Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features

[Julien Grall <julien@xxxxxxx>]

On 11/08/2020 18:09, Oleksandr wrote:
> On 05.08.20 12:32, Julien Grall wrote:
>
> Hi Julien, Stefano
>
> > > > diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h
> > > > index 5fdb6e8..5823f11 100644
> > > > --- a/xen/include/asm-arm/p2m.h
> > > > +++ b/xen/include/asm-arm/p2m.h
> > > > @@ -385,10 +385,11 @@ static inline int set_foreign_p2m_entry(struct 
> > > > domain *d, unsigned long gfn,
> > > >                                           mfn_t mfn)
> > > >   {
> > > >       /*
> > > > -     * NOTE: If this is implemented then proper reference counting of
> > > > -     *       foreign entries will need to be implemented.
> > > > +     * XXX: handle properly reference. It looks like the page may 
> > > > not always
> > > > +     * belong to d.
> > > Just as a reference, and without taking away anything from the comment,
> > > I think that QEMU is doing its own internal reference counting for these
> > > mappings.
> > I am not sure how this matters here? We can't really trust the DM to 
> > do the right thing if it is not running in dom0.
> > But, IIRC, the problem is some of the pages doesn't belong to do a 
> > domain, so it is not possible to treat them as foreign mapping (e.g. 
> > you wouldn't be able to grab a reference). This investigation was done 
> > a couple of years ago, so this may have changed in recent Xen.
> Well, emulator is going to be used in driver domain, so this TODO must 
> be resolved. I suspect that the check for a hardware domain in 
> acquire_resource() which I skipped in a hackish way [1] could be simply 
> removed once proper reference counting is implemented in Xen, correct?
It depends how you are going to solve it. If you manage to solve it in a 
generic way, then yes you could resolve. If not (i.e. it is solved in an 
arch-specific way), we would need to keep the check on arch that are not 
able to deal with it. See more below.
> Could you please provide some pointers on that problem? Maybe some 
> questions need to be investigated again? Unfortunately, it is not 
> completely clear to me the direction to follow...
> ***
> I am wondering whether the similar problem exists on x86 as well?
It is somewhat different. On Arm, we are able to handle properly foreign 
mapping (i.e. mapping page from a another domain) as we would grab a 
reference on the page (see XENMAPSPACE_gmfn_foreign handling in 
xenmem_add_to_physmap()). The reference will then be released when the 
entry is removed from the P2M (see p2m_free_entry()).
If all the pages given to set_foreign_p2m_entry() belong to a domain, 
then you could use the same approach.
However, I remember to run into some issues in some of the cases. I had 
a quick looked at the caller and I wasn't able to find any use cases 
that may be an issue.
The refcounting in the IOREQ code has changed after XSA-276 (this was 
found while working on the Arm port). Probably the best way to figure 
out if it works would be to try it and see if it fails.
Note that set_foreign_p2m_entry() doesn't have a parameter for the 
foreign domain. You would need to add a extra parameter for this.
> The 
> FIXME tag (before checking for a hardware domain in acquire_resource()) 
> in the common code makes me think it is a common issue. From other side 
> x86's
> implementation of set_foreign_p2m_entry() is exists unlike Arm's one 
> (which returned -EOPNOTSUPP so far). Or these are unrelated?
At the moment, x86 doesn't support refcounting for foreign mapping. 
Hence the reason to restrict them to the hardware domain.
> ***
>
> [1] https://lists.xen.org/archives/html/xen-devel/2020-08/msg00075.html
Cheers,

--
Julien Grall