[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 6/6] x86/P2M: relax permissions of PVH Dom0's MMIO entries
- To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Tue, 2 Nov 2021 10:36:53 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7ZwDP+sqMC4OSfGZ7z7vCRpYhRjUgL0XCUBkN5XtIqA=; b=WvJ+M3RdY282dHoWzAoMyowQVzhx2mlrNgxi9A/FkGJG9yPd9rmIJnGVA8X9rT7x7QunL/NxvaO2mxvecBO1bXgs0zXiqifKR0/KmhFXSITBTCAwsjM6fWmB4H3T8KzjtClYJGPNaYzN8vSXkvJEJt2GQWlyWDosykYo9bKHcbvDqGGOJ3d0pVjNdGzzMxtcfe82zbWOSLbCRt1kbKHPjhxZfbU7TTtth9Hyfy8ELyE/zdJ38PD8WGr+N1TlzJiCk0TTdT7q/12aujsOghgz4WnSuEazVTXhHxjnnOXzzuP8d2aITsWdMySuRvbpotD3RSaBGBTwtqWR8JQOaKslEg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bkt3gtBxlIqVbdkFmhwXIhHCoIRJOZ/AGKC2VKqlNCIFp5ZHXOLByV6+GoNY05fMH3pJRvVlfd3oCh7rrgtztPWqKdn4Zpn1fu+n4P2Qyk0zOTFQkUeUfTRk08FxsC/YwDnXUyao9onyenD8lpG3MtJUJJnqCbWwmMMX9CW+t8EPrAJsfsVtk2ZpzY7w0gGaYyHMDkVgcJIfbdnmZJOVtFS+xVd8+Q3XWihKHTs9RpWw61/j8cjMaUP3v7/w5BTzvc9nO3jBkYhIb6wjQ+dwicaenOK1lVY5cbpckSRzYgYca/U0hUEzU2nIftBVTUQa0yulNXR/OOhQTocb3p6JLQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
- Delivery-date: Tue, 02 Nov 2021 09:37:12 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 22.10.2021 15:25, Roger Pau Monné wrote:
> On Wed, Sep 29, 2021 at 03:15:48PM +0200, Jan Beulich wrote:
>> To become independent of the sequence of mapping operations, permit
>> "access" to accumulate for Dom0, noting that there's not going to be an
>> introspection agent for it which this might interfere with. While e.g.
>> ideally only ROM regions would get mapped with X set, getting there is
>> quite a bit of work. Plus the use of p2m_access_* here is abusive in the
>> first place.
>
> While doing this might be fine on Intel hardware, AMD hardware can
> specify strict mapping access requirements from the IVMD flags, and
> hence we should enforce those.
>
> I think a better solution would be to not return error if the only
> divergence between the current mapping and the requested one is the
> access flag. We could log a message in that case about being unable to
> change the access for the gfn.
>
> This relies on the RMRR/IVMD regions being setup before any other MMIO
> region, or else Xen would have to clear existing entries on that case.
I guess I'll rather withdraw this change, until such point where we
actually run into an issue here. It was meant as a proactive
measure only anyway ...
Jan
|
