[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 15/22] xen/page_alloc: add a path for xenheap when there is no direct map

  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 11 Jan 2023 15:23:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DMBTdI2Yk2d2vY0X7k+8AX2NLn5sYOGt2PdfXWSDWsc=; b=Xm2+EdB1vIx1YFmR12A7vt+7xaRi2oAAKSdWGofupK066Eom+bVC3ZnHCAwEqAYLsxItB0faig7u6mtFZZ5Bn+/nObKZbN2bYoBBm1QMoCGgUShBPmKm+43XqbIx9J679NWfuDgU2yz63WM39xlhwLVxta1SAl2UG2XFihtFCsmHv6NCKKDUDdfMoAYKfOYeCgkoqy5yjOceB2mb23wfi6cqKI5eZKhYnFNLKJbRqCk/OljB8jZxid8nc8gBvmBgj1EMKJCWFHe+DwJbWPZRPlvbN/ZAnX7S9b8TLcP7FsLN1z4dxhFGpe5ChQAqPCNRGpLhJsRF+SZQSAWQeceNYA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ab+R12EWg1Mx0zro3Bc7XelMyMCLFWgn0NW+YWWn89VFL1uPSXU9yrIgsD38APfktCBcml7/8rpnjtJOPSp9Ta40ZSUJKebL0m3NgplS7NlCZ2vsSCmxnR3EUf5MX9vHgY3p2MdhC4NCsmcqMuTTfqYH8tQDeAzcxJDec0F9EAkCHPl138ytOXskmQ01VfuH0TOcU0qd4oeqaj4bSH9RI5TYYkxh+xl2crBaGrTCIbGe1GW6gj2XKaZinv7U3vmdiOtvOKJ9VBQn4iI4VzjQS/HBcsgwFlrxnjpHEAjQTPmRMkjphP3wTitrw4sBBR7TZKpCCOY9K4rGw+froheLxQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Hongyan Xia <hongyxia@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 11 Jan 2023 14:23:58 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.12.2022 12:48, Julien Grall wrote:
> From: Hongyan Xia <hongyxia@xxxxxxxxxx>
> 
> When there is not an always-mapped direct map, xenheap allocations need
> to be mapped and unmapped on-demand.

Hmm, that's still putting mappings in the directmap, which I thought we
mean to be doing away with. If that's just a temporary step, then please
say so here.

>     I have left the call to map_pages_to_xen() and destroy_xen_mappings()
>     in the split heap for now. I am not entirely convinced this is necessary
>     because in that setup only the xenheap would be always mapped and
>     this doesn't contain any guest memory (aside the grant-table).
>     So map/unmapping for every allocation seems unnecessary.

But if you're unmapping, that heap won't be "always mapped" anymore. So
why would it need mapping initially?

>     Changes since Hongyan's version:
>         * Rebase
>         * Fix indentation in alloc_xenheap_pages()

Looks like you did in one of the two instances only, as ...

> @@ -2230,17 +2231,36 @@ void *alloc_xenheap_pages(unsigned int order, 
> unsigned int memflags)
>      if ( unlikely(pg == NULL) )
>          return NULL;
>  
> +    ret = page_to_virt(pg);
> +
> +    if ( !arch_has_directmap() &&
> +         map_pages_to_xen((unsigned long)ret, page_to_mfn(pg), 1UL << order,
> +                          PAGE_HYPERVISOR) )
> +        {
> +            /* Failed to map xenheap pages. */
> +            free_heap_pages(pg, order, false);
> +            return NULL;
> +        }

... this looks wrong.

An important aspect here is that to be sure of no recursion,
map_pages_to_xen() and destroy_xen_mappings() may no longer use Xen
heap pages. May be worth saying explicitly in the description (I can't
think of a good place in code where such a comment could be put _and_
be likely to be noticed at the right point in time).

>  void free_xenheap_pages(void *v, unsigned int order)
>  {
> +    unsigned long va = (unsigned long)v & PAGE_MASK;
> +
>      ASSERT_ALLOC_CONTEXT();
>  
>      if ( v == NULL )
>          return;
>  
> +    if ( !arch_has_directmap() &&
> +         destroy_xen_mappings(va, va + (1UL << (order + PAGE_SHIFT))) )
> +        dprintk(XENLOG_WARNING,
> +                "Error while destroying xenheap mappings at %p, order %u\n",
> +                v, order);

Doesn't failure here mean (intended) security henceforth isn't guaranteed
anymore? If so, a mere dprintk() can't really be sufficient to "handle"
the error.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.