From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marc Zyngier <marc.zyngier@arm.com>
Subject: Re: [PATCH v5 20/22] xen/arm: ITS: Map ITS translation
 space
Date: Tue, 18 Aug 2015 23:37:48 +0100
Message-ID: <20150818233748.66b4cee6@arm.com>
References: <1437995524-19772-1-git-send-email-vijay.kilari@gmail.com>
	<1437995524-19772-21-git-send-email-vijay.kilari@gmail.com>
	<55D38423.6000006@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <55D38423.6000006@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Julien Grall <julien.grall@citrix.com>
Cc: Michal Marek <mmarek@suse.cz>, "Ian.Campbell@citrix.com" <Ian.Campbell@citrix.com>, "vijay.kilari@gmail.com" <vijay.kilari@gmail.com>, Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>, "manish.jaggi@caviumnetworks.com" <manish.jaggi@caviumnetworks.com>, "tim@xen.org" <tim@xen.org>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, "stefano.stabellini@citrix.com" <stefano.stabellini@citrix.com>, Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>
List-Id: xen-devel@lists.xenproject.org

On Tue, 18 Aug 2015 20:14:43 +0100
Julien Grall <julien.grall@citrix.com> wrote:

> Hi,
> 
> On 27/07/2015 04:12, vijay.kilari@gmail.com wrote:
> > From: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>
> >
> > ITS translation space contains GITS_TRANSLATOR register
> 
> s/GITS_TRANSLATOR/GITS_TRANSLATOR/

I assume you mean GITS_TRANSLATER? ;-)
> 
> > which is written by device to raise LPI. This space needs
> > to mapped to every domain address space for all physical
> > ITS available,so that device can access GITS_TRANSLATOR
> 
> Ditto
> 
> > register using SMMU.
> 
> Marc pointed me today that if the processor is writing into 
> GITS_TRANSLATER it may be able to deadlock the system.
> 
> Reading more closely the spec (8.1.3 IHI0069A), there is undefined 
> behavior when writing to this register with wrong access size.
> 
> Currently the page table are shared between the processor and the SMMU, 
> so that means that a domain will be able to deadlock the processor and 
> therefore the whole platform.

Indeed. A CPU should *never* be able to write to the GITS_TRANSLATER
register. What would be the meaning anyway? How would a DeviceID be
sampled? This is definitely UNPREDICTIBLE territory, and you want to
make sure a guest cannot directly write to the HW.

> So we should never expose GITS_TRANSLATER into the processor page table. 
> Which means unsharing some parts if not all of the page tables between 
> the processor and the SMMU.

Agreed. It looks to me like the CPU should only see the the virtual
ITS, and nothing else.

Thanks,

	M.
-- 
Jazz is not dead. It just smells funny.