On 10.02.2021 12:48, Julien Grall wrote: > > > On 10/02/2021 11:45, Jan Beulich wrote: >> On 10.02.2021 12:40, Julien Grall wrote: >>> On 10/02/2021 11:38, Jan Beulich wrote: >>>> On 10.02.2021 12:34, Roger Pau Monné wrote: >>>>> On Wed, Feb 10, 2021 at 12:10:09PM +0100, Jan Beulich wrote: >>>>>> On 10.02.2021 09:29, Roger Pau Monné wrote: >>>>>>> I get the feeling this is just papering over an existing issue instead >>>>>>> of actually fixing it: IOMMU page tables need to be properly freed >>>>>>> during early failure. >>>>>> >>>>>> I take a different perspective: IOMMU page tables shouldn't >>>>>> get created (yet) at all in the course of >>>>>> XEN_DOMCTL_createdomain - this op is supposed to produce an >>>>>> empty container for a VM. >>>>> >>>>> The same would apply for CPU page-tables then, yet they seem to be >>>>> created and populating them (ie: adding the lapic access page) doesn't >>>>> leak such entries, which points at an asymmetry. Either we setup both >>>>> tables and handle freeing them properly, or we set none of them. >>>> >>>> Where would CPU page tables get created from at this early stage? >>> >>> When mapping the APIC page in the P2M. I don't think you can get away >>> with removing it completely. >> >> It doesn't need putting in the p2m this early. It would be quite >> fine to defer this until e.g. the first vCPU gets created. > > It feels wrong to me to setup a per-domain mapping when initializing the > first vCPU.
Then we could do it even later. Any time up to when the domain would first get unpaused would do. Jan
