github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-21 16:57:20 +00:00
Code Issues Projects Releases Wiki Activity

hv: enable/disable snoop control bit per vm

Browse Source 
For security, this patch add one flag per vm and disable snoop control
for sos and enable snoop control for uos by default.

v2: add one flag in vm, not in iommu domain.
v3: add vm null check

Tracked-On: #2086
Signed-off-by: Zhipeng Gong <zhipeng.gong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit is contained in:
Zhipeng Gong
2018-12-17 14:56:32 +08:00
committed by wenlingz
parent 2028034151
commit c547e9cfb4
4 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hypervisor/arch/x86/vtd.c
View File

@@ -834,6 +834,7 @@ static int32_t add_iommu_device(struct iommu_domain *domain, uint16_t segment, u
struct dmar_context_entry *context_entry;
uint64_t upper;
uint64_t lower = 0UL;
struct acrn_vm *vm;
dmar_unit = device_to_dmaru(segment, bus, devfun);
if (dmar_unit == NULL) {
@@ -852,6 +853,11 @@ static int32_t add_iommu_device(struct iommu_domain *domain, uint16_t segment, u
}
if (iommu_ecap_sc(dmar_unit->ecap) == 0U) {
vm = get_vm_from_vmid(domain->vm_id);
if (vm != NULL) {
vm->snoopy_mem = false;
}
// TODO: remove iommu_snoop from iommu_domain
domain->iommu_snoop = false;
dev_dbg(ACRN_DBG_IOMMU, "vm=%d add %x:%x no snoop control!", domain->vm_id, bus, devfun);
}