[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] VT-d: fix RMRR handling
Ok, make sense, thanks, Jan! Acked-by: Xiantao Zhang <xiantao.zhang@xxxxxxxxx> > -----Original Message----- > From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Tuesday, March 4, 2014 4:05 PM > To: Zhang, Xiantao > Cc: xen-devel > Subject: RE: [PATCH] VT-d: fix RMRR handling > > >>> On 01.03.14 at 08:03, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote: > > Jan, my comments embedded, thanks! > > > >> Removing mapped RMRR tracking structures in dma_pte_clear_one() is > >> wrong for two reasons: First, these regions may cover more than a > >> single page. And second, multiple devices (and hence multiple devices > >> assigned to any particular guest) may share a single RMRR (whether > >> assigning such devices to distinct guests is a safe thing to do is another > question). > > > > Agree, this is a real issue as you described > > > >> Therefore move the removal of the tracking structures into the > >> counterpart function to the one doing the insertion - > >> intel_iommu_remove_device(), and add a reference count to the tracking > structure. > > > > Adding a reference count is a good idea, but from the logic, seems you > > are adding a global counter for each rmrr? > > I don't think so: mapped_rmrrs is rooted in struct hvm_iommu, which is a > per-domain thing. > > > In theory, one rmrr may be mapped for multiple devices in multiple > > domains, global counter for once rmrr is not enough. > > Maybe we need to per-domain counter there ? > > And even if it was, I wouldn't think so, for security reasons: Sharing an RMRR > across domains is insecure afaict, so if anything we ought to suppress > assigning > devices sharing an RMRR to different guests (e.g. via intel_iommu_group_id() > or > a second, similar mechanism), at least in "iommu=force" mode. > > Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |