From: George Dunlap <george.dunlap@eu.citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: "andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>,
Tim Deegan <tim@xen.org>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"KeirFraser(keir.xen@gmail.com)" <keir.xen@gmail.com>,
Jun Nakajima <jun.nakajima@intel.com>,
Yang Z Zhang <yang.z.zhang@intel.com>,
Xiantao Zhang <xiantao.zhang@intel.com>
Subject: Re: [PATCH] Don't track all memory when enabling log dirty to track vram
Date: Mon, 2 Jun 2014 16:03:20 +0100 [thread overview]
Message-ID: <538C9238.5080701@eu.citrix.com> (raw)
In-Reply-To: <538CA5E80200007800016E34@mail.emea.novell.com>
On 06/02/2014 03:27 PM, Jan Beulich wrote:
>>>> On 02.06.14 at 16:06, <George.Dunlap@eu.citrix.com> wrote:
>> On Mon, Jun 2, 2014 at 7:55 AM, Jan Beulich <JBeulich@suse.com> wrote:
>>>>>> On 31.05.14 at 03:26, <jun.nakajima@intel.com> wrote:
>>>> On Mon, May 26, 2014 at 2:04 AM, Jan Beulich <JBeulich@suse.com> wrote:
>>>>>>>> On 26.05.14 at 10:16, <yang.z.zhang@intel.com> wrote:
>>>>>> Jan Beulich wrote on 2014-05-23:
>>>>>>> Btw., I think I just spotted a second thing not working without split page
>>>>>> tables:
>>>>>>> mem-access (which doesn't and imo shouldn't depend on !need_iommu(),
>>>>>>> other than mem-sharing and mem-paging) likewise has the potential of
>>>>>>> creating entries resulting in IOMMU faults.
>>>>>>>
>>>>>> I don't know what mem-access is? Do you mean Xenaccess? If not, can you
>>>>>> elaborate it or provide a link to help me to understand how it works?
>>>>> The (example) tool indeed is named xen-access. See XENMEM_access_op
>>>>> (used to be HVMOP_{get,set}_mem_access).
>>>>>
>>>> The tool xen-access is located in tools/tests, and I think that this
>>>> is used mostly by developers who know what they are doing.
>>> The tool is, indeed. But the underlying feature clearly isn't limited
>>> to or solely intended for developers.
>>>
>>>> If we had separate VT-d page tables, they might observe confusing
>>>> results; even if they write-protect pages, somebody (i.e. I/O devices)
>>>> modifies those pages.
>>>> To me, observing IOMMU faults seems consistent with the consequence of
>>>> changes to guest memory permission.
>>> And I would agree if these faults were restartable. You're certainly
>>> aware that a not too large amount of faults within a reasonably short
>>> period of time will lead to the device being turned off, with quite likely
>>> fatal consequences to the guest.
>> Sure -- but there are a number of features (PoD, paging, page sharing,
>> even migration) which are incompatible with pass-through, and the user
>> is simply not allowed to use them together. Why not just add this one
>> to the list?
> Considering that mem-access came at about the same time or even
> later than mem-paging and mem-sharing, I was silently assuming that
> it wasn't enforcing the same restrictions as the other two for a reason.
> Maybe it was just forgotten...
Well one can certainly imagine someone wanting to run it in that mode,
and "knowing" that it would be safe because they were going to be
careful not going to use memaccess on pages on which a DMA was going to
happen. I think in that situation, a developer would probably want to
know that their assumption was wrong immediately (by having the IOMMU
fault perhaps crash the domain), than have to figure out that their
assumption was wrong by having unexplainable results.
If memaccess + passthru is enabled by default at the moment, there may
be an argument for disabling it by default, perhaps with an override for
those who want the ability to shoot themselves in the foot. But I don't
think that silent violations of the memaccess "promise" is better than
just having the IOMMU faults; so I don't think that's an argument for
implementing non-shared IOMMU superpages.
-George
next prev parent reply other threads:[~2014-06-02 15:03 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-10 6:14 [PATCH] Don't track all memory when enabling log dirty to track vram Yang Zhang
2014-02-10 8:03 ` Tim Deegan
2014-02-10 8:15 ` Zhang, Yang Z
2014-02-11 9:02 ` Tim Deegan
2014-02-11 10:59 ` George Dunlap
2014-02-11 11:55 ` Tim Deegan
2014-02-11 12:57 ` Jan Beulich
2014-02-11 15:55 ` George Dunlap
2014-02-12 0:53 ` Zhang, Yang Z
2014-02-13 15:46 ` George Dunlap
2014-02-13 15:55 ` Jan Beulich
2014-02-13 16:20 ` Tim Deegan
2014-02-13 16:25 ` George Dunlap
2014-02-13 16:45 ` Processed: " xen
2014-02-17 10:18 ` Jan Beulich
2014-02-17 12:23 ` George Dunlap
2014-02-17 12:37 ` Jan Beulich
2014-02-17 14:51 ` George Dunlap
2014-02-17 15:05 ` Jan Beulich
2014-02-18 3:14 ` Zhang, Yang Z
2014-02-18 10:26 ` George Dunlap
2014-02-19 1:28 ` Zhang, Yang Z
2014-02-19 8:55 ` Jan Beulich
2014-02-19 11:03 ` George Dunlap
2014-02-19 11:13 ` Jan Beulich
2014-02-19 11:17 ` George Dunlap
2014-02-17 15:00 ` Jan Beulich
2014-02-18 3:25 ` Zhang, Yang Z
2014-02-18 8:45 ` Jan Beulich
2014-02-18 11:46 ` Jan Beulich
2014-02-18 15:28 ` Jan Beulich
2014-02-19 6:40 ` Xu, Dongxiao
2014-02-19 1:17 ` Zhang, Yang Z
2014-02-19 8:50 ` Jan Beulich
2014-02-18 8:30 ` Jan Beulich
2014-05-19 7:48 ` Zhang, Yang Z
2014-05-19 9:03 ` Jan Beulich
2014-05-20 3:09 ` Zhang, Yang Z
2014-05-20 7:17 ` Jan Beulich
2014-05-19 13:27 ` George Dunlap
2014-05-19 13:50 ` Jan Beulich
2014-05-19 13:59 ` George Dunlap
2014-05-19 14:19 ` Jan Beulich
2014-05-20 3:13 ` Zhang, Yang Z
2014-05-20 7:20 ` Jan Beulich
2014-05-20 10:12 ` George Dunlap
2014-05-20 10:46 ` Jan Beulich
2014-05-21 1:02 ` Zhang, Yang Z
2014-05-21 7:49 ` Jan Beulich
2014-05-21 8:37 ` Zhang, Yang Z
2014-05-21 9:58 ` Jan Beulich
2014-05-23 6:42 ` Jan Beulich
2014-05-26 8:16 ` Zhang, Yang Z
2014-05-26 9:04 ` Jan Beulich
2014-05-31 1:26 ` Nakajima, Jun
2014-06-02 6:55 ` Jan Beulich
2014-06-02 14:06 ` George Dunlap
2014-06-02 14:27 ` Jan Beulich
2014-06-02 15:03 ` George Dunlap [this message]
2014-02-10 10:42 ` Andrew Cooper
2014-02-10 16:13 ` George Dunlap
2014-02-10 16:30 ` Processed: " xen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538C9238.5080701@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=jun.nakajima@intel.com \
--cc=keir.xen@gmail.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
--cc=xiantao.zhang@intel.com \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).