diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2010-09-20 18:50:38 +0100 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2010-09-20 18:50:38 +0100 |
| commit | b5aadd4248d64249ed6d1f98659a3b35ca9e91bd (patch) | |
| tree | 681b6cb265aebaf10c392334487188ea371b87cd /xen/include/xen/iommu.h | |
| parent | 94187eb55b3334899a3b124041254e48f920ac6e (diff) | |
| download | xen-b5aadd4248d64249ed6d1f98659a3b35ca9e91bd.tar.gz xen-b5aadd4248d64249ed6d1f98659a3b35ca9e91bd.tar.bz2 xen-b5aadd4248d64249ed6d1f98659a3b35ca9e91bd.zip | |
x86: protect MSI-X table and pending bit array from guest writes
These structures are used by Xen, and hence guests must not be able
to fiddle with them.
qemu-dm currently plays with the MSI-X table, requiring Dom0 to
still have write access. This is broken (explicitly allowing the guest
write access to the mask bit) and should be fixed in qemu-dm, at which
time Dom0 won't need any special casing anymore.
The changes are made under the assumption that p2m_mmio_direct will
only ever be used for order 0 pages.
An open question is whether dealing with pv guests (including the
IOMMU-less case) is necessary, as handling mappings a domain may
already have in place at the time the first interrupt gets set up
would require scanning all of the guest's L1 page table pages.
Currently a hole still remains allowing PV guests to map these ranges
before actually setting up any MSI-X vector for a device.
An alternative would be to determine and insert the address ranges
earlier into mmio_ro_ranges, but that would require a hook in the
PCI config space writes, which is particularly problematic in case
MMCONFIG accesses are being used.
A second alternative would be to require Dom0 to report all devices
(or at least all MSI-X capable ones) regardless of whether they would
be used by that domain, and do so after resources got determined/
assigned for them (i.e. a second notification later than the one
currently happening from the PCI bus scan would be needed).
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Jiang, Yunhong <yunhong.jiang@intel.com>
Diffstat (limited to 'xen/include/xen/iommu.h')
| -rw-r--r-- | xen/include/xen/iommu.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 8b4e7a55be..003fd7625d 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -31,6 +31,8 @@ extern bool_t force_iommu, iommu_verbose; extern bool_t iommu_workaround_bios_bug, iommu_passthrough; extern bool_t iommu_snoop, iommu_qinval, iommu_intremap; +extern struct rangeset *mmio_ro_ranges; + #define domain_hvm_iommu(d) (&d->arch.hvm_domain.hvm_iommu) #define MAX_IOMMUS 32 |