> From: Paul Durrant
> Sent: Monday, February 12, 2018 6:47 PM
>
> This patch introduces the boilerplate for a new hypercall to allow a
> domain to control IOMMU mappings for its own pages.
> Whilst there is duplication of code between the native and compat entry
> points which appears ripe for some form of combination, I think it is
> better to maintain the separation as-is because the compat entry point
> will necessarily gain complexity in subsequent patches.
>
> NOTE: This hypercall is only implemented for x86 and is currently
> restricted by XSM to dom0 since it could be used to cause IOMMU
> faults which may bring down a host.
>
> Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
[...]
> +
> +
> +static bool can_control_iommu(void)
> +{
> + struct domain *currd = current->domain;
> +
> + /*
> + * IOMMU mappings cannot be manipulated if:
> + * - the IOMMU is not enabled or,
> + * - the IOMMU is passed through or,
> + * - shared EPT configured or,
> + * - Xen is maintaining an identity map.
"for dom0"
> + */
> + if ( !iommu_enabled || iommu_passthrough ||
> + iommu_use_hap_pt(currd) || need_iommu(currd) )
I guess it's clearer to directly check iommu_dom0_strict here
> + return false;
> +
> + return true;
> +}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
