From: "Jan Beulich" <JBeulich@suse.com>
To: Wei Ye <wei.ye@intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>, "keir@xen.org" <keir@xen.org>,
"ian.campbell@citrix.com" <ian.campbell@citrix.com>,
"stefano.stabellini@eu.citrix.com"
<stefano.stabellini@eu.citrix.com>, "tim@xen.org" <tim@xen.org>,
"ian.jackson@eu.citrix.com" <ian.jackson@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"Paul.Durrant@citrix.com" <Paul.Durrant@citrix.com>,
Zhiyuan Lv <zhiyuan.lv@intel.com>
Subject: Re: [PATCH v1 0/2] Extend ioreq-server to support page write protection
Date: Mon, 04 Aug 2014 08:35:06 +0100 [thread overview]
Message-ID: <53DF53CA0200007800028CF4@mail.emea.novell.com> (raw)
In-Reply-To: <76A3A946BA26DE4F9D9D5090FFA4A649318AB1@SHSMSX101.ccr.corp.intel.com>
>>> On 04.08.14 at 07:05, <wei.ye@intel.com> wrote:
>
>> -----Original Message-----
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>> Sent: Monday, July 28, 2014 4:25 PM
>> To: Ye, Wei
>> Cc: ian.campbell@citrix.com; Paul.Durrant@citrix.com;
>> ian.jackson@eu.citrix.com; stefano.stabellini@eu.citrix.com; xen-
>> devel@lists.xen.org; keir@xen.org
>> Subject: Re: [PATCH v1 0/2] Extend ioreq-server to support page write
>> protection
>>
>> >>> On 28.07.14 at 19:55, <wei.ye@intel.com> wrote:
>> > ioreq-server is proposed to forward PIO and MMIO request to multiple
>> > device models according to the io range. XenGT (Intel Graphics
>> > Virtualization technology, please refer to
>> > https://01.org/xen/blogs/srclarkx/2013/graphics-virtualization-
>> > xengt) driver reside in Dom0 as a virtual graphics device model also
>> > need to trap and emulate the guest's write operation to some specific
>> > memory pages, like the memory pages used by guest graphics driver as
>> > PPGTT(per-process graphics translation table). We add an new p2m type
>> > "p2m_ram_wp" to trap the page write operation. Page of this new p2m
>> > type is read only and for write, the request will go to device model
>> > via ioreq-server.
>>
>> So how is this write-protection supposed to work on the IOMMU side when
>> sharing page tables?
>
> Thanks for pointing out this question. Write-protection is not supposed to
> work when sharing page tables between EPT and vt-d.
> An explicit command line "iommu=no-sharept" should be setted for avoiding
> undesirable iommu fault.
Requiring the unconditional use of a specific command line option is
certainly fine for experimental code, but not beyond that. Behavior
should be correct by default in production code.
But what's worse here: The option _allows_ device side writes from
the guest. Why would device side writes be okay, but CPU side ones
not?
Jan
next prev parent reply other threads:[~2014-08-04 7:35 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-28 17:55 [PATCH v1 0/2] Extend ioreq-server to support page write protection Wei Ye
2014-07-28 8:24 ` Jan Beulich
2014-08-04 5:05 ` Ye, Wei
2014-08-04 7:35 ` Jan Beulich [this message]
2014-08-04 21:34 ` Tian, Kevin
2014-08-05 6:35 ` Jan Beulich
2014-08-05 6:46 ` Ye, Wei
2014-08-05 7:51 ` Jan Beulich
2014-08-05 7:35 ` Zhang, Yang Z
2014-08-05 7:51 ` Jan Beulich
2014-08-05 8:20 ` Ye, Wei
2014-08-05 15:41 ` Tian, Kevin
2014-08-06 2:11 ` Zhang, Yang Z
2014-08-06 2:33 ` Tian, Kevin
2014-08-06 2:40 ` Zhang, Yang Z
2014-08-06 2:49 ` Tian, Kevin
2014-08-06 2:50 ` Tian, Kevin
2014-08-06 3:04 ` Zhang, Yang Z
2014-08-06 15:00 ` Konrad Rzeszutek Wilk
2014-08-06 16:08 ` Tian, Kevin
2014-08-07 6:45 ` Jan Beulich
2014-08-07 16:28 ` Tian, Kevin
2014-08-08 6:32 ` Jan Beulich
2014-08-08 16:02 ` Tian, Kevin
2014-08-08 16:04 ` Tian, Kevin
2014-08-12 23:15 ` Ye, Wei
2014-08-13 8:38 ` Tim Deegan
2014-08-13 16:14 ` Tian, Kevin
2014-08-14 8:08 ` Tim Deegan
2014-08-14 17:49 ` Tian, Kevin
2014-08-14 20:25 ` Tim Deegan
2014-08-14 22:53 ` Tian, Kevin
2014-08-14 23:12 ` Jan Beulich
2014-08-14 23:33 ` Tian, Kevin
2014-08-06 17:38 ` Tian, Kevin
2014-07-28 17:55 ` [PATCH v1 1/2] x86: add p2m_ram_wp Wei Ye
2014-07-28 8:31 ` Jan Beulich
2014-08-04 5:10 ` Ye, Wei
2014-08-04 7:37 ` Jan Beulich
2014-08-05 7:09 ` Ye, Wei
2014-07-28 17:55 ` [PATCH v1 2/2] ioreq-server: Support scatter page forwarding Wei Ye
2014-07-28 8:57 ` Jan Beulich
2014-08-04 5:41 ` Ye, Wei
2014-08-04 7:47 ` Jan Beulich
2014-08-04 21:39 ` Tian, Kevin
2014-08-05 6:38 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53DF53CA0200007800028CF4@mail.emea.novell.com \
--to=jbeulich@suse.com \
--cc=Paul.Durrant@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=wei.ye@intel.com \
--cc=xen-devel@lists.xen.org \
--cc=zhiyuan.lv@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).