[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v7 4/8] AMD/IOMMU: check IVMD ranges against host implementation limits

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 26 Aug 2021 16:03:57 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BkRrrXqqDBS1J4mfMUL1W4j1LpGbpujFJaF4nkNi0hM=; b=ME5kD0m5KYRF6DcvihI2E4OgYVhXRqQrTTLFKayK37Kf4/eZ9U12gy+W8XbjiWEnWfgdG+GarUQZWsWmKIkWdbrVtonj7OXQ/P7Q69Zq95SvhdhmK6PTS0Gre0z5WkpMUCYBxqk38MCCgI7oY88ZzOoBg+iHj8ZycHRr+K/QrK3YWJwKdLnWnPQbDEDVbQB+LHsEsa1GbosRnek+fzo6zV1mddSX3HAeL/Q8Lj2mKeyBm2jsLTvk2g+oBrDFidopHtOx3Lh7uyydGQpOzu2dT6LbYc5lb1aQCp9qGKKFNCGzFxmM2pQ8L5zNpdhAU/vlKoIpQ1Tnj9pgeSUCUr6Lyw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eitbSY7b6it2PHXWQxVDAuTKXNt7/O/o3cyUDZyzS/SDh7FX/+VENQSYyEcEKbUse3fxjQsNZ2Mj0jld3SdJKzBYfsjrumHDYs3ObksreNURkqZIPitrGjIFDWQ/Kupbhwp4aMjvIw//hOCP48y+zj51Q69UtY3CYL1CYKFQggC4q/k2EXV3E7ftAp8jgpOdkGfvhxLAMimXUGBmYcLvUM40agz6E9aJ4wNsyte9SuS/5UVgSiPrs0ZEX/Zpw4eF/lSnkFP9Sw2Wgmm/N6SVyt4IwHgyyQep/LkPdd7SyGCqrzgRXLtVT5SKxL7Sh9Wt9+8lYHGanPe8oZAX87t4XA==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Paul Durrant <paul@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 26 Aug 2021 14:04:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.08.2021 15:16, Andrew Cooper wrote:
> On 26/08/2021 08:24, Jan Beulich wrote:
>> When such ranges can't be represented as 1:1 mappings in page tables,
>> reject them as presumably bogus. Note that when we detect features late
>> (because of EFRSup being clear in the ACPI tables), it would be quite a
>> bit of work to check for (and drop) out of range IVMD ranges, so IOMMU
>> initialization gets failed in this case instead.
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> Reviewed-by: Paul Durrant <paul@xxxxxxx>
> I'm not certain this is correct in combination with memory encryption.

Which we don't enable. I don't follow why you put this up as an
extra requirement. I'm adding checks based on IOMMU-specific data
alone. I think that's a fair and consistent step in the right
direction, no matter that there may be another step to go. Plus ...

> The upper bits are the KeyID, but we shouldn't find any of those set in
> an IVMD range.  I think at a minimum, we need to reduce the address
> check by the stolen bits for encryption, which gives a lower bound.

... aren't you asking here to consume data I'm only making
available in the still pending "x86/AMD: make HT range dynamic for
Fam17 and up", where I (now, i.e. v2) adjust paddr_bits accordingly?
Else I'm afraid I don't even know what you're talking about.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.