[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] vpci/msix: handle accesses adjacent to the MSI-X table


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 23 Mar 2023 09:02:31 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GDywmu4KyZ5CQCAkAEMUd4RBSCeIFs8zOqm2OkwxjAU=; b=GFceYWRsAb82PbaVtolDAzZubUJPpzyyyt5il42hViEKqItFMI3LqzSa/uY8sAtkEeMeNW/fEqS7XKhXh8kZoKbyoqe2N5cRQ99hf4DjtYGikbmYK0bgg5Ww+Cp8LA1ygYH08vBQJSLkuhebXPOpJG5poNu1VYJidJTKQHa8kts3ifyP6lo4pT2DawbwtmzA4enCljrUiwrQmRHmynznVeiyIRPDq0iUC27HtdQMxcnBkSA9HW8zk4daXdt5FHLuqb2bAKhD7NDcyUS7Lh0/QTyNr27q23xq4ZpeMY+soUSX+Zt2QWWWWO2iX7m4iGwo+Igx0znWGAQkd8+TKK1SYg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D2+U80Pdbh85iNRw9nA98cmjqIotZkfaqj//3dmkBzIdkxteXUKGrh0YqHhHv0FfXE6P7jP2QNB7KJsNKqFD6FOncYgRN7jtNaQnSDSD14NlqSIvpFz2PPHmdw0a2d+3lzxR6QdIIPECyq/mwvx5B8RR3EuTqOWRJs1OW48HolX1URpcjOd/AJvGM81/IRW1xz2UJfTPZ6WTUMiVUHR/SuIeZfpIH/Ek+rugeVZ9sYp4Hn9MMMYSPIzuNR12Y7e5GfSEh+Z30ppXnZpHtixWJDTUTSOOGR+IezKQwfHU6bdokZpvmGtiZkVdSKb8rllHiD7d7xZ0C2v29ffsXG7N0g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 23 Mar 2023 08:02:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.03.2023 18:08, Roger Pau Monné wrote:
> On Wed, Mar 22, 2023 at 06:05:55PM +0100, Roger Pau Monné wrote:
>> On Wed, Mar 22, 2023 at 04:14:54PM +0100, Jan Beulich wrote:
>>> On 22.03.2023 15:30, Roger Pau Monne wrote:
>>>> Changes since v2:
>>>>  - Slightly adjust VMSIX_ADDR_SAME_PAGE().
>>>>  - Use IS_ALIGNED and unlikely for the non-aligned access checking.
>>>>  - Move the check for the page mapped before the aligned one.
>>>>  - Remove cast of data to uint8_t and instead use a mask in order to
>>>>    avoid undefined behaviour when shifting.
>>>>  - Remove Xen maps of the MSIX related regions when memory decoding
>>>>    for the device is enabled by dom0, in order to purge stale maps.
>>>
>>> I'm glad you thought of this. The new code has issues, though:
>>>
>>>> @@ -182,93 +187,201 @@ static struct vpci_msix_entry *get_entry(struct 
>>>> vpci_msix *msix,
>>>>      return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE];
>>>>  }
>>>>  
>>>> -static void __iomem *get_pba(struct vpci *vpci)
>>>> +static void __iomem *get_table(struct vpci *vpci, unsigned int slot)
>>>>  {
>>>>      struct vpci_msix *msix = vpci->msix;
>>>>      /*
>>>> -     * PBA will only be unmapped when the device is deassigned, so access 
>>>> it
>>>> -     * without holding the vpci lock.
>>>> +     * Regions will only be unmapped when the device is deassigned, so 
>>>> access
>>>> +     * them without holding the vpci lock.
>>>
>>> The first part of the sentence is now stale, and the second part is in
>>> conflict ...
>>>
>>>> @@ -482,6 +641,26 @@ int vpci_make_msix_hole(const struct pci_dev *pdev)
>>>>          }
>>>>      }
>>>>  
>>>> +    if ( is_hardware_domain(d) )
>>>> +    {
>>>> +        unsigned int i;
>>>> +
>>>> +        /*
>>>> +         * For the hardware domain only remove any hypervisor mappings of 
>>>> the
>>>> +         * MSIX or PBA related areas, as dom0 is capable of moving the 
>>>> position
>>>> +         * of the BARs in the host address space.
>>>> +         *
>>>> +         * We rely on being called with the vPCI lock held in order to 
>>>> not race
>>>> +         * with get_table().
>>>
>>> ... with what you say (and utilize) here. Furthermore this comment also 
>>> wants
>>> clarifying that apply_map() -> modify_decoding() not (afaics) holding the 
>>> lock
>>> when calling here is not a problem, as no mapping can exist yet that may 
>>> need
>>> tearing down. (I first wondered whether you wouldn't want to assert that the
>>> lock is being held. You actually could, but only after finding a non-NULL
>>> table entry.)
>>
>> Oh, yes, sorry, I should update those comments.  vpci_make_msix_hole()
>> gets called before bars[].enabled gets set, so there should be no
>> users of the mappings at that time because we don't handle accesses
>> when the BAR is not mapped.
>>
>> Not sure whether we should consider an access from when the BAR was
>> actually enabled by a different thread could still continue while on
>> another thread the BAR has been disabled and enabled again (and thus
>> the mapping removed).  It's a theoretical race, so I guess I will look
>> into making sure we cannot hit it.
> 
> Hm, maybe it doesn't matter much because such kind of trace could only
> be triggered by the hardware domain anyway, and it has plenty of other
> ways to mess with Xen.

Preferably we should get things to use proper locking. If that turns out
too hard, properly justified such an exception for Dom0 might be
acceptable.

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.