[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] IOMMU/x86: don't map IO-APICs for PV Dom0


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 16 Aug 2021 19:31:59 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nSZ6GGW4N2MsPrIhY5ytWlKRnTwUYmKAZrG4hv0VyIg=; b=Wrhm889Ed8VTzcsD50ZiZV3cMi0WerdZIMS3CHU4U9kvz+lP83yhlNxhJZFI8pIM8bkhrI/b+34pDSN+SdKz8Jfn6auj1ztSyoq5iYhR7sRxWdPW99l35f7MiJhO6piWGC1uy5uo3SIoooSNjjBDrDLOZSi0LRsq9MU0y0TZE/gWtxe9+uqJ9nucwevs8Ro1lUj+h7g/8IDl5yVTfdDAmMQzxrfK+ExbB8P/+w9vnIPigIpDVeXHVSmb//BeYM0Zl+Ng3j9WysbF5RJEFwC4epmP9aTMmW13WroHmrTqez1jaQYeRli27IQ9/w2294o8g2TaC9iSOjQ4+i9d1GHUgQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JB8Tt+OO+Kw2w94wTCXGrzJc+I2fioaH1ohqWCk3bVjvR+C6Noq87Sm8PaDNOD+CbuLJEa7+/J7L1y50zCpX6jkaDLi5j+LAMabc24AKi1kFN9pr32VFyp6vLYnFGqEgckytq4Be/DF9sA0NPUJJvzHhqu95qr0Ro0XXb5srGZrFXLMJqNeYNXtcOS19+YG+BT2ZY+P/cJLMU67xWw1dQVdMXSSLKxkTh+99MvzxriI58L1+6K+8K70dcIu6eZPsVmmUZbvO6sgj3BrN0ogwhYEv6eUL5PD5su3A/iqjunB/FYHtvNRW2Ygg/nitStgefe8TyrtIprvnzg9rGYT26Q==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>
  • Delivery-date: Mon, 16 Aug 2021 18:32:25 +0000
  • Ironport-hdrordr: A9a23:amTtK6EXm5fuai8SpLqFaJHXdLJyesId70hD6qkvc3Jom52j+P xGws526faVslYssHFJo6HlBEDyewKjyXcT2/hvAV7CZnibhILMFuBfBOTZskbd8kHFh4hgPO JbAtVD4b7LfCtHZKTBkXGF+r8bqbHtms3Y5pa9vgJQpENRGsZdBm9Ce3am+yZNNXB77PQCZf +hD4Z81kCdkSN9VLXLOpBJZZmMm/T70LbdJTIWDR8u7weDyRuu9b7BChCdmjMTSSlGz7sO+X XM11WR3NTij9iLjjvnk0PD5ZVfn9XsjvNFGcy3k8AQbhHhkByhaohNU6CL+Bo1vOaswlA3l8 SkmWZgA+1Dr1fqOk2lqxrk3AftlB4o9n/Z0FedxUDupMToLQhKRvZptMZ8SF/0+kAgtNZz3O ZgxGSCradaChvGgWDU+8XIfwsCrDvwnVMS1cooy1BPW4oXb7Fc6aYF+llOLZsGFCXmrKg6De hVCt3G7vo+SyLZU5nghBgp/DWQZAV0Iv/fKXJy4/B9kgIm30yR9nFogPD2xRw7hcoAo/Au3Z W3Dkxq/Is+BPP+I5gNX9vo7KOMeyXwqCn3QRWvyGLcZeo60kL22urKCYoOlZeXkbwzvdcPcc f6IRxlXVBbQTOnNSTJ5uwQzizw
  • Ironport-sdr: m9n+MaCjuueQ0l/BH9mgwhbrP22MWVzs7gaElf9GLpokgineD4mH3ubMYL6Em4M9eoeZTgPg0P IYv1ZqwtsON2s2CE6EHY2Xu1u1j+FAjDADKP5IZjIkn0QrYKOGJfNpwnRiyjqKX2E+JpOFCSYp AmTWhf3wi3+dZoTe0j8NSwjrwbqWUwOMACbEIbGwgKYASSLRXQScaaa0DxZJBCzTTGkRomXMJ4 TFWxki6FEL5AmICFEU2+h0S71r6HCfq4w+LJFoIyWrM52R6zBHhthJJhPMjXzk/6UJl7zIlJ1L 68rNCqSBTvErAoeoMwA5VqcK
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16/08/2021 16:31, Jan Beulich wrote:
> While already the case for PVH, there's no reason to treat PV
> differently here (except of course where to take the addresses from).
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Honestly, this is already a mess but I think the change is making things
worse rather than better.

To start with, IO-APIC windows are 1k not 4k, except that no-one added a
"4k safe" flag because IO-APICs weren't mapped into userspace by Linux
at the time.

More generally though, if something is safe to let dom0 map in the CPU
pagetables, it is safe to go in the IOMMU pagetables.  Conversely, if
it's not safe to go in one, it's not safe to go in either.

Mappings (or at least mapability) of everything/anything should be
uniform between the CPU and IOMMU pagetables for any kind of sanity to
prevail.

This is most easily demonstrated with PVH dom0 and shared vs split EPT
tables.  Split vs shared is an internal choice within Xen, and shouldn't
cause in any change in static DMA behaviour (obviously - there is
transient difference with logdirty but that's not relevant here).

~Andrew




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.