Xen project Mailing List

[Xen-devel] [RFC PATCH v2 8/8] arm/mem_access: Walk the guest's pt in software

From: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>

Date: Thu, 1 Jun 2017 17:18:58 +0200

Cc: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Delivery-date: Thu, 01 Jun 2017 15:20:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

In this commit, we make use of the gpt walk functionality introduced in the previous commits. If mem_access is active, hardware-based gva to ipa translation might fail, as gva_to_ipa uses the guest's translation tables, access to which might be restricted by the active VTTBR. To side-step potential translation errors in the function p2m_mem_access_check_and_get_page due to restricted memory (e.g. to the guest's page tables themselves), we walk the guest's page tables in software. Signed-off-by: Sergej Proskurin <proskurin@xxxxxxxxxxxxx> --- Cc: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> Cc: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> Cc: Julien Grall <julien.grall@xxxxxxx> --- v2: Check the returned access rights after walking the guest's page tables in the function p2m_mem_access_check_and_get_page. --- xen/arch/arm/mem_access.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/mem_access.c b/xen/arch/arm/mem_access.c index 04b1506b00..0d3a3ff58b 100644 --- a/xen/arch/arm/mem_access.c +++ b/xen/arch/arm/mem_access.c @@ -101,6 +101,7 @@ p2m_mem_access_check_and_get_page(vaddr_t gva, unsigned long flag, const struct vcpu *v) { long rc; + unsigned int perm_ro; paddr_t ipa; gfn_t gfn; mfn_t mfn; @@ -110,8 +111,25 @@ p2m_mem_access_check_and_get_page(vaddr_t gva, unsigned long flag, struct p2m_domain *p2m = &v->domain->arch.p2m; rc = gva_to_ipa(gva, &ipa, flag); + + /* + * In case mem_access is active, hardware-based gva_to_ipa translation + * might fail. Since gva_to_ipa uses the guest's translation tables, access + * to which might be restricted by the active VTTBR, we perform a gva to + * ipa translation in software. + */ if ( rc < 0 ) - goto err; + { + if ( p2m_walk_gpt(p2m, gva, &ipa, &perm_ro) < 0 ) + /* + * The software gva to ipa translation can still fail, e.g., if the + * gva is not mapped. + */ + goto err; + + if ( ((flag & GV2M_WRITE) == GV2M_WRITE) && perm_ro ) + goto err; + } gfn = _gfn(paddr_to_pfn(ipa)); -- 2.12.2 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.