[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall

To: Julien Grall <julien.grall@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Wed, 2 Apr 2014 10:43:28 +0100
Cc: "paolo.valente@xxxxxxxxxx" <paolo.valente@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Dario Faggioli <dario.faggioli@xxxxxxxxxx>, "xen.org" <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>, Eric Trudeau <etrudeau@xxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Arianna Avanzini <avanzini.arianna@xxxxxxxxx>, "viktor.kleinik@xxxxxxxxxxxxxxx" <viktor.kleinik@xxxxxxxxxxxxxxx>
Delivery-date: Wed, 02 Apr 2014 09:44:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2014-04-01 at 17:00 +0100, Julien Grall wrote:
> >>>>> +        ret = -EINVAL;
> >>>>> +        if ( (mfn_end - 1) < mfn || /* wrap? */
> >>>>> +             ((mfn | (mfn_end - 1)) >> (paddr_bits - PAGE_SHIFT)) ||
> >>>>> +             (gfn_end - 1) < gfn ) /* wrap? */
> >>>>> +            return ret;
> > 
> > Is the solution to that not to add the checks rather than remove them?
> 
> Which check?

You were, I thought, proposing to remove some of the check quoted above
in the remove case? I was asking why we wouldn't instead check that the
given mfn is mapped by the given gfn.

>  To give an example:
>    In the p2m we have this list of directly MMIO
>          gfn 0xab => mfn 0x2b
>          gfn 0xac => mfn 0x2c
>          gfn 0xad => mfn 0x3b
>        gfn 0xae => mfn 0x3c
>    The current domain as permission on: 0x2b-0x2c
> 
> It's valid (but wrong) to call DOMCTL_memory_mapping with:
>    add = 0
>    gfn = 0xac
>    mfn = 0x2b
>    nr_mfns = 1
> 
> As you can see mfn doesn't match the gfn, but the code will let you do that.
> 
> What I suggest is two have something similar to:
>     for (i = 0; i < nr_mfns; i++)
>     {
>        mfn = p2m_lookup(d, gfn);
>        clear p2m
>        remove rigth
>     }

Over the range of gfns given by the hypercall this algorithm is O(n^2)
which we don't want. And it iterated over all guest mfns which is also
something we don't want, or at least we don't want to add new instances
of.

Wouldn't it be better to do the p2m_lookup and check that the result
equates to the mfn given in the argument?

This interface is already pretty broken for the case where a toolstack
maps the same mfns into a guest twice. But that is a pretty broken thing
for a toolstack to do. We could perhaps just modify this hypercall to
fail if the guest already has permission to access the given mfn, the
assumption being that that permissions must be given by
DOMCTL_memory_mapping and not DOMCTL_iomem_perm.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
  - From: Jan Beulich

References:
- Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH] evtchn: eliminate 64k ports limitation
Next by Date: Re: [Xen-devel] cubieboard2's sd/mmc driver on xen about DMA read data error
Previous by thread: Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
Next by thread: Re: [Xen-devel] [PATCH v4 4/7] xen, common: add the XEN_DOMCTL_memory_mapping hypercall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.