All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 1/4] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory
Date: Wed, 1 Sep 2021 10:41:19 +0200	[thread overview]
Message-ID: <YS88r8O8WbIORlgT@Air-de-Roger> (raw)
In-Reply-To: <866a3677-1f1a-e0e5-7ab0-10c210e25610@suse.com>

On Tue, Aug 31, 2021 at 03:14:06PM +0200, Jan Beulich wrote:

Sorry for the delay, and likely not being of much help right now.

> On 31.08.2021 15:02, Andrew Cooper wrote:
> > On 30/08/2021 14:02, Jan Beulich wrote:
> >> One of the changes comprising the fixes for XSA-378 disallows replacing
> >> MMIO mappings by unintended (for this purpose) code paths.
> > 
> > I'd drop the brackets.  All it does is confuse the sentence.
> > 
> >>  This means we
> >> need to be more careful about the mappings put in place in this range -
> >> mappings should be created exactly once:
> >> - iommu_hwdom_init() comes first; it should avoid the first Mb,
> >> - pvh_populate_p2m() should insert identity mappings only into ranges
> >>   not populated as RAM,
> >> - pvh_setup_acpi() should again avoid the first Mb, which was already
> >>   dealt with at that point.
> > 
> > This really is a mess.  It also seems very fragile.
> 
> So it seems to me.
> 
> > Why is iommu_hwdom_init() separate in the first place?  It only does
> > mappings up to 4G in the first place, and with this change, it is now
> > [1M-4G)
> 
> I guess we'll want to wait for Roger to return to shed some light on
> this.

iommu_hwdom_init should cover from [0, max_pdx], or 4G if max_pdx is
below that.

IIRC first PVH dom0 implementations used to have a behavior more
similar to PV in iommu_hwdom_init, as they would get almost everything
below 4GB that's not RAM identity mapped in the (IOMMU) page tables.

PVH dom0 has since diverged, and now iommu_hwdom_init just identity
maps reserved regions. We could likely move this somewhere else, but
given it's still shared with PV dom0 (by using the same command line
option, dom0-iommu=map-reserved) I think it would just make option
handling more confusing.

One way to simplify things would be to rely on the hardware provided
memory map to correctly have the regions in the low 1M marked as
reserved, so that iommu_hwdom_init would identity map them. Then we
would just need a bit of special handling to duplicate the data in RAM
regions for the low 1M but we could avoid a lot of complexity.  This
however requires trusting the hardware is not missing required regions
in the low 1M.

Another option might be to slightly modify hwdom_iommu_map so that for
PVH it returns true for all non-RAM regions in the low 1M. That would
avoid having to add another loop in pvh_populate_p2m to map those.

Thanks, Roger.


  parent reply	other threads:[~2021-09-01  8:42 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-30 13:01 [PATCH 0/4] x86/PVH: Dom0 building adjustments Jan Beulich
2021-08-30 13:02 ` [PATCH 1/4] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Jan Beulich
2021-08-31 13:02   ` Andrew Cooper
2021-08-31 13:14     ` Jan Beulich
2021-08-31 13:19       ` Jan Beulich
2021-08-31 13:27         ` Andrew Cooper
2021-08-31 13:36           ` Jan Beulich
2021-09-01 11:49             ` Andrew Cooper
2021-09-01  8:41       ` Roger Pau Monné [this message]
2021-08-30 13:02 ` [PATCH 2/4] x86/P2M: relax guarding of MMIO entries Jan Beulich
2021-08-31 13:16   ` Jan Beulich
2021-08-31 13:16   ` Andrew Cooper
2021-08-31 13:26     ` Jan Beulich
2021-08-31 15:25       ` Andrew Cooper
2021-08-31 15:38         ` Jan Beulich
2021-09-01  8:08           ` Jan Beulich
2021-09-01  8:50           ` Roger Pau Monné
2021-09-01  9:53             ` Jan Beulich
2021-09-01 13:48               ` Roger Pau Monné
2021-09-01 14:05                 ` Jan Beulich
2021-09-01 12:47           ` Andrew Cooper
2021-09-01 13:08             ` Jan Beulich
2021-09-06 19:53               ` Andrew Cooper
2021-09-07  6:27                 ` Jan Beulich
2021-08-30 13:03 ` [PATCH 3/4] x86/PVH: improve Dom0 memory size calculation Jan Beulich
2021-08-31 14:07   ` Andrew Cooper
2021-08-31 15:30     ` Jan Beulich
2021-08-30 13:03 ` [PATCH 4/4] x86/PV: properly set shadow allocation for Dom0 Jan Beulich
2021-08-31 13:47   ` Andrew Cooper
2021-08-31 14:25     ` Jan Beulich
2021-08-31 21:08   ` Tim Deegan
2021-08-31  8:53 ` [PATCH 0/4] x86/PVH: Dom0 building adjustments Jan Beulich
2021-09-01 13:56   ` Roger Pau Monné
2021-09-01 14:19     ` Jan Beulich
2021-09-01 14:25       ` Jan Beulich
2021-09-01 16:13       ` Roger Pau Monné
2021-09-02  6:30         ` Jan Beulich
2021-09-01 15:06 ` Jan Beulich
2021-09-01 15:24   ` Juergen Gross
2021-09-01 15:51     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YS88r8O8WbIORlgT@Air-de-Roger \
    --to=roger.pau@citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.