Xen project Mailing List

Re: [PATCH] x86/pv: Inject #GP for implicit grant unmaps

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Tue, 26 Jul 2022 14:04:37 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UXh9gKNtud1ZrN19d0DgmDdiCO/IOG4r03VDESj3UDM=; b=W5Oc4+dHDDdrsdWpcUoTqOgRy9+cnxxi6kO0Gzn23NKIcmz/ZDu+miR/IaMJykrDAHSlZ+RO2PKePzO03NlOOUfgjVFBN3xw3p0dpaO6kaUar/CsvuqVon2oe2N/0K93cGGfxagw2p0nXJ03bw6qtDo/r7J2AlkkSt386Dh8WxVBP9G2ghAQ4rfOFHxjsGV2f/2w8PqVzCSnbdOozsaY43OGcOLJlaidwBEYYjrsyZoG87JmpaY3EqcsJdElCXLrzweyIBVxJL+Fj1hs6qi/c7c/pKR662NAvlUwug/cn2FnqvUxNur6omUwo0QQEXjppdPz/V3S1AxRzwE2QZcnxQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gYzJBAcFA/HTJiXov+tVZnxaEi/htdED5dU3wZpTIA7jOX7stV63DFMUFCKAHn6ZNgpIiIu4153ANKY8n5/R31rsYVOrruz5Runv0QiVyzkdkskC1ISPcWlAg1rpRB3nHSZiSW5wKCuOS8/Vtvov2KkTDFuDjSFCatsxE+MIi9Ix5fnzU8n1XSLPUiTnfyhuhCX+m10vtKGCaKCUEtvl7dGLLuMboTQGpHpAMQo9aVwznRIm6tGr2R1IK+SBaL9RZJBlfqKcUfqWrc9TUTVMOmnSf5Mx10501feN4LAYPyZls5ssVYqx47wWD9Vxa4ysZsQqh5ofWLeNs9Cmm8153Q==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 26 Jul 2022 12:04:50 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.07.2022 13:51, Andrew Cooper wrote: > On 26/07/2022 07:29, Jan Beulich wrote: >> On 25.07.2022 19:50, Andrew Cooper wrote: >>> This is a debug behaviour to identify buggy kernels. Crashing the domain is >>> the most unhelpful thing to do, because it discards the relevant context. >>> >>> Instead, inject #GP[0] like other permission errors in x86. In particular, >>> this lets the kernel provide a backtrace that's actually helpful to a >>> developer trying to figure out what's going wrong. >>> >>> As a bugfix, this always injects #GP[0] to current, not l1e_owner. It is >>> not >>> l1e_owner's fault if dom0 using superpowers triggers an implicit unmap. >>> >>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> >> >> Albeit preferably with ... >> >>> --- a/xen/arch/x86/mm.c >>> +++ b/xen/arch/x86/mm.c >>> @@ -1232,7 +1232,7 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct >>> domain *l1e_owner) >>> gdprintk(XENLOG_WARNING, >>> "Attempt to implicitly unmap a granted PTE %" PRIpte "\n", >>> l1e_get_intpte(l1e)); >>> - domain_crash(l1e_owner); >>> + pv_inject_hw_exception(TRAP_gp_fault, 0); >>> } >>> #endif >> ... the gdprintk() adjusted to also log l1e_owner. > > Ok, how about this incremental? > > diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c > index b3393385ffb6..74054fb5f4ee 100644 > --- a/xen/arch/x86/mm.c > +++ b/xen/arch/x86/mm.c > @@ -1229,9 +1229,9 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct > domain *l1e_owner) > if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) && > !l1e_owner->is_shutting_down && !l1e_owner->is_dying ) > { > - gdprintk(XENLOG_WARNING, > - "Attempt to implicitly unmap a granted PTE %" PRIpte "\n", > - l1e_get_intpte(l1e)); > + gprintk(XENLOG_WARNING, > + "Attempt to implicitly %pd's gntmap PTE %" PRIpte "\n", > + l1e_owner, l1e_get_intpte(l1e)); DYM to drop "unmap"? With it restored (or anything similar to that effect), fine with me. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.