On 19.02.2025 17:48, Roger Pau Monne wrote: > The current code in arch_iommu_hwdom_init() kind of open-codes the same > MMIO permission ranges that are added to the hardware domain ->iomem_caps. > Avoid this duplication and use ->iomem_caps in arch_iommu_hwdom_init() to > filter which memory regions should be added to the dom0 IOMMU page-tables. > > Note the IO-APIC and MCFG page(s) must be set as not accessible for a PVH > dom0, otherwise the internal Xen emulation for those ranges won't work. > This requires adjustments in dom0_setup_permissions(). > > The call to pvh_setup_mmcfg() in dom0_construct_pvh() must now strictly be > done ahead of setting up dom0 permissions, so take the opportunity to also > put it inside the existing is_hardware_domain() region. > > Also the special casing of E820_UNUSABLE regions no longer needs to be done > in arch_iommu_hwdom_init(), as those regions are already blocked in > ->iomem_caps and thus would be removed from the rangeset as part of > ->iomem_caps processing in arch_iommu_hwdom_init(). The E820_UNUSABLE > regions below 1Mb are not removed from ->iomem_caps, that's a slight > difference for the IOMMU created page-tables, but the aim is to allow > access to the same memory either from the CPU or the IOMMU page-tables. > > Since ->iomem_caps already takes into account the domain max paddr, there's > no need to remove any regions past the last address addressable by the > domain, as applying ->iomem_caps would have already taken care of that. > > Suggested-by: Jan Beulich <jbeul...@suse.com> > Signed-off-by: Roger Pau Monné <roger....@citrix.com>
Reviewed-by: Jan Beulich <jbeul...@suse.com>
