Xen project Mailing List

Re: [PATCH 1/2] x86/shadow: sanitize iommu_snoop usage

To: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>

Date: Fri, 13 Jan 2023 13:12:06 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3jLHwocxj1mglFArwuvTQcMnn2Y2aw8W13iWvIKC528=; b=iyZtC1lqcXxiq2By/3NNKzr5lS4mhrKhji+UxSa2LigCSo2NwMZndzKSUjqv0HzPenG6rGyG/v0O7rupoqVsBEhdNty3Ws7WzDGq5ElyDfNgC3RbXBptvHiwQZYxch8kWKYA3QDW9mWQlBx9s5Jj5vw5lz035JTlwgb/kieW50EGzV5U3q/5cfnuN5YZF/y/V6z20DDLUXzqX3W9UL3NYxw902Q9aJAXSrOplSemQe75jsdoHNTuaMRKrlmO4MHGDUyx3LgAvVSb8Do/fmqv6DNTiMB1wj0iHde9k5mnzvy3DracO2ICyabnaDE5vLD8+atRN21LUjNWrxQoQ+t0Bw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dHQDQTCGZfldRvjcqP9EiqYB3H4a0NRgw7GyA2XVOhE4th5FqkYdGORZwTbyrkZ2FQTkf5upfCMlYWIWkbniiQshG6awJQ8NDDpPGQMh7ldBBjg8fVjRRkBi+esHkje3nvbWmUkxoKoR3CZuAzoBu3b4ELhrjzZFJjkx5xMjdLLf8/HhmS8b7+odVkKnrhgxrcMuhmWUgOVaO1xgUvW/CJt+Y3KNHKwfJIZXfZJJai95Jq/Tm0rAvWNei1+J2Y6kgB0bQ+r5BzJPdGhab0AghomWOjyMdtln9uluJuvflGuV+4QpkWOz64pN6EV/1slGTpOAmV/7sKYGt/W5C9rFGQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>

Delivery-date: Fri, 13 Jan 2023 12:12:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.01.2023 12:55, Xenia Ragiadakou wrote: > On 1/13/23 11:53, Jan Beulich wrote: >> On 13.01.2023 10:34, Xenia Ragiadakou wrote: >>> On 1/13/23 10:47, Jan Beulich wrote: >>>> --- a/xen/drivers/passthrough/x86/iommu.c >>>> +++ b/xen/drivers/passthrough/x86/iommu.c >>>> @@ -56,6 +56,13 @@ void __init acpi_iommu_init(void) >>>> if ( !acpi_disabled ) >>>> { >>>> ret = acpi_dmar_init(); >>>> + >>>> +#ifndef iommu_snoop >>>> + /* A command line override for snoop control affects VT-d only. */ >>>> + if ( ret ) >>>> + iommu_snoop = true; >>>> +#endif >>>> + >>> >>> Why here iommu_snoop is forced when iommu is not enabled? >>> This change is confusing because later on, in iommu_setup, iommu_snoop >>> will be set to false in the case of !iommu_enabled. >> >> Counter question: Why is it being set to false there? I see no reason at >> all. On the same basis as here, I'd actually expect it to be set back to >> true in such a case.Which, however, would be a benign change now that >> all uses of the variable are properly qualified. Which in turn is why I >> thought I'd leave that other place alone. > > I think I got confused... AFAIU with disabled iommu snooping cannot be > enforced i.e iommu_snoop=true translates to snooping is enforced by the > iommu (that's why we need to check that the iommu is enabled for the > guest). So if the iommu is disabled how can iommu_snoop be true? For a non-existent (or disabled) IOMMU the value of this boolean simply is irrelevant. Or to put it in other words, when there's no active IOMMU, it doesn't matter whether it would actually snoop. > Also, in vmx_do_resume(), iommu_snoop is used without checking if the > iommu is enabled. It only looks to be - a domain having a PCI device implies it having IOMMU enabled for it. And indeed in that case we'd like to avoid the effort for domains which have IOMMU support enabled for them, but which have no devices assigned to them. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.