[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] vPCI: account for hidden devices in modify_bars()

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 14 Sep 2021 18:04:48 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MQpun+hJTHP5TYfFSveNxQaob6FXDOnfGmGUw6bbQMg=; b=QqD+Zd76/goXnlmIq54qZvvGDjikjS3AlTJcKNNLoW7pTV1K2oeUCfhaVkG8P2it/GWY5B+rw/rr1DgXMiYQ0K43jthfHWGuFDC/yC6MMTo4AXDYs6fGfdLUq6BxUEdUmQ5Remg+NZuXZCgd86Kh3upyU3+h7w/7YKBj6roTc1Ea/yydDmxO2ts7nQJNtWRB0IPCatKSj0QrMqqLHUUUA24/YDsFH+vBfAkRh88KvsfRE2TQ3eGoLrzTnw20yENXX/sy+d0o4hr7R6G3DPNnMo8qj1p9Nb8+njEI5cwtGZQ81qvsXUkZdaX+zpDyEMW/Jw/WRaZoQ8SpF126diK1rA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dAvpsIDa5pwN4+z/49IA4U3b+GF/C15ns2+NoJhblvMEX3/8ClXm+CQp4HKMkZbn5WI1DVf6TDJ8W22MGEHqfL81k4OD5jjPfUnKumjls5cUHHjHXyAPG3y+9nao5EqqoZeBJfHsSQKX1Ebk2LQq5ziwkfZng4N4M5fMsT+3kMVpqwVo7ZxH/B9rWDyJ3ljgEHq918I176CLkDukullVmgrRzx5PWr8hqBHsFP9pbgti/gZvxsQC9CQG5sw0o6PwtDmPqSTVtVZpCzEPTnbSFSmiUndqoinnMb+BF92eTfBogX5QJSfN1m/2QJwAJEzPc42G/LiCSYYOOjd7kVzhDw==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 14 Sep 2021 16:05:06 +0000
  • Ironport-data: A9a23:nbuj9KDH7xGk8BVW/wPkw5YqxClBgxIJ4kV8jS/XYbTApDomhjZUy 2IXC2/Vbv+CazOhftt+btvloR5Su5DdnYUxQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WLOs1hxZH1c+EX9w0E47wYbVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/jSi4k+pV9 MhxtJGWbAYJJaiWlbkyTEwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTUO5ji95lNMD2FIgepmth3XfSCvNOrZXrHv+VvIMDhmZYasZmFtbDf ZRJTgNVaBntUjxhY30zMpFipbL97pX4W2IB8w/EzUYt2EDDwQo03LXzPd79ft2RWd4Tjkuev njB/WnyHlcdLtP34TiP/2+oh+TPtTjmQ49UH7q9nsOGm3XKmDZVUkdPEwLm/7/p0SZSRu6zN WQS5xsil4wO6XCqQ//YXj2jpSSJ4zEDDo84//IB1O2d9kbFy1/HXTFZH2EeNoVOWNweHmNxh wTQ9z/9LXk26uTEFyjFnluBhW7qYUAowXk+iTjopOfvy+Lqpp06xjnLR8xqeEJepoyoQWysq 9xmQS5XulnysSLp//7glbwkq2j1znQscuLTzl+JNo5CxlklDLNJn6TytTDmAQ9ode51tGVtW UTofeDEvYji6rnWz0SwrBglRun1t55pzhWF2QMH82YdG8SFpCf4INE4DMBWD0Z1KMcUEQIFk 2eK4lg52XOnB1PzNfUfS9voU6wClPG8ffy4BqG8RocfOfBZKV7YlByCkGbNhggBZmB3yvphU XpaGO7xZUsn5VNPl2bvHLZBjuZwn0jTBwr7HPjG8vhu6pLHDFa9QrYZKlqeKOc/6aKPugLO9 NhDccCNzn1ivCfWO0E7KKYfcgIHK2YVH5fzp5AFf+KPOFM+SmogF+XQ0fUqfIk8x/ZZkeLB/ 3ecXE5EyQWg2S2beFvSMn0zOqnyWZtfrG4gOXB+N1ifxHV+M52k670SdsVrcOB/pvBj1/N9U 9IMZ96EXqZUUj3C9jlENcv9oYVueQ6FnwWLOyb5MjEzc4Q5H17C+8P+fxup/y4LV3Llucw7q rym9wXaXZtcGFgyUJeIMKqilgrjs2IcleR+W1rzDuNSIEi8opJ3LyHRj+MsJ51eIxv02TbHh R2dBg0VpLeRrtZtosXJn62Ns6ygD/B6QhhBB2De4Lu7aXva826kzdMSWeqEZ2mABmb9+aHkb uRJ1fDsdvYAmQ8S4YZ7Fr9qy4M45sfu+OAGnlg1Qi2TYgT5EK5kL1mHwdJL5/9EybJusAerX l6Cp4tBMrKTNcK5SFMcKWLJtAhYOS34TtUK0ckIHQ==
  • Ironport-hdrordr: A9a23:bBtLvaDDdh1wvSLlHeg2sceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Le90Y27MAnhHPlOkPQs1NaZLXLbUQ6TQr2KgrGSoQEIdxeOk9K1kJ 0QD5SWa+eAfGSS7/yKmTVQeuxIqLLskNHK9JfjJjVWPHlXgslbnnlE422gYytLrWd9dP4E/M 323Ls5m9PsQwVcUu2LQl0+G8TTrdzCk5zrJTYAGh4c8QGLyRel8qTzHRS01goXF2on+8ZvzU H11yjCoomzufCyzRHRk0fV8pRtgdPkjv9OHtaFhMQ5IijlziyoeINicbufuy1dmpDj1H8a1P 335zswNcV67H3cOkmzvBvWwgHllA0j7nfzoGXoyEfLkIjcfnYXGsBBjYVWfl/y8Ew7puxx16 pNwiawq4dXJQmoplW92/H4EzVR0makq3srluAey1ZFV5EFVbNXpYsDuGtIDZY7Gj7g4oxPKp ghMCjl3ocUTbqmVQGagoE2q+bcG0jbXy32DXTqg/blkwS/xxtCvg8lLM92pAZ3yHtycegC2w 3+CNUbqFh5dL5gUUtMPpZzfSKJMB25ffvtChPbHb21LtBNB5ryw6SHlIndotvaPqA18A==
  • Ironport-sdr: gryE06ybVrYslK1/jhVVBP+yMptAdKC/AZrIlPKAvSiKiF0U+s4JCd2zqzaoMaiQSkvn4GxVst VhLVXpF/reQoRV/7SQolxQdLxatxBLP9F6JvzzepSA8m4YKxl9O8IfNJu0yq6RWMfbXOEF1Sco 7kZdtB0vOsFxd4LPHPdV+PABSHkcKpJT5zTbjApTtslyYGa1OCKjoqGDLzX1AvCgAjBq2/h2FF Y8hLhgfCdSAa6dnhYL31zdyLraEtVQ+sl9v/pg54endrEVa1UHqZr2RNisrfm+1OTWz6cWdkOP yRmwAH+m3iiEaOAHNT0UXAXB
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Sep 14, 2021 at 05:16:17PM +0200, Jan Beulich wrote:
> On 14.09.2021 16:22, Roger Pau Monné wrote:
> > On Tue, Sep 14, 2021 at 02:05:01PM +0200, Jan Beulich wrote:
> >> On 14.09.2021 13:21, Roger Pau Monné wrote:
> >>> On Tue, Sep 14, 2021 at 12:12:12PM +0200, Jan Beulich wrote:
> >>>> On 14.09.2021 12:00, Roger Pau Monné wrote:
> >>>>> On Mon, Aug 30, 2021 at 03:04:55PM +0200, Jan Beulich wrote:
> >>>>>> Hidden devices (e.g. an add-in PCI serial card used for Xen's serial
> >>>>>> console) are associated with DomXEN, not Dom0. This means that while
> >>>>>> looking for overlapping BARs such devices cannot be found on Dom0's
> >>>>>> list of devices; DomXEN's list also needs to be scanned.
> >>>>>
> >>>>> Thanks for looking into this, I certainly didn't take hidden devices
> >>>>> into account for vPCI dom0.
> >>>>>
> >>>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >>>>>> ---
> >>>>>> RFC: Patch intentionally mis-formatted, as the necessary re-indentation
> >>>>>>      would make the diff difficult to read. At this point I'd merely
> >>>>>>      like to gather input towards possible better approaches to solve
> >>>>>>      the issue (not the least because quite possibly there are further
> >>>>>>      places needing changing).
> >>>>>
> >>>>> I have a couple of questions, AFAICT we currently hide the serial
> >>>>> console and/or the VGA adapter if it's in use by Xen.
> >>>>>
> >>>>> I wonder whether we need to add vPCI handlers for those:
> >>>>> setup_one_hwdom_device will attempt to add vPCI handlers to the hidden
> >>>>> device because of the temporary override of pdev->domain done in
> >>>>> _setup_hwdom_pci_devices, but I think that for hidden devices we
> >>>>> shouldn't add vPCI handlers. We should instead block PCI config space
> >>>>> access from dom0 to the device so that it doesn't mess with Xen usage.
> >>>>
> >>>> The answer to this follows (I think) from the one below.
> >>>>
> >>>>> It's also not clear why does Xen want to have those hidden devices
> >>>>> partly controlled by dom0, as it would seem to me that dom0 interfering
> >>>>> with hidden devices in use by Xen can only lead to trouble.
> >>>>
> >>>> Dom0 can't interfere as long as it can only read from the device.
> >>>> Restricting accesses to reads is one of the purposes of "hiding"
> >>>> (the other is to make it impossible to assign these to a DomU). Not
> >>>> allowing Dom0 to read from such devices would lead to wrong PCI
> >>>> device discovery - some devices would be missing (which may or may
> >>>> not be merely a cosmetic issue). If the missing device is a multi-
> >>>> function one at function 0, other devices in the same slot may also
> >>>> not be found by Dom0 (depending on whether it looks at non-zero
> >>>> function numbers in this case).
> >>>
> >>> Hm, indeed seems possible that missing function 0 the whole device is
> >>> skipped.
> >>>
> >>> Maybe we need a special vPCI handling for those devices that just
> >>> allows reads but not writes, and that doesn't maps the BARs into dom0
> >>> p2m?
> >>
> >> Not sure about mapping. They could be mapped r/o. And they may
> >> actually need mapping for multi-function devices, but I guess for
> >> such devices to actually function properly then there would be
> >> more work required.
> > 
> > I'm also slightly puzzled as to why ehci-dbgp uses pci_hide_device
> > while ns16550 uses pci_ro_device instead.
> > 
> > Is this because the PCI device used by ehci-dbgp must be shared with
> > dom0 for other USB ports to be usable, and hence dom0 will need read
> > and write access to the device PCI config space and BARs?
> > 
> > Note that pci_hide_device is less restrictive than pci_ro_device, as
> > it doesn't mark the device as RO.
> > 
> > That would seem quite risky, as it's likely that dom0 will perform
> > some kind of reset of the USB device and thus the console will be
> > lost.
> 
> There's actually a protocol to prevent exactly that: See PHYSDEVOP_dbgp_op.

OK, so dom0 should be allowed write access to hidden devices config
space and BARs, while RO devices don't. That means that for hidden devices we
need to intercept PCI config space accesses and use vPCI for PVH.

For RO devices we already allow read-only access to it's config space
when using vPCI, albeit it might be nice to also add BARs as RO to the
guest physmap if they are enabled.

Will look into sorting this out.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.