• Jan Beulich's avatar
    IOMMU: make DMA containment of quarantined devices optional · 980d6acf
    Jan Beulich authored
    Containing still in flight DMA was introduced to work around certain
    devices / systems hanging hard upon hitting a "not-present" IOMMU fault.
    Passing through (such) devices (on such systems) is inherently insecure
    (as guests could easily arrange for IOMMU faults of any kind to occur).
    Defaulting to a mode where admins may not even become aware of issues
    with devices can be considered undesirable. Therefore convert this mode
    of operation to an optional one, not one enabled by default.
    This involves resurrecting code commit ea388678
     ("x86 / iommu: set
    up a scratch page in the quarantine domain") did remove, in a slightly
    extended and abstracted fashion. Here, instead of reintroducing a pretty
    pointless use of "goto" in domain_context_unmap(), and instead of making
    the function (at least temporarily) inconsistent, take the opportunity
    and replace the other similarly pointless "goto" as well.
    In order to key the re-instated bypasses off of there (not) being a root
    page table this further requires moving the allocate_domain_resources()
    invocation from reassign_device() to amd_iommu_setup_domain_device() (or
    else reassign_device() would allocate a root page table anyway); this is
    benign to the second caller of the latter function.
    In VT-d's domain_context_unmap(), instead of adding yet another
    "goto out" when all that's wanted is a "return", eliminate the "out"
    label at the same time.
    Take the opportunity and also limit the control to builds supporting
    Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
    Reviewed-by: default avatarPaul Durrant <paul@xen.org>
    Reviewed-by: default avatarKevin Tian <kevin.tian@intel.com>
iommu.c 16.1 KB