[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v9 15/16] xen/arm: vpci: check guest range

  • To: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 26 Sep 2023 10:07:17 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tKa+SgYxuSDaqRyqNRXaqUFSchhp53xlW8SIFOJVU6U=; b=JdmfM85Q0Ki6/4niRFTvB3Bo4Q4rPr5KrrsHPrNLJeeiO2ZyW9bBGkMZenREA4WaWch+Xu0ySUzaiGCyT6nMhbHEzbZNVoDkGvi8NBHBz3zu6YKIhO7OJBehoaiv6SDSydElz1qIN+rwsfNYrjRehfM1zDcg16Ax6wMnRsfgmUvthQsLK25D8FkK+2h7atPBga6ls6wiYDKsykyIOAlgYmIw9Noph+tzl+84eCTOkVhEFCsU+hiOxDpCBJR+RD1gp4uzv9tXZokGBrPx/b5LIr59zJ5dgluqj6PFfsiHyaQLFfGylCJb1JDuMcz98bJltcDiP8wQRQ5P7nWhA/2L0w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AZyeEheATva5uMifQusUn71+gNH7nfQzNYHSqEZJS8lfCYa0vfDvOkdfU9UmjN7z9wOR/sE9ugeEmjfNnceP1eT3ujGSm84vwUBKXNl7f/qr6/r0pR5mGQKqiOzu0sY/H/hZo6wXCP0YRuDz/Rc5QdFbqchK8jQhFJmp4T5K+5+0+6VHWH98PcDTepTIBjzxmo6ax4Ii4Nc/n223Pc7SkJ9M14iEcR2Rr6IPOuQux88lx43AMdPiWKtKpGaq0m28zqD6rJE43R8BBcH6vM1MG4qkIfFNfll0sgi2ZFLD8Ty0ZFEQnA3gVewHFDftxLh1RTUpYXxncgqnFtFU4YFcbg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 26 Sep 2023 08:07:52 +0000
  • Ironport-data: A9a23:IiUnh64TFBHN/M6Gz2GLWAxRtAHGchMFZxGqfqrLsTDasY5as4F+v mYWWj+DPqnfZ2ukeowjbYSyoU1T75PXytcySVRornw0Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRG/ykTraCY3gtLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9lU355wehBtC5gZlPaER4geH/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5mr fAeLiETcxC527yx4YiSWuVDv5wbFZy+VG8fkikIITDxK98DGMmGaYOaoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnEoojuiF3Nn9I7RmQe1PmUmVv CTe9nnRCRAGLt2PjzGC9xpAg8eWx3mnA9xPT+TQGvhCsn3I9kY9UTYqVAWYpqi5rBDma84FE hlBksYphe1onKCxdfHmQxCnqWSY+B4dX9ZdGfcz7g2lw6/YpQ2eAwAscDlFb9A3sd4schYj3 FSJgtDBCCRmtfueTnf13qeZq3a+NDYYKUcGZDQYVk0V7t/7uoYxgxnTCNF5H8aIYsbdHDjxx 3WAqng4jrBK1MoTjfzlrRbAni6moYXPQkgt/ALLU2m57wR/Iom4e4iv7lud5vFFRGqEcmS8U LE/s5D2xIgz4VulzURhnM1l8GmV2su4
  • Ironport-hdrordr: A9a23:MqNPFaonTdveKkdLwATxx/MaV5oUeYIsimQD101hICG9vPbo7v xG/c5rrSMc7Qx6ZJhOo6HkBEDtewK/yXcx2/hzAV7AZmjbUQmTXeVfBOLZqlWKJ8S9zI5gPM xbAs9D4bPLfD5HZAXBjDVQ0exM/DBKys+VbC7loUtQcQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Sep 25, 2023 at 05:49:00PM -0400, Stewart Hildebrand wrote:
> On 9/22/23 04:44, Roger Pau Monné wrote:
> > On Tue, Aug 29, 2023 at 11:19:47PM +0000, Volodymyr Babchuk wrote:
> >> From: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
> >>
> >> Skip mapping the BAR if it is not in a valid range.
> >>
> >> Signed-off-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>
> >> ---
> >>  xen/drivers/vpci/header.c | 9 +++++++++
> >>  1 file changed, 9 insertions(+)
> >>
> >> diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c
> >> index 1d243eeaf9..dbabdcbed2 100644
> >> --- a/xen/drivers/vpci/header.c
> >> +++ b/xen/drivers/vpci/header.c
> >> @@ -345,6 +345,15 @@ static int modify_bars(const struct pci_dev *pdev, 
> >> uint16_t cmd, bool rom_only)
> >>               bar->enabled == !!(cmd & PCI_COMMAND_MEMORY) )
> >>              continue;
> >>
> >> +#ifdef CONFIG_ARM
> >> +        if ( !is_hardware_domain(pdev->domain) )
> >> +        {
> >> +            if ( (start_guest < PFN_DOWN(GUEST_VPCI_MEM_ADDR)) ||
> >> +                 (end_guest >= PFN_DOWN(GUEST_VPCI_MEM_ADDR + 
> >> GUEST_VPCI_MEM_SIZE)) )
> >> +                continue;
> >> +        }
> >> +#endif
> > 
> > Hm, I think this should be in a hook similar to pci_check_bar() that
> > can be implemented per-arch.
> > 
> > IIRC at least on x86 we allow the guest to place the BARs whenever it
> > wants, would such placement cause issues to the hypervisor on Arm?
> 
> Hm. I wrote this patch in a hurry to make v9 of this series work on ARM. In 
> my haste I also forgot about the prefetchable range starting at 
> GUEST_VPCI_PREFETCH_MEM_ADDR, but that won't matter as we can probably throw 
> this patch out.
> 
> Now that I've had some more time to investigate, I believe the check in this 
> patch is more or less redundant to the existing check in map_range() added in 
> baa6ea700386 ("vpci: add permission checks to map_range()").
> 
> The issue is that during initialization bar->guest_addr is zeroed, and this 
> initial value of bar->guest_addr will fail the permissions check in 
> map_range() and crash the domain. When the guest writes a new valid BAR, the 
> old invalid address remains in the rangeset to be mapped. If we simply remove 
> the old invalid BAR from the rangeset, that seems to fix the issue. So 
> something like this:

It does seem to me we are missing a proper cleanup of the rangeset
contents in some paths then.  In the above paragraph you mention "the
old invalid address remains in the rangeset to be mapped", how does it
get in there in the first place, and why is the rangeset not emptied
if the mapping failed?

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.