[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 20/22] xen/arm: ITS: Map ITS translation space

To: Marc Zyngier <marc.zyngier@xxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>
From: Ian Campbell <ian.campbell@xxxxxxxxxx>
Date: Wed, 2 Sep 2015 16:45:17 +0100
Cc: Michal Marek <mmarek@xxxxxxx>, "vijay.kilari@xxxxxxxxx" <vijay.kilari@xxxxxxxxx>, Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxxxxx>, "manish.jaggi@xxxxxxxxxxxxxxxxxx" <manish.jaggi@xxxxxxxxxxxxxxxxxx>, "tim@xxxxxxx" <tim@xxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "stefano.stabellini@xxxxxxxxxx" <stefano.stabellini@xxxxxxxxxx>, Vijaya Kumar K <Vijaya.Kumar@xxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 02 Sep 2015 15:51:14 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2015-08-18 at 23:37 +0100, Marc Zyngier wrote:
> On Tue, 18 Aug 2015 20:14:43 +0100 Julien Grall <julien.grall@xxxxxxxxxx> 
> wrote:
> 
> > Marc pointed me today that if the processor is writing into 
> > GITS_TRANSLATER it may be able to deadlock the system.
> > 
> > Reading more closely the spec (8.1.3 IHI0069A), there is undefined 
> > behavior when writing to this register with wrong access size.
> > 
> > Currently the page table are shared between the processor and the SMMU, 
> > 
> > so that means that a domain will be able to deadlock the processor and 
> > therefore the whole platform.
> 
> Indeed. A CPU should *never* be able to write to the GITS_TRANSLATER
> register. What would be the meaning anyway? How would a DeviceID be
> sampled? This is definitely UNPREDICTIBLE territory, and you want to
> make sure a guest cannot directly write to the HW.
> 
> > So we should never expose GITS_TRANSLATER into the processor page 
> > table. 
> > Which means unsharing some parts if not all of the page tables between 
> > the processor and the SMMU.
> 
> Agreed. It looks to me like the CPU should only see the the virtual
> ITS, and nothing else.

It's rather unfortunate that using an ITS therefore precludes sharing stage
-2 page tables between MMU and SMMU, which it seems otherwise the
architecture designers have tried hard to allow.

Do you know if this will be fixed in some future revision (although given
we now need to have the functionality anyway I'm not sure it help more than
 saving a few pages of memory :-()

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v5 20/22] xen/arm: ITS: Map ITS translation space
  - From: Marc Zyngier

Prev by Date: [Xen-devel] [OSSTEST PATCH 05/13] Planner: client side: $mayalloc parameter to $resourcecall->()
Next by Date: [Xen-devel] [OSSTEST PATCH 01/13] Tcl: Use lshift instead of open-coding with lrange
Previous by thread: [Xen-devel] [OSSTEST RFC PATCH 00/13] Planner: Performance improvement
Next by thread: Re: [Xen-devel] [PATCH v5 20/22] xen/arm: ITS: Map ITS translation space
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.