xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: "Tian, Kevin" <kevin.tian@intel.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>,
	"Jan Beulich" <jbeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	"Julien Grall" <julien@xen.org>,
	"Cooper, Andrew" <andrew.cooper3@citrix.com>,
	"Wei Liu" <wl@xen.org>
Subject: RE: [PATCH] VMX: use a single, global APIC access page
Date: Mon, 1 Mar 2021 02:18:24 +0000	[thread overview]
Message-ID: <MWHPR11MB1886E452B181ACA872B7C6878C9A9@MWHPR11MB1886.namprd11.prod.outlook.com> (raw)
In-Reply-To: <YCUiniCn+oT9CFwC@Air-de-Roger>

> From: Roger Pau Monné <roger.pau@citrix.com>
> Sent: Thursday, February 11, 2021 8:27 PM
> 
> On Thu, Feb 11, 2021 at 12:22:41PM +0100, Jan Beulich wrote:
> > On 11.02.2021 12:16, Roger Pau Monné wrote:
> > > On Thu, Feb 11, 2021 at 11:36:59AM +0100, Jan Beulich wrote:
> > >> On 11.02.2021 09:45, Roger Pau Monné wrote:
> > >>> On Wed, Feb 10, 2021 at 05:48:26PM +0100, Jan Beulich wrote:
> > >>>> --- a/xen/include/asm-x86/p2m.h
> > >>>> +++ b/xen/include/asm-x86/p2m.h
> > >>>> @@ -935,6 +935,9 @@ static inline unsigned int p2m_get_iommu
> > >>>>          flags = IOMMUF_readable;
> > >>>>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) )
> > >>>>              flags |= IOMMUF_writable;
> > >>>> +        /* VMX'es APIC access page is global and hence has no owner.
> */
> > >>>> +        if ( mfn_valid(mfn) && !page_get_owner(mfn_to_page(mfn)) )
> > >>>> +            flags = 0;
> > >>>
> > >>> Is it fine to have this page accessible to devices if the page tables
> > >>> are shared between the CPU and the IOMMU?
> > >>
> > >> No, it's not, but what do you do? As said elsewhere, devices
> > >> gaining more access than is helpful is the price we pay for
> > >> being able to share page tables. But ...
> > >
> > > I'm concerned about allowing devices to write to this shared page, as
> > > could be used as an unintended way to exchange information between
> > > domains?
> >
> > Well, such an abuse would be possible, but it wouldn't be part
> > of an ABI and hence could break at any time. Similarly I
> > wouldn't consider it an information leak if a guest abused
> > this.
> 
> Hm, I'm kind of worried about having such shared page accessible to
> guests. Could Intel confirm whether pages in the 0xFEExxxxx range are
> accessible to devices in any way when using IOMMU shared page
> tables?

0xFEExxxxx range is special. Requests to this range are not subject to
DMA remapping (even if a valid mapping for this range exists in the 
IOMMU page table). And this special treatment is true regardless of
whether interrupt remapping is enabled (which comes only after an 
interrupt message to this range is recognized).

Thanks
Kevin

  reply	other threads:[~2021-03-01  2:18 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-10 16:48 [PATCH] VMX: use a single, global APIC access page Jan Beulich
2021-02-10 17:00 ` Andrew Cooper
2021-02-10 17:03   ` Jan Beulich
2021-03-01  2:08     ` Tian, Kevin
2021-02-10 17:16   ` Jan Beulich
2021-02-11  8:45 ` Roger Pau Monné
2021-02-11 10:36   ` Jan Beulich
2021-02-11 11:16     ` Roger Pau Monné
2021-02-11 11:22       ` Jan Beulich
2021-02-11 12:27         ` Roger Pau Monné
2021-03-01  2:18           ` Tian, Kevin [this message]
2021-03-01  8:15             ` Jan Beulich
2021-03-01  8:30               ` Tian, Kevin
2021-03-01  9:58                 ` Jan Beulich
2021-03-04  7:51                   ` Tian, Kevin
2021-02-11 13:53     ` Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MWHPR11MB1886E452B181ACA872B7C6878C9A9@MWHPR11MB1886.namprd11.prod.outlook.com \
    --to=kevin.tian@intel.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien@xen.org \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).