From: Arianna Avanzini <avanzini.arianna@gmail.com>
To: Jan Beulich <JBeulich@suse.com>,
Ian Campbell <Ian.Campbell@eu.citrix.com>,
JulienGrall <julien.grall@citrix.com>
Cc: "paolo.valente@unimore.it" <paolo.valente@unimore.it>,
Keir Fraser <keir@xen.org>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Tim Deegan <tim@xen.org>,
Dario Faggioli <dario.faggioli@citrix.com>,
Julien Grall <julien.grall@linaro.org>,
"xen.org" <Ian.Jackson@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Eric Trudeau <etrudeau@broadcom.com>,
"viktor.kleinik@globallogic.com" <viktor.kleinik@globallogic.com>
Subject: Re: [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
Date: Sat, 05 Apr 2014 14:08:48 +0200 [thread overview]
Message-ID: <533FF250.6010108@gmail.com> (raw)
In-Reply-To: <533C08660200007800004A0F@nat28.tlf.novell.com>
On 04/02/2014 12:53 PM, Jan Beulich wrote:
>>>> On 02.04.14 at 12:19, <Ian.Campbell@eu.citrix.com> wrote:
>> On Wed, 2014-04-02 at 11:06 +0100, Jan Beulich wrote:
>>>>>> On 02.04.14 at 11:43, <Ian.Campbell@eu.citrix.com> wrote:
>>>> This interface is already pretty broken for the case where a toolstack
>>>> maps the same mfns into a guest twice. But that is a pretty broken thing
>>>> for a toolstack to do.
>>>
>>> Is it? In the context of the VGA ROM issue in qemu (discussed recently)
>>> it seemed reasonable to me to map this at both the PCI BAR specified
>>> location and the legacy ISA C0000h one.
>>
>> That's emulated though isn't it? This interface is about real machine
>> iomem pages.
>
> Could be either (VGA passthrough, or PXE boot ROM on a passed
> through NIC), at least in theory.
>
>> Anyway, the issue is that the permission is not reference counted so you
>> can do:
>> map mfn 0x12345 at gfn 0xc0000
>> map mfn 0x12345 at gfn 0xf0000000
>> unmap mfn 0x12345 from 0xf0000000
>>
>> Now the guest no longer has permission (as in iomem_access_permitted) to
>> access mfn 0x12345 but it still has a mapping at gfn 0xc0000 and can use
>> it (unless perhaps some iommu stuff goes on which I haven't grokked).
>
> That's ugly indeed.
>
>> Perhaps we don't care about that and expect the toolstack/device model
>> to ensure that it unmaps everything or nothing. (I didn't check if a
>> subsequent unmap from 0xc0000 would work BTW).
>
> In fact we wouldn't, at the example of the ROMs again: The mapping
> in the legacy ISA area should always be there, whereas the one at
> the PCI BAR specified location should only be there if the ROM is
> enabled.
>
>> If we do care about this issue then our choices are:
>> * Implement proper referencing counting of iomem permissions
>> (tricky?)
>> * Force the reference counting to be trivial by requiring that the
>> reference is at most 1
>> * Split the manipulation of iomem permissions out of
>> XEN_DOMCTL_memory_mapping and require the toolstack to issue
>> XEN_DOMCTL_iomem_permission first (and last after all mappings
>> are removed).
>
> This one seems the only reasonable approach to me. Yet in order to
> prevent the (disaggregated) tool stack from revoking the permission
> without removing the mapping, some reference counting would still
> be needed. Or maybe we don't need to care about that case, as long
> as the memory range can't be assigned to another guest not
> controlled by the same tool stack instance.
>
>> * Do some sort of exhaustive search on unmap like Julien suggested
>
> Wrt unmapping, I think the MFN mapped at the specified GFN
> shouldn't really matter - if the tool stack says "unmap", so be it.
> And hence there's nothing really to search for.
>
Hello,
sorry if I intrude with a question. I have been working on a new version of the
patch series, just to try to get out of the way the most immediate issues that
everybody pointed out.
Is everybody OK if I send it or would you prefer me to wait for a decision in
this new thread of discussion and try to include in the next patchset something
related to it? I'm obviously fine either way.
Thank you for all your comments and, again, sorry for the question.
--
/*
* Arianna Avanzini
* avanzini.arianna@gmail.com
* 73628@studenti.unimore.it
*/
next prev parent reply other threads:[~2014-04-05 12:08 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-25 2:02 [PATCH v4 0/7] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM Arianna Avanzini
2014-03-25 2:02 ` [PATCH v4 1/7] arch, arm: domain build: let dom0 access I/O memory of mapped devices Arianna Avanzini
2014-03-25 12:37 ` Julien Grall
2014-03-25 2:02 ` [PATCH v4 2/7] arch, arm: add consistency checks to REMOVE p2m changes Arianna Avanzini
2014-03-25 12:18 ` Stefano Stabellini
2014-03-25 12:51 ` Julien Grall
2014-03-25 13:10 ` Julien Grall
2014-03-25 17:41 ` Ian Campbell
2014-03-25 2:02 ` [PATCH v4 3/7] arch, arm: let map_mmio_regions() take pfn as parameters Arianna Avanzini
2014-03-25 12:22 ` Stefano Stabellini
2014-03-25 12:54 ` Julien Grall
2014-03-28 12:51 ` Arianna Avanzini
2014-03-28 13:31 ` Julien Grall
2014-03-25 13:00 ` Julien Grall
2014-03-25 2:02 ` [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall Arianna Avanzini
2014-03-25 9:33 ` Jan Beulich
2014-03-28 13:24 ` Arianna Avanzini
2014-03-28 13:30 ` Jan Beulich
2014-03-25 12:35 ` Stefano Stabellini
2014-03-25 14:10 ` Jan Beulich
2014-03-25 15:10 ` Stefano Stabellini
2014-03-25 15:36 ` Jan Beulich
2014-03-25 15:42 ` Stefano Stabellini
2014-04-01 15:01 ` Ian Campbell
2014-04-01 15:18 ` Jan Beulich
2014-04-01 15:37 ` Ian Campbell
2014-03-25 13:17 ` Julien Grall
2014-04-01 14:52 ` Ian Campbell
2014-04-01 15:16 ` Julien Grall
2014-04-01 15:39 ` Ian Campbell
2014-04-01 16:00 ` Julien Grall
2014-04-02 9:43 ` Ian Campbell
2014-04-02 10:06 ` Jan Beulich
2014-04-02 10:19 ` Ian Campbell
2014-04-02 10:53 ` Jan Beulich
2014-04-05 12:08 ` Arianna Avanzini [this message]
2014-04-06 16:23 ` Stefano Stabellini
2014-04-07 7:01 ` Jan Beulich
2014-03-25 2:02 ` [PATCH v4 5/7] tools, libxl: parse optional start gfn from the iomem config option Arianna Avanzini
2014-03-25 15:39 ` Julien Grall
2014-03-25 15:45 ` Julien Grall
2014-03-25 16:27 ` Ian Campbell
2014-03-25 2:02 ` [PATCH v4 6/7] tools, libxl: add helpers to establish if guest is auto-translated Arianna Avanzini
2014-03-25 2:02 ` [PATCH v4 7/7] tools, libxl: handle the iomem parameter with the memory_mapping hcall Arianna Avanzini
2014-04-01 15:13 ` Ian Campbell
2014-04-01 15:26 ` Julien Grall
2014-04-01 15:34 ` Ian Campbell
2014-04-01 20:52 ` Daniel De Graaf
2014-04-02 9:45 ` Ian Campbell
2014-04-02 14:14 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=533FF250.6010108@gmail.com \
--to=avanzini.arianna@gmail.com \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=dario.faggioli@citrix.com \
--cc=etrudeau@broadcom.com \
--cc=julien.grall@citrix.com \
--cc=julien.grall@linaro.org \
--cc=keir@xen.org \
--cc=paolo.valente@unimore.it \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=viktor.kleinik@globallogic.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).