[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] VMX: use a single, global APIC access page

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
  • Date: Mon, 1 Mar 2021 02:18:24 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jAu6irp7v+fxrd8gveebhEvkfkKzguA4v1weEOsoW98=; b=VqrpazdcFufs1MeGcHXMae6J54CZYHFEuRIKtok/bczKhvVYLnHTcoODReVVIJBB8GMCGyYBfdmk4bS7g+6jhc/klRzYlj/z2clXP80AjjpnCZp0IRmrWLQa+hGRrU3oaZV71kX/ThlfQtAbBp8zw0hTIxgd8zl4uYVa67l5Kp7kNzI72YPya5NK+OQLsoicsY23CKcN5+V28kfQPLV1wNZ9EEu+tVDN5R7kQQ+0n1AJZa+KAS8+eia0uw6aR1eADwniLbIpggdIoQdyE6WfeFacSo6IuhpYGdnP/Z8U35xRlNsqkh8xmJbp2HuqYaxu1t5NQV9O72F/CX6QXQwmXA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bT67WWLDTj3UydlOggPOcDTvZ9EScpii98WUFweQBl3Fna4xaTPCtrFECj965Od5FRmV3yf8gOWzGdMxBFaMOmp3glBzHwHbl4JntibeU7sRSzO5ZEYoIt1dcvX3r0+rVwf5cs9yEKHleMQv38TsAlGYVhfnqOTWUZnThtCiL/zPVT54AyjGuWTmhvbfBahvpQCHwuJWAWPwcJoTOA0fzjqNGSxVhtaQQtTKcInq0juVd2ADj3efUEPSgLZEspwmifswmFL7Kwr5c4ytOCH2Gt0hH2ae91z+PkZJl5G00E9v8naqVmICQViRUXlB62T1W2WbInFb1boBMnsTBsdPvA==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=intel.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, "Cooper, Andrew" <andrew.cooper3@xxxxxxxxxx>, "Wei Liu" <wl@xxxxxxx>
  • Delivery-date: Mon, 01 Mar 2021 02:18:38 +0000
  • Dlp-product: dlpe-windows
  • Dlp-reaction: no-action
  • Dlp-version: 11.5.1.3
  • Ironport-sdr: fBH/Mrjyz3e+Un1gBdPQc1+q6lcWfYRZPR6ij46kiqzK6SBh2x9vg2nrENI8Oc5Mx+GreJmkH1 kBPY9oKLg6Fg==
  • Ironport-sdr: YvwSSqPtcfxGLROnapjH8prtQMyvQ/oSKkKI4A7pqGghZa3gNm4grmKldgw4YVIX4eqLDqyyo8 J7w5oXRKav3Q==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHW/8yZa97+qDgbIE6iwG3wuPN9papSpOiAgAAfJYCAAAsJgIAAAbyAgAASBACAG55hYA==
  • Thread-topic: [PATCH] VMX: use a single, global APIC access page
> From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> Sent: Thursday, February 11, 2021 8:27 PM
> 
> On Thu, Feb 11, 2021 at 12:22:41PM +0100, Jan Beulich wrote:
> > On 11.02.2021 12:16, Roger Pau Monné wrote:
> > > On Thu, Feb 11, 2021 at 11:36:59AM +0100, Jan Beulich wrote:
> > >> On 11.02.2021 09:45, Roger Pau Monné wrote:
> > >>> On Wed, Feb 10, 2021 at 05:48:26PM +0100, Jan Beulich wrote:
> > >>>> --- a/xen/include/asm-x86/p2m.h
> > >>>> +++ b/xen/include/asm-x86/p2m.h
> > >>>> @@ -935,6 +935,9 @@ static inline unsigned int p2m_get_iommu
> > >>>>          flags = IOMMUF_readable;
> > >>>>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) 
> > >>>> )
> > >>>>              flags |= IOMMUF_writable;
> > >>>> +        /* VMX'es APIC access page is global and hence has no owner.
> */
> > >>>> +        if ( mfn_valid(mfn) && !page_get_owner(mfn_to_page(mfn)) )
> > >>>> +            flags = 0;
> > >>>
> > >>> Is it fine to have this page accessible to devices if the page tables
> > >>> are shared between the CPU and the IOMMU?
> > >>
> > >> No, it's not, but what do you do? As said elsewhere, devices
> > >> gaining more access than is helpful is the price we pay for
> > >> being able to share page tables. But ...
> > >
> > > I'm concerned about allowing devices to write to this shared page, as
> > > could be used as an unintended way to exchange information between
> > > domains?
> >
> > Well, such an abuse would be possible, but it wouldn't be part
> > of an ABI and hence could break at any time. Similarly I
> > wouldn't consider it an information leak if a guest abused
> > this.
> 
> Hm, I'm kind of worried about having such shared page accessible to
> guests. Could Intel confirm whether pages in the 0xFEExxxxx range are
> accessible to devices in any way when using IOMMU shared page
> tables?

0xFEExxxxx range is special. Requests to this range are not subject to
DMA remapping (even if a valid mapping for this range exists in the 
IOMMU page table). And this special treatment is true regardless of
whether interrupt remapping is enabled (which comes only after an 
interrupt message to this range is recognized).

Thanks
Kevin

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.