Xen project Mailing List

Re: [PATCH v5 06/14] vpci/header: implement guest BAR register handlers

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Mon, 31 Jan 2022 12:39:37 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tTu9lvXVsXAJr+sX/VDW3XKNHFN6fLXIPP3D3GqpNfc=; b=DfU/DTH4esZ89Kqs+VkkbX7sAzWgmla9TLKJbjUiLC9FvFbsIMLofcngSnL29YB0f66yqysIKCVYIDez473eHhVkhsiuQUiJ9ZlMlTO3UZzZ4Yl6MwKx70E24sxki/CXVcmjoFKZfVqlrj5g99JdFChDmopiN/Sh13LbtXcumvhIeIN4xHLR7WhD4e6JN7jmmyJWFSRRqoapQa6ikHssW+vX13r0PTb4he02Dj7Vq5PgABH/vNdHKvhPMYivz7gson2FX+VgsUyhAzcCk4M+B7Viq42viZBzsXaQwKnnjyp5jL/z4LErfxmQ1tzDJ3MVEfS4AXtbEsWL443IvRNUbQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lvzz7FEojEpJAXdAdU3YBGgb4kgYC1YLR41RLxo/n1nMB991PBFyjD854Bp1YEcHdUX6B1FWb7EXHy45Z4rFCEjp6yB7YaeZpsYuOfSWOEDb0FSX/XPsWxMTX8gm5azxSm33iOTN9W08wzpuNamQy6mxKwXcF1zqKi/ReJnKlLKxJ2HxlMQbnSq0g+faDJoKjLq8cmGAs0dgfe0KBf9wT0ULb4dIuTuNyw4FPolI6bn8PYg9twKUrBRffvR/4/q7UtCSjoP2i5Lfajgb4SdjUOhqx/KjDGq/jm0c4FWE5EKBCRwTR0woy5vI36naXWZr6PPPn28rXoklciBTsGRldA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 31 Jan 2022 11:39:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31.01.2022 12:23, Oleksandr Andrushchenko wrote: > On 31.01.22 13:10, Roger Pau Monné wrote: >> Right (see my previous reply to this comment). I think it would be >> easier (and cleaner) if you switched the default behavior regarding >> unhandled register access for domUs at the start of the series (drop >> writes, reads returns ~0), and then you won't need to add all those >> dummy handler to drop writes and return ~0 for reads. >> >> It's going to be more work initially as you would need to support >> passthrough of more registers, but it's the right approach that we >> need implementation wise. > While I agree in general, this effectively means that I'll need to provide > handling for all PCIe registers and capabilities from the very start. > Otherwise no guest be able to properly initialize a PCI device without that. > Of course, we may want starting from stubs instead of proper emulation, > which will direct the access to real HW and later on we add proper emulation. > But, again, this is going to be a rather big piece of code where we need > to explicitly handle every possible capability. Since the two sub-threads are now about exactly the same topic, I'm answering here instead of there. No, you are not going to need to emulate all possible capabilities. We (or really qemu) don't do this on x86 either. Certain capabilities may be a must, but not everything. There are also device specific registers not covered by any capability structures - what to do with those is even more of a question. Furthermore for some of the fields justification why access to the raw hardware value is fine is going to be easy: r/o fields like vendor and device ID, for example. But every bit you allow direct access to needs to come with justification. > At the moment we are not going to claim that vPCI provides all means to > pass through a PCI device safely with this respect and this is why the feature > itself won't even be a tech preview yet. For that reason I think we can still > have implemented only crucial set of handlers and still allow the rest to > be read/write directly without emulation. I think you need to separate what you need for development from what goes upstream: For dev purposes you can very well invert the policy from white- to black-listing. But if we accepted the latter into the main tree, the risk would be there that something gets missed at the time where the permission model gets changed around. You could even have a non-default mode operating the way you want it (along the lines of pciback's permissive mode), allowing you to get away without needing to carry private patches. Things may also initially only work in that mode. But the default should be a mode which is secure (and which perhaps initially offers only very limited functionality). > Another question is what needs to be done for vendor specific capabilities? > How these are going to be emulated? By vendor specific code, I'm afraid. Assuming these capabilities really need exposing in the first place. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.