On 11/08/2020 18:09, Oleksandr wrote:
On 05.08.20 12:32, Julien Grall wrote:
Hi Julien, Stefano
diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h
index 5fdb6e8..5823f11 100644
--- a/xen/include/asm-arm/p2m.h
+++ b/xen/include/asm-arm/p2m.h
@@ -385,10 +385,11 @@ static inline int set_foreign_p2m_entry(struct
domain *d, unsigned long gfn,
mfn_t mfn)
{
/*
- * NOTE: If this is implemented then proper reference counting of
- * foreign entries will need to be implemented.
+ * XXX: handle properly reference. It looks like the page may
not always
+ * belong to d.
Just as a reference, and without taking away anything from the comment,
I think that QEMU is doing its own internal reference counting for these
mappings.
I am not sure how this matters here? We can't really trust the DM to
do the right thing if it is not running in dom0.
But, IIRC, the problem is some of the pages doesn't belong to do a
domain, so it is not possible to treat them as foreign mapping (e.g.
you wouldn't be able to grab a reference). This investigation was done
a couple of years ago, so this may have changed in recent Xen.
Well, emulator is going to be used in driver domain, so this TODO must
be resolved. I suspect that the check for a hardware domain in
acquire_resource() which I skipped in a hackish way [1] could be simply
removed once proper reference counting is implemented in Xen, correct?
It depends how you are going to solve it. If you manage to solve it in a
generic way, then yes you could resolve. If not (i.e. it is solved in an
arch-specific way), we would need to keep the check on arch that are not
able to deal with it. See more below.
Could you please provide some pointers on that problem? Maybe some
questions need to be investigated again? Unfortunately, it is not
completely clear to me the direction to follow...
***
I am wondering whether the similar problem exists on x86 as well?
It is somewhat different. On Arm, we are able to handle properly foreign
mapping (i.e. mapping page from a another domain) as we would grab a
reference on the page (see XENMAPSPACE_gmfn_foreign handling in
xenmem_add_to_physmap()). The reference will then be released when the
entry is removed from the P2M (see p2m_free_entry()).
If all the pages given to set_foreign_p2m_entry() belong to a domain,
then you could use the same approach.
However, I remember to run into some issues in some of the cases. I had
a quick looked at the caller and I wasn't able to find any use cases
that may be an issue.
The refcounting in the IOREQ code has changed after XSA-276 (this was
found while working on the Arm port). Probably the best way to figure
out if it works would be to try it and see if it fails.
Note that set_foreign_p2m_entry() doesn't have a parameter for the
foreign domain. You would need to add a extra parameter for this.
The
FIXME tag (before checking for a hardware domain in acquire_resource())
in the common code makes me think it is a common issue. From other side
x86's
implementation of set_foreign_p2m_entry() is exists unlike Arm's one
(which returned -EOPNOTSUPP so far). Or these are unrelated?
At the moment, x86 doesn't support refcounting for foreign mapping.
Hence the reason to restrict them to the hardware domain.
***
[1] https://lists.xen.org/archives/html/xen-devel/2020-08/msg00075.html
Cheers,
--
Julien Grall
