[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 15/23] arch/x86: use XSM hooks for get_pg_owner access checks
At 10:37 -0500 on 30 Nov (1354271822), Daniel De Graaf wrote: > There are three callers of get_pg_owner: > * do_mmuext_op, which does not have XSM hooks on all subfunctions > * do_mmu_update, which has hooks that are inefficient > * do_update_va_mapping_otherdomain, which has a simple XSM hook > > In order to preserve return values for the do_mmuext_op hypercall, an > additional XSM hook is required to check the operation even for those > subfunctions that do not use the pg_owner field. This also covers the > MMUEXT_UNPIN_TABLE operation which did previously have an XSM hook. > > The XSM hooks in do_mmu_update were capable of replacing the checks in > get_pg_owner; however, the hooks are buried in the inner loop of the > function - not very good for performance when XSM is enabled and these > turn in to indirect function calls. This patch removes the PTE from the > hooks and replaces it with a bitfield describing what accesses are being > requested. The XSM hook can then be called only when additional bits are > set instead of once per iteration of the loop. > > This patch results in a change in the FLASK permissions used for mapping > an MMIO page: the target for the permisison check on the memory mapping > is no longer resolved to the device-specific type, and is instead either > the domain's own type or domio_t (depending on if the domain uses > DOMID_SELF or DOMID_IO in the map command). Device-specific access is > still controlled via the "resource use" permisison checked at domain > creation (or device hotplug). > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Acked-by: Jan Beulich <jbeulich@xxxxxxxx> > Cc: Tim Deegan <tim@xxxxxxx> > Cc: Keir Fraser <keir@xxxxxxx> Acked-by: Tim Deegan <tim@xxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |