On 10.02.2021 12:40, Julien Grall wrote: > On 10/02/2021 11:38, Jan Beulich wrote: >> On 10.02.2021 12:34, Roger Pau Monné wrote: >>> On Wed, Feb 10, 2021 at 12:10:09PM +0100, Jan Beulich wrote: >>>> On 10.02.2021 09:29, Roger Pau Monné wrote: >>>>> I get the feeling this is just papering over an existing issue instead >>>>> of actually fixing it: IOMMU page tables need to be properly freed >>>>> during early failure. >>>> >>>> I take a different perspective: IOMMU page tables shouldn't >>>> get created (yet) at all in the course of >>>> XEN_DOMCTL_createdomain - this op is supposed to produce an >>>> empty container for a VM. >>> >>> The same would apply for CPU page-tables then, yet they seem to be >>> created and populating them (ie: adding the lapic access page) doesn't >>> leak such entries, which points at an asymmetry. Either we setup both >>> tables and handle freeing them properly, or we set none of them. >> >> Where would CPU page tables get created from at this early stage? > > When mapping the APIC page in the P2M. I don't think you can get away > with removing it completely.
It doesn't need putting in the p2m this early. It would be quite fine to defer this until e.g. the first vCPU gets created. Jan
