[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying

To: Jan Beulich <jbeulich@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 18 Feb 2021 13:25:02 +0000
Cc: hongyxia@xxxxxxxxxxxx, iwj@xxxxxxxxxxxxxx, Julien Grall <jgrall@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 18 Feb 2021 13:25:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

On 18/02/2021 13:05, Jan Beulich wrote:

On 17.02.2021 17:07, Julien Grall wrote:

On 17/02/2021 15:01, Jan Beulich wrote:

On 17.02.2021 15:24, Julien Grall wrote:

From: Julien Grall <jgrall@xxxxxxxxxx>

The new x86 IOMMU page-tables allocator will release the pages when
relinquishing the domain resources. However, this is not sufficient
when the domain is dying because nothing prevents page-table to be
allocated.

Currently page-table allocations can only happen from iommu_map(). As
the domain is dying, there is no good reason to continue to modify the
IOMMU page-tables.


While I agree this to be the case right now, I'm not sure it is a
good idea to build on it (in that you leave the unmap paths
untouched).


I don't build on that assumption. See next patch.


Yet as said there that patch makes unmapping perhaps more fragile,
by introducing a latent error source into the path.

I still don't see what latent error my patch will introduce. Allocationof page-tables are not guarantee to succeed.


So are you implying that a code may rely on the page allocation to succeed?

Imo there's a fair chance this would be overlooked at
the point super page mappings get introduced (which has been long
overdue), and I thought prior discussion had lead to a possible
approach without risking use-after-free due to squashed unmap
requests.


I know you suggested to zap the root page-tables... However, I don't
think this is 4.15 material and you agree with this (you were the one
pointed out that out).


Paul - do you have any thoughts here? Outright zapping isn't
going to work, we'd need to switch to quarantine page tables at
the very least to prevent the issue with babbling devices. But
that still seems better to me than the introduction of a latent
issue on the unmap paths.

I am afraid I am not going to be able to come up with such patch for4.15. If you want to go that route for 4.15, then feel free to suggest apatch.


[...]

Btw - "no more IOMMU mapping" is also possibly ambiguous here:
One might take it to mean both maps and unmaps. How about "no
new IOMMU mappings can be inserted", as long as the unmap paths
don't follow suit?


Sure.

Cheers,

--
Julien Grall

Follow-Ups:
- Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
  - From: Jan Beulich

References:
- [for-4.15][PATCH v3 0/3] xen/iommu: Collection of bug fixes for IOMMU teadorwn
  - From: Julien Grall
- [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
  - From: Julien Grall
- Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
  - From: Jan Beulich
- Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
  - From: Julien Grall
- Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
  - From: Jan Beulich

Prev by Date: Re: [for-4.15][PATCH v3 3/3] xen/iommu: x86: Harden the IOMMU page-table allocator
Next by Date: Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
Previous by thread: Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
Next by thread: Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.