|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] x86/mem_sharing: use default_access in add_to_physmap
commit 2575d77a678ec3156f537b012eb5e797917d4025
Author: Tamas K Lengyel <tamas.lengyel@xxxxxxxxx>
AuthorDate: Wed Feb 5 13:53:14 2020 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Feb 5 13:53:14 2020 +0100
x86/mem_sharing: use default_access in add_to_physmap
When plugging a hole in the target physmap don't use the access permission
returned by __get_gfn_type_access as it is non-sensical (p2m_access_n) in
the use-case add_to_physmap was intended to be used in. It leads to
vm_events
being sent out for access violations at unexpected locations. Make use of
p2m->default_access instead and document the ambiguity surrounding "hole"
types and corner-cases with custom mem_access being set on holes.
Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/mm/mem_sharing.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 2b3be5b125..3835bc928f 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1061,6 +1061,29 @@ err_out:
return ret;
}
+/*
+ * This function is intended to be used for plugging a "hole" in the client's
+ * physmap with a shared memory entry. Unfortunately the definition of a "hole"
+ * is currently ambigious. There are two cases one can run into a "hole":
+ * 1) there is no pagetable entry at all
+ * 2) there is a pagetable entry with a type that passes p2m_is_hole
+ *
+ * The intended use-case for this function is case 1.
+ *
+ * During 1) the mem_access being returned is p2m_access_n and that is
+ * incorrect to be applied to the new entry being added the client physmap,
+ * thus we make use of the p2m->default_access instead.
+ * When 2) is true it is possible that the existing pagetable entry also has
+ * a mem_access permission set, which could be p2m_access_n. Since we can't
+ * differentiate whether we are in case 1) or 2), we default to using the
+ * access permission defined as default for the p2m, thus in
+ * case 2) overwriting any custom mem_access permission the user may have set
+ * on a hole page. Custom mem_access permissions being set on a hole are
+ * unheard of but technically possible.
+ *
+ * TODO: to properly resolve this issue implement differentiation between the
+ * two "hole" types.
+ */
static
int add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle_t sh,
struct domain *cd, unsigned long cgfn, bool lock)
@@ -1071,11 +1094,10 @@ int add_to_physmap(struct domain *sd, unsigned long
sgfn, shr_handle_t sh,
p2m_type_t smfn_type, cmfn_type;
struct gfn_info *gfn_info;
struct p2m_domain *p2m = p2m_get_hostp2m(cd);
- p2m_access_t a;
struct two_gfns tg;
get_two_gfns(sd, _gfn(sgfn), &smfn_type, NULL, &smfn,
- cd, _gfn(cgfn), &cmfn_type, &a, &cmfn, 0, &tg, lock);
+ cd, _gfn(cgfn), &cmfn_type, NULL, &cmfn, 0, &tg, lock);
/* Get the source shared page, check and lock */
ret = XENMEM_SHARING_OP_S_HANDLE_INVALID;
@@ -1110,7 +1132,7 @@ int add_to_physmap(struct domain *sd, unsigned long sgfn,
shr_handle_t sh,
}
ret = p2m_set_entry(p2m, _gfn(cgfn), smfn, PAGE_ORDER_4K,
- p2m_ram_shared, a);
+ p2m_ram_shared, p2m->default_access);
/* Tempted to turn this into an assert */
if ( ret )
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |