From: "Chen, Tiejun" <tiejun.chen@intel.com>
To: Jan Beulich <JBeulich@suse.com>, Tim Deegan <tim@xen.org>
Cc: yang.z.zhang@intel.com, kevin.tian@intel.com, xen-devel@lists.xen.org
Subject: Re: [v3][PATCH 1/1] xen:vtd: missing RMRR mapping while share EPT
Date: Fri, 25 Jul 2014 14:48:56 +0800 [thread overview]
Message-ID: <53D1FDD8.7020002@intel.com> (raw)
In-Reply-To: <53D1154A0200007800025857@mail.emea.novell.com>
On 2014/7/24 20:16, Jan Beulich wrote:
>>>> On 24.07.14 at 13:51, <tiejun.chen@intel.com> wrote:
>> On 2014/7/24 19:35, Tim Deegan wrote:
>>> At 19:25 +0800 on 24 Jul (1406226315), Chen, Tiejun wrote:
>>>> On 2014/7/24 19:11, Tim Deegan wrote:
>>>>> though I am still worried about what happens if this overwrites an
>>>>> existing mapping.
>>>>
>>>> As I understand RMRR should be specific. Its unlikely created for
>>>> different mapping since this should be fixed in BIOS phase. And this is
>>>> why that function is named as rmrr_identity_mapping().
>>>
>>> But the BIOS only sets up _Xen's_ memory map. The toolstack sets up
>>> the _VM's_ memory map, and unless it can avoid the RMRRs of all
>>> devices in the system (and add them to guest E820s) it risks a clash
>>> here.
>>
>> RMRR seems be used barely. Here in my case, just GFX passthrough needs
>> this since some windows GFX drivers may access those stolen memory now.
>
> USB legacy emulation is another use case iirc, as seen on at least
> one of the systems I have here.
>
> Furthermore an RMRR (as pointed out a couple of months ago)
I'm poor in this problem, so could you point where I can get this
discussion? I think I should take a look at that to know about more.
> may be related to more than one device (at least in theory), and
Are you saying one RMRR corresponds to multiple devfns?
> in such case it is insecure to assign these devices to distinct
> domains.
But looks we always create one RMRR when an associated devfn is assigned
to one given domain, so this mean its always insecure before I introduce
this patch, right?
But if I'm wrong please correct me.
>
> As said in an earlier reply to Tim - I think this half baked solution
> isn't worth checking in without the other issues with RMRRs
> properly taken care of.
>
>>> If you can hot-plug one of these devices into a running guest, then
>>> there's no way to be safe, as the guest might have been booted on
>>> another system and migrated.
>>
>> I guess the original RMRR implementation don't consider live migration
>> so current RMRR shouldn't support live migration, right?
>
> You didn't read Tim's reply properly: He was referring to the case
> where a passed through device gets hotplugged into a guest for
> the first time _after_ the guest was already live migrated at least
> once.
>
Thanks for you explanation.
Tiejun
next prev parent reply other threads:[~2014-07-25 6:48 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-24 11:00 [v3][PATCH 1/1] xen:vtd: missing RMRR mapping while share EPT Tiejun Chen
2014-07-24 11:11 ` Tim Deegan
2014-07-24 11:25 ` Chen, Tiejun
2014-07-24 11:35 ` Tim Deegan
2014-07-24 11:51 ` Chen, Tiejun
2014-07-24 12:16 ` Jan Beulich
2014-07-25 6:48 ` Chen, Tiejun [this message]
2014-07-25 7:07 ` Jan Beulich
2014-07-25 7:53 ` Chen, Tiejun
2014-07-25 8:02 ` Jan Beulich
2014-07-25 12:22 ` Tim Deegan
2014-07-24 12:10 ` Jan Beulich
2014-07-25 0:56 ` Zhang, Yang Z
2014-07-25 6:58 ` Jan Beulich
2014-07-25 8:19 ` Zhang, Yang Z
2014-07-25 8:34 ` Jan Beulich
2014-07-25 6:47 ` Chen, Tiejun
2014-07-25 8:07 ` Jan Beulich
2014-07-25 8:45 ` Chen, Tiejun
2014-07-25 9:14 ` Jan Beulich
2014-07-24 17:12 ` Tian, Kevin
2014-07-25 8:15 ` Jan Beulich
2014-07-25 8:24 ` Zhang, Yang Z
2014-07-25 8:26 ` Chen, Tiejun
2014-07-25 8:28 ` Zhang, Yang Z
2014-07-25 8:30 ` Chen, Tiejun
2014-07-25 8:36 ` Jan Beulich
2014-07-25 8:43 ` Chen, Tiejun
2014-07-25 12:53 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D1FDD8.7020002@intel.com \
--to=tiejun.chen@intel.com \
--cc=JBeulich@suse.com \
--cc=kevin.tian@intel.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.