From: "Xu, Quan" <quan.xu@intel.com>
To: Jan Beulich <JBeulich@suse.com>,
Dario Faggioli <dario.faggioli@citrix.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
"Wu, Feng" <feng.wu@intel.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Liu Jinsong <jinsong.liu@alibaba-inc.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Keir Fraser <keir@xen.org>
Subject: Re: [PATCH 1/2] IOMMU/MMU: Adjust top level functions for VT-d Device-TLB flush error.
Date: Thu, 24 Mar 2016 09:02:26 +0000 [thread overview]
Message-ID: <945CA011AD5F084CBEA3E851C0AB28894B86ADF0@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <56EBDD1702000078000DE429@prv-mh.provo.novell.com>
On March 18, 2016 5:49pm, <JBeulich@suse.com> wrote:
> >>> On 18.03.16 at 10:38, <dario.faggioli@citrix.com> wrote:
> > On Fri, 2016-03-18 at 03:29 -0600, Jan Beulich wrote:
> >> >
> >> Not sure what exactly you're asking for: As said, we first need to
> >> settle on an abstract model. Do we want IOMMU mapping failures to be
> >> fatal to the domain (perhaps with the exception of the hardware one)?
> >> I think we do, and for the hardware domain we'd do things on a best
> >> effort basis (always erring on the side of unmapping). Which would
> >> probably mean crashing the domain could be centralized in
> >> iommu_{,un}map_page(). How much roll back would then still be needed
> >> in callers of these functions for the hardware domain's sake would
> >> need to be seen.
> >>
> >> So before you start coing, give others (namely but not limited to
> >> VT-d, AMD IOMMU, other x86, and x86/mm maintainers) a chance to voice
> >> differing opinions.
> >>
> > FWIW, the behavior Jan described
> > (crashing the domain for all domains but the hardware domain) was
> > indeed the intended plan for this series, as far as I understood from
> > talking to people and looking at previous email conversations and
> > submissions.
>
> That was taking only the flush timeout as an error source into account.
> Now that we see that the lack of error handling pre-exists, we can't just extend
> that intended model to also cover those other error reasons without at least
> having given people a chance to object.
>
For this abstract model,
I assume we are on the same page for the precondition:
If Device-TLB flush timed out, we would hide the target ATS device and crash the domain owning this ATS device.
If impacted domain is hardware domain, just throw out a warning.
Then IMO,
1. Try the best to return error code.
2. Log error and don't return error value for hardware_domain init or crashed system shutdown.
3. For iommu_{,un}map_page(), we'd better fix it as a normal error, as the error is not only from iommu flush, .e.g, '-ENOMEM'.
So, we need to {,un}map from the IOMMU, return an error, and roll back the failed operation( .e.g, unmap EPT).
4. for the rest, we may return an error, but don't roll back the failed operation, and we need to analysis the different condition.
Quan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-24 9:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-17 6:54 [PATCH 0/2] Check VT-d Device-TLB flush error Quan Xu
2016-03-17 6:54 ` [PATCH 1/2] IOMMU/MMU: Adjust top level functions for " Quan Xu
2016-03-17 7:32 ` Tian, Kevin
2016-03-17 7:58 ` Jan Beulich
2016-03-17 8:00 ` Tian, Kevin
2016-03-17 12:30 ` George Dunlap
2016-03-17 12:33 ` George Dunlap
2016-03-18 3:19 ` Xu, Quan
2016-03-18 8:09 ` Jan Beulich
2016-03-24 6:45 ` Xu, Quan
2016-03-18 7:54 ` Xu, Quan
2016-03-18 8:19 ` Jan Beulich
2016-03-18 9:09 ` Xu, Quan
2016-03-18 9:29 ` Jan Beulich
2016-03-18 9:38 ` Dario Faggioli
2016-03-18 9:48 ` Jan Beulich
2016-03-21 6:18 ` Tian, Kevin
2016-03-21 12:22 ` Jan Beulich
2016-03-24 9:02 ` Xu, Quan [this message]
2016-03-24 9:58 ` Jan Beulich
2016-03-24 14:12 ` Xu, Quan
2016-03-24 14:37 ` Jan Beulich
2016-03-17 17:14 ` Jan Beulich
2016-03-28 3:33 ` Xu, Quan
2016-03-29 7:20 ` Jan Beulich
2016-03-30 2:28 ` Xu, Quan
2016-03-30 2:35 ` Xu, Quan
2016-03-30 8:05 ` Jan Beulich
2016-03-17 6:54 ` [PATCH 2/2] IOMMU/MMU: Adjust low " Quan Xu
2016-03-17 7:37 ` Tian, Kevin
2016-03-18 2:30 ` Xu, Quan
2016-03-18 8:06 ` Jan Beulich
2016-03-21 5:01 ` Tian, Kevin
2016-03-17 15:31 ` George Dunlap
2016-03-18 6:57 ` Xu, Quan
2016-03-18 10:20 ` Jan Beulich
2016-03-25 9:27 ` Xu, Quan
2016-03-29 7:36 ` Jan Beulich
2016-04-11 3:09 ` Xu, Quan
2016-04-11 3:27 ` Xu, Quan
2016-04-11 16:34 ` Jan Beulich
2016-04-12 1:09 ` Xu, Quan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=945CA011AD5F084CBEA3E851C0AB28894B86ADF0@SHSMSX101.ccr.corp.intel.com \
--to=quan.xu@intel.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=feng.wu@intel.com \
--cc=jinsong.liu@alibaba-inc.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.