[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] vpci: add permission checks to map_range()


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 27 Jul 2023 10:25:37 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VNjCh4pwS6BGBBQD4CbzVFwJV4oSjIKiofyVPcj8q3A=; b=Q58FlUjMsKRoz2Q2LjsU5SYKY7gKubcwTUIhm8hTBUd5gah1D8eQ5sI4CTS6Br7qEUdigQPavPw9jnD4zZGGEtohhqhnHvKkhIyfOH8LtbxH0aFDW4tPuZ68n+m3sqtfJRz0L8V7gK8LeRLerxlnREpP+JOns+/bKApswRvYUD8DUTD7bRoPOot4JBqhva8oxaziioGSdXTOsPwwahnqOr1jcMnBErQUppbknVv8moHmHzwXsGL1hM0nhGU9zJ3eUAREU+9Tpj7Y0P8AtNbiA4y3YELXkoHlWmYF36Wa64edyvTLYIvCKPamAWq0rsFjOT2P2KQmQWkSVg1a8Z9zZw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iWQ84w2o3hjClyPPfg/MU4Oq4hEpblX+Wvp52uoLUYXyqR2/q6M1kBappmPFk5CLxLuW83OGXKAbEHpKGGGNFji5VlXLov/UW7KEP8DSFJCIMfsbJv9LSRuwdyMkmkGROqOcB5kDN7/fXOLGSx0HCwbL3HHTQklCOL+V3UTFeXh9+UWWHX6oYtFCh7r/5dFQH75Ioao0QnZdz3w1e0u3ADdWSJnGyTu/bCUfXGfv+9drHcRiduKmT0BLT7NTLebQX/lku2ru8u9JWPdSB3Tkq/FfQZds2vhq6JS1wJNb4N2P4PgUBqxCJ6y2QxBpeHyj+nyc0hqPDLvnZhkbRBKwYQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 27 Jul 2023 08:26:26 +0000
  • Ironport-data: A9a23:s8jFf65+UEhiPkHdUZymQAxRtPzGchMFZxGqfqrLsTDasY5as4F+v mZJXW3SPPiOYTTyL98iPd/npk1T78LXnN5qTwNp/Cw2Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9lU35ZwehBtC5gZlPa8R4weH/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m3 9EWOGsVazm4oM2K3I++YMVohJR+I5y+VG8fkikIITDxK98DGMqGb4CUoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnUooj+aF3Nn9I7RmQe1PmUmVv CTe9nnRCRAGLt2PjzGC9xpAg8eWxHynCNJDSeTQGvhCgEKD5GwhGRItDgWnjOal1BfmZvADN BlBksYphe1onKCxdfH/VRClpH+PvjYHRsFdVeY97Wml1a788wufQG8eQVZpeNEg8cM7WzEu/ luIhM/yQyxitqWPTnCQ/avSqim9UQAZNXQHZDMEZQId7sP/vZooiRbSUtdkFrXzhdrwcQwc2 BiPpSk6wrkW08gC0vzh+Uid2m3y4J/UUgQy+wPbGHq/6R90b5KkYIru7kXH6fFHL8CSSVzpU GU4pvVyJdsmVfml/BFhis1UdF11z55p6AHhvGM=
  • Ironport-hdrordr: A9a23:fb7m7qyTSU8c25CZlSx6KrPwKb1zdoMgy1knxilNoH1uA6qlfq WV98jzuiWE7Ar5NEtBpTniAtjmfZq/z/NICOAqVN/JYOCBghrKEGgI1/qG/9SPIVydygdr78 tdmnlFaeEZXDBB4/oTvmGDfOod/A==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Jul 27, 2023 at 09:56:08AM +0200, Jan Beulich wrote:
> On 26.07.2023 16:01, Roger Pau Monne wrote:
> > Just like it's done for the XEN_DOMCTL_memory_mapping hypercall, add
> > the permissions checks to vPCI map_range(), which is used to map the
> > BARs into the domain p2m.
> > 
> > Adding those checks requires that for x86 PVH hardware domain builder
> > the permissions are set before initializing the IOMMU, or else
> > attempts to initialize vPCI done as part of IOMMU device setup will
> > fail due to missing permissions to create the BAR mappings.
> > 
> > While moving the call to dom0_setup_permissions() convert the panic()
> > used for error handling to a printk, the caller will already panic if
> > required.
> > 
> > Fixes: 9c244fdef7e7 ('vpci: add header handlers')
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> 
> I've committed this, but despite the Fixes: tag I'm not sure this
> wants backporting. Thoughts?

It was IMO an omission from that commit, however given vPCI so far is
only used by dom0 (an in experimental mode) I don't see much reason to
backport it.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.