Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp7184802ybl; Wed, 15 Jan 2020 17:15:22 -0800 (PST) X-Google-Smtp-Source: APXvYqxLyQEibstEO2FhzoeSXyywqXQfPAuxWdFvepAHURDao35TblogjoUUJv5n3lMnhU+7G+EH X-Received: by 2002:a05:6830:1608:: with SMTP id g8mr93690otr.169.1579137322330; Wed, 15 Jan 2020 17:15:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579137322; cv=none; d=google.com; s=arc-20160816; b=JXZNWUzELbJrkZRQPk9CKlIvCIRvW0eUz512LroUno6D02O2mRZNKFcZulx7qB+JHy KQTVquHvKvFf/2L981Q16iOxVKm+nYZ+a+EifPobwd358SczpLI702GOabCZubpS2I4s +q363VbmctkZoZrPbYC1vqqsboE/hevGChMu5UxQ/yU+wu2FU0AZKC3D6qg03jlC93Me 70vxWk4ziVzZRWQftlQZoShwRUmcVMwwK1pzy4Kh5MImYncK3pRCGpaOBB1t3WzSbaVu W5Ivx+81Ks66OPGqAUIhM/FEl8+PptAs0upkl+YlI2WOS6G/hMQ+rl4dwjZv3vHgWqxy eaqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=bDGmmKR62/rJKWPi34OdOSl+RPEPQlXQTRCeFzErCqM=; b=BMixJYYdsaUGchZLMW9ozJWaqul+WRNC14rAoYQQkymNxYWmx4lAki0oXlXud2FH1o y/8azSoTTgPAhSnewmuAWazak1w5YUoOO9+cPtAOR3xLrvqSZfrBQMCjmnMExaMA2XWj 5C9M1OfEoabVeE5zyjAqcU5n77WX66EMteipg0dFPcaLiqG+FukTbpQVgvv1fOAxWtPF vlvecoqConax27Biar8BCmGDqzjdFn36CUnkPyoCXx7uElun1GmLn1BexDDm2hCgbLN6 8utynxeLhrprIXufSuhYowwnIwH+puNmZTrRcy0uXRBdC1qCnGm28IiWEdn5N8PBHFWJ 0hDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=MfKsFjnb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w18si11780620otj.148.2020.01.15.17.15.06; Wed, 15 Jan 2020 17:15:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=MfKsFjnb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730538AbgAOWcz (ORCPT + 99 others); Wed, 15 Jan 2020 17:32:55 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:33488 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728899AbgAOWcz (ORCPT ); Wed, 15 Jan 2020 17:32:55 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00FMNTgE079402; Wed, 15 Jan 2020 22:32:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2019-08-05; bh=bDGmmKR62/rJKWPi34OdOSl+RPEPQlXQTRCeFzErCqM=; b=MfKsFjnbwldOfD5DDxHQsHKZ6DKZnu+MD748kT200mUWlMIsHinIqSLG9IFdcGQPYMW+ gWz8F+ntGj08/KuMHKE2fqe18uCplprZSeDMEd0GwMr/KPuo4qC4kZrfN7XUCNOqNqcQ IcAcYVNHMynsLY8lNK0XFDgnHUNLlAbNQLVx0EUKWaY2IJM9l4tKJ3LBzjwGasoBcIk6 2UTMzJE6emrOgXrm1D+nQb1Qc7p4+/DxTSWpKRPuMIez1f5SOLbnQko6nkKEbdjzgwF/ BjaM23LV+mQMBwlQkcT1Xi1KvibdYGu1Xi2ZbHwmQJvXRinZepIOChJQ18RzpJq67NlX ag== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2120.oracle.com with ESMTP id 2xf73ty2ru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2020 22:32:37 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00FMNZgZ178613; Wed, 15 Jan 2020 22:32:37 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 2xj61kh35t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 15 Jan 2020 22:32:37 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 00FMWZ3d020744; Wed, 15 Jan 2020 22:32:36 GMT Received: from bostrovs-us.us.oracle.com (/10.152.32.65) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 15 Jan 2020 14:32:34 -0800 Subject: Re: [Xen-devel] [PATCH v4] xen-pciback: optionally allow interrupt enable flag writes To: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , =?UTF-8?Q?Marek_Marczykowski-G=c3=b3recki?= Cc: xen-devel@lists.xenproject.org, Juergen Gross , Stefano Stabellini , YueHaibing , open list , Simon Gaiser , Jan Beulich References: <20200115014643.12749-1-marmarek@invisiblethingslab.com> <20200115164815.GO11756@Air-de-Roger> From: Boris Ostrovsky Message-ID: <393ff73f-802c-9f1c-b739-4476388b6c98@oracle.com> Date: Wed, 15 Jan 2020 17:32:32 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20200115164815.GO11756@Air-de-Roger> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9501 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001150168 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9501 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001150168 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/15/20 11:48 AM, Roger Pau Monné wrote: > On Wed, Jan 15, 2020 at 02:46:29AM +0100, Marek Marczykowski-Górecki wrote: >> QEMU running in a stubdom needs to be able to set INTX_DISABLE, and the >> MSI(-X) enable flags in the PCI config space. This adds an attribute >> 'allow_interrupt_control' which when set for a PCI device allows writes >> to this flag(s). The toolstack will need to set this for stubdoms. >> When enabled, guest (stubdomain) will be allowed to set relevant enable >> flags, but only one at a time - i.e. it refuses to enable more than one >> of INTx, MSI, MSI-X at a time. >> >> This functionality is needed only for config space access done by device >> model (stubdomain) serving a HVM with the actual PCI device. It is not >> necessary and unsafe to enable direct access to those bits for PV domain >> with the device attached. For PV domains, there are separate protocol >> messages (XEN_PCI_OP_{enable,disable}_{msi,msix}) for this purpose. >> Those ops in addition to setting enable bits, also configure MSI(-X) in >> dom0 kernel - which is undesirable for PCI passthrough to HVM guests. >> >> This should not introduce any new security issues since a malicious >> guest (or stubdom) can already generate MSIs through other ways, see >> [1] page 8. Additionally, when qemu runs in dom0, it already have direct >> access to those bits. >> >> This is the second iteration of this feature. First was proposed as a >> direct Xen interface through a new hypercall, but ultimately it was >> rejected by the maintainer, because of mixing pciback and hypercalls for >> PCI config space access isn't a good design. Full discussion at [2]. >> >> [1]: https://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf >> [2]: https://xen.markmail.org/thread/smpgpws4umdzizze >> >> [part of the commit message and sysfs handling] >> Signed-off-by: Simon Gaiser >> [the rest] >> Signed-off-by: Marek Marczykowski-Górecki > Some minor nits below, but LGTM: > > Reviewed-by: Roger Pau Monné > >> >> diff --git a/Documentation/ABI/testing/sysfs-driver-pciback b/Documentation/ABI/testing/sysfs-driver-pciback >> index 6a733bfa37e6..566a11f2c12f 100644 >> --- a/Documentation/ABI/testing/sysfs-driver-pciback >> +++ b/Documentation/ABI/testing/sysfs-driver-pciback >> @@ -11,3 +11,16 @@ Description: >> #echo 00:19.0-E0:2:FF > /sys/bus/pci/drivers/pciback/quirks >> will allow the guest to read and write to the configuration >> register 0x0E. >> + >> +What: /sys/bus/pci/drivers/pciback/allow_interrupt_control >> +Date: Jan 2020 >> +KernelVersion: 5.5 5.6 I can fix this and the things that Roger mentioned while committing if Marek is OK with that. -boris