[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [for-4.15][PATCH v2 1/5] xen/x86: p2m: Don't map the special pages in the IOMMU page-tables

  • To: Julien Grall <julien@xxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 10 Feb 2021 09:29:32 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tMGIVTMavWni1yEkj8pJgHZaJwyiQFr6zEaJOla1vTc=; b=Da1tbaWGI9tZg5Py1UHeM6+/wFBDXOhD4slfXMAzBmslN9WCktUDqpqg4+hTaVb7yLDCqe014+/k2ejC3lnP6zOp2xl15k4/QXaVnpGwduS7qh844AmiM9s6Bo+BEb/SfLTL1Snq3uCp8pwLUHr6qXo9twOD8jcX7p90XEwjEFG+zwjpsn4NWiiIu5Kl1x1EAqLvZs5e72s0YqqKVc320K5O1tYPph6EaYzuMS88yf3ve80BoFt43IdWOWE6f8wbzWn97CjPFLbn5kVkBUDERVT1GX0IyILINAmWvcQL3aiMp8Um3zp6atiaZr57onlCBfzQgOK1aWdGwTwj+KJL+A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O3zTYRHWSu8ypTsi/rdOU6GmRA5prKYbuwKNAzdg1HbwIsVqJb66giuwg0gM0ZwsMGSTs+a536ya+1XFA8kOsqVsfzI4iVnwnXkfWofslgEnDFgExO7XLRq3x3So+NbKKf+lqPWnZ7yHGVDiA2kO7+ADOIe+EjmrIHda6oh6WV/fJgnzQS+XCXWP8Dzdlw5WsdsVvBBe0ChFdriFzNRCvkSueQOcy4vEuo8fc77iRyFUXdsF8Jzx+zMgxNr9vO0C3iCnOO6V8jbb4+rQQFdAOvigyYNSkJF4QFn6KMPkVWVJT3MSZ6W5wc/QnFOZN1aFtINcXnvSrS4HsmGfp9cgag==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <hongyxia@xxxxxxxxxxxx>, <iwj@xxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 10 Feb 2021 08:29:59 +0000
  • Ironport-sdr: WuRgUfPxBPSwhfDErkDvHd5CHI6RJLSoQoX020a0dE/7eR8FKW/4SM+/FiErhzHSH5egOfd1DT 1MstnfEW/IGfTRX89fgctzEymqXcYVfR8IgWfdHri4uRH3tE3iJNXzhaO0LbrFN+MyGSAqXp+I cfeDws1ixQteLHqu9dnNQyfxfCh7pJHwLb0+ZlqJ/QV+rwRndZVRyiBw2VqDXtFwneSOGQ4v2H /gTa9pRqWK+NVvmOAI3g+n/wmjYdMtrIColsPdd2E06uwY24ajIM9zzlPSqqWepDRQjV1llhkq nDI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Feb 09, 2021 at 03:28:12PM +0000, Julien Grall wrote:
> From: Julien Grall <jgrall@xxxxxxxxxx>
> 
> Currently, the IOMMU page-tables will be populated early in the domain
> creation if the hardware is able to virtualize the local APIC. However,
> the IOMMU page tables will not be freed during early failure and will
> result to a leak.
> 
> An assigned device should not need to DMA into the vLAPIC page, so we
> can avoid to map the page in the IOMMU page-tables.
> 
> This statement is also true for any special pages (the vLAPIC page is
> one of them). So to take the opportunity to prevent the mapping for all
> of them.

Hm, OK, while I assume it's likely for special pages to not be target
of DMA operations, it's not easy to spot what are special pages.

> Note that:
>     - This is matching the existing behavior with PV guest

You might make HVM guests not sharing page-tables 'match' PV
behavior, but you are making behavior between HVM guests themselves
diverge.


>     - This doesn't change the behavior when the P2M is shared with the
>     IOMMU. IOW, the special pages will still be accessibled by the
>     device.

I have to admit I don't like this part at all. Having diverging device
mappings depending on whether the page tables are shared or not is
bad IMO, as there might be subtle bugs affecting one of the two
modes.

I get the feeling this is just papering over an existing issue instead
of actually fixing it: IOMMU page tables need to be properly freed
during early failure.

> Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
> 
> ---
>     Changes in v2:
>         - New patch
> ---
>  xen/include/asm-x86/p2m.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
> index 7d63f5787e62..1802545969b3 100644
> --- a/xen/include/asm-x86/p2m.h
> +++ b/xen/include/asm-x86/p2m.h
> @@ -919,6 +919,10 @@ static inline unsigned int 
> p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn)
>  {
>      unsigned int flags;
>  
> +    /* Don't map special pages in the IOMMU page-tables. */

I think this should explain why special pages don't require IOMMU
mappings, or even just note that special pages cannot be added to the
IOMMU page tables due to failure to free them afterwards and that this
is a bodge for it.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.