Xen project Mailing List

Re: [PATCH RFC] xen/pci: detect when BARs overlap RAM

Date: Wed, 26 Jan 2022 16:27:04 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P5xD2fRPim1/eMKCb+ZA3iZGUHUsL8Ir6HXuk36GdRY=; b=Fo66I+Ihy/N6rbQ521UEcXr0l7g+HEsYors75mA7iN6VgqbMqJtAU18nOwv1WqBiEsDBzQTg6fd/20u0kDhGxqpdFYNf2JEZ8BZ+kiFenrJ5TRzX63CdOGq1SdRzIwSZlDObioqSYEpVx+xTiMES3y23uKD4FTYTcUrItJzu1KMlwprj6qNnaBQUcSKjZiq87Q90a0JBf6DddOtyDeyRbKTT9lKA3dHBOt9NZj1DVrpdTp+tcIwBrk2NO2OOqwiZOaOSJp+WniI9TPy/psdhgWy/aiCOhQQtswNy+Yx3UGMavnrpW14n0yvW8vUidhhPqYUV1Hauy+1WGVYf3MTQ5w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g/QpUQHR70OXuyUial8qQ2kvPnCUc872KMCbYwP2gIonNbt00d2pFn/63N2b/fWmuW8fwBrnkxc+Q7nykXDA7rQXZwlP0B1U+zvCfZ/kiZsbfxvlfGkKO7SRco2WfgciBMOEL3kJVowZ1bE6nic/D9YKdIpSUOn+JAtH/5RW2iqN8q+V9dO0pXCsqEMSeWqCh2HzhyocnDeT/SnZ6laKy/iApEUKtkf00gpnTqtV0QmMXR9VM3dC3B4f35qwHTnrkSMuKCXqE6pO9XyiwnD43oBnT4yz6OBEvwiUdfjJ2zx51aZtyJ/gxQqTr3ogLZ/YDJKydZorWhSmbSCi+RXTOw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 26 Jan 2022 15:27:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.01.2022 15:45, Andrew Cooper wrote: > On 26/01/2022 12:26, Roger Pau Monne wrote: >> One of the boxes where I was attempting to boot Xen in PVH dom0 mode >> has quirky firmware, as it will handover with a device with memory >> decoding enabled and a BAR of size 4K at address 0. Such BAR overlaps >> with a RAM range on the e820. >> >> This interacts badly with the dom0 PVH build, as BARs will be setup on >> the p2m before RAM, so if there's a BAR positioned over a RAM region >> it will trigger a domain crash when the dom0 builder attempts to >> populate that region with a regular RAM page. >> >> It's in general a very bad idea to have a BAR overlapping with a RAM >> region, so add some sanity checks for devices that are added with >> memory decoding enabled in order to assure that BARs are not placed on >> top of memory regions. If overlaps are detected just disable the >> memory decoding bit for the device and expect the hardware domain to >> properly position the BAR. >> >> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > I'm not sure this is a sensible approach. > > A bar at 0 is utterly unusable, because it is outside of the host bridge > window. > > The absence of any coherent GPA map for guests (needs fixing for oh so > many reasons) is a primary contributor to the problem, because Xen > *should* know where the guest's low and high MMIO windows are before > attempting to map BARs into the guest. But this is all about Dom0, ... > The proper fix is to teach Xen about GPA maps, and reject BAR insertion > outside of the respective bridge windows. ... and hence this isn't about "insertion", but about what we find upon booting. > An fix in the short term would be to disable the problematic BAR when > scanning the PCI bus to being with. You can't disable an individual BAR (except for the ROM one), you need to disable all memory ones collectively (by disabling memory decode). Which is what Roger does. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.