[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash() inside iommu_map/unmap_page()

Re-adding the cc-list...

> -----Original Message-----
> From: Paul Durrant
> Sent: 05 October 2018 11:27
> To: George Dunlap <George.Dunlap@xxxxxxxxxx>
> Subject: RE: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash()
> inside iommu_map/unmap_page()
> 
> > -----Original Message-----
> > From: George Dunlap
> > Sent: 05 October 2018 11:25
> > To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> > Subject: Re: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash()
> > inside iommu_map/unmap_page()
> >
> > [Sorry, my mail client crashed and I can’t figure out how to make it re-
> > edit this draft, so I’m replying to it instead.]
> >
> > > On Oct 5, 2018, at 11:22 AM, George Dunlap <George.Dunlap@xxxxxxxxxx>
> > wrote:
> > >
> > >
> > >
> > >> On Oct 5, 2018, at 10:02 AM, Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> > wrote:
> > >>
> > >>> -----Original Message-----
> > >>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> > >>> Sent: 05 October 2018 08:33
> > >>> To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> > >>> Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; George Dunlap
> > >>> <George.Dunlap@xxxxxxxxxx>; Ian Jackson <Ian.Jackson@xxxxxxxxxx>;
> Wei
> > Liu
> > >>> <wei.liu2@xxxxxxxxxx>; Jun Nakajima <jun.nakajima@xxxxxxxxx>;
> Stefano
> > >>> Stabellini <sstabellini@xxxxxxxxxx>; xen-devel <xen-
> > >>> devel@xxxxxxxxxxxxxxxxxxxx>; Konrad Rzeszutek Wilk
> > >>> <konrad.wilk@xxxxxxxxxx>; Tim (Xen.org) <tim@xxxxxxx>
> > >>> Subject: Re: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash()
> > >>> inside iommu_map/unmap_page()
> > >>>
> > >>>>>> On 04.10.18 at 18:36, <Paul.Durrant@xxxxxxxxxx> wrote:
> > >>>> I still think an implicit domain_crash() doesn't really belong in
> > >>> something
> > >>>> that looks like a straightforward wrapper around a per-
> implementation
> > >>> jump
> > >>>> table. How about iommu_map/unmap_may_crash() instead to highlight
> the
> > >>>> semantic?
> > >>>
> > >>> If anything then the other way around, i.e. iommu_unmap_no_crash(),
> > >>> such that only callers who explicitly mean to deal with the crashing
> > >>> themselves would use the otherwise insecure variant.
> > >>>
> > >>
> > >> Ok. George, what is your preference?
> > >>
> > >> At this point my proposal is to drop this patch and replace it with
> one
> > that removes the implicit crash from from everything except the unmap. I
> > can then introduce a 'nocrash' variant of unmap if I need it... although
> > I'm no longer convinced I can really do anything else if a PV-IOMMU
> unmap
> > fails.
> > >
> > > Sorry, ‘mayfail’ was meant to be short for “may fail [without crashing
> > the guest]”; as opposed to “must succeed [or crash the guest]”.  IOW, I
> > agree with Jan that the default should be to crash the guest unless the
> > caller explicitly opts to handle the failure themselves.  Don’t have a
> > strong opinion on the name.
> 
> But for mapping too? It seems unnecessary to crash the domain in that
> case.
> 
>   Paul
> 
> > >
> > >  -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.