Xen project Mailing List

Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table

To: Paul Durrant <paul.durrant@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 8 Aug 2018 11:10:43 +0100

Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABzSlBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPsLBegQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86M7BTQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAcLB XwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Wed, 08 Aug 2018 10:10:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 08/08/18 10:00, Paul Durrant wrote: > diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c > index d9ec711c73..8e623ea08e 100644 > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -358,6 +358,12 @@ static inline unsigned int > grant_to_status_frames(unsigned int grant_frames) > return DIV_ROUND_UP(grant_frames * GRANT_PER_PAGE, > GRANT_STATUS_PER_PAGE); > } > > +/* Number of grant table entries. Caller must hold d's gr. table lock.*/ Really? this is some straight arithmetic on the integer parameter. > +static inline unsigned int status_to_grant_frames(unsigned int status_frames) > +{ > + return DIV_ROUND_UP(status_frames * GRANT_STATUS_PER_PAGE, > GRANT_PER_PAGE); > +} > + > /* Check if the page has been paged out, or needs unsharing. > If rc == GNTST_okay, *page contains the page struct with a ref taken. > Caller must do put_page(*page). > @@ -3860,6 +3866,47 @@ int mem_sharing_gref_to_gfn(struct grant_table *gt, > grant_ref_t ref, > } > #endif > > +/* caller must hold write lock */ > +static int gnttab_get_status_frame_mfn(struct domain *d, > + unsigned long idx, mfn_t *mfn) > +{ > + struct grant_table *gt = d->grant_table; > + > + ASSERT(gt->gt_version == 2); > + > + if ( idx >= nr_status_frames(gt) ) > + { > + unsigned long nr = status_to_grant_frames(idx + 1); Why the +1 ? Won't that cause a failure if you attempt to map the maximum valid index? > + > + if ( nr <= gt->max_grant_frames ) > + gnttab_grow_table(d, nr); You want to capture the return value of grow_table(), which at least distinguishes between ENODEV and ENOMEM. > + > + if ( idx >= nr_status_frames(gt) ) > + return -EINVAL; This can probably(?) be asserted if gnttab_grow_table() returns successfully. > + } > + > + *mfn = _mfn(virt_to_mfn(gt->status[idx])); > + return 0; > +} > + > +/* caller must hold write lock */ > +static int gnttab_get_shared_frame_mfn(struct domain *d, > + unsigned long idx, mfn_t *mfn) > +{ > + struct grant_table *gt = d->grant_table; > + > + ASSERT(gt->gt_version != 0); > + > + if ( (idx >= nr_grant_frames(gt)) && (idx < gt->max_grant_frames) ) > + gnttab_grow_table(d, idx + 1); Similarly wrt rc. > + > + if ( idx >= nr_grant_frames(gt) ) > + return -EINVAL; > + > + *mfn = _mfn(virt_to_mfn(gt->shared_raw[idx])); > + return 0; > +} > + > int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, > mfn_t *mfn) > { > diff --git a/xen/common/memory.c b/xen/common/memory.c > index e29d596727..427f65a5e1 100644 > --- a/xen/common/memory.c > +++ b/xen/common/memory.c > @@ -23,6 +23,7 @@ > #include <xen/numa.h> > #include <xen/mem_access.h> > #include <xen/trace.h> > +#include <xen/grant_table.h> > #include <asm/current.h> > #include <asm/hardirq.h> > #include <asm/p2m.h> > @@ -982,6 +983,43 @@ static long xatp_permission_check(struct domain *d, > unsigned int space) > return xsm_add_to_physmap(XSM_TARGET, current->domain, d); > } > > +static int acquire_grant_table(struct domain *d, unsigned int id, > + unsigned long frame, > + unsigned int nr_frames, > + xen_pfn_t mfn_list[]) > +{ > + unsigned int i = nr_frames; > + > + /* Iterate backwards in case table needs to grow */ > + while ( i-- != 0 ) > + { > + mfn_t mfn = INVALID_MFN; > + int rc; > + > + switch ( id ) > + { > + case XENMEM_resource_grant_table_id_shared: > + rc = gnttab_get_shared_frame(d, frame + i, &mfn); > + break; > + > + case XENMEM_resource_grant_table_id_status: > + rc = gnttab_get_status_frame(d, frame + i, &mfn); > + break; > + > + default: > + rc = -EINVAL; > + break; > + } > + > + if ( rc ) Would it perhaps be prudent to have || mfn_eq(mfn, INVALID_MFN) here? I don't think anything good will come of handing INVALID_MFN back to the caller. > + return rc; > + > + mfn_list[i] = mfn_x(mfn); > + } > + > + return 0; > +} > + > static int acquire_resource( > XEN_GUEST_HANDLE_PARAM(xen_mem_acquire_resource_t) arg) > { > @@ -1046,6 +1089,16 @@ static int acquire_resource( > xen_pfn_t gfn_list[ARRAY_SIZE(mfn_list)]; > unsigned int i; > > + /* > + * FIXME: until foreign pages inserted into the P2M are properly > + * reference counted, it is unsafe to allow mapping of > + * non-caller-owned resource pages unless the caller is > + * the hardware domain. > + */ > + if (!(xmar.flags & XENMEM_rsrc_acq_caller_owned) && Space. > + !is_hardware_domain(currd) ) > + return -EOPNOTSUPP; EPERM perhaps? ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.