[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4] IOMMU/x86: disallow device assignment to PoD guests
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Mon, 11 Apr 2022 12:29:48 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q6CTnpQSp1wplXGnglhNQpxSpwnXmSn+VgzCt05rRGs=; b=nq36FRpSbxyrKVASzbOHlNUJahbo9CkmYDp7Dio8AMvtB38gbyXIPSdA6SE0fYLZbecOsLAtWtpjLKYLGN93DqsGuuy3Fvxw+1qxmgrWItHtE4DvbuINRYfpj2idhDMuxtQN1LVnPH0+PFKYdEOVDSqjH43Xm6QIIzgW+qFeaSn+RizHd/JzQmzTeybMaBbcLGjwUa0838nea7t5+Id1PAxpUz1ZIekgkeDidOALHhzdJbF+Jwt7wQinRtkAbEd3VAvyj6itZlKTgZ7dQLcgZ/05d1q02uByNmDx06+a+4uzR/CPXsENu6/85ioFO7hRVzmlMrmPDfDkiLO4m4laug==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e6pmUTyy3jgcQyA1nmlPi2QZUNjynYv4LssEdB3/hsDmMyCbiqvLnq10RM3AOquaJaFsBnmoNu/F2A4XwqKHSgDSFiXel2XS+T2Lc3T6E1GZAmE7RgtCTz//RwmeBCKiqs0Bn20UhE3OBrlgWVHuzkf8nsGOoK4+2am022rx8zeoSa3yBkosngTLMlmTGCsuCeXUyere/5S7x5aTAe3TObvODYYJLqkIpX8dOht9egFfmjXAuWH+2Q1zDOmosY/CJC+1kL2F4JVVyP9VcRq1w0BXy/0iQ1mgOoMsFCZ/coawR/7K8V7gVzPMdxgPeHlekZrxaFT9L1yDS1dV/ZvdiQ==
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>
- Delivery-date: Mon, 11 Apr 2022 10:30:02 +0000
- Ironport-data: A9a23:2E8KRazggUAg5iM37nd6t+fvxirEfRIJ4+MujC+fZmUNrF6WrkUHz 2cZWDqFM/6MYGKjeYh2atm29U8A7JHRxoUxQQFvqSAxQypGp/SeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv656yMUOZigHtIQMsadUsxKbVIiGX9JZS5LwbZj2NY02IHhWmthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ NplkbHqbgYkI6n2uuElCAEHFWZUMatdweqSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DJoQQt2sm1TjEJf0nXYrCU+PB4towMDIY2JATR6mPO 5FxhTxHfk3dcw8TFwgrS61lmum1jXX5dgR6twfAzUYwyzeKl1EguFT3C/LJc9mDXu1JnUKVo G3X8mC/CRYfXPSH0Tuf+Xuoj+XStSn6RI4fGrC++vNwxlaUwwQ7ARwNXFq/qNGzi1KyVtxSL UAZ4Gwlqq1a3FSiU93VTxC+5nmesXY0WdBdDuk74wGl0bfP7kCSAW1sZi5MbpkqudE7QRQu1 0SVhJX5CDp3qrqXRHmBsLCOoluaJiw9PWIEIygeQmM4D8LL+d9pyEiVF5A6TfDz3oad9SzML y6iiAVkoLQekMox9aCDpkiYhXWGqp7Sd1tgjunIZV6N4gR8bY+jQoWn71nH8PpNRLqkokm9U GsswJbHsr1XZX2ZvGnUGbhWQun1jxqQGGeE6WODCaXN4NhEF5SLWYlLqA9zK05yWirvUW+4O RSD0e+9CXI6AZdLUUOVS9/qYyjJ5fK5fTgAahwzRoATCqWdjCfdoElTibe4hggBanQEn6AlI ou8es2xF3scAqkP5GPoG7ZDiOFwm3lhlDm7qXXHI/OPi+T2WZJoYe1dbAvmgh4RsctoXzk5A /4AbpDXmn2zocX1YzXN8J57ELz5BSNTOHwCkOQOLrTrClM/QAkJUqaNqZt8K90Nt/kEzY/go yDiMnK0PXKi3BUr3y3RMSs9AF4uNL4ixU8G0dsEYQ7ziyd+O972hErdHrNuFYQaGCVY5accZ 9EOetmaA+QJTTLC+j8HaoL6opAkfxOu7T9i9QL8CNTjV/aMnzD0x+I=
- Ironport-hdrordr: A9a23:w07TgqMX8GBUWcBcTu6jsMiBIKoaSvp037By7TEVdfRUGvb2qy ncpoV+6faUskdoZJhOo6HiBEDtex7hHP1OkPIs1NWZLWvbUQKTRekIh7cKqAePJ8SKzI5gPN BbEpSWZuedMbAk5vyKmjVQWOxQp+VvuJrY49s2ZU0dMD2CRZsQljtENg==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Apr 11, 2022 at 11:47:46AM +0200, Jan Beulich wrote:
> While it is okay for IOMMU page tables to be set up for guests starting
> in PoD mode, actual device assignment may only occur once all PoD
> entries have been removed from the P2M. So far this was enforced only
> for boot-time assignment, and only in the tool stack.
>
> Also use the new function to replace p2m_pod_entry_count(): Its unlocked
> access to p2m->pod.entry_count wasn't really okay (irrespective of the
> result being stale by the time the caller gets to see it). Nor was the
> use of that function in line with the immediately preceding comment: A
> PoD guest isn't just one with a non-zero entry count, but also one with
> a non-empty cache (e.g. prior to actually launching the guest).
>
> To allow the tool stack to see a consistent snapshot of PoD state, move
> the tail of XENMEM_{get,set}_pod_target handling into a function, adding
> proper locking there.
>
> In libxl take the liberty to use the new local variable r also for a
> pre-existing call into libxc.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Just one comment below.
> ---
> If p2m->pod.entry_count == p2m->pod.count it is in principle possible to
> permit device assignment by actively resolving all remaining PoD entries.
>
> Initially I thought this was introduced by f89f555827a6 ("remove late
> (on-demand) construction of IOMMU page tables"), but without
> arch_iommu_use_permitted() checking for PoD I think the issue has been
> there before that.
> ---
> v4: Drop tool stack side change (superseded by 07449ecfa425). Extend VM
> event related paragraph of description.
> v3: In p2m_pod_set_mem_target() move check down.
> v2: New.
>
> --- a/xen/arch/x86/mm/p2m-pod.c
> +++ b/xen/arch/x86/mm/p2m-pod.c
> @@ -20,6 +20,7 @@
> */
>
> #include <xen/event.h>
> +#include <xen/iocap.h>
> #include <xen/ioreq.h>
> #include <xen/mm.h>
> #include <xen/sched.h>
> @@ -360,7 +361,10 @@ p2m_pod_set_mem_target(struct domain *d,
>
> ASSERT( pod_target >= p2m->pod.count );
>
> - ret = p2m_pod_set_cache_target(p2m, pod_target, 1/*preemptible*/);
> + if ( has_arch_pdevs(d) || cache_flush_permitted(d) )
> + ret = -ENOTEMPTY;
ENOTEMPTY seems weird here. I think the reasoning is that the set of
passthrough devices is not empty? IMO it's confusing as the function
itself is related to buffer management, so returning ENOTEMPTY could
be confused with some other condition.
Might be less ambiguous to use EXDEV.
Thanks, Roger.
|
