arm: describe swiotlb region in FDT

describe the swiotlb region as a restricted-mem node in the flattened
device tree, and force all virtio devices to use it for their vrings and
buffers by setting their `memory-region` property.

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

src/vmm/src/arch/aarch64/fdt.rs

@@ -10,19 +10,22 @@ use std::ffi::CString;
 use std::fmt::Debug;
 
 use vm_fdt::{Error as VmFdtError, FdtWriter, FdtWriterNode};
-use vm_memory::GuestMemoryError;
+use vm_memory::{GuestMemoryError, GuestMemoryRegion};
 
 use super::super::{DeviceType, InitrdConfig};
 use super::cache_info::{CacheEntry, read_cache_config};
 use super::gic::GICDevice;
 use crate::device_manager::mmio::MMIODeviceInfo;
 use crate::devices::acpi::vmgenid::{VMGENID_MEM_SIZE, VmGenId};
-use crate::vstate::memory::{Address, GuestMemory, GuestMemoryMmap};
+use crate::vstate::memory::{Address, GuestMemory, GuestMemoryMmap, GuestRegionMmap};
 
 // This is a value for uniquely identifying the FDT node declaring the interrupt controller.
 const GIC_PHANDLE: u32 = 1;
 // This is a value for uniquely identifying the FDT node containing the clock definition.
 const CLOCK_PHANDLE: u32 = 2;
+/// Unique identifier for the /reserved-memory node describing the memory region the guest
+/// is allowed to use for swiotlb
+const IO_MEM_PHANDLE: u32 = 3;
 // You may be wondering why this big value?
 // This phandle is used to uniquely identify the FDT nodes containing cache information. Each cpu
 // can have a variable number of caches, some of these caches may be shared with other cpus.
@@ -57,6 +60,7 @@ pub enum FdtError {
 /// Creates the flattened device tree for this aarch64 microVM.
 pub fn create_fdt(
     guest_mem: &GuestMemoryMmap,
+    swiotlb_region: Option<&GuestRegionMmap>,
     vcpu_mpidr: Vec<u64>,
     cmdline: CString,
     device_info: &HashMap<(DeviceType, String), MMIODeviceInfo>,
@@ -82,7 +86,7 @@ pub fn create_fdt(
     // containing description of the interrupt controller for this VM.
     fdt_writer.property_u32("interrupt-parent", GIC_PHANDLE)?;
     create_cpu_nodes(&mut fdt_writer, &vcpu_mpidr)?;
-    create_memory_node(&mut fdt_writer, guest_mem)?;
+    create_memory_node(&mut fdt_writer, guest_mem, swiotlb_region)?;
     create_chosen_node(&mut fdt_writer, cmdline, initrd)?;
     create_gic_node(&mut fdt_writer, gic_device)?;
     create_timer_node(&mut fdt_writer)?;
@@ -207,7 +211,11 @@ fn create_cpu_nodes(fdt: &mut FdtWriter, vcpu_mpidr: &[u64]) -> Result<(), FdtEr
     Ok(())
 }
 
-fn create_memory_node(fdt: &mut FdtWriter, guest_mem: &GuestMemoryMmap) -> Result<(), FdtError> {
+fn create_memory_node(
+    fdt: &mut FdtWriter,
+    guest_mem: &GuestMemoryMmap,
+    swiotlb_region: Option<&GuestRegionMmap>,
+) -> Result<(), FdtError> {
     // See https://github.com/torvalds/linux/blob/master/Documentation/devicetree/booting-without-of.txt#L960
     // for an explanation of this.
 
@@ -219,9 +227,13 @@ fn create_memory_node(fdt: &mut FdtWriter, guest_mem: &GuestMemoryMmap) -> Resul
     // The reason we do this is that Linux does not allow remapping system memory. However, without
     // remap, kernel drivers cannot get virtual addresses to read data from device memory. Leaving
     // this memory region out allows Linux kernel modules to remap and thus read this region.
+    //
+    // The generic memory description must include the range that we later declare as a reserved
+    // carve out.
     let mem_size = guest_mem.last_addr().raw_value()
         - super::layout::DRAM_MEM_START
         - super::layout::SYSTEM_MEM_SIZE
+        + swiotlb_region.map(|r| r.len()).unwrap_or(0)
         + 1;
     let mem_reg_prop = &[
         super::layout::DRAM_MEM_START + super::layout::SYSTEM_MEM_SIZE,
@@ -232,6 +244,19 @@ fn create_memory_node(fdt: &mut FdtWriter, guest_mem: &GuestMemoryMmap) -> Resul
     fdt.property_array_u64("reg", mem_reg_prop)?;
     fdt.end_node(mem)?;
 
+    if let Some(region) = swiotlb_region {
+        let rmem = fdt.begin_node("reserved-memory")?;
+        fdt.property_u32("#address-cells", ADDRESS_CELLS)?;
+        fdt.property_u32("#size-cells", SIZE_CELLS)?;
+        fdt.property_null("ranges")?;
+        let dma = fdt.begin_node("bouncy_boi")?;
+        fdt.property_string("compatible", "restricted-dma-pool")?;
+        fdt.property_phandle(IO_MEM_PHANDLE)?;
+        fdt.property_array_u64("reg", &[region.start_addr().0, region.len()])?;
+        fdt.end_node(dma)?;
+        fdt.end_node(rmem)?;
+    }
+
     Ok(())
 }
 
@@ -357,6 +382,9 @@ fn create_virtio_node(fdt: &mut FdtWriter, dev_info: &MMIODeviceInfo) -> Result<
 
     fdt.property_string("compatible", "virtio,mmio")?;
     fdt.property_array_u64("reg", &[dev_info.addr, dev_info.len])?;
+    // Force all virtio device to place their vrings and buffer into the dedicated I/O memory region
+    // that is backed by traditional memory (e.g. not secret-free).
+    fdt.property_u32("memory-region", IO_MEM_PHANDLE)?;
     fdt.property_array_u32(
         "interrupts",
         &[
@@ -498,6 +526,7 @@ mod tests {
         let gic = create_gic(&vm, 1, None).unwrap();
         create_fdt(
             &mem,
+            None,
             vec![0],
             CString::new("console=tty0").unwrap(),
             &dev_info,
@@ -518,6 +547,7 @@ mod tests {
         let gic = create_gic(&vm, 1, None).unwrap();
         create_fdt(
             &mem,
+            None,
             vec![0],
             CString::new("console=tty0").unwrap(),
             &HashMap::<(DeviceType, std::string::String), MMIODeviceInfo>::new(),
@@ -543,6 +573,7 @@ mod tests {
 
         let current_dtb_bytes = create_fdt(
             &mem,
+            None,
             vec![0],
             CString::new("console=tty0").unwrap(),
             &HashMap::<(DeviceType, std::string::String), MMIODeviceInfo>::new(),
@@ -605,6 +636,7 @@ mod tests {
 
         let current_dtb_bytes = create_fdt(
             &mem,
+            None,
             vec![0],
             CString::new("console=tty0").unwrap(),
             &HashMap::<(DeviceType, std::string::String), MMIODeviceInfo>::new(),

src/vmm/src/arch/aarch64/mod.rs

@@ -23,7 +23,9 @@ use self::gic::GICDevice;
 use crate::arch::DeviceType;
 use crate::device_manager::mmio::MMIODeviceInfo;
 use crate::devices::acpi::vmgenid::VmGenId;
-use crate::vstate::memory::{Address, Bytes, GuestAddress, GuestMemory, GuestMemoryMmap};
+use crate::vstate::memory::{
+    Address, Bytes, GuestAddress, GuestMemory, GuestMemoryMmap, GuestRegionMmap,
+};
 
 /// Errors thrown while configuring aarch64 system.
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
@@ -72,6 +74,7 @@ pub fn bytes_before_last_gap() -> usize {
 /// * `initrd` - Information about an optional initrd.
 pub fn configure_system(
     guest_mem: &GuestMemoryMmap,
+    swiotlb_region: Option<&GuestRegionMmap>,
     cmdline_cstring: CString,
     vcpu_mpidr: Vec<u64>,
     device_info: &HashMap<(DeviceType, String), MMIODeviceInfo>,
@@ -81,6 +84,7 @@ pub fn configure_system(
 ) -> Result<(), ConfigurationError> {
     let fdt = fdt::create_fdt(
         guest_mem,
+        swiotlb_region,
         vcpu_mpidr,
         cmdline_cstring,
         device_info,

src/vmm/src/builder.rs

@@ -238,7 +238,8 @@ pub fn build_microvm_for_boot(
 
     let io_memory = vm_resources
         .allocate_io_memory()
-        .map_err(StartMicrovmError::GuestMemory)?;
+        .map_err(StartMicrovmError::GuestMemory)?
+        .map(Arc::new);
 
     // Clone the command-line so that a failed boot doesn't pollute the original.
     #[allow(unused_mut)]
@@ -264,9 +265,9 @@ pub fn build_microvm_for_boot(
             .map_err(StartMicrovmError::Internal)?;
     }
 
-    if let Some(io_memory) = io_memory {
+    if let Some(ref io_memory) = io_memory {
         vmm.vm
-            .register_io_region(io_memory)
+            .register_io_region(Arc::clone(io_memory))
             .map_err(VmmError::Vm)
             .map_err(StartMicrovmError::Internal)?;
     }
@@ -325,6 +326,7 @@ pub fn build_microvm_for_boot(
 
     configure_system_for_boot(
         &mut vmm,
+        io_memory.as_deref(),
         vcpus.as_mut(),
         &vm_resources.machine_config,
         &cpu_template,
@@ -741,9 +743,11 @@ fn attach_legacy_devices_aarch64(
 }
 
 /// Configures the system for booting Linux.
-#[cfg_attr(target_arch = "aarch64", allow(unused))]
+#[allow(unused)]
+#[allow(clippy::too_many_arguments)]
 pub fn configure_system_for_boot(
     vmm: &mut Vmm,
+    swiotlb_region: Option<&GuestRegionMmap>,
     vcpus: &mut [Vcpu],
     machine_config: &MachineConfig,
     cpu_template: &CustomCpuTemplate,
@@ -855,6 +859,7 @@ pub fn configure_system_for_boot(
         let cmdline = boot_cmdline.as_cstring()?;
         crate::arch::aarch64::configure_system(
             &vmm.vm.guest_memory(),
+            swiotlb_region,
             cmdline,
             vcpu_mpidr,
             vmm.mmio_device_manager.get_device_info(),

src/vmm/src/vstate/vm/mod.rs

@@ -151,14 +151,10 @@ impl Vm {
     }
 
     /// Registers a new io memory region to this [`Vm`].
-    pub fn register_io_region(&mut self, region: GuestRegionMmap) -> Result<(), VmError> {
-        let arcd_region = Arc::new(region);
-        let new_io_memory = self
-            .common
-            .io_memory
-            .insert_region(Arc::clone(&arcd_region))?;
+    pub fn register_io_region(&mut self, region: Arc<GuestRegionMmap>) -> Result<(), VmError> {
+        let new_io_memory = self.common.io_memory.insert_region(Arc::clone(&region))?;
 
-        self.register_kvm_region(arcd_region.as_ref())?;
+        self.register_kvm_region(region.as_ref())?;
 
         self.common.io_memory = new_io_memory;
         Ok(())