Xen project Mailing List

Re: [PATCH v6 04/13] vpci: restrict unhandled read/write operations for guests

To: "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 8 Feb 2022 08:00:28 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JSXkDlzILY7kwi8NyLXpJsr0LsQIlPej9iYjEc1YIDo=; b=QZmzFraRdU7W8yu7HSkYAdyQraoBuKbM/evLPk3bJw29bVOgKtPIdTqs0u40jTDv5XhrZCO+VJONVPghFzOdFyY+GHN+Tky2c837nQ0cTC48k81oVRgQPZGsIdTx2uS5FSEPqQl2ib9AGsKpxO715LbU6YMFDyv834pX3k/W8UvOL1mCnI5FxurxDBQJ9HQAdyISuzKuaCUtJWMHs6OnIUdZCz2gceucRuHMlDX0relXFCemp62zV2PQBgeeueWv2fEFRV0WZiH4eRHIRc+g+2X/ptqfpYgL8nKocZQoa0624tMbNffO6EfqwD5hsnpkepVHJUvyduzrD/QcS0ybUw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nRlnwY34tkcOpvBpl96fr2ss1mjuwoOb6/Qc9MATCxj/aI7Ea0uEqjk6bjcIEIy7l2z7r8rmv7TEe2BodZ4UsGMeh492jsWp2UbW5Z/3thZa5OZ2qPKBvg6dtseh84O+NXc1n+cGwNNi8ha+eVoM+H1M0cl1t70SqaqOvXpbTcyWCV0BijgwZaYVgQq2L0N4jf49bEspQ17u5B1qn2uphT6oq7qutfLRJy2LwH/lXakoZCDHK9dRP+eQvEvs7Oi5/FSE1EyaqZqhs0Cc29NihVlVIEe5+nM0UF9nhJMmIPT2uD0r3XXdJBoH65bsw7SRWZB6Q9DFaBuWc41lIuIZ7g==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Delivery-date: Tue, 08 Feb 2022 08:00:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYGZFbf8/6pUr0mUKzbmboCx8QkqyDbvWAgAADnYCABd4pgA==

Thread-topic: [PATCH v6 04/13] vpci: restrict unhandled read/write operations for guests

On 04.02.22 16:24, Oleksandr Andrushchenko wrote: > > On 04.02.22 16:11, Jan Beulich wrote: >> On 04.02.2022 07:34, Oleksandr Andrushchenko wrote: >>> A guest can read and write those registers which are not emulated and >>> have no respective vPCI handlers, so it can access the HW directly. >> I don't think this describes the present situation. Or did I miss where >> devices can actually be exposed to guests already, despite much of the >> support logic still missing? > No, they are not exposed yet and you know that. > I will update the commit message BTW, all this work is about adding vpci for guests and of course this is not going to be enabled right away. I would like to hear the common acceptable way of documenting such things: either we just say something like "A guest can read and write" elsewhere or we need to invent something neutral not directly mentioning what the change does. With the later it all seems a bit confusing IMO as we do know what we are doing and for what reason: enable vpci for guests >>> In order to prevent a guest from reads and writes from/to the unhandled >>> registers make sure only hardware domain can access HW directly and restrict >>> guests from doing so. >> Tangential question: Going over the titles of the remaining patches I >> notice patch 6 is going to deal with BAR accesses. But (going just >> from the titles) I can't spot anywhere that vendor and device IDs >> would be exposed to guests. Yet that's the first thing guests will need >> in order to actually recognize devices. As said before, allowing guests >> access to such r/o fields is quite likely going to be fine. > Agree, I was thinking about adding such a patch to allow IDs, > but finally decided not to add more to this series. > Again, the whole thing is not working yet and for the development > this patch can/needs to be reverted. So, either we implement IDs > or not this doesn't change anything with this respect Roger, do you want an additional patch with IDs in v7? >>> --- a/xen/drivers/vpci/vpci.c >>> +++ b/xen/drivers/vpci/vpci.c >>> @@ -215,11 +215,15 @@ int vpci_remove_register(struct vpci *vpci, unsigned >>> int offset, >>> } >>> >>> /* Wrappers for performing reads/writes to the underlying hardware. */ >>> -static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, >>> +static uint32_t vpci_read_hw(bool is_hwdom, pci_sbdf_t sbdf, unsigned int >>> reg, >>> unsigned int size) >> Was the passing around of a boolean the consensus which was reached? > Was this patch committed yet? >> Personally I'd fine it more natural if the two functions checked >> current->domain themselves. > This is also possible, but I would like to hear Roger's view on this as well > I am fine either way Roger, what's your maintainer's preference here? Additional argument to vpci_read_hw of make it use current->domain internally? Thank you, Oleksandr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.