[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4] IOMMU/x86: disallow device assignment to PoD guests

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 11 Apr 2022 12:43:17 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iAxyiVj8LVywmrEPgCwuwNZvY6So3i6UhSSuXp9jBKU=; b=Y5/SmrSMMyk1E7rrIsBqvLbnBi1yQTEwTXa/fEnyrgDnsxTa6n/ZRwsdg/4aWTW0RIGG1wtITp5RLCTtOAzW9DtN92zyeIN3SZ7QIhd5Wr6HU9ZsjKKY6l1Zvn0m0IWdVNs710r4iLbHiKs3t0XE7An9HSEcfXvFhuWCannR0pKGbehyPQ1oEP6uscG3u73gqzZKkJ/XCOvBrOk8SiprtJS8XLuzPymVtKKDgyUv+qi1NZdu9ZZtxr/LpN3Pn2fVBya5VdUT0wGsCzz5wQZ4JwXlys/iFUMrUlq6SWikw1bAflWvYvGySrh50A2UtFuGU39uCH8t/3ePF4jLw5olGA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=odE8mcuVeF11tO7m6VXv2CSf8tKSXwzLFSxNiUJIDDV7GZdvZ6qliJbvqRN7oCpM7+zZ64oT1AvstA/FN4MDWgJ6WJ7RTSqWGKB6vkbemv5XGCwnxwDw1jIZ3Dj+Cpgf0KE+88Hhg5awItdsvHXkDkzO0xrO5XZ74HEIEwSv7A1dD4pZ2qQLSizUPzbXVhiwtvQaJ4Fxk5+V1mvT1x2KOiJDpD2QCXoUMTCFoGaVLXljlYG+lV+CdGy1GvN7tB8HkrmKrbwR5f4hVK8czQi8uqNTA/U2vmV+ANayLlAbEXlgS21S9yvVMu52vAe4ULg3mEUdCnUQSx/FUMbRoYJTlA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 11 Apr 2022 10:43:40 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11.04.2022 12:29, Roger Pau Monné wrote:
> On Mon, Apr 11, 2022 at 11:47:46AM +0200, Jan Beulich wrote:
>> While it is okay for IOMMU page tables to be set up for guests starting
>> in PoD mode, actual device assignment may only occur once all PoD
>> entries have been removed from the P2M. So far this was enforced only
>> for boot-time assignment, and only in the tool stack.
>>
>> Also use the new function to replace p2m_pod_entry_count(): Its unlocked
>> access to p2m->pod.entry_count wasn't really okay (irrespective of the
>> result being stale by the time the caller gets to see it). Nor was the
>> use of that function in line with the immediately preceding comment: A
>> PoD guest isn't just one with a non-zero entry count, but also one with
>> a non-empty cache (e.g. prior to actually launching the guest).
>>
>> To allow the tool stack to see a consistent snapshot of PoD state, move
>> the tail of XENMEM_{get,set}_pod_target handling into a function, adding
>> proper locking there.
>>
>> In libxl take the liberty to use the new local variable r also for a
>> pre-existing call into libxc.
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks.

>> --- a/xen/arch/x86/mm/p2m-pod.c
>> +++ b/xen/arch/x86/mm/p2m-pod.c
>> @@ -20,6 +20,7 @@
>>   */
>>  
>>  #include <xen/event.h>
>> +#include <xen/iocap.h>
>>  #include <xen/ioreq.h>
>>  #include <xen/mm.h>
>>  #include <xen/sched.h>
>> @@ -360,7 +361,10 @@ p2m_pod_set_mem_target(struct domain *d,
>>  
>>      ASSERT( pod_target >= p2m->pod.count );
>>  
>> -    ret = p2m_pod_set_cache_target(p2m, pod_target, 1/*preemptible*/);
>> +    if ( has_arch_pdevs(d) || cache_flush_permitted(d) )
>> +        ret = -ENOTEMPTY;
> 
> ENOTEMPTY seems weird here.  I think the reasoning is that the set of
> passthrough devices is not empty?

Yes.

> IMO it's confusing as the function
> itself is related to buffer management, so returning ENOTEMPTY could
> be confused with some other condition.
> 
> Might be less ambiguous to use EXDEV.

I don't think there's any particularly good error code to use here.
Hence I've tried to pick one that makes some sense, and which isn't
widely used (this latter aspect would be EXDEV slightly less desirable).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.