[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC XEN PATCH v4 2/5] x86/pvh: Allow (un)map_pirq when caller isn't DOMID_SELF

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: "Chen, Jiqian" <Jiqian.Chen@xxxxxxx>
  • Date: Mon, 8 Jan 2024 09:15:20 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c2lDFpIWBiF6MdPFFbAL7eEpdXv/FdOsw6GpGUxmexs=; b=lCDuNaktE/1ZG4nQlRogq5CPPAC49Lodh838Wz+J5+8DChlW3o7NpRg2e/NKXLqI5N27Ck9As9SW09AJiYbMZld3dCozoW6q5Pbb4/sgM8s2xqROMViaTjVNttkZeYWYUARUa03focH/MgiR4BE6ZElCDPH/EcjZRsiTDWODqEPpIa7wBckXFz1zuuA9z5ampaDT5vQfjxJJzGufGDwG7mSPbcm2WUIz4CCcft6+9t/eQYajrtGK1bwx7cvZRvRfw54uqY1KwC6Lhtkn+ImHSdcZgSMg8DCe0vzK5YXwIA5fO+rc2SZG2oWBbZKZ/q0+aAgNuHKqHsKQQC5g9sBAmw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ndoi/fgsdvH8H20o1sJd9mDbchMngAY78SEjfLsqJMfUMimp8mAzxAFsSngQcJd6Ybyb4OXMm6wxBYUhaUV8N5+O5U2wbeA0CrFdlFPMJDsI9u+h03rZH3tds9/jfc9earVGgYEucVHELHzhbokL+bqgxzE5g/84MkbyhGpQup+sov7UJJ3JAZCQ0i2+eH8A0ZhPzIvlvZP2EPSxvyFUX4vIgB5epUClWYZKxjXfZBU0X20ufWWXsQhVbp7LZaueAK8Ok9FRTxgkr3CJ3CjZmMhg4DEBJP7HsuRZ3iwwrx2idbV6tZaff3IxYBBAiJbxQsiwTrENE9SUMknN5CYCug==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Hildebrand, Stewart" <Stewart.Hildebrand@xxxxxxx>, "Huang, Ray" <Ray.Huang@xxxxxxx>, "Chen, Jiqian" <Jiqian.Chen@xxxxxxx>
  • Delivery-date: Mon, 08 Jan 2024 09:15:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHaP6YuSUk29qg8QEWwkYk64ozIULDL9CiAgAOrDICAAImKAA==
  • Thread-topic: [RFC XEN PATCH v4 2/5] x86/pvh: Allow (un)map_pirq when caller isn't DOMID_SELF
On 2024/1/8 16:47, Jan Beulich wrote:
> On 06.01.2024 01:46, Stefano Stabellini wrote:
>> On Fri, 5 Jan 2024, Jiqian Chen wrote:
>>> @@ -72,8 +73,30 @@ long hvm_physdev_op(int cmd, 
>>> XEN_GUEST_HANDLE_PARAM(void) arg)
>>>  
>>>      switch ( cmd )
>>>      {
>>> -    case PHYSDEVOP_map_pirq:
>>> -    case PHYSDEVOP_unmap_pirq:
>>> +    case PHYSDEVOP_map_pirq: {
>>> +        physdev_map_pirq_t map;
>>> +
>>> +        if ( copy_from_guest(&map, arg, 1) != 0 )
>>> +            return -EFAULT;
>>> +
>>> +        if ( !has_pirq(currd) && map.domid == DOMID_SELF )
>>> +            return -ENOSYS;
>>
>> This looks OK to me although there is already another copy_from_guest in
>> do_physdev_op, but I don't see an easy way to make it better.
> 
> How can double reads of hypercall args ever be okay? The new check clearly
> needs to be inserted in the code path where the structure is being read
> already anyway.
I also tried to add this check in PHYSDEVOP_map_pirq in physdev.c, but pv has 
no flag X86_EMU_USE_PIRQ too.
If want to add it into physdev.c and combine Stefano's opinions, this check may 
be like:

diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 47c4da0af7e1..c38d4d405726 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -303,11 +303,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
     case PHYSDEVOP_map_pirq: {
         physdev_map_pirq_t map;
         struct msi_info msi;
+        struct domain *d;

         ret = -EFAULT;
         if ( copy_from_guest(&map, arg, 1) != 0 )
             break;

+        d = rcu_lock_domain_by_any_id(map.domid);
+        if ( d == NULL )
+            return -ESRCH;
+        if ( !is_pv_domain(d) && !has_pirq(d) )
+            return -ENOSYS;
+        rcu_unlock_domain(d);
+
         switch ( map.type )
         {
         case MAP_PIRQ_TYPE_MSI_SEG:

> 
> Jan

-- 
Best regards,
Jiqian Chen.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.