Xen project Mailing List

Re: [PATCH v5 00/14] PCI devices passthrough on Arm, part 3

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Wed, 15 Dec 2021 13:07:33 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nxyhZTlEzR5YCpYo4L4Y4mwpF9Atr6VzvbS9ubaWdmo=; b=dImBW6oS1NURllzz9cKA+zU88PXj2wls3MVKDgNxsQdmGLX0hC+8Pg0sW6SBaIbyTcdxo8s2aBWDuviPNOc76vsPjWPlQJ/ikh1GpTi49a05/ph7I2kZLoecwMAQliVVGJiH9r+Z2hwempuW5hifx8VXAyh6l+KBfVzJmzDDXkyFBrG4C2jLVWOXV413kDI/t/fI4q8f8E6/JL2AV1XkIEgnthSEC2j2ZVCIfGC86C3RXssq5LA7hUzebW/zPau0bNK8mc3ygLxEaMX9mR8AeHbCx9AiEVKrlae5zGGrYDPWv0QohqqO+pLGn1rPUzm1l/Jti7lfYnXEADhnW1McyA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JMKvDw7En3wVFDrNERdFbg+EL5Efd9oo99hWBwa6a9JFZDw0Gpv6sTjO0rJ7yBP3lyobvpdQYwPONi7CizrmtYR4yfeAtmg+5RcnKzQNXSJRTrdZIhaVNnapwZiK9iv5KhJ6ajLStK3DEXtyzPL9g0n/D8Fl+E/s2OADEpOlixSWLc9DLnTjSGNKIl7clh/sIm0zD48ACaFK0iyUYrFpYhaPoEQwJRU5Gkv0OlEHxL/cJvoQ7727ts4kQxmgx1ohBA4cJ1Oy98uv8zxrqPcC/QmAgJycucPhN+uwSKDa1x8LfcYOcbdziOKHnZcojtzZx7svro8h0CERMYwWremBxw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Wed, 15 Dec 2021 12:07:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15.12.2021 12:56, Oleksandr Andrushchenko wrote: > Dear rest maintainers! > > Could you please review this series which seems to get stuck? I don't seem to have any record of you having pinged Roger as the vPCI maintainer. Also, as said on the Community Call when discussing this, I don't think I'd view this series as in a state where an emergency fallback to REST would be appropriate. As indicated, in particular I wouldn't want to commit any of it without Roger's basic agreement. IOW while REST maintainer reviews may help making progress (but as much would reviews by anyone else), they may not put the series in a state where it could go in. In any event, as also said on the call, afaic this series is in my to- be-reviewed folder, alongside a few dozen more patches. I'll get to it if nobody else would, but I can't predict when that's going to be. There's simply too much other stuff in need of taking care of. Jan > Thank you in advance, > Oleksandr > > On 25.11.21 13:02, Oleksandr Andrushchenko wrote: >> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >> >> Hi, all! >> >> 1. This patch series is focusing on vPCI and adds support for non-identity >> PCI BAR mappings which is required while passing through a PCI device to >> a guest. The highlights are: >> >> - Add relevant vpci register handlers when assigning PCI device to a domain >> and remove those when de-assigning. This allows having different >> handlers for different domains, e.g. hwdom and other guests. >> >> - Emulate guest BAR register values based on physical BAR values. >> This allows creating a guest view of the registers and emulates >> size and properties probe as it is done during PCI device enumeration by >> the guest. >> >> - Instead of handling a single range set, that contains all the memory >> regions of all the BARs and ROM, have them per BAR. >> >> - Take into account guest's BAR view and program its p2m accordingly: >> gfn is guest's view of the BAR and mfn is the physical BAR value as set >> up by the host bridge in the hardware domain. >> This way hardware doamin sees physical BAR values and guest sees >> emulated ones. >> >> 2. The series also adds support for virtual PCI bus topology for guests: >> - We emulate a single host bridge for the guest, so segment is always 0. >> - The implementation is limited to 32 devices which are allowed on >> a single PCI bus. >> - The virtual bus number is set to 0, so virtual devices are seen >> as embedded endpoints behind the root complex. >> >> 3. The series has complete re-work of the locking scheme used/absent before >> with >> the help of the work started by Roger [1]: >> [PATCH v5 03/13] vpci: move lock outside of struct vpci >> >> This way the lock can be used to check whether vpci is present, and >> removal can be performed while holding the lock, in order to make >> sure there are no accesses to the contents of the vpci struct. >> Previously removal could race with vpci_read for example, since the >> lock was dropped prior to freeing pdev->vpci. >> This also solves synchronization issues between all vPCI code entities >> which could run in parallel. >> >> 4. There is an outstanding TODO left unimplemented by this series: >> for unprivileged guests vpci_{read|write} need to be re-worked >> to not passthrough accesses to the registers not explicitly handled >> by the corresponding vPCI handlers: without fixing that passthrough >> to guests is completely unsafe as Xen allows them full access to >> the registers. >> >> Xen needs to be sure that every register a guest accesses is not >> going to cause the system to malfunction, so Xen needs to keep a >> list of the registers it is safe for a guest to access. >> >> For example, we should only expose the PCI capabilities that we know >> are safe for a guest to use, i.e.: MSI and MSI-X initially. >> The rest of the capabilities should be blocked from guest access, >> unless we audit them and declare safe for a guest to access. >> >> As a reference we might want to look at the approach currently used >> by QEMU in order to do PCI passthrough. A very limited set of PCI >> capabilities known to be safe for untrusted access are exposed to the >> guest and registers need to be explicitly handled or else access is >> rejected. Xen needs a fairly similar model in vPCI or else none of >> this will be safe for unprivileged access. >> >> 5. The series was also tested on: >> - x86 PVH Dom0 and doesn't break it. >> - x86 HVM with PCI passthrough to DomU and doesn't break it. >> >> Thank you, >> Oleksandr >> >> [1] >> https://lore.kernel.org/xen-devel/20180717094830.54806-2-roger.pau@xxxxxxxxxx/ >> >> Oleksandr Andrushchenko (13): >> rangeset: add RANGESETF_no_print flag >> vpci: fix function attributes for vpci_process_pending >> vpci: cancel pending map/unmap on vpci removal >> vpci: add hooks for PCI device assign/de-assign >> vpci/header: implement guest BAR register handlers >> vpci/header: handle p2m range sets per BAR >> vpci/header: program p2m with guest BAR view >> vpci/header: emulate PCI_COMMAND register for guests >> vpci/header: reset the command register when adding devices >> vpci: add initial support for virtual PCI bus topology >> xen/arm: translate virtual PCI bus topology for guests >> xen/arm: account IO handlers for emulated PCI MSI-X >> vpci: add TODO for the registers not explicitly handled >> >> Roger Pau Monne (1): >> vpci: move lock outside of struct vpci >> >> tools/tests/vpci/emul.h | 5 +- >> tools/tests/vpci/main.c | 4 +- >> xen/arch/arm/vpci.c | 33 +++- >> xen/arch/x86/hvm/vmsi.c | 8 +- >> xen/common/rangeset.c | 5 +- >> xen/drivers/Kconfig | 4 + >> xen/drivers/passthrough/pci.c | 11 ++ >> xen/drivers/vpci/header.c | 352 +++++++++++++++++++++++++++------- >> xen/drivers/vpci/msi.c | 11 +- >> xen/drivers/vpci/msix.c | 8 +- >> xen/drivers/vpci/vpci.c | 252 +++++++++++++++++++++--- >> xen/include/xen/pci.h | 6 + >> xen/include/xen/rangeset.h | 7 +- >> xen/include/xen/sched.h | 8 + >> xen/include/xen/vpci.h | 47 ++++- >> 15 files changed, 644 insertions(+), 117 deletions(-) >>

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.