[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] vpci/msix: handle accesses adjacent to the MSI-X table

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 22 Mar 2023 18:08:20 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tkAZNr9qmVtByBj01VaXlRcj66THFNxuvl3AaxLV+CY=; b=EBZncks8wLGz/A5JyqG82lru5vPjfU80wQh4DNhsZJ0en7W8WgNMkWgcnEZre4w+Vgvayi+STBm8uo3mKxrrA1r6+0+EHpRcMLhNuddgXDI6PmYjzfqs6CwZvK6+IPTsZOSk7CmVahxUlxOQxZh8Zpj01JRF/YggLSCL0tVuMhK45QHBMIljLtfiyiBy5mq5luXmbwEPpfKP9zKK2WFRT+EiZjEAJp5PgVTmAAqMZcl4IuNZEzZB+xiCo34Wb08DZADyZt8fFu/qCnar3ix/eIJACd+XfaNtIXhnhNUmCAd5KAkOFEETaD37DRQgXUuUPKb165lbKbsUtMjRtdZX6w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WEp9LaWoeAJUPPydWpBZlQi8uoIEYNeFshH4iUVRjHZfPKatspqTZTb4d3WOxjzItlzk9ZjY0y/UeXoIKKlUQW7Sel3VeTYLzwK/sA3Yy8pgOIdTfpb30gGw1DPf62pFPieofP27IzieMfq+9sfPjlxSUCY6d4qmfCuNAg4YchegHgYbeLOvclL9MitlJHiMBd37/0r10n28p2+7cS6YbpbF11v8rfW02Aoo8ZsYUAWdtWmKLj47nXBZOMRE8prMqVn0twEH/hb+DQaXyvNMggcX8hzqJivn4is9/nT6OPdpGuYxymbbKl8xYgfSK/PT28DI154vWRP8R7/GHife0A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 22 Mar 2023 17:08:47 +0000
  • Ironport-data: A9a23:Y4hDnareAq8y8tQh+xyi2LhR65teBmIKZBIvgKrLsJaIsI4StFCzt garIBmFOK7cYzameIt+PoS19k1SsMCHzNcxHAs5+yk2RCsTp5uZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WNwUmAWP6gR5weFzSNNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAHMzN0zajc6b/JG2Ye1jg5Ufc8fJEpxK7xmMzRmBZRonabbqZvySoPpnhnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jeWraYKLEjCJbZw9ckKwv GXJ8n6/GhgHHNee1SCE4jSngeqncSbTAdpLTuPjp6I76LGV7n0eGkRLeQGGmOKCilO4AtF2N G4S1RN7+MDe82TuFLERRSaQonSJoxodUNp4CPAh5UeGza+8yxaUAC0IQyBMbPQitdQqXno62 1mRhdTrCDdz9rqPRhqgGqy8qDqzPW0QMjUEbCpdFQ8duYC7/sc0kw7FSctlHOitlNrpFDrsw jeM6i8jm7EUis1N3KK+lbzavw+RSlHyZlZdzm3qsqiNsmuVuKbNi1SU1GXm
  • Ironport-hdrordr: A9a23:64CDKattBzaWBO93qBqN/wcv7skD8tV00zEX/kB9WHVpm6yj5q fe4MjzGyWEwQr5P0tQ1+xoWZPwDk81l/ZOkPos1NKZLXvbUQSTXfVfBOHZsl/d8kHFh5lgPO JbAuND4POZNzdHZOzBgDVRKr4boeVviZrHuQ689QYZcem6AZsM0+4aMHfXLqQsfmV77PMCff L2jLsj1l7QHwVpH7XLdkXpR9Kz2eEj1qiWKyLuYSRXizVm5gnYoIISfSLoqCv3A1t0sPsfGI X+4nTED7+YwouG4y6Z7Xba69Btkt37xrJ4dbexY9YuW0jRY9mTFf1cZ4E=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Mar 22, 2023 at 06:05:55PM +0100, Roger Pau Monné wrote:
> On Wed, Mar 22, 2023 at 04:14:54PM +0100, Jan Beulich wrote:
> > On 22.03.2023 15:30, Roger Pau Monne wrote:
> > > Changes since v2:
> > >  - Slightly adjust VMSIX_ADDR_SAME_PAGE().
> > >  - Use IS_ALIGNED and unlikely for the non-aligned access checking.
> > >  - Move the check for the page mapped before the aligned one.
> > >  - Remove cast of data to uint8_t and instead use a mask in order to
> > >    avoid undefined behaviour when shifting.
> > >  - Remove Xen maps of the MSIX related regions when memory decoding
> > >    for the device is enabled by dom0, in order to purge stale maps.
> > 
> > I'm glad you thought of this. The new code has issues, though:
> > 
> > > @@ -182,93 +187,201 @@ static struct vpci_msix_entry *get_entry(struct 
> > > vpci_msix *msix,
> > >      return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE];
> > >  }
> > >  
> > > -static void __iomem *get_pba(struct vpci *vpci)
> > > +static void __iomem *get_table(struct vpci *vpci, unsigned int slot)
> > >  {
> > >      struct vpci_msix *msix = vpci->msix;
> > >      /*
> > > -     * PBA will only be unmapped when the device is deassigned, so 
> > > access it
> > > -     * without holding the vpci lock.
> > > +     * Regions will only be unmapped when the device is deassigned, so 
> > > access
> > > +     * them without holding the vpci lock.
> > 
> > The first part of the sentence is now stale, and the second part is in
> > conflict ...
> > 
> > > @@ -482,6 +641,26 @@ int vpci_make_msix_hole(const struct pci_dev *pdev)
> > >          }
> > >      }
> > >  
> > > +    if ( is_hardware_domain(d) )
> > > +    {
> > > +        unsigned int i;
> > > +
> > > +        /*
> > > +         * For the hardware domain only remove any hypervisor mappings 
> > > of the
> > > +         * MSIX or PBA related areas, as dom0 is capable of moving the 
> > > position
> > > +         * of the BARs in the host address space.
> > > +         *
> > > +         * We rely on being called with the vPCI lock held in order to 
> > > not race
> > > +         * with get_table().
> > 
> > ... with what you say (and utilize) here. Furthermore this comment also 
> > wants
> > clarifying that apply_map() -> modify_decoding() not (afaics) holding the 
> > lock
> > when calling here is not a problem, as no mapping can exist yet that may 
> > need
> > tearing down. (I first wondered whether you wouldn't want to assert that the
> > lock is being held. You actually could, but only after finding a non-NULL
> > table entry.)
> 
> Oh, yes, sorry, I should update those comments.  vpci_make_msix_hole()
> gets called before bars[].enabled gets set, so there should be no
> users of the mappings at that time because we don't handle accesses
> when the BAR is not mapped.
> 
> Not sure whether we should consider an access from when the BAR was
> actually enabled by a different thread could still continue while on
> another thread the BAR has been disabled and enabled again (and thus
> the mapping removed).  It's a theoretical race, so I guess I will look
> into making sure we cannot hit it.

Hm, maybe it doesn't matter much because such kind of trace could only
be triggered by the hardware domain anyway, and it has plenty of other
ways to mess with Xen.

Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.