From: Oleksandr <olekstysh@gmail.com>
To: Julien Grall <julien.grall@arm.com>, xen-devel@lists.xenproject.org
Cc: oleksandr_tyshchenko@epam.com,
Stefano Stabellini <sstabellini@kernel.org>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [Xen-devel] [PATCH] xen/arm: p2m: Free the p2m entry after flushing the IOMMU TLBs
Date: Tue, 20 Aug 2019 18:04:57 +0300 [thread overview]
Message-ID: <1ec280ed-bc3f-9334-ac8d-833b3c323c5d@gmail.com> (raw)
In-Reply-To: <20190812202735.23411-1-julien.grall@arm.com>
On 12.08.19 23:27, Julien Grall wrote:
Hi, Julien
> When freeing a p2m entry, all the sub-tree behind it will also be freed.
> This may include intermediate page-tables or any l3 entry requiring to
> drop a reference (e.g for foreign pages). As soon as pages are freed,
> they may be re-used by Xen or another domain. Therefore it is necessary
> to flush *all* the TLBs beforehand.
>
> While CPU TLBs will be flushed before freeing the pages, this is not
> the case for IOMMU TLBs. This can be solved by moving the IOMMU TLBs
> flush earlier in the code.
>
> This wasn't considered as a security issue as device passthrough on Arm
> is not security supported.
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
>
> ---
>
> Cc: olekstysh@gmail.com
> Cc: oleksandr_tyshchenko@epam.com
>
> I discovered it while looking at the code, so I don't have any
> reproducer of the issue. There is a small windows where page could
> be reallocated to Xen or another domain but still present in the
> IOMMU TLBs.
I haven't reproduced this issue as well.
So, my testing here is rather formal to be sure that patch doesn't break
anything.
You can add (if needed):
Tested-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> This patch only address the case where the flush succeed. In the
> unlikely case where it does not succeed, then we will still free the
> pages. The IOMMU helper will crash domain, but the device may still
> not be quiescent. So there are a potentially issues do DMA on wrong
> things.
>
> At the moment, none of the Arm IOMMUs drivers (including the IPMMU
> one under review) are return an error here. Note that flush may
> still fail (see timeout), but is ignored. This is not great as it
> means a device may DMA into something that does not belong to the
> domain. So we probably want to return an error here.
Makes sense.
[I haven't been facing flush timeout issue since start playing with
IPMMU...]
--
Regards,
Oleksandr Tyshchenko
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-08-20 15:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-12 20:27 [Xen-devel] [PATCH] xen/arm: p2m: Free the p2m entry after flushing the IOMMU TLBs Julien Grall
2019-08-13 8:03 ` Andrew Cooper
2019-08-13 8:59 ` Julien Grall
2019-08-20 15:04 ` Oleksandr [this message]
2019-10-02 2:07 ` Stefano Stabellini
2019-10-02 5:07 ` Jürgen Groß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1ec280ed-bc3f-9334-ac8d-833b3c323c5d@gmail.com \
--to=olekstysh@gmail.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=julien.grall@arm.com \
--cc=oleksandr_tyshchenko@epam.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).