[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain

To: "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>
From: "Shamsundara Havanur, Harsha" <havanur@xxxxxxxxxx>
Date: Mon, 14 Dec 2020 09:26:17 +0000
Accept-language: en-US
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 14 Dec 2020 09:26:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Thread-index: AQHWz7MJSRGqvamGtEii6iRZ4MXyYqn2TWsAgAAJiIA=
Thread-topic: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain

On Mon, 2020-12-14 at 09:52 +0100, Jan Beulich wrote:
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you can confirm the sender
> and know the content is safe.
> 
> 
> 
> On 11.12.2020 12:44, Harsha Shamsundara Havanur wrote:
> > A HVM domain flushes cache on all the cpus using
> > `flush_all` macro which uses cpu_online_map, during
> > i) creation of a new domain
> > ii) when device-model op is performed
> > iii) when domain is destructed.
> > 
> > This triggers IPI on all the cpus, thus affecting other
> > domains that are pinned to different pcpus. This patch
> > restricts cache flush to the set of cpus affinitized to
> > the current domain using `domain->dirty_cpumask`.
> 
> But then you need to effect cache flushing when a CPU gets
> taken out of domain->dirty_cpumask. I don't think you/we want
> to do that.
> 
If we do not restrict, it could lead to DoS attack, where a malicious
guest could keep writing to MTRR registers or do a cache flush through
DM Op and keep sending IPIs to other neighboring guests.

-Harsha
> Jan
>

Follow-Ups:
- Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
  - From: Julien Grall
- Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
  - From: Jan Beulich

References:
- [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
  - From: Harsha Shamsundara Havanur
- Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
  - From: Jan Beulich

Prev by Date: Re: [PATCH v4 1/3] xen/arm: add support for run_in_exception_handler()
Next by Date: Re: [PATCH v3 4/5] evtchn: convert domain event lock to an r/w one
Previous by thread: Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
Next by thread: Re: [XEN PATCH v1 1/1] Invalidate cache for cpus affinitized to the domain
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.