zUp00DqGaBx0ZfCJihaxdfZXvzkfKQw+jkcsxEVJIEF53MJ/IvFDEzmjfFklLV GQejxcZ6EIUQSwQAqgtWBdtRg8nRwwuUNg4M5t+A3YvmDpzQzPm+OMHnCMrvdeMjOI KEf0xRuUYoJEzHy7bDm8csCtn2CVfywYOWTG8T7otF/5mIyUZnTv4IB12OSyU0SsUe xxe8sCckIEm39nScwzM6zCuyKp9fR+v5C7TQQ9klDnmL4EkVIe6vqZNixcFRk9bIRc ZJKM2I/zpXR9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1739787503; x=1740048003; i=teddy.astie@vates.tech; bh=gXb3wUVO5oKXKkBCZARASVXNl7WclyPN6YadW2p3Vio=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=EBfgtgH6T162c1dLEThxISHY/VP9+Dw2nJuoTtsytkSS0nu3aMkSPzBcwdn6d3Kcp K9RJC2tThFwC1ZdXfpGobi+xGUXPWNmzZRGqftAfSbZMS841UhEXukj8wVbjqxzzpT ZAMrEhkvUgalfh4vd8TRtvWfLF5GbeGcjEqtbIrZJ8/hxzNfM6CVVPaViVXP88ILfz En/0fzA4RCh14rc9Kh1n76muCA7qTbRFLYQ5KxwLc++msILLZnIo+fhaJvGSC6Cgs3 s9g3JZaSlgMCkT9sNBE9APBpiGRN6fJV2fOf/DrY1L3jEyR0fj8IJCeHnyuXZP4R5z MMLMdmpExg7Nw== From: "Teddy Astie" Subject: =?utf-8?Q?[XEN=20RFC=20PATCH=20v6=2011/11]=20iommu:=20Introduce=20no-dma=20feature?= X-Mailer: git-send-email 2.47.2 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1739787502340 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Andrew Cooper" , "Anthony PERARD" , "Michal Orzel" , "Jan Beulich" , "Julien Grall" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Stefano Stabellini" Message-Id: <998adb8e82b0b4610d800b12b89d47e6341e565a.1739785339.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.0b3be3f917cc4109bfb1d6d54bfdd02d?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250217:md Date: Mon, 17 Feb 2025 10:18:23 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1739787535474019100 Content-Type: text/plain; charset="utf-8" This feature exposed through `dom0-iommu=3Dno-dma` prevents the devices of default context to have access to domain's memory. This basically enforces DMA protection by default. The domain will need to prepare a specific IOMMU context to do DMA. This feature needs the guest to provide a PV-IOMMU driver. Signed-off-by: Teddy Astie --- xen/common/pv-iommu.c | 3 +++ xen/drivers/passthrough/iommu.c | 10 ++++++++++ xen/drivers/passthrough/x86/iommu.c | 4 ++++ xen/include/xen/iommu.h | 3 +++ 4 files changed, 20 insertions(+) diff --git a/xen/common/pv-iommu.c b/xen/common/pv-iommu.c index a1315bf582..9c7d04b4c7 100644 --- a/xen/common/pv-iommu.c +++ b/xen/common/pv-iommu.c @@ -99,6 +99,9 @@ static long capabilities_op(struct pv_iommu_capabilities = *cap, struct domain *d) cap->max_pasid =3D 0; /* TODO */ cap->cap_flags =3D 0; =20 + if ( !dom_iommu(d)->no_dma ) + cap->cap_flags |=3D IOMMUCAP_default_identity; + cap->pgsize_mask =3D PAGE_SIZE_4K; =20 return 0; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iomm= u.c index c26a2160f9..59a4c64915 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -55,6 +55,7 @@ static bool __hwdom_initdata iommu_hwdom_none; bool __hwdom_initdata iommu_hwdom_strict; bool __read_mostly iommu_hwdom_passthrough; bool __hwdom_initdata iommu_hwdom_inclusive; +bool __read_mostly iommu_hwdom_no_dma =3D false; int8_t __hwdom_initdata iommu_hwdom_reserved =3D -1; =20 #ifndef iommu_hap_pt_share @@ -172,6 +173,8 @@ static int __init cf_check parse_dom0_iommu_param(const= char *s) iommu_hwdom_reserved =3D val; else if ( !cmdline_strcmp(s, "none") ) iommu_hwdom_none =3D true; + else if ( (val =3D parse_boolean("dma", s, ss)) >=3D 0 ) + iommu_hwdom_no_dma =3D !val; else rc =3D -EINVAL; =20 @@ -329,6 +332,13 @@ int iommu_domain_init(struct domain *d, unsigned int o= pts) if ( !is_hardware_domain(d) || iommu_hwdom_strict ) hd->need_sync =3D !iommu_use_hap_pt(d); =20 + if ( hd->no_dma ) + { + /* No-DMA mode is exclusive with HAP and sync_pt. */ + hd->hap_pt_share =3D false; + hd->need_sync =3D false; + } + ASSERT(!(hd->need_sync && hd->hap_pt_share)); =20 hd->allow_pv_iommu =3D true; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/= x86/iommu.c index 79efc6ad47..174c218b9b 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -529,6 +529,10 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain = *d) if ( iommu_hwdom_reserved =3D=3D -1 ) iommu_hwdom_reserved =3D 1; =20 + if ( iommu_hwdom_no_dma ) + /* Skip special mappings with no-dma mode */ + return; + if ( iommu_hwdom_inclusive ) { printk(XENLOG_WARNING diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index e115642b86..fb38c1be86 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -106,6 +106,7 @@ extern bool iommu_debug; extern bool amd_iommu_perdev_intremap; =20 extern bool iommu_hwdom_strict, iommu_hwdom_passthrough, iommu_hwdom_inclu= sive; +extern bool iommu_hwdom_no_dma; extern int8_t iommu_hwdom_reserved; =20 extern unsigned int iommu_dev_iotlb_timeout; @@ -411,6 +412,8 @@ struct domain_iommu { /* SAF-2-safe enum constant in arithmetic operation */ DECLARE_BITMAP(features, IOMMU_FEAT_count); =20 + /* Do the IOMMU block all DMA on default context (implies !has_pt_shar= e) ? */ + bool no_dma; =20 /* Is the domain allowed to use PV-IOMMU ? */ bool allow_pv_iommu; --=20 2.47.2 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech