[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] xen/arm: XEN_DOMCTL_get_address_size hypercall support
- To: Julien Grall <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Milan Djokic <milan_djokic@xxxxxxxx>
- Date: Fri, 3 Oct 2025 11:26:30 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xtbMAuPz3GcAFIw6q1rggmwJAupY8zBY/m4g4Vm6C1o=; b=k4X50IXNGKjOa5qrQbuVDoQxO0IGFuVNfqS8Dhk959dJLegJ3xD2LD01AbKR7mSswBLW/Gj4AHNQY0dqSWQWQFstTRqZ51q74STRohtcf2I86hU0H6b0oLeajwjP9io5sVQlP6Z7HgXEIRbM0BUHGBaZnb1oqXVr1eNE0JIvFT1gc4NE88VE21OOUwe3q9TyXsLh8mWeEMqmXMJHMJi4qDHwdwZN9mmc31KI9mjVyM5ttwa3YaFml8UNRqjBm6uFeLb1W0taZSapsvGAjVLIaXM8esyM/auP3x6THQiVcLGHhPT+oQTWg0y1DhC0kuzfcDfv8/RHKKP74QKpVA92eA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lLJocTXzdPgWv/vGMoqMeHtp7WWE9vP0p50TK6dDjWefjPper4RTu81cq0008mPdFiXN3oPIvsZKVXh400iZ9XwUTUPZhbKDaLba9Lnh/8VwrdF8msM/IcaGs9om315ynpaaCj5ZdGz9kY+Ky0lTn+5R+XDV6QjPlhjXsdH4gWD/pCLT+y/EEAXn2RZdS56uAzcRC04LCwDinA1KAPqgc36oCFFyD/BbdXHbWnBT87iO2l6AVtWz+ML4ZXoem+llwo162KLmyEC7g42UxHANz4FBDjKpuSBUbY8bWwkqt9dyFeP3I7JGXHG6J1UwUZ99mkJQ1HfhOhHu3PFhxeMwPg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Delivery-date: Fri, 03 Oct 2025 09:26:43 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Julien,
On 10/2/25 14:43, Julien Grall wrote:
Hi,
On 02/10/2025 12:10, Milan Djokic wrote:
Hello Andrew,
On 10/2/25 12:10, Andrew Cooper wrote:
On 01/10/2025 9:01 pm, Milan Djokic wrote:
Signed-off-by: Milan Djokic <milan_djokic@xxxxxxxx>
---
XEN_DOMCTL_get_address_size hypercall is not implemented for arm
(only for x86)
It would be useful to have this hypercall supported for arm64, in
order to get
current guest addressing mode and also to verify that
XEN_DOMCTL_set_address_size
performs switch to target addressing mode (instead of relying on its
returned error code only).
Please don't copy this misfeature of x86 PV guests into ARM.
Letting domains be of variable bitness after domain create leads to a
whole lot of bugs, many security relevant.
32bit vs 64bit should be an input to domain_create(), not something that
is edited after the domain has been constructed.
Yes, the idea behind this patch is not to introduce variable bitness,
just to have the ability to get current addressing mode through
hypercall. In our case, we have used it only in domain creation path
(after domain_create(), to verify that target addressing mode is set).
Of course, whether this hypercall support would be useful in mainline is
open for discussion.
We already have a series under review [1] that follow what Andrew is
suggesting. I would rather focus on getting it committed rather than
trying to workaround it.
Thank you for clarification. In that case, I will abandon this patch.
You are referring to path series from Grygorii [1]? This means that
XEN_DOMCTL_set_address_size hypercall will be removed and its function
integrated as part of domain_create() and XEN_DOMCTL_createdomain (for
toolstack) hypercall?
diff --git a/xen/arch/arm/arm64/domctl.c b/xen/arch/arm/arm64/domctl.c
index 8720d126c9..f227309e06 100644
--- a/xen/arch/arm/arm64/domctl.c
+++ b/xen/arch/arm/arm64/domctl.c
@@ -33,6 +34,37 @@ static long switch_mode(struct domain *d, enum
domain_type type)
return 0;
}
+static long get_address_size(struct domain *d, uint32_t *address_size)
+{
+ long rc = 0;
+ struct vcpu *v;
+ /* Check invalid arguments */
+ if ( d == NULL || address_size == NULL) {
+ rc = -EINVAL;
+ }
+ /* Domain structure type field and actual vcpu mode must be
aligned */
+ if(rc == 0) {
+ for_each_vcpu(d, v) {
+ if(vcpu_get_mode(v) != d->arch.type) {
+ rc = -EFAULT;
+ }
+ }
This is deeply suspicious.
Under what circumstances can the vCPU setting be different from the
domain setting?
It should never happen, this is more of a sanity check. Alternative
would be to use only one of vCPU or domain settings, checking against
both seemed more complete to me.
This would be a logical error in Xen rather than something that could be
triggered by the toolstack. I feel it could mislead people using release
build because the fault is not due to the input provided.
Cheers,
[1]
https://patchwork.kernel.org/project/xen-devel/cover/20250911082034.1326377-1-grygorii_strashko@xxxxxxxx/
BR,
Milan
|
