[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 06/17] xen/arm: ITS: Add virtual ITS driver

On Sat, 2015-07-11 at 20:18 +0530, Vijay Kilari wrote:
> On Fri, Jul 10, 2015 at 7:45 PM, Ian Campbell <ijc@xxxxxxx> wrote:
> > On Fri, 2015-07-10 at 13:12 +0530, vijay.kilari@xxxxxxxxx wrote:
> >> +static int vits_entry(struct domain *d, paddr_t entry, void *addr,
> >> +                      uint32_t size, bool_t set)
> >> +{
> >> [...]
> >> +}
> >> +
> >> +/* ITS device table helper functions */
> >> +static int vits_vdevice_entry(struct domain *d, uint32_t dev_id,
> >> +                              struct vdevice_table *entry, bool_t set)
> >> +{
> >> +    uint64_t offset;
> >> +    paddr_t dt_entry;
> >> +
> >> +    BUILD_BUG_ON(sizeof(struct vdevice_table) != 16);
> >> +
> >> +    offset = dev_id * sizeof(struct vdevice_table);
> >> +    if ( offset > d->arch.vits->dt_size )
> >> +    {
> >> +        dprintk(XENLOG_G_ERR,
> >> +                "%pv: vITS: Out of range offset %ld id 0x%x size %ld\n",
> >> +                current, offset, dev_id, d->arch.vits->dt_size);
> >> +        return -EINVAL;
> >> +    }
> >> +
> >> +    dt_entry = d->arch.vits->dt_ipa + offset;
> >> +
> >> +    return vits_entry(d, dt_entry, (void *)entry,
> >> +                      sizeof(struct vdevice_table),
> >
> > Please drop the (void *) cast here, you can pass a "foo *" to a "void *"
> > without one.
> >
> > It took me a little while to work out why this was void * before I
> > realised that vits_entry was a generic helper used for different types
> > of table. "vits_access_guest_table" to make it clear what it is doing.
> 
>    This is also used in later patches read virtual ITS command and also
> property pending table. I prefer to move it to some generic file like
> guestcopy.c/p2m.c?
> and should be named as copy_{from|to}guest_gfn()?

I nearly suggested using the existing copy to/from guest functions but:

Why do the existing copy to/from guest helpers not check the page has
memory type. If it did they would be closer to being directly usable.

Those functions check for guest read/write access as appropriate, but
those do not apply to this case (which is in effect a privileged DMA
from outside the virtual CPU).

In particular due to the second thing I think we would be best off
keeping this as a specific helper for the VITS, having general helper
functions with lax security checks in them just invites people to use
them inappropriately.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.