Xen project Mailing List

Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table

To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 8 Aug 2018 11:45:13 +0100

Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABzSlBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPsLBegQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86M7BTQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAcLB XwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, "Tim \(Xen.org\)" <tim@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>

Delivery-date: Wed, 08 Aug 2018 10:45:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 08/08/18 11:19, Paul Durrant wrote: > >>> +static inline unsigned int status_to_grant_frames(unsigned int >> status_frames) >>> +{ >>> + return DIV_ROUND_UP(status_frames * GRANT_STATUS_PER_PAGE, >> GRANT_PER_PAGE); >>> +} >>> + >>> /* Check if the page has been paged out, or needs unsharing. >>> If rc == GNTST_okay, *page contains the page struct with a ref taken. >>> Caller must do put_page(*page). >>> @@ -3860,6 +3866,47 @@ int mem_sharing_gref_to_gfn(struct >> grant_table *gt, grant_ref_t ref, >>> } >>> #endif >>> >>> +/* caller must hold write lock */ >>> +static int gnttab_get_status_frame_mfn(struct domain *d, >>> + unsigned long idx, mfn_t *mfn) >>> +{ >>> + struct grant_table *gt = d->grant_table; >>> + >>> + ASSERT(gt->gt_version == 2); >>> + >>> + if ( idx >= nr_status_frames(gt) ) >>> + { >>> + unsigned long nr = status_to_grant_frames(idx + 1); >> Why the +1 ? Won't that cause a failure if you attempt to map the >> maximum valid index? > That's kind of the idea... To force a failure when mapping a legitimate index? Whatever the old code did, this smells like broken boundary case. A caller is going to want to map frames 0 to N-1, based on some knowledge of either how many frames the guest has, or what the total number of expected frames is. nr_status_frames() OTOH, is 1-based, which is why this looks wrong. How about a comment along the lines of /* idx is 0-based, nr_* is 1-based. */ which might help reduce the confusion? >>> + >>> + if ( idx >= nr_grant_frames(gt) ) >>> + return -EINVAL; >>> + >>> + *mfn = _mfn(virt_to_mfn(gt->shared_raw[idx])); >>> + return 0; >>> +} >>> + >>> int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, >>> mfn_t *mfn) >>> { >>> diff --git a/xen/common/memory.c b/xen/common/memory.c >>> index e29d596727..427f65a5e1 100644 >>> --- a/xen/common/memory.c >>> +++ b/xen/common/memory.c >>> @@ -23,6 +23,7 @@ >>> #include <xen/numa.h> >>> #include <xen/mem_access.h> >>> #include <xen/trace.h> >>> +#include <xen/grant_table.h> >>> #include <asm/current.h> >>> #include <asm/hardirq.h> >>> #include <asm/p2m.h> >>> @@ -982,6 +983,43 @@ static long xatp_permission_check(struct domain >> *d, unsigned int space) >>> return xsm_add_to_physmap(XSM_TARGET, current->domain, d); >>> } >>> >>> +static int acquire_grant_table(struct domain *d, unsigned int id, >>> + unsigned long frame, >>> + unsigned int nr_frames, >>> + xen_pfn_t mfn_list[]) >>> +{ >>> + unsigned int i = nr_frames; >>> + >>> + /* Iterate backwards in case table needs to grow */ >>> + while ( i-- != 0 ) >>> + { >>> + mfn_t mfn = INVALID_MFN; >>> + int rc; >>> + >>> + switch ( id ) >>> + { >>> + case XENMEM_resource_grant_table_id_shared: >>> + rc = gnttab_get_shared_frame(d, frame + i, &mfn); >>> + break; >>> + >>> + case XENMEM_resource_grant_table_id_status: >>> + rc = gnttab_get_status_frame(d, frame + i, &mfn); >>> + break; >>> + >>> + default: >>> + rc = -EINVAL; >>> + break; >>> + } >>> + >>> + if ( rc ) >> Would it perhaps be prudent to have || mfn_eq(mfn, INVALID_MFN) >> here? I >> don't think anything good will come of handing INVALID_MFN back to the >> caller. > Why? The value of mfn will be overwritten if rc == 0 and will be left as > INVALID_MFN if rc != 0. I can ASSERT that if you'd like. Yeah - an ASSERT() would be nice. >>> + !is_hardware_domain(currd) ) >>> + return -EOPNOTSUPP; >> EPERM perhaps? >> > I debated that. I'm really not sure which one would be best. Hmm, nor me. Lets leave it like that for now. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.