[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 14/14] vpci: add TODO for the registers not explicitly handled


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 13 Jan 2022 14:27:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Hr/t8T37Q00mcnVjaTYmfTJGntljtj+YTbwrqPBDY+g=; b=QGZdDair/CJH9//E5O7BR6mzqpKq+aKN3k8bAKWgJIxrCnE1AG1c3Svwto8lmqFv34XjP+Ms/5ij/yg//2T/9N/1MFM+t2yAQmw46yUETfdWPSsSLaR1bXEs6rYzEsT8xK5355icnTGGLyVlBEY+Iy9pAQqAAao+0xBMzXdaeTrTrUt38OlxQ2SmEDaLVJl/LIiNCJCEtsDlljn2HPgUb6mkC8XxP570v45WtV8vy3LMO9bQP+zB4iKmJi0TV09R8oo/kXivCmbUPn9S1ZmZFCwFiz7Sxk+yhLLkr+J4fVumDEzLHlCPL7vkcS4GmlOi72q9sVrRptlBHhglD0lHuQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dcu8ta2Ja8OwCMzOwGQiBhL++JVgkcGmS9+fV9qPTzSzm5GwKbh/9xcg/g7d+GxnLpOuWcCyJ7wO98NuaYF+cJH5CIZQcJvIOis4ilyS4AM1yoTovbV5oY4kL8MsQVIQUIOu16LwH4FPV7x1Qjne1NwzCZdzYNznW+4syf4g8Pm/F5t/7Tb6Zawgdm7j94e6Lfjo0qVMkIB3Z8dM1y+jyFQ1mGuC2qX7zh3SdE/lwc4aXCYDahnAjkSiEAXY4pgFQ6NKf/ycw/5JCtYG5wiHp9wpdxxLiANdZ80ApaW/04OnHxcN2pyVgSakXeuhVD3xhY7Jpq7572EZPJN5CuYPXw==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Oleksandr Andrushchenko <andr2000@xxxxxxxxx>, <julien@xxxxxxx>, <sstabellini@xxxxxxxxxx>, <oleksandr_tyshchenko@xxxxxxxx>, <volodymyr_babchuk@xxxxxxxx>, <Artem_Mygaiev@xxxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <george.dunlap@xxxxxxxxxx>, <paul@xxxxxxx>, <bertrand.marquis@xxxxxxx>, <rahul.singh@xxxxxxx>, Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 13 Jan 2022 13:28:18 +0000
  • Ironport-data: A9a23:GAqUTaqVyNxeNiWWmo0bpS7JGnpeBmLYYxIvgKrLsJaIsI4StFCzt garIBnVa//ZYGHzKI93YNi2/UhTsZbQyNEwTVRvqHpnESxHpJuZCYyVIHmrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlZT4vE2xbuKU5NTsY0idfic5Dndx4f5fs7Rh2NQw2IHiW1nlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnZ+xUSQTErLVpMEUSkhzCCteHJEb1qCSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4XTa2AP JBFAdZpRE3KYhtjBlRNM6sVk+q1plfccTBE9mvA8MLb5ECMlVcsgdABKuH9cNGQWd9cmEreo 2vc5nn4GTkTLtnZwj2Amlq0j/LLtTP2XsQVDrLQ3tdwnFCW8UkCBxQXWEWTrOGwjwi1XNc3A 1wZ/G8ioLY/8GSvT8LhRFuorXicpBkeVtFMVeog52mlza7Z4B2QAGQeeTdHZMY7r889RTEs1 VihksvgAHpkt7j9YWiU9qqQ6yizPycVBWYYYGkPSg5ty9v+pIA+iDrfQ9AlF7S65vX8Hz3qm WjS9AAxgrwSiYgA0KDT1VLNji+op5PJZhUo/QiRVWWghitnY4qia52t+ELs5/9KJ4aETXGMp HEB3cOZ6YgmCpWAlzeERukXK624/PaOMDDagllHEoEo8nKm/HvLVZtL/Dh0KUNtM8AFUTzke knevUVW/pA7AZexRfYpOcTrUZ1slPW+U4S+PhzJUjZQSptwbCy90D53WWuZxjHGi0IMsJ1iF 4jOJK5AEk0mIahgyTO3QcIU3rkq2j0yyAvveHzr8/i0+eHAPSDIEN/pJHPLN7lkt/3c/G055 v4Cb5Pi9vlJbAHpjsA7G6Y3JEtCE3U0DIueRyd/Jr/aeVoO9I3M5pbsLVIdl25Nw/U9egTgp CjVtqpkJLzX3y2vxeKiMCELVV8XdcwjxU/XxAR1VbpS51AtYJy08IAUfIYtcL8s+YRLlKAoF aFcIJ3eXqQUEFwrHgjxi7Gn/OSOkzzx1Gqz09eNOmBjL/aMuSSUkjMbQucf3HZXVXfm3SfPi 7ahyhnaUfI+q/dKV67rhAaU5wrp5xA1wbsqN2ORe4U7UBiyrOBCdnKg5tdqc5BkAUiSnVOyi lfJaSr0UMGQ+efZBvGT2/Ddx2poesMjdndn857ztufpZXKErzv6keetko+gJFjgaY89w437D c19xPDgKvwX2lFMtot3CbFwyqwiodDootdnIs5MRR0ntnynVeFtJGeox85KuvEfz7NVo1LuC EmO5sNbKfOCP8a8SAwdIw8sb+Ki0/AIm2aNsaRpcRuivCInrqCaVUhyPgWXjHAPJrVCL454k /wqv9Qb6lLjh0NyYMqGlC1d60+FMmcED/c8rpgfDYKy0lgrx1hObIbyECjz5J3TOdxAPlNze m2fhbbYhqQazU3HKiJhGX/I1OtbpJIPpBEVkwNSewXXwoLI36Zl0gdQ/DI7ShVu4i9Gi+8ja HJ2M0BVJLmV+2s6jsZ0QG3xSRpKAweU+xKtxgJRxnHZVUShSkfEMHY5ZbSW5Ekc/m9RImpb8 bWfxDq3WDrmZpisjC47WEojoP3/V91hsAbFnZn/TciCGpA7Zxvjg7OvOjVU+0e2X5tpiR2Vv /Ru8cZxdbb/ZHwZrKAMAoWH0agdFUKfL2tYTPA9pK4EEAkwot1pNeRi/6xpRv5wGg==
  • Ironport-hdrordr: A9a23:4/AZiK6vYhfEoOLo0gPXwVKBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc6AxwZJkh8erwXpVoZUmsiKKdhrNhQYtKPTOWwldASbsC0WKM+UyEJ8STzJ846U 4kSdkANDSSNykLsS+Z2njBLz9I+rDum8rE9ISurUuFDzsaEJ2Ihz0JezpzeXcGPTWua6BJc6 Z1saF81kSdkDksH46GL0hAe9KGi8zAlZrgbxJDLxk76DOWhTftzLLhCRCX0joXTjsKmN4ZgC T4uj28wp/mn+Cwyxfa2WOWx5NKmOH5wt8GIMCXkMAaJhjllw7tToV8XL+puiwzvYiUmRsXue iJhy1lE9V46nvXcG3wiRzx2zP42DJr0HPmwU/wuwqrneXJABYBT+ZRj4NQdRXUr2A6ustn7a 5N12WF87JKEBLphk3Glpn1fiAvsnDxjWspkOYVgXAae5AZcqVtoYsW+14QOIscHRj99JssHI BVfY/hDc5tABCnhk3izytSKITGZAV3Iv7GeDlMhiWt6UkXoJgjpHFogPD2nR87heQAotd/lq P5259T5cNzp/ktHNVA7dc6MLiK41P2MGfx2UKpUBza/fI8SjnwQ6Ce2sRA2AjtQu1P8KcP
  • Ironport-sdr: wpHwxOFac8K0LSiEBOOx7Afe6wQngGnT8OKlavs7vFueI/waP/m2JiGejdHkOLo5CRlMYMUQIg 3H1T6VJkQ11CKKvZNa2A3DG65lz21uSY/DlgQGx9YG9GkiiyLh6t1ZhIhQYe1bsTDPE+962onO CcZvJlNpT5A8uoo8INxXvHdG3BNwGuMv3yM8IVR0v73tpN3WvBuXKV7I6MvuudxXbSUU0NVbWR sdtUM/w7dIHC3+coUD7nfMeFnr3s2D377NHSuWn1mQjCckio7u76Dn17pgUcW0ALJXS9LTs7TE CuhshV+I4ia+nH5/ZN+6PlFT
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Nov 25, 2021 at 12:17:32PM +0100, Jan Beulich wrote:
> On 25.11.2021 12:02, Oleksandr Andrushchenko wrote:
> > From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
> > 
> > For unprivileged guests vpci_{read|write} need to be re-worked
> > to not passthrough accesses to the registers not explicitly handled
> > by the corresponding vPCI handlers: without fixing that passthrough
> > to guests is completely unsafe as Xen allows them full access to
> > the registers.
> > 
> > Xen needs to be sure that every register a guest accesses is not
> > going to cause the system to malfunction, so Xen needs to keep a
> > list of the registers it is safe for a guest to access.
> > 
> > For example, we should only expose the PCI capabilities that we know
> > are safe for a guest to use, i.e.: MSI and MSI-X initially.
> > The rest of the capabilities should be blocked from guest access,
> > unless we audit them and declare safe for a guest to access.
> > 
> > As a reference we might want to look at the approach currently used
> > by QEMU in order to do PCI passthrough. A very limited set of PCI
> > capabilities known to be safe for untrusted access are exposed to the
> > guest and registers need to be explicitly handled or else access is
> > rejected. Xen needs a fairly similar model in vPCI or else none of
> > this will be safe for unprivileged access.
> > 
> > Add the corresponding TODO comment to highlight there is a problem that
> > needs to be fixed.
> > 
> > Suggested-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> > Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
> 
> Looks okay to me in principle, but imo needs to come earlier in the
> series, before things actually get exposed to DomU-s.

Are domUs really allowed to use this code? Maybe it's done in a
separate series, but has_vpci is hardcoded to false on Arm, and
X86_EMU_VPCI can only be set for the hardware domain on x86.

Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.