From: Wei Liu <wei.liu2@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
PaulDurrant <Paul.Durrant@citrix.com>,
Anthony PERARD <anthony.perard@citrix.com>,
Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: Domctl and physdevop for passthrough (Was: Re: Stabilising some tools only HVMOPs?)
Date: Tue, 1 Mar 2016 10:52:58 +0000 [thread overview]
Message-ID: <20160301105258.GK17111@citrix.com> (raw)
In-Reply-To: <56D558B202000078000D7A6F@prv-mh.provo.novell.com>
On Tue, Mar 01, 2016 at 12:54:09AM -0700, Jan Beulich wrote:
> >>> On 29.02.16 at 19:12, <wei.liu2@citrix.com> wrote:
> > I read the XSA-154 patch and think a little bit on whether making
> > dedicated hypercall is feasible.
> >
> > 1. The patch for XSA-154 mentions that only MMIO mappings with
> > inconsistent attributes can cause system instability.
> > 2. PV case is hard, but the device model library is only of interest to
> > HVM domain, so PV can be ignored.
> > 3. We want to continue honoring pinned cachability attributes for HVM
> > domain.
> >
> > It seems we have a way forward. Say, we have new hypercall just for
> > pinning video ram cachability attribute.
> >
> > The new hypercall has following properties:
> >
> > 1. It can only be used on HVM domains.
> > 2. It can only be used on mfns that are not in MMIO ranges, because
> > vram is just normal ram.
> > 3. It can only set the cachability attribute to WC (used by video ram).
> > 4. It is not considered stable.
> >
> > so that it won't be abused to change cachability attributes of MMIO
> > mappings on PV guest to make the host unstable. The stale data issue is
> > of no relevance as stated in XSA-154 patch.
> >
> > Does this sound plausible?
>
> Yes, it does, but it extends our dependency on what we've been
> told in the context of XSA-154 is actually true (and has been true
> for all earlier processor generations, and will continue to be true
> in the future).
> But then I don't immediately see why the existing
> pinning operation won't suffice: It's a domctl (i.e. we can change
> it), you say you don't need it to be stable, and it's already
> documented as being intended for RAM only (albeit iirc that's not
> getting enforced anywhere right now). The main present
> problem (which I don't see a new hypercall to solve) is that it's
> GFN-based, and the GFN->MFN mapping can change after such
> pinning got established. Otoh I think that by changing the
> placement of the hvm_get_mem_pinned_cacheattr() calls we
> could enforce the RAM-only aspect quite easily. Let me put
> together a patch ...
>
That would be good. Thank you very much.
Wei.
> Jan
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-01 10:53 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-17 17:28 Stabilising some tools only HVMOPs? Wei Liu
2016-02-18 10:24 ` Ian Campbell
2016-02-18 10:37 ` Jan Beulich
2016-02-18 10:45 ` Wei Liu
2016-02-18 10:53 ` Ian Campbell
2016-02-18 10:55 ` Wei Liu
2016-02-18 10:56 ` Jan Beulich
2016-02-18 10:31 ` Jan Beulich
2016-02-18 10:36 ` Wei Liu
2016-02-18 10:44 ` Ian Campbell
2016-02-18 10:55 ` Jan Beulich
2016-02-18 10:59 ` Wei Liu
2016-02-18 11:04 ` Jan Beulich
2016-02-18 12:51 ` Wei Liu
2016-02-18 16:28 ` Ian Jackson
2016-02-18 16:29 ` Wei Liu
2016-02-18 16:41 ` Jan Beulich
2016-02-18 16:45 ` Ian Jackson
2016-02-18 16:49 ` Wei Liu
2016-02-18 16:37 ` Ian Campbell
2016-02-19 16:05 ` Domctl and physdevop for passthrough (Was: Re: Stabilising some tools only HVMOPs?) Wei Liu
2016-02-22 11:28 ` Jan Beulich
2016-02-22 11:56 ` Wei Liu
2016-02-23 14:31 ` Wei Liu
2016-02-23 15:46 ` Jan Beulich
2016-02-23 17:09 ` Wei Liu
2016-02-23 17:24 ` Jan Beulich
2016-02-23 17:28 ` Jan Beulich
2016-02-23 17:55 ` Wei Liu
2016-02-29 12:23 ` Wei Liu
2016-02-29 12:29 ` Jan Beulich
2016-02-29 18:12 ` Wei Liu
2016-03-01 7:54 ` Jan Beulich
2016-03-01 10:52 ` Wei Liu [this message]
2016-03-01 11:10 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160301105258.GK17111@citrix.com \
--to=wei.liu2@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=Paul.Durrant@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).