On Mon, Feb 22, 2021 at 08:51:59AM +0100, Jan Beulich wrote:
> On 19.02.2021 18:05, Ian Jackson wrote:
> > Jan Beulich writes ("Re: [PATCH v2] VMX: use a single, global APIC access
> > page"):
> >> While this patch was triggered not just by Julien's observation of
> >> the early p2m insertion being a problem, but also many earlier
> >> times of running into this odd code, it is - especially at this
> >> stage - perhaps a possible option to split the change into just
> >> the movement of the set_mmio_p2m_entry() invocation and all the
> >> rest, in order to defer that rest until after 4.15.
> >
> > I infer that this contains a bugfix, but perhaps other
> > changes/improvements too.
> >
> > George, I think you're our expert on this refcounting stuff - what do
> > you think of this ?
> >
> > I guess my key question is whether this change will introduce risk by
> > messing with the complex refcounting machineryt - or remove it by
> > removing an interaction with the refcounting.
>
> If anything, then the latter, but largely neither afaict - there's no
> change in this regard here at all as far as the guest could affect
> behavior, due to the page getting inserted as p2m_mmio_direct, and
> guest_remove_page() having
>
> if ( p2mt == p2m_mmio_direct )
> {
> rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K);
> goto out_put_gfn;
> }
>
> before any refcounting logic is reached. The removal of interaction
> is because now the page doesn't get associated with a domain (and
> hence doesn't become subject to refcounting) at all.
>
> The risk of the change stems from going from using a per-domain
> page to using a single, system-wide one, which indeed was the subject
> of v1 discussion. In any event the consideration towards splitting
> the change would cover either concern. Perhaps I should really do so
> and submit as v3 ...
I agree it would be less risky to keep using a per-domain page, and
switch to a global one after the release. From the discussion in v1 I
don't think we where able to spot any specific issues apart from
guests possibly being able to access shared data in this page from
passthrough devices. I would at least feel more confortable with
that approach given the point we are in the release process.
Thanks, Roger.
