Re: [Xen-devel] [PATCH v2 05/10] libxl/xl: add memory policy option to iomem

From: Julien Grall <julien.grall@arm.com>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: xen-devel@lists.xenproject.org, ian.jackson@eu.citrix.com,
	wei.liu2@citrix.com, Jan Beulich <JBeulich@suse.com>,
	Stefano Stabellini <stefanos@xilinx.com>
Subject: Re: [Xen-devel] [PATCH v2 05/10] libxl/xl: add memory policy option to iomem
Date: Tue, 18 Jun 2019 12:09:27 +0100	[thread overview]
Message-ID: <df00f77f-a59a-725e-87be-c4aa83d616f0@arm.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1906171517210.2072@sstabellini-ThinkPad-T480s>

Hi,

On 17/06/2019 23:32, Stefano Stabellini wrote:
> On Wed, 1 May 2019, Julien Grall wrote:
>> Hi,
>>
>> On 30/04/2019 22:02, Stefano Stabellini wrote:
>>> Add a new memory policy option for the iomem parameter.
>>> Possible values are:
>>> - arm_devmem, device nGRE, the default on ARM
>>> - arm_memory, WB cachable memory
>>> - x86_uc: uncachable memory, the default on x86
>>>
>>> Store the parameter in a new field in libxl_iomem_range.
>>>
>>> Pass the memory policy option to xc_domain_mem_map_policy.
>>>
>>> Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
>>> CC: ian.jackson@eu.citrix.com
>>> CC: wei.liu2@citrix.com
>>> ---
>>> Changes in v2:
>>> - add #define LIBXL_HAVE_MEMORY_POLICY
>>> - ability to part the memory policy parameter even if gfn is not passed
>>> - rename cache_policy to memory policy
>>> - rename MEMORY_POLICY_DEVMEM to MEMORY_POLICY_ARM_DEV_nGRE
>>> - rename MEMORY_POLICY_MEMORY to MEMORY_POLICY_ARM_MEM_WB
>>> - rename memory to arm_memory and devmem to arm_devmem
>>> - expand the non-security support status to non device passthrough iomem
>>>     configurations
>>> - rename iomem options
>>> - add x86 specific iomem option
>>> ---
>>>    SUPPORT.md                  |  2 +-
>>>    docs/man/xl.cfg.5.pod.in    |  7 ++++++-
>>>    tools/libxl/libxl.h         |  5 +++++
>>>    tools/libxl/libxl_create.c  | 21 +++++++++++++++++++--
>>>    tools/libxl/libxl_types.idl |  9 +++++++++
>>>    tools/xl/xl_parse.c         | 22 +++++++++++++++++++++-
>>>    6 files changed, 61 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/SUPPORT.md b/SUPPORT.md
>>> index e4fb15b..f29a299 100644
>>> --- a/SUPPORT.md
>>> +++ b/SUPPORT.md
>>> @@ -649,7 +649,7 @@ to be used in addition to QEMU.
>>>      	Status: Experimental
>>>    -### ARM/Non-PCI device passthrough
>>> +### ARM/Non-PCI device passthrough and other iomem configurations
>>
>> I am not sure why iomem is added here?
> 
> It is added here to clarify that it is *not* security supported.
> 
> 
>> Also what was the security support before hand? Was it supported?
> 
> In my view, it falls under the broader category of "Non-PCI device
> passthrough" so it was already not security supported. But I thought it
> would be good to make it explicit to avoid any misunderstandings.

I am ok with this clarification. However, this should really be in a separate patch.

> 
> 
>>>          Status: Supported, not security supported
>>>    diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
>>> index c7d70e6..c85857e 100644
>>> --- a/docs/man/xl.cfg.5.pod.in
>>> +++ b/docs/man/xl.cfg.5.pod.in
>>> @@ -1222,7 +1222,7 @@ is given in hexadecimal format and may either be a
>>> range, e.g. C<2f8-2ff>
>>>    It is recommended to only use this option for trusted VMs under
>>>    administrator's control.
>>>    -=item B<iomem=[ "IOMEM_START,NUM_PAGES[@GFN]",
>>> "IOMEM_START,NUM_PAGES[@GFN]", ...]>
>>> +=item B<iomem=[ "IOMEM_START,NUM_PAGES[@GFN],MEMORY_POLICY",
>>> "IOMEM_START,NUM_PAGES[@GFN][,MEMORY_POLICY]", ...]>
>>>      Allow auto-translated domains to access specific hardware I/O memory
>>> pages.
>>>    @@ -1233,6 +1233,11 @@ B<GFN> is not specified, the mapping will be
>>> performed using B<IOMEM_START>
>>>    as a start in the guest's address space, therefore performing a 1:1
>>> mapping
>>>    by default.
>>>    All of these values must be given in hexadecimal format.
>>> +B<MEMORY_POLICY> for ARM platforms:
>>> +  - "arm_devmem" for Device nGRE, the default on ARM
>>
>> This does not match the current default. At the moment, it is Device nGnRE.
> 
> I'll fix this throughout the whole series
> 
> 
>>> +  - "arm_memory" for Outer Shareable Write-Back Cacheable Memory
>>
>> The two names are quite confusing and will make quite difficult to introduce
>> any new one. It also make little sense to use a different naming in xl and
>> libxl. This only add an other level of confusion.
> 
> I'll change them to match the Xen names: arm_dev_ngnre and arm_mem_wb.

I would prefer if we use uppercase for G, R E and WB. This make the name is bit 
more readable.

> 
> 
>> Overall, this is not enough for a user to understand the memory policy. As I
>> pointed out before, this is not straight forward on Arm as the resulting
>> memory attribute will be a combination of stage-2 and stage-1.
>>
>> We need to explain the implication of using the memory and the consequence of
>> misuse it. And particularly as this is not security supported so we don't end
>> up to security support in the future something that don't work.
> 
> I'll expand the text here to cover what you wrote.

Thank you!

Cheers,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel