From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Xu, Quan" <quan.xu@intel.com>,
"'jbeulich@suse.com'" <jbeulich@suse.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"'keir@xen.org'" <keir@xen.org>, "'tim@xen.org'" <tim@xen.org>,
"'george.dunlap@eu.citrix.com'" <george.dunlap@eu.citrix.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
"Wu, Feng" <feng.wu@intel.com>,
"'xen-devel@lists.xen.org'" <xen-devel@lists.xen.org>
Subject: Re: [PATCH v3 0/2] VT-d flush issue
Date: Sun, 20 Dec 2015 15:51:42 +0000 [thread overview]
Message-ID: <5676CE8E.3090800@citrix.com> (raw)
In-Reply-To: <945CA011AD5F084CBEA3E851C0AB28894B7FBC68@SHSMSX101.ccr.corp.intel.com>
On 20/12/15 13:57, Xu, Quan wrote:
>> On 12.12.2015 at 9:22pm, <quan.xu@intel.com> wrote:
>> This patches are based on Kevin Tian's previous discussion 'Revisit
>> VT-d asynchronous flush issue'.
>> Fix current timeout concern and also allow limited ATS support in a light way:
>
>> 2. Fix vt-d flush timeout issue.
>>
>> If IOTLB/Context/IETC flush is timeout, we should think all
>> devices under this IOMMU cannot function correctly.
>> So for each device under this IOMMU we'll mark it as unassignable
>> and kill the domain owning the device.
>>
> Hi,
>
> Through research and investigation, when IEC/Iotlb/Context are flush error(VT-d is bug),
> IMO it is unavoidable to panic. The following are some reasons:
>
> 1. The below is the general platform topology, illustrated by VT-d spec.
> VT-d is a key component of the platform infrastructure in virtualization usage,
> providing DMA/Intr remapping capabilities.
> If such a key component VT-d is bug, it can't provide reliability for recording
> and reporting of DMA/Intr error to VMM that may otherwise corrupt memory or
> impact VM isolation.
>
>
> Processor ... Processor
> --------- ---------
> ^
> |
>
> North Bridge
> -------------- <---> DRAM
> DMA/Intr Remapping
>
> ^^^^
> |||| PCIe Devices
> vvvv
>
>
>
> 2. If VT-d is bug, does the hardware_domain continue to work with PCIe Devices / DRAM well with DMA remapping error?
> I think it is no. furthermore, i think VMM can NOT run a normal HVM domain without device-passthrough.
>
> 3. There are so many reasons for IEC/iotlb/Conetxt flush, .i.e. msi/ept... update.
> It distributed across the VMM source code, it is challenge to make sure callers actually honor errors
> and check all the way up the call trees. it looks like rewriting VMM source code.
>
> 4. Much more detail, some flush errors are very tricky. .i.e. how to deal with msi free with IEC flush error,
> restore or ignore it?
>
>
> Welcome your comments and correct me if i am wrong. thanks.
>
> -Quan
I believe everywhere you say "is bug", you mean "is buggy".
I agree that, if the remapping engine itself is buggy, Xen can't be
certain about anything else functioning correctly.
However, there are many errors the remapping engine could generate which
are not because it itself is buggy. These could be because of a
downstream device misbehaving, or because the remapping engine was
incorrectly programmed. These cases should not be able to directly
cause a crash.
In the case of a buggy device, it doesn't matter if it, and all its
resources, are left in stuck state; it can be ignored and the rest of
the host can try to continue normally.
For point 3 specifically. The code is indeed currently broken, and
needs fixing, one way or another. It is sad that we are still suffering
from lots of very poor quality code submitted in the past.
Even in the case that we discover that a remapping engine itself is
buggy, it is likely not to be the only remapping engine in the system.
If it can be safely disabled, the host has a good chance of being able
to continue sensibly.
~Andrew
next prev parent reply other threads:[~2015-12-20 15:51 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-20 13:57 [PATCH v3 0/2] VT-d flush issue Xu, Quan
2015-12-20 15:51 ` Andrew Cooper [this message]
2015-12-21 11:46 ` Jan Beulich
2015-12-21 12:28 ` Xu, Quan
2015-12-21 12:50 ` Jan Beulich
2015-12-21 13:08 ` Xu, Quan
2015-12-21 13:22 ` Jan Beulich
2015-12-21 13:35 ` Xu, Quan
2015-12-21 14:08 ` Xu, Quan
2015-12-21 14:16 ` Jan Beulich
2015-12-21 14:31 ` Xu, Quan
2015-12-21 14:52 ` Jan Beulich
2015-12-21 15:15 ` Xu, Quan
2015-12-22 7:40 ` Wu, Feng
2015-12-22 8:01 ` Jan Beulich
2015-12-22 8:10 ` Wu, Feng
2015-12-22 8:20 ` Jan Beulich
2015-12-22 8:10 ` Xu, Quan
2015-12-22 8:27 ` Jan Beulich
2015-12-22 8:43 ` Xu, Quan
2015-12-22 9:08 ` Jan Beulich
2015-12-22 9:18 ` Xu, Quan
2015-12-22 10:26 ` Xu, Quan
2015-12-23 6:21 ` Tian, Kevin
2015-12-21 12:44 ` Xu, Quan
-- strict thread matches above, loose matches on Subject: below --
2015-12-12 13:21 Quan Xu
2015-12-19 14:01 ` Xu, Quan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5676CE8E.3090800@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=feng.wu@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=quan.xu@intel.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).