[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection

To: "Wei Ye" <wei.ye@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 04 Aug 2014 08:35:06 +0100
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, "keir@xxxxxxx" <keir@xxxxxxx>, "ian.campbell@xxxxxxxxxx" <ian.campbell@xxxxxxxxxx>, "stefano.stabellini@xxxxxxxxxxxxx" <stefano.stabellini@xxxxxxxxxxxxx>, "tim@xxxxxxx" <tim@xxxxxxx>, "ian.jackson@xxxxxxxxxxxxx" <ian.jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "Paul.Durrant@xxxxxxxxxx" <Paul.Durrant@xxxxxxxxxx>, Zhiyuan Lv <zhiyuan.lv@xxxxxxxxx>
Delivery-date: Mon, 04 Aug 2014 07:35:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 04.08.14 at 07:05, <wei.ye@xxxxxxxxx> wrote:

> 
>> -----Original Message-----
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> Sent: Monday, July 28, 2014 4:25 PM
>> To: Ye, Wei
>> Cc: ian.campbell@xxxxxxxxxx; Paul.Durrant@xxxxxxxxxx;
>> ian.jackson@xxxxxxxxxxxxx; stefano.stabellini@xxxxxxxxxxxxx; xen-
>> devel@xxxxxxxxxxxxx; keir@xxxxxxx 
>> Subject: Re: [PATCH v1 0/2] Extend ioreq-server to support page write
>> protection
>> 
>> >>> On 28.07.14 at 19:55, <wei.ye@xxxxxxxxx> wrote:
>> > ioreq-server is proposed to forward PIO and MMIO request to multiple
>> > device models according to the io range. XenGT (Intel Graphics
>> > Virtualization technology, please refer to
>> > https://01.org/xen/blogs/srclarkx/2013/graphics-virtualization- 
>> > xengt) driver reside in Dom0 as a virtual graphics device model also
>> > need to trap and emulate the guest's write operation to some specific
>> > memory pages, like the memory pages used by guest graphics driver as
>> > PPGTT(per-process graphics translation table). We add an new p2m type
>> > "p2m_ram_wp" to trap the page write operation. Page of this new p2m
>> > type is read only and for write, the request will go to device model
>> > via ioreq-server.
>> 
>> So how is this write-protection supposed to work on the IOMMU side when
>> sharing page tables?
> 
> Thanks for pointing out this question. Write-protection is not supposed to 
> work when sharing page tables between EPT and vt-d.
> An explicit command line "iommu=no-sharept" should be setted for avoiding 
> undesirable iommu fault.

Requiring the unconditional use of a specific command line option is
certainly fine for experimental code, but not beyond that. Behavior
should be correct by default in production code.

But what's worse here: The option _allows_ device side writes from
the guest. Why would device side writes be okay, but CPU side ones
not?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Tian, Kevin

References:
- Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
  - From: Ye, Wei

Prev by Date: Re: [Xen-devel] [v6][PATCH 2/2] xen:vtd: missing RMRR mapping while share EPT
Next by Date: Re: [Xen-devel] [PATCH v1 1/2] x86: add p2m_ram_wp
Previous by thread: Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
Next by thread: Re: [Xen-devel] [PATCH v1 0/2] Extend ioreq-server to support page write protection
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.