[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Thu, 5 Dec 2019 17:57:03 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 05 Dec 2019 16:56:58 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05.12.2019 16:47, Andrew Cooper wrote:
> On 05/12/2019 15:34, Jan Beulich wrote:
>> Translated domains shouldn't see host physical addresses. While the
>> address is also not supposed to be handed back even to non-translated
>> domains when GNTMAP_device_map is not set (as explicitly stated by a
>> comment in the public header), PV kernels (Linux at least) assume the
>> field to get populated nevertheless.
> 
> This really means that the public header needs correcting.  The field
> may not have intended to escape out of Xen, but it is defacto part of
> the ABI now.

Well, that's one of two possible routes. The other is to have, like
you did suggest earlier on, a mode in which we behave more strictly,
and current Linux then wouldn't work on such a Xen until fixed.

>> (Similarly mapkind() should check only GNTMAP_device_map.)
> 
> Is this comment stale, or have I misunderstood some of the reasoning?

It's certainly not stale. mapkind() is used to determine whether
IOMMU mapping adjustments are needed. With this, it should in
principle only consider whether the current operation would
possibly alter IOMMU mapping needs. What needs doing should,
according to my interpretation of the originally intended design,
only depend on current and prior requests with GNTMAP_device_map
set.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v2 16/22] golang/xenlight: implement keyed union C to Go marshaling
Next by Date: Re: [Xen-devel] [PATCH v2 01/22] golang/xenlight: generate enum types from IDL
Previous by thread: Re: [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need
Next by thread: Re: [Xen-devel] [PATCH v4] gnttab: don't expose host physical address without need
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.