Re-adding the cc-list... > -----Original Message----- > From: Paul Durrant > Sent: 05 October 2018 11:27 > To: George Dunlap <george.dun...@citrix.com> > Subject: RE: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash() > inside iommu_map/unmap_page() > > > -----Original Message----- > > From: George Dunlap > > Sent: 05 October 2018 11:25 > > To: Paul Durrant <paul.durr...@citrix.com> > > Subject: Re: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash() > > inside iommu_map/unmap_page() > > > > [Sorry, my mail client crashed and I can’t figure out how to make it re- > > edit this draft, so I’m replying to it instead.] > > > > > On Oct 5, 2018, at 11:22 AM, George Dunlap <george.dun...@citrix.com> > > wrote: > > > > > > > > > > > >> On Oct 5, 2018, at 10:02 AM, Paul Durrant <paul.durr...@citrix.com> > > wrote: > > >> > > >>> -----Original Message----- > > >>> From: Jan Beulich [mailto:jbeul...@suse.com] > > >>> Sent: 05 October 2018 08:33 > > >>> To: Paul Durrant <paul.durr...@citrix.com> > > >>> Cc: Andrew Cooper <andrew.coop...@citrix.com>; George Dunlap > > >>> <george.dun...@citrix.com>; Ian Jackson <ian.jack...@citrix.com>; > Wei > > Liu > > >>> <wei.l...@citrix.com>; Jun Nakajima <jun.nakaj...@intel.com>; > Stefano > > >>> Stabellini <sstabell...@kernel.org>; xen-devel <xen- > > >>> de...@lists.xenproject.org>; Konrad Rzeszutek Wilk > > >>> <konrad.w...@oracle.com>; Tim (Xen.org) <t...@xen.org> > > >>> Subject: Re: [Xen-devel] [PATCH v14 4/9] iommu: don't domain_crash() > > >>> inside iommu_map/unmap_page() > > >>> > > >>>>>> On 04.10.18 at 18:36, <paul.durr...@citrix.com> wrote: > > >>>> I still think an implicit domain_crash() doesn't really belong in > > >>> something > > >>>> that looks like a straightforward wrapper around a per- > implementation > > >>> jump > > >>>> table. How about iommu_map/unmap_may_crash() instead to highlight > the > > >>>> semantic? > > >>> > > >>> If anything then the other way around, i.e. iommu_unmap_no_crash(), > > >>> such that only callers who explicitly mean to deal with the crashing > > >>> themselves would use the otherwise insecure variant. > > >>> > > >> > > >> Ok. George, what is your preference? > > >> > > >> At this point my proposal is to drop this patch and replace it with > one > > that removes the implicit crash from from everything except the unmap. I > > can then introduce a 'nocrash' variant of unmap if I need it... although > > I'm no longer convinced I can really do anything else if a PV-IOMMU > unmap > > fails. > > > > > > Sorry, ‘mayfail’ was meant to be short for “may fail [without crashing > > the guest]”; as opposed to “must succeed [or crash the guest]”. IOW, I > > agree with Jan that the default should be to crash the guest unless the > > caller explicitly opts to handle the failure themselves. Don’t have a > > strong opinion on the name. > > But for mapping too? It seems unnecessary to crash the domain in that > case. > > Paul > > > > > > > -George
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
