[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] VMX: use a single, global APIC access page


  • To: Jan Beulich <jbeulich@xxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 11 Feb 2021 13:27:10 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HWzS16qLjoZIgMyICLB15QDt/8zY+dmYjPfIyRlMRG0=; b=PHQfbbmYri3pXydIAvbFhjiALyPYCnZYIN3X0RfAzH2SnC3tN9dXGY09gT7ichJNvpMxG0S0OyixXrthxZdedxT0ahhPZuu1dLHECONa/xQNskffrUk6ksyVYv8AG/yIkuTJ5Hx83QdDjVP8ijGNAvGj2PHBrrD54Ep8axt/obodai8dx2vHuH6mKR/KqpA/khUUB6Dtz0b464erws8OvlRdV+pxYXubZ/n3zH36YGEXjO4NrrOQgzXd4o/smRyHJETIeuHclOMckpGGY2KmZA37++Ni9lBT55lDPg+KhaNE+kWVyne4gpKbpsZ7JWPp9hCEJyf6AUwEcjJgnhyEUg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MbiI+hU53sQIfKgSGQdlGQmBT1dFP4hoSXCAheHf6vKtURnKUGGiO2ywuWmHOL9QpvM2Qf2dTYzCxCvs7y9dC35QAakEOvx4EmvvZt2NWadUqX6rL7nMULEPWYK1tU8KZA/viBOUkm+X/CQmXPIVKjhVDI6hR124Eg7qu6ZysNUVu1ccWLZAeP4+5RB9cuhF6enAI527HWwHf9jni77+gq/IDtVqlASjfVnYd+iqEM4UlS3dZLjFTSu88JVzvMORfVH7ANn7mYypVGoQFCm9nTAR2u+u8qCiqh3YjJPlZmstAbq3PdO/mh6kMRelY5lMXEN6RgduKpf8H7GNgGLSDw==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 11 Feb 2021 12:27:29 +0000
  • Ironport-sdr: vXEJ/Jvf5pP9gR8/j2k7ODtnYVvXi+zxKA+VVas4xga3R8JYN2V9hZBSrCzr2Fb4ky/qFy9hZ4 4C0/lytakRPhDXcV6RyZMobNMe40UqCWhT0n/wybg7IKzsmRJN486H1oGtFutepbHrdFV8EUyT rW2poiyQvn+tjTrDiT+P7tb4kNET/QAJSgXD8gPg8lwLxTqipH5bKa2jDriEfHY10FvL/+OeVi arBs/kWCcEK5yAdnZKxr6a6V2qieM2c+k/sFSFiwpcgFBnBnfYXF1rFMSbVngsAavPCFGK/+oJ yj4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Feb 11, 2021 at 12:22:41PM +0100, Jan Beulich wrote:
> On 11.02.2021 12:16, Roger Pau Monné wrote:
> > On Thu, Feb 11, 2021 at 11:36:59AM +0100, Jan Beulich wrote:
> >> On 11.02.2021 09:45, Roger Pau Monné wrote:
> >>> On Wed, Feb 10, 2021 at 05:48:26PM +0100, Jan Beulich wrote:
> >>>> --- a/xen/include/asm-x86/p2m.h
> >>>> +++ b/xen/include/asm-x86/p2m.h
> >>>> @@ -935,6 +935,9 @@ static inline unsigned int p2m_get_iommu
> >>>>          flags = IOMMUF_readable;
> >>>>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) )
> >>>>              flags |= IOMMUF_writable;
> >>>> +        /* VMX'es APIC access page is global and hence has no owner. */
> >>>> +        if ( mfn_valid(mfn) && !page_get_owner(mfn_to_page(mfn)) )
> >>>> +            flags = 0;
> >>>
> >>> Is it fine to have this page accessible to devices if the page tables
> >>> are shared between the CPU and the IOMMU?
> >>
> >> No, it's not, but what do you do? As said elsewhere, devices
> >> gaining more access than is helpful is the price we pay for
> >> being able to share page tables. But ...
> > 
> > I'm concerned about allowing devices to write to this shared page, as
> > could be used as an unintended way to exchange information between
> > domains?
> 
> Well, such an abuse would be possible, but it wouldn't be part
> of an ABI and hence could break at any time. Similarly I
> wouldn't consider it an information leak if a guest abused
> this.

Hm, I'm kind of worried about having such shared page accessible to
guests. Could Intel confirm whether pages in the 0xFEExxxxx range are
accessible to devices in any way when using IOMMU shared page
tables?

> >>> Is it possible for devices to write to it?
> >>
> >> ... thinking about it - they would be able to access it only
> >> when interrupt remapping is off. Otherwise the entire range
> >> 0xFEExxxxx gets treated differently altogether by the IOMMU,
> > 
> > Now that I think of it, the range 0xFEExxxxx must always be special
> > handled for device accesses, regardless of whether interrupt remapping
> > is enabled or not, or else they won't be capable of delivering MSI
> > messages?
> 
> I don't think I know how exactly chipsets handle MSI in this
> case, but yes, presumably these accesses need to be routed a
> different path even in that case.
> 
> > So I assume that whatever gets mapped in the IOMMU pages tables at
> > 0xFEExxxxx simply gets ignored?
> 
> This would be the implication, aiui.
> 
> > Or else mapping the lapic access page when using shared page tables
> > would have prevented CPU#0 from receiving MSI messages.
> 
> I guess I don't understand this part. In particular I see
> nothing CPU#0 specific here.

Well, the default APIC address is 0xfee00000 which matches the MSI
doorbell for APIC ID 0. APIC ID 1 would instead use 0xfee01000 and
thus the APIC access page mapping won't shadow it anyway.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.