From patchwork Fri Sep 27 11:45:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Durrant <Paul.Durrant@citrix.com>
X-Patchwork-Id: 11164411
Return-Path: <SRS0=1d2Y=XW=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 617E213BD
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 27 Sep 2019 11:48:42 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 3D5D221848
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 27 Sep 2019 11:48:42 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=citrix.com header.i=@citrix.com header.b="WwwLivBh"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3D5D221848
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=citrix.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1iDohU-0000pe-0R; Fri, 27 Sep 2019 11:46:16 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=R7hV=XW=citrix.com=paul.durrant@srs-us1.protection.inumbo.net>)
 id 1iDohS-0000pQ-Bj
 for xen-devel@lists.xenproject.org; Fri, 27 Sep 2019 11:46:14 +0000
X-Inumbo-ID: 67ea7770-e11c-11e9-9676-12813bfff9fa
Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153])
 by localhost (Halon) with ESMTPS
 id 67ea7770-e11c-11e9-9676-12813bfff9fa;
 Fri, 27 Sep 2019 11:46:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=citrix.com; s=securemail; t=1569584773;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=r8aYpU7uwlgMG5SeexwbNPXBQ/FHaGSLa2qK8HXoZf4=;
 b=WwwLivBhbpM6zEJbSPrK4BfCWnSFuuc1mUKXnfp7xFXYXmD+Gc1QFUNW
 S8UqtvFvSsQcVQIvIzFzsj134LZcDIG6ckTgCTxZ6q0wxiRSgnlazS/uR
 Ng6HDTDSlurCteNMYwq8ouHBFdrIwzorBwAMoov5v6AkmC93r46iaBySH c=;
Authentication-Results: esa2.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none;
 spf=None smtp.pra=paul.durrant@citrix.com;
 spf=Pass smtp.mailfrom=Paul.Durrant@citrix.com;
 spf=None smtp.helo=postmaster@mail.citrix.com
Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 paul.durrant@citrix.com) identity=pra;
 client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com;
 envelope-from="Paul.Durrant@citrix.com";
 x-sender="paul.durrant@citrix.com"; x-conformance=sidf_compatible
Received-SPF: Pass (esa2.hc3370-68.iphmx.com: domain of
 Paul.Durrant@citrix.com designates 162.221.158.21 as
 permitted sender) identity=mailfrom;
 client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com;
 envelope-from="Paul.Durrant@citrix.com";
 x-sender="Paul.Durrant@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all"
Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com;
 envelope-from="Paul.Durrant@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: 
 zjOlCGnM1p9Egilvr0q8h0VQDxoyTlcD/LRtLJQjoVkavb2Ucc8l0PfAEOMTj53GLjTCpByPjK
 UJGFThs1mK+tLhikaBQMUXXdDAjBOAXbK9+p//29f7fzrpTp6v9d8aM0V/733m4+Z8BqvmdjlW
 zH9NQDSm+i5z5+s6tgF3R+AD7u1bxOCfiqMBcTdWe/L7rn69AAv3eBrtaOtEMxv8LiBdUMN3FV
 K+SXU3PDZ5NNco2rd8RHmfqRDz9jGRo72AR4h/V0P51b59qHBvhgRZth3IYCqPmtPTE8Mj/Gaa
 APA=
X-SBRS: 2.7
X-MesageID: 6164558
X-Ironport-Server: esa2.hc3370-68.iphmx.com
X-Remote-IP: 162.221.158.21
X-Policy: $RELAYED
X-IronPort-AV: E=Sophos;i="5.64,555,1559534400";
   d="scan'208";a="6164558"
From: Paul Durrant <paul.durrant@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Fri, 27 Sep 2019 12:45:54 +0100
Message-ID: <20190927114554.11513-1-paul.durrant@citrix.com>
X-Mailer: git-send-email 2.20.1.2.gb21ebb671
MIME-Version: 1.0
Subject: [Xen-devel] [PATCH] iommu: fix PVH dom0 settings
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: Paul Durrant <paul.durrant@citrix.com>, Jan Beulich <jbeulich@suse.com>,
 Roger Pau Monne <roger.pau@citrix.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

PVH dom0 must operate with the iommu settings in 'strict' mode i.e. only the
domain's own pages will be mapped in the IOMMU. The check_hwdom_reqs() is
supposed to ensure this. Unfortunately the test for a PVH dom0 is made
using paging_mode_translate() and, when commit f89f5558 "remove late
(on-demand) construction of IOMMU page tables" moved the call of
check_hwdom_reqs() from iommu_hwdom_init() to iommu_domain_init(), that
test became ineffective (because iommu_domain_init() is called before
paging_enable()).

This patch replaces the test of paging_mode_translate() with a test of
hap_enabled(), and also verifies 'strict' mode is turned on in
arch_iommu_check_autotranslated_hwdom().

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reported-by: Roger Pau Monne <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
Cc: Jan Beulich <jbeulich@suse.com>
---
 xen/drivers/passthrough/iommu.c     | 6 +++---
 xen/drivers/passthrough/x86/iommu.c | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 2733b320ec..8b550f909b 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -154,13 +154,13 @@ custom_param("dom0-iommu", parse_dom0_iommu_param);
 
 static void __hwdom_init check_hwdom_reqs(struct domain *d)
 {
-    if ( iommu_hwdom_none || !paging_mode_translate(d) )
+    if ( iommu_hwdom_none || !hap_enabled(d) )
         return;
 
-    arch_iommu_check_autotranslated_hwdom(d);
-
     iommu_hwdom_passthrough = false;
     iommu_hwdom_strict = true;
+
+    arch_iommu_check_autotranslated_hwdom(d);
 }
 
 int iommu_domain_init(struct domain *d, unsigned int opts)
diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
index 47a3e55213..f54805babd 100644
--- a/xen/drivers/passthrough/x86/iommu.c
+++ b/xen/drivers/passthrough/x86/iommu.c
@@ -85,6 +85,9 @@ void __hwdom_init arch_iommu_check_autotranslated_hwdom(struct domain *d)
 {
     if ( !is_iommu_enabled(d) )
         panic("Presently, iommu must be enabled for PVH hardware domain\n");
+
+    if ( !iommu_hwdom_strict )
+        panic("PVH hardware domain iommu must be set in 'strict' mode\n");
 }
 
 int arch_iommu_domain_init(struct domain *d)