[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] VT-d: fix RMRR handling


  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
  • Date: Mon, 17 Mar 2014 14:48:56 +0000
  • Accept-language: en-US
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 17 Mar 2014 14:49:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: AQHPJmYNJZ8metW9oUG0lnfuV56oTprL6f/ggARD7ICAFWSAgA==
  • Thread-topic: [PATCH] VT-d: fix RMRR handling

Ok, make sense, thanks, Jan! 
Acked-by: Xiantao Zhang <xiantao.zhang@xxxxxxxxx>

> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Tuesday, March 4, 2014 4:05 PM
> To: Zhang, Xiantao
> Cc: xen-devel
> Subject: RE: [PATCH] VT-d: fix RMRR handling
> 
> >>> On 01.03.14 at 08:03, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote:
> > Jan, my comments embedded, thanks!
> >
> >> Removing mapped RMRR tracking structures in dma_pte_clear_one() is
> >> wrong for two reasons: First, these regions may cover more than a
> >> single page. And second, multiple devices (and hence multiple devices
> >> assigned to any particular guest) may share a single RMRR (whether
> >> assigning such devices to distinct guests is a safe thing to do is another
> question).
> >
> > Agree, this is a real issue as you described
> >
> >> Therefore move the removal of the tracking structures into the
> >> counterpart function to the one doing the insertion -
> >> intel_iommu_remove_device(), and add a reference count to the tracking
> structure.
> >
> > Adding a reference count is a good idea, but from the logic, seems you
> > are adding a global counter for each rmrr?
> 
> I don't think so: mapped_rmrrs is rooted in struct hvm_iommu, which is a
> per-domain thing.
> 
> > In theory, one rmrr may be mapped for multiple devices in multiple
> > domains, global counter for once rmrr is not enough.
> > Maybe we need to per-domain counter there ?
> 
> And even if it was, I wouldn't think so, for security reasons: Sharing an RMRR
> across domains is insecure afaict, so if anything we ought to suppress 
> assigning
> devices sharing an RMRR to different guests (e.g. via intel_iommu_group_id() 
> or
> a second, similar mechanism), at least in "iommu=force" mode.
> 
> Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.