[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm

To: Julien Grall <julien@xxxxxxx>
From: Oleksandr <olekstysh@xxxxxxxxx>
Date: Wed, 22 Dec 2021 12:38:04 +0200
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 22 Dec 2021 10:38:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 22.12.21 11:49, Julien Grall wrote:

Hi Oleksandr,


Hi Julien

On 14/12/2021 17:26, Oleksandr wrote:
@@ -1487,7 +1489,23 @@ int xenmem_add_to_physmap_one(
      }
      /* Map at new location. */
-    rc = guest_physmap_add_entry(d, gfn, mfn, 0, t);
+    if ( !p2m_is_ram(t) || !is_xen_heap_mfn(mfn) )
+        rc = guest_physmap_add_entry(d, gfn, mfn, 0, t);
+    else
+    {
+        struct p2m_domain *p2m = p2m_get_hostp2m(d);
+
+        p2m_write_lock(p2m);
+ if ( gfn_eq(page_get_xenheap_gfn(mfn_to_page(mfn)),INVALID_GFN) )
+        {
+ rc = p2m_set_entry(p2m, gfn, 1, mfn, t,p2m->default_access);
+            if ( !rc )
+                page_set_xenheap_gfn(mfn_to_page(mfn), gfn);
+        }
+        else
+            rc = -EBUSY;
May I suggest to avoid failing here whenpage_get_xenheap_gfn(mfn_to_page(mfn))
matches the passed in GFN?
Good question...
There was an explicit request to fail here if page_get_xenheap_gfn()returns a valid GFN. From the other side, if old GFN matches new GFN we do not remove themapping in gnttab_set_frame_gfn(),so probably we could avoid failing here in that particular case.@Julien, what do you think?
I will answer by a question :). Can this situation happen in normalcircumstances (e.g. there is no concurrent call)?

I think no, it can't. Otherwise I would notice it while testing innormal circumstances.

The recent XSAs in the grant table code made me more cautious and Iwould prefer if we fail more often than risking potentiallyintroducing yet another security issue. It is easy to relax afterwardsif there are legitimate use cases.

I got it, so your explicit request to fail here still stands. Thank youfor the clarification.



Cheers,

--
Regards,

Oleksandr Tyshchenko

References:
- [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Oleksandr Tyshchenko
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Jan Beulich
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Oleksandr
- Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
  - From: Julien Grall

Prev by Date: Re: [RFC v1 4/5] tools/arm: add "scmi_smc" option to xl.cfg
Next by Date: [libvirt test] 167511: regressions - FAIL
Previous by thread: Re: [PATCH V4] xen/gnttab: Store frame GFN in struct page_info on Arm
Next by thread: [linux-5.4 test] 167071: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.