[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 6/6] x86/P2M: relax permissions of PVH Dom0's MMIO entries

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 22 Oct 2021 15:25:29 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3OhnVogEZ9DREjff4q/jbUTUQC22RXlS8PJxdLEABVA=; b=SmXT65/TmQZV2EcUWp2WQS3KxSm3BLQyIt8zK4SpL3nqYvJLNrTIyL7mi0K82noNjFc8acGT5RQOal7HK/CjzXZoTXcnLKMiF2Y0fYSE7aS4w2ivuqaW9xsJpIbZFeeeeGk6FTymkpGvhPzbLZTmi9bFRILSF4jq0LxHc3M3itCEhp2T2E2dpFmtp9/ci41ZxXpmYw4F7B/ln32fjqZDIJbk+0K+kVGN8jdV9zFOx/i2pu5CKafpvGCmANJ9quychzihIO6UJgoWbEZL/uJQo3qjdfVvpYn61C9cenmNl9Vv3xu9V05by8i+joUeVZ4K/fSDfPVUugkMbA2y05EpFQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UoFRsktqz50/DNmkdtfsrVtiYEHFANjs80TLHkQUl9Oz7Ou1bf9KAAUOv+wAfZ26bPPIj2+ti0TktjJB45TrXAjy8Jukk86q2tDrxm6V1Pdn8mt1NoEWdb9PWuDXaC7pdTeFjWpqNTuoJb5d23h4Vaaz8ZUuTn/NWg6XHtPo/C2aTXfyPwRNBt9JH/099v/OWAx3JWpnS7+7BkJVFNWus7MYyoqIcLDperqGVAdJVmnv1moAsSWFyGWR60sI6wWUu9xJ2p5XqkwrE7qFt/UeABjIQZsDtWBIeuy0782qBFEwiPk8OJ6eg6x8I0LutF1nJH50783xD5AIUjseGW+kWg==
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Fri, 22 Oct 2021 13:25:48 +0000
  • Ironport-data: A9a23:cIvE66AVNV5YqBVW//Lkw5YqxClBgxIJ4kV8jS/XYbTApDsmhDADz DMaCDzSMv7YYjH8Ko13b4myoUgBuZ7Rztc3QQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WLGs1hxZH1c+EX5500g7wYbVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/qgqWtMsvy o906J3hcQM0N4TQwuI2ekwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTUO5ji95lNMD2FIgepmth3XfSCvNOrZXrHvuQv4cIgGtYasZmTanue pUrYjxVSwmRex1GBhBNFs4Pg7L97pX4W2IB8w/EzUYt2EDMyCRh3b6rN8DaEvSaSMMQkkuGq 2bu+2XiHgpcJNGZ0SCC8H+nmqnIhyyTcIAYGaC89/VqqEaO3WFVAxoTPWZXutHg1BT4AYgGb RVJpGx+9sDe6XBHUPHcYAKTuyCG5CdBWotoF/AzwR3XzIH9tlPx6nc/chZNb9kvtckTTDMs1 0OUk96BOQGDoIF5WlrGqe/K9WLa1Tw9aDZYP3ddHFRtD8zL+dlr1nryosBf/LlZZzEfMQr7x CyWt2AAjrEXgN9jO06TrA2f3WzESnQkSGcICuTrsoCNslwRiG2NPdXABb3nARBodtrxor6p5 yBspiRmxLpSZaxhbQTUKAn3IJmn5uyeLBrXikN1Ep8q+lyFoiD4IdAMuW4ufBw0Y67onAMFh meJ5Wu9A7cIZBOXgVJfOdrtW6zGM4CwfTgaahwkRoUXOcUgHON21CpveVSRzwjQfLsEyskC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eJ7l0gWmDKILbimnkvP7FZrTCPMIVvzGADVNb5RAWLtiFi9z uuzwOPTmkwBCrWnP3GLmWPRRHhTRUUG6VnNg5U/XsaIIxZ8GXFnDPnUwLg7fJdikbgTneDNl kxRkGcBoLYmrXGYewiMdF55b7bjAcR2oX4hZHR+Nle0wXkzJ42o6f5HJZcweLAm8s1lzOJ1E KZZK5nRXKwXR2SV4SkZYLn8sJdmKEahizWRMnf3ezM4ZZNhGVDEo4e2Ygv1+SASJSOrrs9i8 aa43wbWTMNbFQRvBcrbcty1yFa1sSRPke5+RRKQcNJSZF/t4M5hLCmo1q07JMQFKBPiwDqG1 lnJXUdE9LeV+4JsqYvHn6GJqYutAtBSJEsCEjmJ96uyOAnb4nGnnd1KXtGXcG2PT2jz4qijO 7lYlqmuLP0dkV9WmINgCLI3n7km7t7iqrIGnARpGHLHMwaiBr96eyTU2MBOsutGx6NDuBvwU UWKo4EINbKMMcLjMVgQOAt6MbjTiaBKwmHfvaYvPUH3xC5r577WA0xdMi6FhDFZMLYoYpgux v0suZJO5gGy4vbw3g1qUsyAG7ywE0E9
  • Ironport-hdrordr: A9a23:blyIT6kKrNSHzwuLsdZ73jISURfpDfPIimdD5ihNYBxZY6Wkfp +V88jzhCWZtN9OYhwdcLC7WZVpQRvnhPlICK0qTM2ftWjdyRCVxeRZg7cKrAeQeREWmtQtsJ uINpIOdeEYbmIK8/oSgjPIaurIqePvmMvD5Za8vgZQpENRGtldBm9Ce3mm+yZNNW977PQCZf 6hDp0tnUvdRZ1bVLXxOlA1G8z44/HbnpPvZhALQzYh9Qm1lDutrJr3CQKR0BsyWy5Ghe5Kyx mJryXJooGY992rwB7V0GHeq7xQhdva09NGQOiBkNIcJDnAghuhIK5hR7qBljYop/zH0idhrP D85zMbe+hj4XLYeW+45TPrxgnbyT4rr0TvzFeJ6EGT1/DRdXYfMY5slIhZehzW5w4Lp9dnyp 9G2Gqfqt5+EQ7AtD6V3amHazha0m6P5VYym+8aiHJSFaEEbqVKkIAZ9ERJVL8dASPB7pw9Gu UGNrCS2B9vSyLbU5nlhBgt/DT1NU5DXCtuA3Jy9vB96gIm3UyQlCAjtYkidnRpzuNLd3AL3Z WBDk1SrsA8ciYhV9MIOA4we7rGNoXze2O/DIuzGyWvKEhVAQOEl3bIiI9Fkd1CPqZ4i6cPpA ==
  • Ironport-sdr: BYHZkNO79BEQs5tsZgV5nLF06L1CvqoC/I39Dnm+1k9GlnyJY8fFX9GF/Pz0d6BRg3XB/e11nI s59K8UAewWadZkxUFBMDpO/QikOPUEkw5d49NSxaTPrkjEMNwVcK3ES4rB2gbpc6i6FJpZi9lG 8oucgKMkRoAiSO+CfhT/Ibqw3yAK3pJIw7oirJkN4ftGz9faoO1ZzMHU/7IQ7/KveX9iTO15+K GUfr1bZFxduHSOSANLK0ZuSXhrEDlF4q9pD3dbajGV9hkIrHUrL69HJ7MbP8YjrfbuP6LW3SLS CpMQSoAPvaggRK+joJQxUJoF
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Sep 29, 2021 at 03:15:48PM +0200, Jan Beulich wrote:
> To become independent of the sequence of mapping operations, permit
> "access" to accumulate for Dom0, noting that there's not going to be an
> introspection agent for it which this might interfere with. While e.g.
> ideally only ROM regions would get mapped with X set, getting there is
> quite a bit of work. Plus the use of p2m_access_* here is abusive in the
> first place.

While doing this might be fine on Intel hardware, AMD hardware can
specify strict mapping access requirements from the IVMD flags, and
hence we should enforce those.

I think a better solution would be to not return error if the only
divergence between the current mapping and the requested one is the
access flag. We could log a message in that case about being unable to
change the access for the gfn.

This relies on the RMRR/IVMD regions being setup before any other MMIO
region, or else Xen would have to clear existing entries on that case.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.