This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] x86: protect MSI-X table and pending bit array f

To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] x86: protect MSI-X table and pending bit array from guest writes
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Tue, 21 Sep 2010 11:17:49 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, yunhong.jiang@xxxxxxxxx
Delivery-date: Tue, 21 Sep 2010 08:20:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C977C870200007800017B92@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4C977C870200007800017B92@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)
On Mon, Sep 20, 2010 at 02:23:51PM +0100, Jan Beulich wrote:
> These structures are used by Xen, and hence guests must not be able
> to fiddle with them.
> qemu-dm currently plays with the MSI-X table, requiring Dom0 to
> still have write access. This is broken (explicitly allowing the guest
> write access to the mask bit) and should be fixed in qemu-dm, at which
> time Dom0 won't need any special casing anymore.
> The changes are made under the assumption that p2m_mmio_direct will
> only ever be used for order 0 pages.
> An open question is whether dealing with pv guests (including the
> IOMMU-less case) is necessary, as handling mappings a domain may
> already have in place at the time the first interrupt gets set up
> would require scanning all of the guest's L1 page table pages.

When the PCI passthrough is utilized for PV guests we utilize
the xc_domain_iomem_permission, xc_domain_ioport_permission, and
xc_physdev_map_pirq before we even start the guest.
With your patch, will the MFN regions that are specified by the
iomem_permission still be visible to the PV domain?

I think the answer is yes, and I think the MSI-X regions are
not of any importance to the PV guests as Dom0 is the one setting up
the MSI-X entries and passing on the vector value to the PV guest.

But I just want to be sure about this.
> Currently a hole still remains allowing PV guests to map these ranges
> before actually setting up any MSI-X vector for a device.

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>