From 3581714729cf84df50d6831c4da076e21587408c Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 15 Jul 2021 09:21:04 +0200
Subject: [PATCH] VT-d: adjust domid map updating when unmapping context
When an earlier error occurred, cleaning up the domid mapping data is
wrong, as references likely still exist. The only exception to this is
when the actual unmapping worked, but some flush failed (supposedly
impossible after XSA-373). The guest will get crashed in such a case
though, so add fallback cleanup to domain destruction to cover this
case. This in turn makes it desirable to silence the dprintk() in
domain_iommu_domid().
Note that no error will be returned anymore when the lookup fails - in
the common case lookup failure would already have caused
domain_context_unmap_one() to fail, yet even from a more general
perspective it doesn't look right to fail domain_context_unmap() in such
a case when this was the last device, but not when any earlier unmap was
otherwise successful.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
master commit: 32655880057ce2829f962d46916ea6cec60f98d3
master date: 2021-06-24 16:29:13 +0200
---
xen/drivers/passthrough/vtd/iommu.c | 39 ++++++++++++++++++-----------
1 file changed, 24 insertions(+), 15 deletions(-)
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index c0070f1c99..2b3609dae2 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -80,9 +80,11 @@ static int domain_iommu_domid(struct domain *d,
i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1);
}
- dprintk(XENLOG_ERR VTDPREFIX,
- "Cannot get valid iommu domid: domid=%d iommu->index=%d\n",
- d->domain_id, iommu->index);
+ if ( !d->is_dying )
+ dprintk(XENLOG_ERR VTDPREFIX,
+ "Cannot get valid iommu %u domid: %pd\n",
+ iommu->index, d);
+
return -1;
}
@@ -147,6 +149,17 @@ static int context_get_domain_id(struct context_entry *context,
return domid;
}
+static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu)
+{
+ int iommu_domid = domain_iommu_domid(domain, iommu);
+
+ if ( iommu_domid >= 0 )
+ {
+ clear_bit(iommu_domid, iommu->domid_bitmap);
+ iommu->domid_map[iommu_domid] = 0;
+ }
+}
+
static void sync_cache(const void *addr, unsigned int size)
{
static unsigned long clflush_size = 0;
@@ -1732,6 +1745,9 @@ static int domain_context_unmap(struct domain *domain, u8 devfn,
goto out;
}
+ if ( ret )
+ goto out;
+
/*
* if no other devices under the same iommu owned by this domain,
* clear iommu in iommu_bitmap and clear domain_id in domid_bitmp
@@ -1751,19 +1767,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn,
if ( found == 0 )
{
- int iommu_domid;
-
clear_bit(iommu->index, &dom_iommu(domain)->arch.vtd.iommu_bitmap);
-
- iommu_domid = domain_iommu_domid(domain, iommu);
- if ( iommu_domid == -1 )
- {
- ret = -EINVAL;
- goto out;
- }
-
- clear_bit(iommu_domid, iommu->domid_bitmap);
- iommu->domid_map[iommu_domid] = 0;
+ cleanup_domid_map(domain, iommu);
}
out:
@@ -1783,6 +1788,7 @@ static void iommu_domain_teardown(struct domain *d)
{
struct domain_iommu *hd = dom_iommu(d);
struct mapped_rmrr *mrmrr, *tmp;
+ const struct acpi_drhd_unit *drhd;
if ( list_empty(&acpi_drhd_units) )
return;
@@ -1794,6 +1800,9 @@ static void iommu_domain_teardown(struct domain *d)
}
ASSERT(!hd->arch.vtd.pgd_maddr);
+
+ for_each_drhd_unit ( drhd )
+ cleanup_domid_map(d, drhd->iommu);
}
static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn,
--
2.30.2