From: "Jan Beulich" <JBeulich@suse.com>
To: Kevin Tian <kevin.tian@intel.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
KeirFraser <keir@xen.org>, Eddie Dong <eddie.dong@intel.com>,
Jun Nakajima <jun.nakajima@intel.com>, Tim Deegan <tim@xen.org>
Subject: Re: [PATCH 2/4 v2] x86/EPT: refine direct MMIO checking when determining EMT
Date: Mon, 28 Apr 2014 10:51:32 +0100 [thread overview]
Message-ID: <535E40C4020000780000CC71@nat28.tlf.novell.com> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D125E53E22@SHSMSX101.ccr.corp.intel.com>
>>> On 28.04.14 at 11:06, <kevin.tian@intel.com> wrote:
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>> Sent: Monday, April 28, 2014 4:25 PM
>>
>> >>> On 28.04.14 at 09:59, <kevin.tian@intel.com> wrote:
>> >> From: Jan Beulich [mailto:JBeulich@suse.com]
>> >> @@ -810,10 +811,7 @@ int epte_get_entry_emt(struct domain *d,
>> >> return -1;
>> >> }
>> >>
>> >> - if ( !iommu_enabled ||
>> >> - (rangeset_is_empty(d->iomem_caps) &&
>> >> - rangeset_is_empty(d->arch.ioport_caps) &&
>> >> - !has_arch_pdevs(d)) )
>> >> + if ( !need_iommu(d) && !cache_flush_permitted(d) )
>> >
>> > &&->||
>>
>> No, specifically not - we shouldn't force WB in either case.
>>
>
> well, I gave original comments with the impression that it's a cleanup patch
> instead of fixing anything, e.g. iommu_enabled->need_iommu, and open-coding
> to cache_flush_permitted. Based on that thought, && changes original meaning.
>
> so you actually fix the conditions here. I didn't follow up latest advance
> in device
> assignment recently. Could you elaborate in which situation I/O resources
> are
> assigned while iommu is not required?
It's not so much a question of "required": IOMMU setup only
happens when a PCI device gets assigned to a guest. It specifically
does not happen (and would make no sense, because the IOMMU
concepts are PCI device based) when a raw MMIO or port range gets
assigned. While the latter is insecure, I don't think we currently do
anything to disallow this, and hence we shouldn't break it here.
Jan
next prev parent reply other threads:[~2014-04-28 9:51 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-23 8:21 [PATCH 0/4] x86/EPT: miscellaneous further fixes to EMT determination Jan Beulich
2014-04-23 8:39 ` [PATCH 1/4] x86/EPT: consider page order when checking for APIC MFN Jan Beulich
2014-04-28 7:38 ` Tian, Kevin
2014-04-23 8:40 ` [PATCH 2/4] x86/EPT: refine direct MMIO checking when determining EMT Jan Beulich
2014-04-25 12:05 ` [PATCH 2/4 v2] " Jan Beulich
2014-04-28 7:59 ` Tian, Kevin
2014-04-28 8:24 ` Jan Beulich
2014-04-28 9:06 ` Tian, Kevin
2014-04-28 9:51 ` Jan Beulich [this message]
2014-04-28 12:02 ` Tian, Kevin
2014-04-28 7:41 ` [PATCH 2/4] " Tian, Kevin
2014-04-23 8:41 ` [PATCH 3/4] x86/EPT: fix pinned cache attribute range checking Jan Beulich
2014-04-28 7:42 ` Tian, Kevin
2014-04-23 8:41 ` [PATCH 4/4] x86/EPT: also force EMT re-evaluation if pinned ranges change Jan Beulich
2014-04-28 7:43 ` Tian, Kevin
2014-05-01 12:44 ` [PATCH 0/4] x86/EPT: miscellaneous further fixes to EMT determination Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535E40C4020000780000CC71@nat28.tlf.novell.com \
--to=jbeulich@suse.com \
--cc=eddie.dong@intel.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.