From: Julien Grall <julien.grall@linaro.org>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: xen-devel@lists.xenproject.org, stefano.stabellini@citrix.com,
tim@xen.org
Subject: Re: [RFC 12/19] xen/passthrough: iommu_deassign_device_dt: By default reassign device to nobody
Date: Thu, 03 Jul 2014 14:51:36 +0100 [thread overview]
Message-ID: <53B55FE8.1080501@linaro.org> (raw)
In-Reply-To: <1404394933.19893.13.camel@kazak.uk.xensource.com>
On 07/03/2014 02:42 PM, Ian Campbell wrote:
> On Thu, 2014-07-03 at 14:01 +0100, Julien Grall wrote:
>> On 07/03/2014 01:53 PM, Ian Campbell wrote:
>>> On Thu, 2014-07-03 at 13:07 +0100, Julien Grall wrote:
>>>>>> If Xen reassigns the device to "nobody", it may receive some global/context
>>>>>> fault because the transaction has failed (indeed the context has been
>>>>>> marked invalid).
>>>>>
>>>>> Can you describe here what happen in this case (I presume Xen tears down
>>>>> the iommu to quiesce them somehow?)
>>>>
>>>> The SMMU drivers will mark the different Context Bank, S2CR, SMR as
>>>> invalid. If the device is attempt to access the memory then, we will
>>>> receive an interrupt in Xen.
>>>>
>>>> Actually it's only happen once, if the device is still enabled when the
>>>> domain is shutdown.
>>>
>>> My concern was with getting a storm of such interrupts after this point.
>>> If it only happens once and any subsequent ones are damped by some means
>>> then great.
>>
>> I guess, it can happen with a buggy device trying to access memory
>> alone. But I don't think we should care about this case.
>
> Ideally such a device wouldn't be able to DoS the rest of the system.
>
> Does the SMMU not have a bit to say: deny all MMIO from this context
> without raising an exception?
AFAIK, no. We receive a transaction fault via the global interrupt. If
we disable this interrupt we also disable potentially helpful message
when the register are misconfigured.
Regards,
--
Julien Grall
next prev parent reply other threads:[~2014-07-03 13:51 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-16 16:17 [RFC 00/19] xe/arm: Add support for non-pci passthrough Julien Grall
2014-06-16 16:17 ` [RFC 01/19] xen/arm: guest_physmap_remove_page: Print a warning if we fail to unmap the page Julien Grall
2014-06-18 15:03 ` Stefano Stabellini
2014-07-03 10:52 ` Ian Campbell
2014-07-03 11:17 ` Julien Grall
2014-06-16 16:17 ` [RFC 02/19] xen: guestcopy: Provide an helper to copy string from guest Julien Grall
2014-06-17 8:01 ` Jan Beulich
2014-06-17 9:09 ` Julien Grall
2014-06-17 9:17 ` Jan Beulich
2014-06-17 9:23 ` Julien Grall
2014-06-17 22:43 ` Daniel De Graaf
2014-06-18 11:59 ` Jan Beulich
2014-06-18 12:22 ` Julien Grall
2014-06-18 12:49 ` Jan Beulich
2014-06-18 12:53 ` Julien Grall
2014-06-18 13:01 ` Jan Beulich
2014-06-24 14:58 ` Julien Grall
2014-06-16 16:17 ` [RFC 03/19] xen/arm: follow-up to allow DOM0 manage IRQ and MMIO Julien Grall
2014-06-18 20:21 ` Stefano Stabellini
2014-06-18 20:32 ` Julien Grall
2014-07-03 11:02 ` Ian Campbell
2014-07-03 11:23 ` Julien Grall
2014-07-03 12:12 ` Ian Campbell
2014-06-16 16:17 ` [RFC 04/19] xen/arm: route_irq_to_guest: Check validity of the IRQ Julien Grall
2014-06-18 18:52 ` Stefano Stabellini
2014-06-18 19:03 ` Julien Grall
2014-07-03 11:04 ` Ian Campbell
2014-07-03 11:47 ` Julien Grall
2014-06-16 16:17 ` [RFC 05/19] xen/arm: Release IRQ routed to a domain when it's destroying Julien Grall
2014-06-18 18:08 ` Stefano Stabellini
2014-06-18 18:26 ` Julien Grall
2014-06-18 18:48 ` Stefano Stabellini
2014-06-18 18:54 ` Julien Grall
2014-06-18 19:06 ` Stefano Stabellini
2014-06-18 19:09 ` Julien Grall
2014-06-16 16:17 ` [RFC 06/19] xen/arm: Implement hypercall PHYSDEVOP_map_pirq Julien Grall
2014-06-18 19:24 ` Stefano Stabellini
2014-06-19 11:39 ` Julien Grall
2014-06-19 12:29 ` Stefano Stabellini
2014-07-03 11:27 ` Ian Campbell
2014-07-03 12:02 ` Julien Grall
2014-07-03 12:53 ` Ian Campbell
2014-07-15 13:01 ` Julien Grall
2014-07-15 13:03 ` Ian Campbell
2014-08-18 19:20 ` Andrii Tseglytskyi
2014-08-18 21:55 ` Julien Grall
2014-08-19 9:11 ` Andrii Tseglytskyi
2014-08-19 14:24 ` Julien Grall
2014-06-16 16:17 ` [RFC 07/19] xen/dts: Use unsigned int for MMIO and IRQ index Julien Grall
2014-06-18 18:54 ` Stefano Stabellini
2014-06-19 11:42 ` Julien Grall
2014-06-16 16:17 ` [RFC 08/19] xen/dts: Provide an helper to get a DT node from a path provided by a guest Julien Grall
2014-07-03 11:30 ` Ian Campbell
2014-07-03 11:49 ` Julien Grall
2014-07-03 12:13 ` Ian Campbell
2014-07-03 12:22 ` Julien Grall
2014-06-16 16:17 ` [RFC 09/19] xen/dts: Add hypercalls to retrieve device node information Julien Grall
2014-06-18 19:38 ` Stefano Stabellini
2014-06-19 11:58 ` Julien Grall
2014-06-19 12:21 ` Stefano Stabellini
2014-06-19 12:25 ` Julien Grall
2014-07-03 11:40 ` Ian Campbell
2014-06-24 8:46 ` Christoffer Dall
2014-07-03 11:34 ` Ian Campbell
2014-07-03 11:33 ` Ian Campbell
2014-07-03 11:51 ` Julien Grall
2014-07-03 12:13 ` Ian Campbell
2014-06-16 16:17 ` [RFC 10/19] xen/passthrough: Introduce iommu_buildup Julien Grall
2014-07-03 11:45 ` Ian Campbell
2014-07-03 11:55 ` Julien Grall
2014-06-16 16:17 ` [RFC 11/19] xen/passthrough: Call arch_iommu_domain_destroy before calling iommu_teardown Julien Grall
2014-06-17 8:07 ` Jan Beulich
2014-06-17 9:18 ` Julien Grall
2014-06-17 9:29 ` Jan Beulich
2014-06-17 12:38 ` Julien Grall
2014-06-17 13:04 ` Jan Beulich
2014-06-18 12:24 ` Julien Grall
2014-06-18 12:50 ` Jan Beulich
2014-06-16 16:17 ` [RFC 12/19] xen/passthrough: iommu_deassign_device_dt: By default reassign device to nobody Julien Grall
2014-06-18 19:28 ` Stefano Stabellini
2014-07-03 11:48 ` Ian Campbell
2014-07-03 12:07 ` Julien Grall
2014-07-03 12:53 ` Ian Campbell
2014-07-03 13:01 ` Julien Grall
2014-07-03 13:42 ` Ian Campbell
2014-07-03 13:51 ` Julien Grall [this message]
2014-07-03 14:04 ` Ian Campbell
2014-07-03 14:09 ` Julien Grall
2014-06-16 16:18 ` [RFC 13/19] xen/iommu: arm: Wire iommu DOMCTL for ARM Julien Grall
2014-06-17 8:24 ` Jan Beulich
2014-06-17 13:05 ` Julien Grall
2014-06-16 16:18 ` [RFC 14/19] xen/passthrough: dt: Add new domctl XEN_DOMCTL_assign_dt_device Julien Grall
2014-06-17 8:34 ` Jan Beulich
2014-06-17 13:23 ` Julien Grall
2014-06-17 13:30 ` Jan Beulich
2014-06-17 13:48 ` Julien Grall
2014-06-17 13:55 ` Jan Beulich
2014-07-03 11:54 ` Ian Campbell
2014-06-16 16:18 ` [RFC 15/19] xen/arm: Reserve region in guest memory for device passthrough Julien Grall
2014-06-18 15:12 ` Stefano Stabellini
2014-06-18 15:23 ` Julien Grall
2014-06-18 15:26 ` Ian Campbell
2014-06-18 17:48 ` Stefano Stabellini
2014-06-18 17:54 ` Julien Grall
2014-06-18 18:14 ` Stefano Stabellini
2014-06-18 18:33 ` Julien Grall
2014-06-18 18:55 ` Stefano Stabellini
2014-07-03 11:56 ` Ian Campbell
2014-06-16 16:18 ` [RFC 16/19] libxl/arm: Introduce DT_IRQ_TYPE_* Julien Grall
2014-07-03 11:56 ` Ian Campbell
2014-06-16 16:18 ` [RFC 17/19] libxl/arm: Rename set_interrupt_ppi to set_interrupt and handle SPIs Julien Grall
2014-07-03 11:58 ` Ian Campbell
2014-07-03 12:04 ` Julien Grall
2014-07-03 14:04 ` Ian Campbell
2014-06-16 16:18 ` [RFC 18/19] libxl: Add support for non-PCI passthrough Julien Grall
2014-06-16 17:19 ` Wei Liu
2014-06-18 12:26 ` Julien Grall
2014-06-16 16:18 ` [RFC 19/19] xl: Add new option dtdev Julien Grall
2014-06-16 17:19 ` Wei Liu
2014-06-18 13:40 ` Julien Grall
2014-06-18 13:43 ` Wei Liu
2014-06-18 13:46 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53B55FE8.1080501@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@citrix.com \
--cc=stefano.stabellini@citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.