[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17 v2 4/5] pci: do not disable memory decoding for devices

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 26 Oct 2022 14:58:04 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+BN02nZQ3WWoFkhtqZyZcB4FegHtCKo6r1cu4pKyFp4=; b=bJKS6H5j4uq36k7SJTnEgmoM0pV/3x135mR449MEawU2L3pCzoRjO5+0SfVYRHj5cRVg59L3um3sNCkYvlaQBFKxQFmlPd41gDx0YZm7W2t4E7n6RLMqk3FMZUsqvivtAVCwnLlqmyiepjHSkwysUcwcFmeuBMDfNDo07eOp9RRk5phQsFoJLcPtOy5bUmn2FXsKYjUCML2zLwoW5+270PLUzr54bQqNT96o+LxocVRHkoTbOwLmphIdUUSpVIcWJLDAoo7vSWTbjeX1C0/Ps2lOVIbH5DSv1z4jQUg51+kb8cOhFm7bxPzOBn37Eo5ShRuAZRgkkKGHUTFQAJ+NPg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DQxlwoXsmiqWGYXNFQYjGhYsLfe7ulNjbEFczPQwOT3A4XriHTzdN8Gtb4JTM4kypiJb8Xb1H+d18DFLIsDQxA9tu2EY2RQXiO3GOWbsk5L3aTn1TV0jlD2pwBJdwC6VGRR8g+Ef/pMyWNKtQ5yL2xW6opuP8npC2fyGisZdFDx2MFoa0V5q15WqIl++uxw4NkuSbdhvV8v9BN7YbebXuxspt0ysJoAuS/eXZ51ASRKJVG138qvuiKgvWfseMwLgS7v09C9WWHmhmtqQwRii8jyxeSORd3B8KEn7aR6AAGLuDWftd/3LstTeHUkPuTx0XqqX+o43kgQRK36Dn+KRNg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Henry.Wang@xxxxxxx, Paul Durrant <paul@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 26 Oct 2022 12:58:36 +0000
  • Ironport-data: A9a23:a4yH8KgKk3ThHBITflsR7yn2X161UREKZh0ujC45NGQN5FlHY01je htvUWrXPfnZNjegf9onPIzg9hxTvZaHyoQxTAFq/C02FH4b9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrSCYkidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+U4HUMja4mtC5AVmP64T5TcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KU0Wr fMzKRY9Vzm4p8SzxpLmT85lhO12eaEHPKtH0p1h5RfwKK9+BLX8GeDN79Ie2yosjMdTG/qYf 9AedTdkcBXHZVtIJ0sTD5U92uyvgxETcRUB8A7T+fVxvjWVlVQquFTuGIO9ltiiX8Jak1zev mvb12/4HgsbJJqUzj/tHneE1rWRxnKhBtx6+LuQ9edL2ECB3kIvKl45eEua//OpqRKmcocKQ 6AT0m90xUQoz2SpRNTgWxyzoFafowURHdFXFoUSyAyL0LuS3A+fCUANVDsHY9sj3OcuTCEu/ k+EmZXuHzMHmK2YTzeR+6mZqRu2ODMJNikSaCkcVwwH7tL/5oYpgXryos1LFae0ipjwBmv2y jXT9Cwm3exL1ogMyrmx+k3Bj3S0vJ/VQwUp5wLRGGW48gd+Y43jbIutgbTG0ct9wE+iZgHpl BA5dwK2tYji0bnlePSxfdgw
  • Ironport-hdrordr: A9a23:HBpTmKtDpUv8XiMOLBfBhhXN7skDYdV00zEX/kB9WHVpm62j5q OTdZEgvnXJYVkqKRMdcK+7Scy9qB/nmKKdgrNwAV7BZmfbUQKTRelfBO3ZrwEIcBeeygcy78 hdmqFFebnNMWQ=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Oct 26, 2022 at 02:35:44PM +0200, Jan Beulich wrote:
> On 25.10.2022 16:44, Roger Pau Monne wrote:
> > --- a/xen/drivers/vpci/header.c
> > +++ b/xen/drivers/vpci/header.c
> > @@ -121,7 +121,9 @@ static void modify_decoding(const struct pci_dev *pdev, 
> > uint16_t cmd,
> >          }
> >  
> >          if ( !rom_only &&
> > -             (bar->type != VPCI_BAR_ROM || header->rom_enabled) )
> > +             (bar->type != VPCI_BAR_ROM || header->rom_enabled) &&
> > +             pci_check_bar(pdev, _mfn(PFN_DOWN(bar->addr)),
> > +                           _mfn(PFN_DOWN(bar->addr + bar->size - 1))) )
> >              bar->enabled = map;
> >      }
> 
> What about the ROM handling immediately above from here?

Needs fixing indeed.  I had plans to short circuit the ROM only
mapping path earlier if the BAR wasn't correctly positioned, but
decided it was too complicated and then forgot to adjust the
conditional.

> > @@ -234,9 +236,25 @@ static int modify_bars(const struct pci_dev *pdev, 
> > uint16_t cmd, bool rom_only)
> >  
> >          if ( !MAPPABLE_BAR(bar) ||
> >               (rom_only ? bar->type != VPCI_BAR_ROM
> > -                       : (bar->type == VPCI_BAR_ROM && 
> > !header->rom_enabled)) )
> > +                       : (bar->type == VPCI_BAR_ROM && 
> > !header->rom_enabled)) ||
> > +             /* Skip BARs already in the requested state. */
> > +             bar->enabled == !!(cmd & PCI_COMMAND_MEMORY) )
> >              continue;
> >  
> > +        /*
> > +         * Only do BAR position checks for the hardware domain, for guests 
> > it's
> > +         * assumed that the hardware domain has changed the position of any
> > +         * problematic BARs.
> > +         */
> > +        if ( is_hardware_domain(pdev->domain) &&
> > +             !pci_check_bar(pdev, _mfn(start), _mfn(end)) )
> > +        {
> > +            printk(XENLOG_G_WARNING
> > +                   "%pp: not mapping BAR [%lx, %lx] invalid position\n",
> > +                   &pdev->sbdf, start, end);
> > +            continue;
> > +        }
> 
> I'm not convinced of it being appropriate to skip the check for DomU.
> I'd rather consider this a "fixme", as (perhaps somewhere else) we
> should return an error if a misconfigured device was passed. We cannot
> blindly leave the security of the system to tool stack + Dom0 kernel
> imo.
> 
> And then, if this is Dom0-only, I think it wants to be XENLOG_WARNING,
> i.e. without the G infix.

OK, I don't mind removing the is_hardware_domain() condition, it's
still not clear how we want to handle all this when domU support is
added.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.