Re: [PATCH v5 1/2] xen/arm: fix arm_iommu_map_page after f9f6b22abf1d

Wed, 06 Aug 2025 06:59:28 -0700 

On 7/26/25 05:23, Julien Grall wrote:
> Hi,
> 
> On 25/07/2025 15:01, Stewart Hildebrand wrote:
>> From: Stefano Stabellini <stefano.stabell...@amd.com>
>>
>> Up until f9f6b22abf1d "xen/arm: Map ITS doorbell register to IOMMU page
>> tables" the only caller of iommu_map on ARM was grant_table.c which has
>> a specific usage model and restrictions as described by the in-code
>> comment in arm_iommu_map_page.
>>
>> f9f6b22abf1d introduced a second caller to iommu_map on ARM:
>> vgic_v3_its_init_virtual. This specific statement in the
>> f9f6b22abf1d commit message is partially wrong:
>>
>> "Note that the 1:1 check in arm_iommu_map_page remains for now, as
>> virtual ITSes are currently only created for hwdom where the doorbell
>> mapping is always 1:1."
>>
>> Leading to crashes any time the hardware domain is not direct-mapped
>> (e.g. cache coloring and non-Dom0 hardware domain):
>>
>> (XEN) Xen BUG at drivers/passthrough/arm/iommu_helpers.c:47
>> [...]
>> (XEN) Xen call trace:
>> (XEN)    [<00000a000024c758>] arm_iommu_map_page+0x80/0x90 (PC)
>> (XEN)    [<00000a000024c750>] arm_iommu_map_page+0x78/0x90 (LR)
>> (XEN)    [<00000a0000250884>] iommu_map+0xcc/0x29c
>> (XEN)    [<00000a0000288024>] vgic_v3_its_init_domain+0x18c/0x1e8
>> (XEN)    [<00000a0000285228>] vgic-v3.c#vgic_v3_domain_init+0x168/0x21c
>> (XEN)    [<00000a0000281dcc>] domain_vgic_init+0x14c/0x210
>> (XEN)    [<00000a00002705a4>] arch_domain_create+0x150/0x1f0
>> (XEN)    [<00000a00002055e8>] domain_create+0x47c/0x6c0
>> (XEN)    [<00000a00002cf090>] create_domUs+0x7f8/0x8cc
>> (XEN)    [<00000a00002eb588>] start_xen+0x8f4/0x998
>> (XEN)    [<00000a000020018c>] head.o#primary_switched+0x4/0x10
>>
>> Specifically, non-1:1 hardware domain exists with cache coloring
>> enabled. For that, is_domain_direct_mapped(d) is false but
>> domain_use_host_layout(d) is true.
>>
>> Change the is_domain_direct_mapped(d) checks in arm_iommu_map_page and
>> arm_iommu_unmap_page into domain_use_host_layout(d) checks.
>>
>> Drop stale in-code comment specific to grant table mappings.
>>
>> Fixes: f9f6b22abf1d ("xen/arm: Map ITS doorbell register to IOMMU page 
>> tables")
>> Signed-off-by: Stefano Stabellini <stefano.stabell...@amd.com>
>> Signed-off-by: Stewart Hildebrand <stewart.hildebr...@amd.com>
> 
> Reviewed-by: Julien Grall <jgr...@amazon.com>

Thanks for the review! Is this ready to be committed?

Reply via email to