On Tue, 25 May 2021 03:49:57 +0000 Wang Xingang <wangxinga...@huawei.com> wrote:
> From: Xingang Wang <wangxinga...@huawei.com> > > These patches add support for configure bypass_iommu on/off for > pci root bus, including primary bus and pxb root bus. At present, > all root bus will go through iommu when iommu is configured, > which is not flexible, because in many situations the need for using > iommu and bypass iommu aften exists at the same time. 'many situations' doesn't describe why bypass is needed, can you provide a use-cases here and what are security implications when bypass is allowed. (PS: the later probably should be documented somewhere in the docs/option description) > So this add option to enable/disable bypass_iommu for primary bus > and pxb root bus. The bypass_iommu property is set to false default, > meaning that devcies will go through iommu if no explicit configuration > is added. When bypass_iommu is enabled for the root bus, devices > attached to it will bypass iommu, otherwise devices will go through > iommu. > > This feature can be used in this manner: > arm: -machine virt,iommu=smmuv3,bypass_iommu=true > x86: -machine q35,bypass_iommu=true > pxb: -device pxb-pcie,bus_nr=0x10,id=pci.10,bus=pcie.0,bypass_iommu=true > > History: > > v3 -> v4: > - simplify the logic in building the IORT idmap > > v2 -> v3: > - rebase on top of v6.0.0-rc4 > - Took into account Eric's comments, replace with a bypass_iommu > proerty > - When building the IORT idmap, cover the whole RID space > > v1 -> v2: > - rebase on top of v6.0.0-rc0 > - Fix some issues > - Took into account Eric's comments, and remove the PCI_BUS_IOMMU flag, > replace it with a property in PCIHostState. > - Add support for x86 iommu option > > Xingang Wang (8): > hw/pci/pci_host: Allow bypass iommu for pci host > hw/pxb: Add a bypass iommu property > hw/arm/virt: Add a machine option to bypass iommu for primary bus > hw/i386: Add a pc machine option to bypass iommu for primary bus > hw/pci: Add pci_bus_range to get bus number range > hw/arm/virt-acpi-build: Add explicit IORT idmap for smmuv3 node > hw/i386/acpi-build: Add explicit scope in DMAR table > hw/i386/acpi-build: Add bypass_iommu check when building IVRS table > > hw/arm/virt-acpi-build.c | 135 ++++++++++++++++++++++++---- > hw/arm/virt.c | 26 ++++++ > hw/i386/acpi-build.c | 70 ++++++++++++++- > hw/i386/pc.c | 18 ++++ > hw/pci-bridge/pci_expander_bridge.c | 3 + > hw/pci-host/q35.c | 1 + > hw/pci/pci.c | 33 ++++++- > hw/pci/pci_host.c | 2 + > include/hw/arm/virt.h | 1 + > include/hw/i386/pc.h | 1 + > include/hw/pci/pci.h | 2 + > include/hw/pci/pci_host.h | 1 + > 12 files changed, 270 insertions(+), 23 deletions(-) >
