[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] x86/pv: Inject #GP for implicit grant unmaps
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Tue, 26 Jul 2022 11:51:30 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nth+WSRqmnNZNtt/75bzbUKnlGqNX8w23rCVYKIJuKo=; b=JCotkaGe6FUkkZ4ZWawMUHHo68doySPqKskyHDMm69iTTF1SQk7kxOIZBGC72QZZDKBd1ZGDNm5uzIVivCLTdURhkSebkAxza9BchbwxfSTJAbO+qMo3YZZ6xTxCrigfrs0gWqrmVwdA/afsqoNWcfa/on+XoJc14g8iw8i8VAB9CFuais3EJoWzZR547knNDYfmE6q9aTw/pA9pYnMwde50S4bhp29AuY9Xw8gblTHbA/zOtciIVmG6lJ+aivtgB7bII+x52ZY7SIL0YnvYMGrZ1RcECl/ytoLvHiO7GwApud/niKi+iwdJn/kwrc/f5xqJjiDr/WHYAsQOgTf8Sg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=epSsEYsNYfat0NkMoYEbX0BJggvdcxyyrvRyd4U3CO5sEe8NFvsuSSxiQhFQ+K43WcPluIPoup8yVnJscRkS/2vhJvrQ/EbutOOQpgLyM+8FiEMuEh+rpqmq37BFhADknravkfPpl/bvwsMa5YFyYmok4+mLF4SyUaF/bluEPdt5OtImBEp3D5Xq/Ru3wtaqoBsa3psRKdxgKonDhzhu73qAjHElmdt0h39mnotnJ1t0fWGpunfEK3Wg70rFGa9AZEIbTQh5yk/zKlYt+AiCxnVZYng5jUdVsMzkTeqb4XtZlXg2KWyKG9G8P4W5hWXEEe/Xtt/XY89+cBZFv7eQ6w==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Tue, 26 Jul 2022 11:52:00 +0000
- Ironport-data: A9a23:5uHLD64SPdjq7FLDG6AOPQxRtBDGchMFZxGqfqrLsTDasY5as4F+v mVJWWyCbPmKM2ekfNggb46w9E4GvZaEndYySFE+qSg2Hi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yM6jclkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimUc3l48sfrZ8ksw5qmq4lv0g3RlDRx1lA6G/5UqJMp3yZGZdxPQXoRSF+imc OfPpJnRErTxpkpF5nuNy94XQ2VSKlLgFVHmZkl+AsBOtiNqtC0qupvXAdJHAathZ5dlqPgqo DlFncTYpQ7EpcQgksxFO/VTO3kW0aGrZNYriJVw2CCe5xSuTpfi/xlhJHoUYKMG4aU0Oj9f/ +I+LwACTVeohf3jldpXSsE07igiBO/CGdpG/11Fk3TeB/tgRo3fSaLX49MexC03ms1FAffZY YwedCZraxPDJRZIPz/7CrpnxLvu2ia5LmIe8Q3MzUY0yzG7IAhZ+b7hKtfKPPeNQt1YhB2wr WPa5WXpRBodMbRzzBLarCzw3rORxUsXXqoINeWm+fla2Ga1z1QpCREqUUWi5sCA3xvWt9V3b hZ8FjAVhao4+VGvT9L9dwalu3PCtRkZM/JPF8Uq5QfLzbDbiy6bCXIDVSVpc8E9uYk9QjlC/ k+EmZblCCJitJWRSGmB7fGEoDWqIy8XIGQeIygeQmM4D8LLpYgyilfDS4hlGavs19ntQ2ivm naNsTQ0gKgVgYgTzaKn8FvbgjWq4J/UUgoy4QaRVWWghu9kWLOYi0WTwQCzxZ59wEyxFzFtY FBsdxCi0d0z
- Ironport-hdrordr: A9a23:jxPFIKNAp5yaj8BcT2L155DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8wr4WBkb6LO90DHpewKQyXcH2/hqAV7EZnirhILIFvAp0WKG+VHd8kLFh4lgPM tbEpSWTeeAdWSS7vyKrzVQcexQpuVvmZrA7Yix854ud3ASV0gK1XYaNu/vKDwTeOAwP+tdKH Pz3Kp6jgvlXU5SQtWwB3EDUeSGjcbMjojabRkPAANiwBWSjBuzgYSKUiSw71M7aXdi0L0i+W /Kn0jS/aO4qcy2zRfayiv684lWot380dFObfb8yvT9aw+cyTpAVr4RHoFqjwpF5N1HL2xa1+ Ukli1QffibLUmhOF1d7yGdgjUImwxelkMKgWXo/UcL5/aJCg7SQvAx+76wOHHimjUdlcA536 RR022DsZ1LSRvGgSTm/tDNEwpnj0yuvBMZ4KcuZlFkIPwjgYVq3Poi1VIQFI1FEDPx6YghHu UrBMbA5OxOeVffa3zCpGFgzNGlQ3x2R369MwM/k93Q1yITkGFyzkMeysBalnAc9IglQ50B4+ jfKKxnmLxHU8dTZ6NgA+UKR9exFwX2MFrxGXPXJU6iGLAMOnrLpZKy6LIp5PuycJhN15c2kI SpaiItiYfzQTOaNSSj5uw6zvmWehTNYd3E8LAs27Fp/rvhWbHsLSqPDFgzjsrImYRsPvHm
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYoE8VWDFxrfk+kEi+iIsPWlNsBq2QMZQAgABZ5AA=
- Thread-topic: [PATCH] x86/pv: Inject #GP for implicit grant unmaps
On 26/07/2022 07:29, Jan Beulich wrote:
> On 25.07.2022 19:50, Andrew Cooper wrote:
>> This is a debug behaviour to identify buggy kernels. Crashing the domain is
>> the most unhelpful thing to do, because it discards the relevant context.
>>
>> Instead, inject #GP[0] like other permission errors in x86. In particular,
>> this lets the kernel provide a backtrace that's actually helpful to a
>> developer trying to figure out what's going wrong.
>>
>> As a bugfix, this always injects #GP[0] to current, not l1e_owner. It is not
>> l1e_owner's fault if dom0 using superpowers triggers an implicit unmap.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> Albeit preferably with ...
>
>> --- a/xen/arch/x86/mm.c
>> +++ b/xen/arch/x86/mm.c
>> @@ -1232,7 +1232,7 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct domain
>> *l1e_owner)
>> gdprintk(XENLOG_WARNING,
>> "Attempt to implicitly unmap a granted PTE %" PRIpte "\n",
>> l1e_get_intpte(l1e));
>> - domain_crash(l1e_owner);
>> + pv_inject_hw_exception(TRAP_gp_fault, 0);
>> }
>> #endif
> ... the gdprintk() adjusted to also log l1e_owner.
Ok, how about this incremental?
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index b3393385ffb6..74054fb5f4ee 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -1229,9 +1229,9 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct
domain *l1e_owner)
if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) &&
!l1e_owner->is_shutting_down && !l1e_owner->is_dying )
{
- gdprintk(XENLOG_WARNING,
- "Attempt to implicitly unmap a granted PTE %" PRIpte "\n",
- l1e_get_intpte(l1e));
+ gprintk(XENLOG_WARNING,
+ "Attempt to implicitly %pd's gntmap PTE %" PRIpte "\n",
+ l1e_owner, l1e_get_intpte(l1e));
pv_inject_hw_exception(TRAP_gp_fault, 0);
}
#endif
The printk() needs to not be omitted in release builds which happen to
have this logic compiled in.
~Andrew
|
