Xen project Mailing List

Re: [PATCH v6 10/13] vpci/header: reset the command register when adding devices

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Mon, 7 Feb 2022 13:54:55 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=979PX1I0R6Ko1kf1qG7DviEMdxQrwOkr/l8gOMvtMDM=; b=CnXlt9lX/N9g8Nz9rKSG+COhZcEWFLoiq7BpccTylXMitAjVUeF4YxiSBYlW6Blii4dhfp236SqTSdtZpBKEWeNruPojORDQTEyjZoGFvfaS4ZBDwcuUxd4TjtB1W9AFnJxtKLzJSqvKO2gEEka62zXo8Pg6Gcj36PbTPweblQReq3Rz/PYUYkDULU3tT9P1kNqA+IG6z6CHKDbC6deUHPmbtaXhiXPHbi58gqXap7alnr7YB/ws88SwzdmLQrNNdEUW8aQOT30PKddRk2+ocOC0nRYkt+Vl9NyXPG61XFtoEzEXf0PAIaGTuy5Z+SUA+Izwt1kwQEoU6ShhLYvY3Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hslUalNb2kcAqUMPWfxGrPGZdUSQIBm3p+zc95I2ymD8Ir65mgUE+t1VXpsFGNVljnbNB0fR0hTs6bXXfxlk2ee/stxxv55lrCIBZMmMPzTtf9V02GxSJH5RpTbGqtUiZebxoXWksQHVP79aHuGPE2aHoHBAAC08U2HZjTa3d4BOj2pvIpWLb2RuW/tVcrT7a1bqJFQigfjXBbDDIBJcwbgxAkSP3yaBArwmP8PKT3ZtzCwBYrytkil43oEswTQdU/UlvL2XlQLZLzrAC2jzXd8Gws6CWDeD6pPKdKJDFEziOVm3HD28y5b0jL1f7efwX8MuhDOZGlqdc2GhS59i2Q==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 07 Feb 2022 12:55:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07.02.2022 13:51, Oleksandr Andrushchenko wrote: > > > On 07.02.22 14:38, Jan Beulich wrote: >> On 07.02.2022 12:27, Oleksandr Andrushchenko wrote: >>> >>> On 07.02.22 09:29, Jan Beulich wrote: >>>> On 04.02.2022 15:37, Oleksandr Andrushchenko wrote: >>>>> On 04.02.22 16:30, Jan Beulich wrote: >>>>>> On 04.02.2022 07:34, Oleksandr Andrushchenko wrote: >>>>>>> Reset the command register when assigning a PCI device to a guest: >>>>>>> according to the PCI spec the PCI_COMMAND register is typically all 0's >>>>>>> after reset. >>>>>> It's not entirely clear to me whether setting the hardware register to >>>>>> zero is okay. What wants to be zero is the value the guest observes >>>>>> initially. >>>>> "the PCI spec says the PCI_COMMAND register is typically all 0's after >>>>> reset." >>>>> Why wouldn't it be ok? What is the exact concern here? >>>> The concern is - as voiced is similar ways before, perhaps in other >>>> contexts - that you need to consider bit-by-bit whether overwriting >>>> with 0 what is currently there is okay. Xen and/or Dom0 may have put >>>> values there which they expect to remain unaltered. I guess >>>> PCI_COMMAND_SERR is a good example: While the guest's view of this >>>> will want to be zero initially, the host having set it to 1 may not >>>> easily be overwritten with 0, or else you'd effectively imply giving >>>> the guest control of the bit. >>> We have already discussed in great detail PCI_COMMAND emulation [1]. >>> At the end you wrote [1]: >>> "Well, in order for the whole thing to be security supported it needs to >>> be explained for every bit why it is safe to allow the guest to drive it. >>> Until you mean vPCI to reach that state, leaving TODO notes in the code >>> for anything not investigated may indeed be good enough. >>> >>> Jan" >>> >>> So, this is why I left a TODO in the PCI_COMMAND emulation for now and only >>> care about INTx which is honored with the code in this patch. >> Right. The issue I see is that the description does not have any >> mention of this, but instead talks about simply writing zero. > How do you want that mentioned? Extended commit message or > just a link to the thread [1]? What I'd like you to describe is what the change does without fundamentally implying it'll end up being zero which gets written to the register. Stating as a conclusion that for the time being this means writing zero is certainly fine (and likely helpful if made explicit). > With the above done, do you think that writing 0's is an acceptable > approach as of now? Well, yes, provided we have a sufficiently similar understanding of what "acceptable" here means. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.