[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm

To: Oleksandr <olekstysh@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Wed, 22 Dec 2021 10:49:05 +0100
Cc: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 22 Dec 2021 09:49:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Oleksandr,

On 14/12/2021 17:26, Oleksandr wrote:

@@ -1487,7 +1489,23 @@ int xenmem_add_to_physmap_one(
      }
      /* Map at new location. */
-    rc = guest_physmap_add_entry(d, gfn, mfn, 0, t);
+    if ( !p2m_is_ram(t) || !is_xen_heap_mfn(mfn) )
+        rc = guest_physmap_add_entry(d, gfn, mfn, 0, t);
+    else
+    {
+        struct p2m_domain *p2m = p2m_get_hostp2m(d);
+
+        p2m_write_lock(p2m);
+ if ( gfn_eq(page_get_xenheap_gfn(mfn_to_page(mfn)),INVALID_GFN) )
+        {
+ rc = p2m_set_entry(p2m, gfn, 1, mfn, t,p2m->default_access);
+            if ( !rc )
+                page_set_xenheap_gfn(mfn_to_page(mfn), gfn);
+        }
+        else
+            rc = -EBUSY;
May I suggest to avoid failing here whenpage_get_xenheap_gfn(mfn_to_page(mfn))
matches the passed in GFN?
Good question...
There was an explicit request to fail here if page_get_xenheap_gfn()returns a valid GFN.From the other side, if old GFN matches new GFN we do not remove themapping in gnttab_set_frame_gfn(),so probably we could avoid failing here in that particular case.@Julien, what do you think?

I will answer by a question :). Can this situation happen in normalcircumstances (e.g. there is no concurrent call)?

The recent XSAs in the grant table code made me more cautious and Iwould prefer if we fail more often than risking potentially introducingyet another security issue. It is easy to relax afterwards if there arelegitimate use cases.


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Oleksandr

References:
- [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Oleksandr Tyshchenko
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Jan Beulich
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Oleksandr

Prev by Date: Re: [PATCH V6 1/2] libxl: Add support for Virtio disk configuration
Next by Date: Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
Previous by thread: Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
Next by thread: Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.