On Wed, Feb 10, 2021 at 11:48:40AM +0000, Julien Grall wrote: > > > On 10/02/2021 11:45, Jan Beulich wrote: > > On 10.02.2021 12:40, Julien Grall wrote: > > > On 10/02/2021 11:38, Jan Beulich wrote: > > > > On 10.02.2021 12:34, Roger Pau Monné wrote: > > > > > On Wed, Feb 10, 2021 at 12:10:09PM +0100, Jan Beulich wrote: > > > > > > On 10.02.2021 09:29, Roger Pau Monné wrote: > > > > > > > I get the feeling this is just papering over an existing issue > > > > > > > instead > > > > > > > of actually fixing it: IOMMU page tables need to be properly freed > > > > > > > during early failure. > > > > > > > > > > > > I take a different perspective: IOMMU page tables shouldn't > > > > > > get created (yet) at all in the course of > > > > > > XEN_DOMCTL_createdomain - this op is supposed to produce an > > > > > > empty container for a VM. > > > > > > > > > > The same would apply for CPU page-tables then, yet they seem to be > > > > > created and populating them (ie: adding the lapic access page) doesn't > > > > > leak such entries, which points at an asymmetry. Either we setup both > > > > > tables and handle freeing them properly, or we set none of them. > > > > > > > > Where would CPU page tables get created from at this early stage? > > > > > > When mapping the APIC page in the P2M. I don't think you can get away > > > with removing it completely. > > > > It doesn't need putting in the p2m this early. It would be quite > > fine to defer this until e.g. the first vCPU gets created. > > It feels wrong to me to setup a per-domain mapping when initializing the > first vCPU. > > But, I was under the impression that there is plan to remove > XEN_DOMCTL_max_vcpus. So it would only buy just a bit of time...
I was also under that impression. We could setup the lapic access page at vlapic_init for the BSP (which is part of XEN_DOMCTL_max_vcpus ATM). But then I think there should be some kind of check to prevent populating either the CPU or the IOMMU page tables at domain creation hypercall, and so the logic to free CPU table tables on failure could be removed. Roger.
