All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jan Beulich <jbeulich@suse.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 2/4] x86/P2M: relax guarding of MMIO entries
Date: Wed, 1 Sep 2021 16:05:56 +0200	[thread overview]
Message-ID: <9682f7a9-7c67-a9c3-0345-11c110193f52@suse.com> (raw)
In-Reply-To: <YS+EqCZUAsT/WTBX@Air-de-Roger>

On 01.09.2021 15:48, Roger Pau Monné wrote:
> On Wed, Sep 01, 2021 at 11:53:03AM +0200, Jan Beulich wrote:
>> The issue isn't just with execution, though, and as a result I may
>> need to change the logic here to also include at least W. As of
>> one of the XSA-378 changes we may now pass just p2m_access_r to
>> iommu_identity_mapping(), if the ACPI tables on an AMD system were
>> saying so. (We may also pass p2m_access_w, but I sincerely hope no
>> firmware would specify write but no read access.)
>>
>> Similarly in "IOMMU/x86: restrict IO-APIC mappings for PV Dom0" I
>> now pass p2m_access_r to set_identity_p2m_entry().
> 
> Not really I think, as PVH dom0 is the only user of the
> set_identity_p2m_entry call in arch_iommu_hwdom_init, and we should
> never identity map the IO-APIC range in that case because a set of
> emulated IO-APIC replacements are provided and those require ranges to
> be unmapped so that accesses can be trapped.

Correct, this would be only a latent issue for now. The code passes
that value, but that path is not going to be taken (until, perhaps,
a future change).

>> I suppose an underlying issue is the mixed purpose of using
>> p2m_access_*, which possibly has been against the intentions in the
>> first place. We cannot, for example, express r/o access to an MMIO
>> page without using p2m_access_r (or p2m_access_rx), as there's no
>> suitable p2m type to express this via type alone. We may need to
>> split p2m_mmio_direct into multiple types (up to 7), I guess, if
>> we wanted to remove this (ab)use of p2m_access_*.
> 
> My main complaint is mostly with the fact that some MMIO ranges are
> mapped without execute permissions when mapped by
> set_identity_p2m_entry vs map_mmio_regions that will map them with the
> default permissions and that has execution set.

Right - as said in a reply to Andrew, we may need to drop some
p2m_access_t parameters in favor of using default permissions. But
at least for AMD's IOMMU-unity-mapped ranges we will need to have
a way to express at least r/o.

Jan



  reply	other threads:[~2021-09-01 14:06 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-30 13:01 [PATCH 0/4] x86/PVH: Dom0 building adjustments Jan Beulich
2021-08-30 13:02 ` [PATCH 1/4] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Jan Beulich
2021-08-31 13:02   ` Andrew Cooper
2021-08-31 13:14     ` Jan Beulich
2021-08-31 13:19       ` Jan Beulich
2021-08-31 13:27         ` Andrew Cooper
2021-08-31 13:36           ` Jan Beulich
2021-09-01 11:49             ` Andrew Cooper
2021-09-01  8:41       ` Roger Pau Monné
2021-08-30 13:02 ` [PATCH 2/4] x86/P2M: relax guarding of MMIO entries Jan Beulich
2021-08-31 13:16   ` Jan Beulich
2021-08-31 13:16   ` Andrew Cooper
2021-08-31 13:26     ` Jan Beulich
2021-08-31 15:25       ` Andrew Cooper
2021-08-31 15:38         ` Jan Beulich
2021-09-01  8:08           ` Jan Beulich
2021-09-01  8:50           ` Roger Pau Monné
2021-09-01  9:53             ` Jan Beulich
2021-09-01 13:48               ` Roger Pau Monné
2021-09-01 14:05                 ` Jan Beulich [this message]
2021-09-01 12:47           ` Andrew Cooper
2021-09-01 13:08             ` Jan Beulich
2021-09-06 19:53               ` Andrew Cooper
2021-09-07  6:27                 ` Jan Beulich
2021-08-30 13:03 ` [PATCH 3/4] x86/PVH: improve Dom0 memory size calculation Jan Beulich
2021-08-31 14:07   ` Andrew Cooper
2021-08-31 15:30     ` Jan Beulich
2021-08-30 13:03 ` [PATCH 4/4] x86/PV: properly set shadow allocation for Dom0 Jan Beulich
2021-08-31 13:47   ` Andrew Cooper
2021-08-31 14:25     ` Jan Beulich
2021-08-31 21:08   ` Tim Deegan
2021-08-31  8:53 ` [PATCH 0/4] x86/PVH: Dom0 building adjustments Jan Beulich
2021-09-01 13:56   ` Roger Pau Monné
2021-09-01 14:19     ` Jan Beulich
2021-09-01 14:25       ` Jan Beulich
2021-09-01 16:13       ` Roger Pau Monné
2021-09-02  6:30         ` Jan Beulich
2021-09-01 15:06 ` Jan Beulich
2021-09-01 15:24   ` Juergen Gross
2021-09-01 15:51     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9682f7a9-7c67-a9c3-0345-11c110193f52@suse.com \
    --to=jbeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.