From: Julien Grall <julien.grall@arm.com>
To: Stefano Stabellini <sstabellini@kernel.org>,
xen-devel@lists.xenproject.org
Cc: Stefano Stabellini <stefanos@xilinx.com>,
JBeulich@suse.com, andrew.cooper3@citrix.com
Subject: Re: [PATCH 1/6] xen: extend XEN_DOMCTL_memory_mapping to handle cacheability
Date: Wed, 27 Feb 2019 21:02:47 +0000 [thread overview]
Message-ID: <3ee8d8d4-fbb6-dd38-e34a-1ac8f730339f@arm.com> (raw)
In-Reply-To: <1551222427-21749-1-git-send-email-sstabellini@kernel.org>
Hi Stefano,
On 2/26/19 11:07 PM, Stefano Stabellini wrote:
> struct xen_domctl_memory_mapping {
> uint64_aligned_t first_gfn; /* first page (hvm guest phys page) in range */
> uint64_aligned_t first_mfn; /* first page (machine page) in range */
> uint64_aligned_t nr_mfns; /* number of pages in range (>0) */
> uint32_t add_mapping; /* add or remove mapping */
> - uint32_t padding; /* padding for 64-bit aligned structure */
> + uint32_t cache_policy; /* cacheability of the memory mapping */
Looking at this and the way you use it, the naming "cache" is quite
confusing. On Arm, they are memory types (see B2.7 "Memory types and
attributes" in DDI 0487D.a) and then you may have attribute such
cachability attribute (write-through, write-back...) on top. The
cacheability is also not applicable for "device memory".
"device memory" have other attributes related to gathering, re-ordering...
So a better naming would probably be "memory_policy".
Furthermore, those policies are only for configuring stage-2. The
resulting memory type and attributes will be whatever is the strongest
between stage-2 and stage-1 attributes. You can see the stage-2
attributes as a way to give more or less freedom to the guest for
configure the attributes.
For instance, by using p2m_mmio_direct_dev, the resulting attributes
will always be Device-nGnRnE whatever how stage-1 has been configured.
In the case of p2m_mmio_direct_c (similar to p2m_ram_rw). The guest will
be free to chose whatever pretty much any attributes (even Device-nGnRnE).
You might wonder why we didn't give more freedom to the guest from the
start. One of the reason is it is quite unclear what are the consequence
if you give that freedom to the guest. Whether there might be issues
with the device when the attributes are not correct.
Furthermore, there are more handling required in the hypervisor as if
the memory can be cached, you will need to clear the cache in order to
prevent leakage to another domain if the mappings get reassigned.
For completeness, I should mention the feature S2FWB present in ARMv8.4
and onwards. From my understanding, this could be used to force
resulting memory type. I am not suggesting to implement it now, but we
should keep it in my mind while writing the interface exposed in libxl.
To summarize, if we go ahead, we should try to make the documentation
more clearer on what each policy means and the implications on the
guest. I think we should also mark this a not security supported because
it the unknown interactions with devices.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-02-27 21:02 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-26 23:06 [PATCH 0/6] iomem cacheability Stefano Stabellini
2019-02-26 23:07 ` [PATCH 1/6] xen: extend XEN_DOMCTL_memory_mapping to handle cacheability Stefano Stabellini
2019-02-26 23:18 ` Julien Grall
2019-04-20 0:02 ` Stefano Stabellini
2019-04-20 0:02 ` [Xen-devel] " Stefano Stabellini
2019-04-21 17:32 ` Julien Grall
2019-04-21 17:32 ` [Xen-devel] " Julien Grall
2019-04-22 21:59 ` Stefano Stabellini
2019-04-22 21:59 ` [Xen-devel] " Stefano Stabellini
2019-04-24 10:42 ` Julien Grall
2019-04-24 10:42 ` [Xen-devel] " Julien Grall
2019-02-27 10:34 ` Jan Beulich
2019-04-17 21:12 ` Stefano Stabellini
2019-04-17 21:12 ` [Xen-devel] " Stefano Stabellini
2019-04-17 21:25 ` Julien Grall
2019-04-17 21:25 ` [Xen-devel] " Julien Grall
2019-04-17 21:55 ` Stefano Stabellini
2019-04-17 21:55 ` [Xen-devel] " Stefano Stabellini
2019-04-25 10:41 ` Jan Beulich
2019-04-25 10:41 ` [Xen-devel] " Jan Beulich
2019-04-25 22:31 ` Stefano Stabellini
2019-04-25 22:31 ` [Xen-devel] " Stefano Stabellini
2019-04-26 7:12 ` Jan Beulich
2019-04-26 7:12 ` [Xen-devel] " Jan Beulich
2019-02-27 19:28 ` Julien Grall
2019-04-19 23:20 ` Stefano Stabellini
2019-04-19 23:20 ` [Xen-devel] " Stefano Stabellini
2019-04-21 17:14 ` Julien Grall
2019-04-21 17:14 ` [Xen-devel] " Julien Grall
2019-04-22 17:33 ` Stefano Stabellini
2019-04-22 17:33 ` [Xen-devel] " Stefano Stabellini
2019-04-22 17:42 ` Julien Grall
2019-04-22 17:42 ` [Xen-devel] " Julien Grall
2019-02-27 21:02 ` Julien Grall [this message]
2019-02-26 23:07 ` [PATCH 2/6] libxc: xc_domain_memory_mapping, " Stefano Stabellini
2019-02-26 23:07 ` [PATCH 3/6] libxl/xl: add cacheability option to iomem Stefano Stabellini
2019-02-27 20:02 ` Julien Grall
2019-04-19 23:13 ` Stefano Stabellini
2019-04-19 23:13 ` [Xen-devel] " Stefano Stabellini
2019-02-26 23:07 ` [PATCH 4/6] xen/arm: keep track of reserved-memory regions Stefano Stabellini
2019-02-28 14:38 ` Julien Grall
2019-02-26 23:07 ` [PATCH 5/6] xen/arm: map reserved-memory regions as normal memory in dom0 Stefano Stabellini
2019-02-26 23:45 ` Julien Grall
2019-04-22 22:42 ` Stefano Stabellini
2019-04-22 22:42 ` [Xen-devel] " Stefano Stabellini
2019-04-23 8:09 ` Julien Grall
2019-04-23 8:09 ` [Xen-devel] " Julien Grall
2019-04-23 17:32 ` Stefano Stabellini
2019-04-23 17:32 ` [Xen-devel] " Stefano Stabellini
2019-04-23 18:37 ` Julien Grall
2019-04-23 18:37 ` [Xen-devel] " Julien Grall
2019-04-23 21:34 ` Stefano Stabellini
2019-04-23 21:34 ` [Xen-devel] " Stefano Stabellini
2019-02-26 23:07 ` [PATCH 6/6] xen/docs: how to map a page between dom0 and domU using iomem Stefano Stabellini
2019-03-03 17:20 ` [PATCH 0/6] iomem cacheability Amit Tomer
2019-03-05 21:22 ` Stefano Stabellini
2019-03-05 22:45 ` Julien Grall
2019-03-06 11:46 ` Amit Tomer
2019-03-06 22:42 ` Stefano Stabellini
2019-03-06 22:59 ` Julien Grall
2019-03-07 8:42 ` Amit Tomer
2019-03-07 10:04 ` Julien Grall
2019-03-07 21:24 ` Stefano Stabellini
2019-03-08 10:10 ` Amit Tomer
2019-03-08 16:37 ` Julien Grall
2019-03-08 17:44 ` Amit Tomer
2019-03-06 11:30 ` Amit Tomer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ee8d8d4-fbb6-dd38-e34a-1ac8f730339f@arm.com \
--to=julien.grall@arm.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=sstabellini@kernel.org \
--cc=stefanos@xilinx.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.