From 7d61d8ebfa641d2624ccbce5d23906f711f83a37 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 17 Oct 2014 15:56:07 +0200
Subject: [PATCH] don't allow Dom0 access to IOMMUs' MMIO pages

Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0
access to these. This implicitly results in these pages also getting
marked reserved in the machine memory map Dom0 uses to determine the
ranges where PCI devices can have their MMIO ranges placed.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
master commit: fdf30377fbc4fa6798bfda7d69e5d448c2b8e834
master date: 2014-10-06 11:15:01 +0200
---
 xen/drivers/passthrough/amd/pci_amd_iommu.c | 8 ++++++++
 xen/drivers/passthrough/vtd/iommu.c         | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index f97fcf21bb..d462e5b898 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -19,6 +19,7 @@
  */
 
 #include <xen/sched.h>
+#include <xen/iocap.h>
 #include <xen/pci.h>
 #include <xen/pci_regs.h>
 #include <xen/paging.h>
@@ -283,6 +284,7 @@ static int amd_iommu_domain_init(struct domain *d)
 static void __init amd_iommu_dom0_init(struct domain *d)
 {
     unsigned long i; 
+    const struct amd_iommu *iommu;
 
     if ( !iommu_passthrough && !need_iommu(d) )
     {
@@ -304,6 +306,12 @@ static void __init amd_iommu_dom0_init(struct domain *d)
         }
     }
 
+    for_each_amd_iommu ( iommu )
+        if ( iomem_deny_access(d, PFN_DOWN(iommu->mmio_base_phys),
+                               PFN_DOWN(iommu->mmio_base_phys +
+                                        IOMMU_MMIO_REGION_LENGTH - 1)) )
+            BUG();
+
     setup_dom0_pci_devices(d, amd_iommu_setup_dom0_device);
 }
 
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index e543c08f4c..be346b2bb2 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -23,6 +23,7 @@
 #include <xen/sched.h>
 #include <xen/xmalloc.h>
 #include <xen/domain_page.h>
+#include <xen/iocap.h>
 #include <xen/iommu.h>
 #include <asm/hvm/iommu.h>
 #include <xen/numa.h>
@@ -1259,6 +1260,9 @@ static void __init intel_iommu_dom0_init(struct domain *d)
 
     for_each_drhd_unit ( drhd )
     {
+        if ( iomem_deny_access(d, PFN_DOWN(drhd->address),
+                               PFN_DOWN(drhd->address)) )
+            BUG();
         iommu_enable_translation(drhd);
     }
 }
-- 
2.39.5