1. 26 6月, 2009 1 次提交
  2. 24 6月, 2009 3 次提交
    • W
      Intel-IOMMU, intr-remap: source-id checking · f007e99c
      Weidong Han 提交于
      To support domain-isolation usages, the platform hardware must be
      capable of uniquely identifying the requestor (source-id) for each
      interrupt message. Without source-id checking for interrupt remapping
      , a rouge guest/VM with assigned devices can launch interrupt attacks
      to bring down anothe guest/VM or the VMM itself.
      
      This patch adds source-id checking for interrupt remapping, and then
      really isolates interrupts for guests/VMs with assigned devices.
      
      Because PCI subsystem is not initialized yet when set up IOAPIC
      entries, use read_pci_config_byte to access PCI config space directly.
      Signed-off-by: NWeidong Han <weidong.han@intel.com>
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      f007e99c
    • W
      Intel-IOMMU, intr-remap: set the whole 128bits of irte when modify/free it · c4658b4e
      Weidong Han 提交于
      Interrupt remapping table entry is 128bits. Currently, it only sets low
      64bits of irte in modify_irte and free_irte. This ignores high 64bits
      setting of irte, that means source-id setting will be ignored. This patch
      sets the whole 128bits of irte when modify/free it. Following source-id
      checking patch depends on this.
      Signed-off-by: NWeidong Han <weidong.han@intel.com>
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      c4658b4e
    • F
      IOMMU Identity Mapping Support (drivers/pci/intel_iommu.c) · 2c2e2c38
      Fenghua Yu 提交于
      Identity mapping for IOMMU defines a single domain to 1:1 map all PCI
      devices to all usable memory.
      
      This reduces map/unmap overhead in DMA API's and improve IOMMU
      performance. On 10Gb network cards, Netperf shows no performance
      degradation compared to non-IOMMU performance.
      
      This method may lose some of DMA remapping benefits like isolation.
      
      The patch sets up identity mapping for all PCI devices to all usable
      memory. In the DMA API, there is no overhead to maintain page tables,
      invalidate iotlb, flush cache etc.
      
      32 bit DMA devices don't use identity mapping domain, in order to access
      memory beyond 4GiB.
      
      When kernel option iommu=pt, pass through is first tried. If pass
      through succeeds, IOMMU goes to pass through. If pass through is not
      supported in hw or fail for whatever reason, IOMMU goes to identity
      mapping.
      Signed-off-by: NFenghua Yu <fenghua.yu@intel.com>
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      2c2e2c38
  3. 20 6月, 2009 2 次提交
  4. 19 6月, 2009 16 次提交
  5. 18 6月, 2009 3 次提交
  6. 17 6月, 2009 15 次提交