[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] pci/ats: do not allow broken devices to be assigned to guests
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Fri, 25 Feb 2022 09:41:55 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=362OdD7Yjtrz9CvyKnpo87g0J1BeJXvv+MalHiJzF4E=; b=LCAeYKFyGJPJGAPOmTINwCWMDKf9T6VoXO5aM08IDq351HR29/Y7sXa7KeYciYdxjCe8jfiMCrnvW2Iq0M/ovU+v2bIBOrvjHZ2Ocx80ENWXm94P3Tba7DEhU8U4Zmq+Pilql8jhDM/4Yx1+6Yby9NK3zBZ7lOX31Hx29gmLFrJjhbj4+YBx3pq0/kYFJ8XLHty/IFnFbcqH/ZZKxwl84JjZmCNZvlzuWS8yM/iKcO2vlV3t4P7otUM1nkPE1D77qQzw1NP5cKimHi0aIdaox02qAY8Yy+6N/ABcZLOFVpU+k4vVIwK+TivGjlmLiIjaRUgyO8KMWD7ULOuz/trSBQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nn8hGov3hzz1RsT4spuSrBPLKdToDraEUP5ytk4Db22XdNd93l+AoQ+OPpIksNXwHqHLRKPwNdQK1k/BVb/rBN1J76VZx+kJRVEVgechZsiKQmlqqirJaDR+9SsU0QKuYHDIlkvT3rlYy5ZXcPr99Yywv4F1CujpM78oCH/5OUymiiagr8sDxSGVAZqRx3y2RC+EfMkR+noaKqlBxBRm1EAiNOsPrMbsqbtVbqBu2JFh9Pn51mf3Jz7X5yeuk7LezLu9a79s4Bqix1twfT3Qsob7uR4bhjqKaZg7KBXZHeKMeUMIgVn1fSI5zIPDVagYbV36vH+Cf8wIAhxRP53QUw==
- Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Paul Durrant <paul@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Oleksandr Andrushchenko <andr2000@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Fri, 25 Feb 2022 08:42:15 +0000
- Ironport-data: A9a23:lcpLb6KGKL3EBj4iFE+RJ5UlxSXFcZb7ZxGr2PjKsXjdYENShmdTz mIWXGuGaauOYGegLo92PIW/oxkBsZTUzNZkSQRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh2NQ12YLR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 Ixi74OBUToAAq2WgL0WeRsFECRfZpQTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBNPsM44F/Glp0BnSDOo8QICFSKLPjTNd9Glt3ZASQqePD yYfQWA2dQ3gXhNPAV0OUMwZl9qqumfgTgQN/Tp5ooJoujOOnWSdyoPFM9fLe9rMWcRcmG6Zo H7L+yLyBRRyHMOb4SqI9DSrnOCntTP2XsceGaO18tZugUaP3SoDBRsOT1y5rPKlzEmkVLp3I koY4HB29fAa+0miT927VBq9yFactwMYc8pdFas98g7l4qje7hudB2MEZiVcc9Fgv8gzLRQxz UOAld7tAT1psZWWRGib+7PSqim9UQAXMGsDaCksXQYDpd75r+kOYgnnF4g5VvTv15usRG+2k 2viQDUCa6s71OFRyJSjwHn7g2i0/5PjTFM24ySMZzfwhu9mX7KNa4ut4FndyP9PKoeFU1WM1 EQ5d9iiAPMmVs/UynHUKAkZNPTwvqvebmWA6bJ6N8R5r1yQF2ifkZe8Cd2UDGNgKY46dDDge yc/UisBtcYIbBNGgUKaCr9d6vjGL4C8RLwJtdiON7Kih6SdkifdrUmCgmbKggjQfLAEy/1XB HtiWZ/E4YwmIapm1iGqYOwWzKUmwCszrUuKG8ymkEj+jefGPCbNIVvgDLdoRrpohE9jiF+Im +uzyuPQk0kPOAEASnO/HXEvwaAiciFgWMGeRz1/fe+fOAt2cFzN+NeKqY7Nj7dNxvwP/s+Rp ynVchYBlDLX2C2WQS3XOysLQO6+Av5CQYcTYHVE0aCAgCN4P+5CLc43KvMKQFXQ3Lc7nK4sE qJcIJ3o7zYmYm2vxgnxpKLV9eRKXB+qmRiPL2yiZj0+dIRnXAvH5pnveQ6HycXEJnPfWRcWy 1F46j7mfA==
- Ironport-hdrordr: A9a23:peeN9KnCOCjKctnlRFAGuxlSBzrpDfIo3DAbv31ZSRFFG/Fw8P re+8jztCWE7Ar5PUtKpTnuAsW9qB/nmqKdgrNwAV7BZmfbUQKTRekJgLcKqAeAJwTOssJbyK d8Y+xfJbTLfD1HZB/BkWqF+gAbsbu6zJw=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Feb 24, 2022 at 05:43:13PM +0100, Jan Beulich wrote:
> On 24.02.2022 17:37, Roger Pau Monne wrote:
> > Introduce a new field to mark devices as broken: having it set
> > prevents the device from being assigned to guests. Use the field in
> > order to mark ATS devices that have failed a flush as broken, thus
> > preventing them to be assigned to any guest.
> >
> > This allows the device IOMMU context entry to be cleaned up properly,
> > as calling _pci_hide_device will just change the ownership of the
> > device, but the IOMMU context entry of the device would be left as-is.
> > It would also leak a Domain ID, as removing the device from it's
> > previous owner will allow releasing the DID used by the device without
> > having cleaned up the context entry.
>
> This DID aspect is VT-d specific, isn't it? I'd be inclined to ask to
> make this explicit (which could be done while committing if no other
> need for a v3 arises).
Indeed. AMD doesn't use iommu_dev_iotlb_flush_timeout so the function
is VT-d specific. What about using:
"Introduce a new field to mark devices as broken: having it set
prevents the device from being assigned to guests. Use the field in
order to mark ATS devices that have failed a flush when using VT-d as
broken, thus preventing them to be assigned to any guest.
This allows the device IOMMU context entry to be cleaned up properly,
as calling _pci_hide_device will just change the ownership of the
device, but the IOMMU context entry of the device would be left as-is.
It would also leak a VT-d Domain ID if using one, as removing the
device from it's previous owner will allow releasing the IOMMU DID
used by the device without having cleaned up the context entry."
Thanks, Roger.
|
