From: "Jan Beulich" <JBeulich@suse.com>
To: Quan Xu <quan.xu@intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>, Feng Wu <feng.wu@intel.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Liu Jinsong <jinsong.liu@alibaba-inc.com>,
Dario Faggioli <dario.faggioli@citrix.com>,
xen-devel@lists.xen.org, Jun Nakajima <jun.nakajima@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Keir Fraser <keir@xen.org>
Subject: Re: [PATCH 1/2] IOMMU/MMU: Adjust top level functions for VT-d Device-TLB flush error.
Date: Thu, 17 Mar 2016 11:14:54 -0600 [thread overview]
Message-ID: <56EAF41E02000078000DE065@prv-mh.provo.novell.com> (raw)
In-Reply-To: <1458197676-60696-2-git-send-email-quan.xu@intel.com>
>>> On 17.03.16 at 07:54, <quan.xu@intel.com> wrote:
> @@ -53,11 +55,21 @@ static int device_power_down(void)
>
> ioapic_suspend();
>
> - iommu_suspend();
> + err = iommu_suspend();
> + if ( err )
> + goto iommu_suspend_error;
>
> lapic_suspend();
>
> return 0;
> +
> +iommu_suspend_error:
Labels indented by at least one space please.
> --- a/xen/arch/x86/mm/p2m-ept.c
> +++ b/xen/arch/x86/mm/p2m-ept.c
> @@ -830,7 +830,15 @@ out:
> {
> if ( iommu_flags )
> for ( i = 0; i < (1 << order); i++ )
> - iommu_map_page(d, gfn + i, mfn_x(mfn) + i, iommu_flags);
> + {
> + rc = iommu_map_page(d, gfn + i, mfn_x(mfn) + i, iommu_flags);
> + if ( rc )
> + {
> + while ( i-- > 0 )
> + iommu_unmap_page(d, gfn + i);
> + break;
> + }
> + }
> else
> for ( i = 0; i < (1 << order); i++ )
> iommu_unmap_page(d, gfn + i);
Earlier on in the PV mm code you also checked iommu_unmap_page()'s
return code - why not here (and also in p2m-pt.c)?
Also I'm quite unhappy about the inconsistent state you leave things
in: You unmap from the IOMMU, return an error, but leave the EPT
entry in place.
> --- a/xen/common/grant_table.c
> +++ b/xen/common/grant_table.c
> @@ -932,8 +932,9 @@ __gnttab_map_grant_ref(
> {
> nr_gets++;
> (void)get_page(pg, rd);
> - if ( !(op->flags & GNTMAP_readonly) )
> - get_page_type(pg, PGT_writable_page);
> + if ( !(op->flags & GNTMAP_readonly) &&
> + !get_page_type(pg, PGT_writable_page) )
> + goto could_not_pin;
This needs explanation, as it doesn't look related to what your actual
goal is: If an error was possible here, I think this would be a security
issue. However, as also kind of documented by the explicitly ignored
return value from get_page(), it is my understanding there here we
only obtain an _extra_ reference.
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -678,8 +678,9 @@ static int xenmem_add_to_physmap(struct domain *d,
> if ( need_iommu(d) )
> {
> this_cpu(iommu_dont_flush_iotlb) = 0;
> - iommu_iotlb_flush(d, xatp->idx - done, done);
> - iommu_iotlb_flush(d, xatp->gpfn - done, done);
> + rc = iommu_iotlb_flush(d, xatp->idx - done, done);
> + if ( !rc )
> + rc = iommu_iotlb_flush(d, xatp->gpfn - done, done);
> }
And the pattern repeats - you now return an error, but you don't
roll back the now failed operation. But wait - maybe that intended:
Are you meaning to crash the guest in such cases (somewhere
deep in the flush code)? If so, I think that's fine, but you
absolutely would need to say so in the commit message.
> --- a/xen/drivers/passthrough/x86/iommu.c
> +++ b/xen/drivers/passthrough/x86/iommu.c
> @@ -104,7 +104,11 @@ int arch_iommu_populate_page_table(struct domain *d)
> this_cpu(iommu_dont_flush_iotlb) = 0;
>
> if ( !rc )
> - iommu_iotlb_flush_all(d);
> + {
> + rc = iommu_iotlb_flush_all(d);
> + if ( rc )
> + iommu_teardown(d);
> + }
> else if ( rc != -ERESTART )
> iommu_teardown(d);
Why can't you just use the existing call to iommu_teardown(), by
simply deleting the "else"?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-17 17:14 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-17 6:54 [PATCH 0/2] Check VT-d Device-TLB flush error Quan Xu
2016-03-17 6:54 ` [PATCH 1/2] IOMMU/MMU: Adjust top level functions for " Quan Xu
2016-03-17 7:32 ` Tian, Kevin
2016-03-17 7:58 ` Jan Beulich
2016-03-17 8:00 ` Tian, Kevin
2016-03-17 12:30 ` George Dunlap
2016-03-17 12:33 ` George Dunlap
2016-03-18 3:19 ` Xu, Quan
2016-03-18 8:09 ` Jan Beulich
2016-03-24 6:45 ` Xu, Quan
2016-03-18 7:54 ` Xu, Quan
2016-03-18 8:19 ` Jan Beulich
2016-03-18 9:09 ` Xu, Quan
2016-03-18 9:29 ` Jan Beulich
2016-03-18 9:38 ` Dario Faggioli
2016-03-18 9:48 ` Jan Beulich
2016-03-21 6:18 ` Tian, Kevin
2016-03-21 12:22 ` Jan Beulich
2016-03-24 9:02 ` Xu, Quan
2016-03-24 9:58 ` Jan Beulich
2016-03-24 14:12 ` Xu, Quan
2016-03-24 14:37 ` Jan Beulich
2016-03-17 17:14 ` Jan Beulich [this message]
2016-03-28 3:33 ` Xu, Quan
2016-03-29 7:20 ` Jan Beulich
2016-03-30 2:28 ` Xu, Quan
2016-03-30 2:35 ` Xu, Quan
2016-03-30 8:05 ` Jan Beulich
2016-03-17 6:54 ` [PATCH 2/2] IOMMU/MMU: Adjust low " Quan Xu
2016-03-17 7:37 ` Tian, Kevin
2016-03-18 2:30 ` Xu, Quan
2016-03-18 8:06 ` Jan Beulich
2016-03-21 5:01 ` Tian, Kevin
2016-03-17 15:31 ` George Dunlap
2016-03-18 6:57 ` Xu, Quan
2016-03-18 10:20 ` Jan Beulich
2016-03-25 9:27 ` Xu, Quan
2016-03-29 7:36 ` Jan Beulich
2016-04-11 3:09 ` Xu, Quan
2016-04-11 3:27 ` Xu, Quan
2016-04-11 16:34 ` Jan Beulich
2016-04-12 1:09 ` Xu, Quan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56EAF41E02000078000DE065@prv-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=feng.wu@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=jinsong.liu@alibaba-inc.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=quan.xu@intel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).