[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v3 09/19] xen/arm32: mm: Check if the virtual address is shared before updating it

  • To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Hongda Deng <Hongda.Deng@xxxxxxx>
  • Date: Fri, 18 Mar 2022 10:44:27 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aMe/W6yiUE58/gP+OtO63/luhthU9svKfqgfdW/Eg7o=; b=Lktv72yZSKTKFFF8meExwKDdeONu1qRrTSPfg1Pr0enWemE4HwhtgC4q+9e2tbEbNboGldTkg1eRRt0GRIVlTiU4DjedIKulUp4D0wE6y5XvJ3kh7eQVqcqK0/NaFy2eWbSPD0A4Tnw5+g1/f+wBO2pU58JA20xsDnl3daJcP2EJ3e9qfX0Tkja1D7oKg4tP7BorVaVwfnuMTDkWNng24fwUqo6LF8ftNUBCapRxJp8ICAGiw6JxSOp2LfGNK7sdhKGgJmShowp8lu40vZqxnd0Tjs4G79CQFAWgug3ZvleDavBvZve/DHcsyo34b66bmAwRwRndvAQegsW/KGt2RQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FVvp2SpREyaEVGeWFyeNvPFq0uanRIWhKxtNKnHmK5/VRBgXgPMBUf2lylQd9eU8cH+nVtnzSjIbHqfPwInmEn4+eXvyjjMRi/23xPfwx90r6yCIt7vaeWrVzGdefiY+z4Z+7EjxpGt4y8DpV7EJfNbbZzZFBB0W/dnp/AlZOmrL05qlMqNrD7YG2Armn/IZFuMbzn/i3uMFNqqmOgAaOB3KhA7t3+wvVl3KQYWFXLqLNQsVtEZJSBJ8q9XnJNr0F0nju0DN7nxD4zIguSlVD9iA6uUzNYJLxeyvg9Z9ODvmxbJuu0gF8E+m8V6qGWVZKnrpfS6WSvybFvhiQoo4nw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Fri, 18 Mar 2022 10:44:52 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYJwz7RRsWd4YAY025+kUgGPgDkazE99jw
  • Thread-topic: [PATCH v3 09/19] xen/arm32: mm: Check if the virtual address is shared before updating it
Hi Julien,

> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Julien
> Grall
> Sent: 2022年2月21日 18:22
> To: xen-devel@xxxxxxxxxxxxxxxxxxxx
> Cc: julien@xxxxxxx; Julien Grall <jgrall@xxxxxxxxxx>; Stefano Stabellini
> <sstabellini@xxxxxxxxxx>; Bertrand Marquis <Bertrand.Marquis@xxxxxxx>;
> Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
> Subject: [PATCH v3 09/19] xen/arm32: mm: Check if the virtual address is 
> shared
> before updating it
> 
> From: Julien Grall <jgrall@xxxxxxxxxx>
> 
> Only the first 2GB of the virtual address space is shared between all
> the page-tables on Arm32.
> 
> There is a long outstanding TODO in xen_pt_update() stating that the
> function can only work with shared mapping. Nobody has ever called
> the function with private mapping, however as we add more callers
> there is a risk to mess things up.
> 
> Introduce a new define to mark the end of the shared mappings and use
> it in xen_pt_update() to verify if the address is correct.
> 
> Note that on Arm64, all the mappings are shared. Some compiler may
> complain about an always true check, so the new define is not introduced
> for arm64 and the code is protected with an #ifdef.
> 
> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
> 
> ---
>     Changes in v2:
>         - New patch
> ---
>  xen/arch/arm/include/asm/config.h |  4 ++++
>  xen/arch/arm/mm.c                 | 11 +++++++++--
>  2 files changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/xen/arch/arm/include/asm/config.h
> b/xen/arch/arm/include/asm/config.h
> index c7b77912013e..85d4a510ce8a 100644
> --- a/xen/arch/arm/include/asm/config.h
> +++ b/xen/arch/arm/include/asm/config.h
> @@ -137,6 +137,10 @@
> 
>  #define XENHEAP_VIRT_START     _AT(vaddr_t,0x40000000)
>  #define XENHEAP_VIRT_END       _AT(vaddr_t,0x7fffffff)
> +
> +/* The first 2GB is always shared between all the page-tables. */
> +#define SHARED_VIRT_END        _AT(vaddr_t, 0x7fffffff)
> +
>  #define DOMHEAP_VIRT_START     _AT(vaddr_t,0x80000000)
>  #define DOMHEAP_VIRT_END       _AT(vaddr_t,0xffffffff)
> 
> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
> index 24de8dcb9042..f18f65745595 100644
> --- a/xen/arch/arm/mm.c
> +++ b/xen/arch/arm/mm.c
> @@ -1365,11 +1365,18 @@ static int xen_pt_update(unsigned long virt,
>       * For arm32, page-tables are different on each CPUs. Yet, they share
>       * some common mappings. It is assumed that only common mappings
>       * will be modified with this function.
> -     *
> -     * XXX: Add a check.
>       */
>      const mfn_t root = virt_to_mfn(THIS_CPU_PGTABLE);
> 
> +#ifdef SHARED_VIRT_END
> +    if ( virt > SHARED_VIRT_END ||
> +         (SHARED_VIRT_END - virt) < nr_mfns )

Why not convert (SHARED_VIRT_END - virt) to page number before comparation? 
I think nr_mfns is something related to page numbers, so maybe something like 
PAGE_SHIFT or round_pgdown is needed.

I am just wondering, and forgive me if I am wrong. 

> +    {
> +        mm_printk("Trying to map outside of the shared area.\n");
> +        return -EINVAL;
> +    }
> +#endif
> +
>      /*
>       * The hardware was configured to forbid mapping both writeable and
>       * executable.
> --
> 2.32.0
> 

Cheers,
---
Hongda

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.