x86/ept: pass correct level to p2m_entry_modify

Message ID	20190703094322.1551-1-roger.pau@citrix.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of roger.pau@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="roger.pau@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of roger.pau@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="roger.pau@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: dfxBY5OlyMg3r00Z3HrHB9J8Pj0ij5eERtf4MygBtPdRIxyZvFWbhc5kYlj7fpBXkn9ATs4Son 3MtK7+WwcNIixAHM9+sGunyrRl6jcqv/iPCBMlifnkQwfzx+Wjwz+Y3MWnwIb6YKlGUaNDxVsq EPeFATEwmVbbR5r3Rxa6hHfKUExRMFebKVRgWKesfpVJhoXHSVbW8eabTY0WdgibkjVs2GCfrp nxzKFwP0Y+psdrF6gXxURLz9pWVdxCK6lhXAE9LEVVVBcmt206xixHzoA74P1ybhu11DGIrpUL plQ= From: Roger Pau Monne <roger.pau@citrix.com> To: <xen-devel@lists.xenproject.org> Date: Wed, 3 Jul 2019 11:43:22 +0200 Message-ID: <20190703094322.1551-1-roger.pau@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] x86/ept: pass correct level to p2m_entry_modify Precedence: list Cc: Kevin Tian <kevin.tian@intel.com>, Jun Nakajima <jun.nakajima@intel.com>, Wei Liu <wl@xen.org>, George Dunlap <george.dunlap@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Jan Beulich <jbeulich@suse.com>, Roger Pau Monne <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	x86/ept: pass correct level to p2m_entry_modify \| expand x86/ept: pass correct level to p2m_entry_modify

Message ID

20190703094322.1551-1-roger.pau@citrix.com (mailing list archive)

State

Superseded

Headers

Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 roger.pau@citrix.com) identity=pra; client-ip=162.221.158.21;
 receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="roger.pau@citrix.com";
 x-sender="roger.pau@citrix.com"; x-conformance=sidf_compatible
Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of
 roger.pau@citrix.com designates 162.221.158.21 as permitted
 sender) identity=mailfrom; client-ip=162.221.158.21;
 receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="roger.pau@citrix.com";
 x-sender="roger.pau@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all"
Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="roger.pau@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: 
 dfxBY5OlyMg3r00Z3HrHB9J8Pj0ij5eERtf4MygBtPdRIxyZvFWbhc5kYlj7fpBXkn9ATs4Son
 3MtK7+WwcNIixAHM9+sGunyrRl6jcqv/iPCBMlifnkQwfzx+Wjwz+Y3MWnwIb6YKlGUaNDxVsq
 EPeFATEwmVbbR5r3Rxa6hHfKUExRMFebKVRgWKesfpVJhoXHSVbW8eabTY0WdgibkjVs2GCfrp
 nxzKFwP0Y+psdrF6gXxURLz9pWVdxCK6lhXAE9LEVVVBcmt206xixHzoA74P1ybhu11DGIrpUL
 plQ=
From: Roger Pau Monne <roger.pau@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Wed, 3 Jul 2019 11:43:22 +0200
Message-ID: <20190703094322.1551-1-roger.pau@citrix.com>
MIME-Version: 1.0
Subject: [Xen-devel] [PATCH] x86/ept: pass correct level to p2m_entry_modify
Precedence: list
Cc: Kevin Tian <kevin.tian@intel.com>, Jun Nakajima <jun.nakajima@intel.com>,
 Wei Liu <wl@xen.org>, George Dunlap <george.dunlap@eu.citrix.com>,
 Andrew Cooper <andrew.cooper3@citrix.com>, Jan Beulich <jbeulich@suse.com>,
 Roger Pau Monne <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

x86/ept: pass correct level to p2m_entry_modify | expand

Commit Message

Roger Pau Monné July 3, 2019, 9:43 a.m. UTC

EPT differs from NPT and shadow when translating page orders to levels
in the physmap page tables. EPT page tables level for order 0 pages is
0, while NPT and shadow instead use 1, ie: EPT page tables levels
starts at 0 while NPT and shadow starts at 1.

Fix the p2m_entry_modify call in atomic_write_ept_entry to always add
one to the level, in order to match NPT and shadow usage.

While there also fix p2m_entry_modify BUG condition to trigger when
foreign or ioreq entries with level different than 0 are attempted.
That should allow to catch future errors related to the level
parameter.

Fixes: c7a4c0 ('x86/mm: split p2m ioreq server pages special handling into helper')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Jun Nakajima <jun.nakajima@intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Wei Liu <wl@xen.org>
---
 xen/arch/x86/mm/p2m-ept.c | 2 +-
 xen/include/asm-x86/p2m.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Jan Beulich July 3, 2019, 10:22 a.m. UTC | #1

On 03.07.2019 11:43, Roger Pau Monne wrote:
> EPT differs from NPT and shadow when translating page orders to levels
> in the physmap page tables. EPT page tables level for order 0 pages is
> 0, while NPT and shadow instead use 1, ie: EPT page tables levels
> starts at 0 while NPT and shadow starts at 1.
> 
> Fix the p2m_entry_modify call in atomic_write_ept_entry to always add
> one to the level, in order to match NPT and shadow usage.
> 
> While there also fix p2m_entry_modify BUG condition to trigger when
> foreign or ioreq entries with level different than 0 are attempted.
> That should allow to catch future errors related to the level
> parameter.
> 
> Fixes: c7a4c0 ('x86/mm: split p2m ioreq server pages special handling into helper')

A 6-digit hash is definitely too short in the long run. I understand
that this then wants backporting to the 4.12 tree.

> --- a/xen/include/asm-x86/p2m.h
> +++ b/xen/include/asm-x86/p2m.h
> @@ -946,7 +946,7 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt,
>                                      p2m_type_t ot, mfn_t nfn, mfn_t ofn,
>                                      unsigned int level)
>   {
> -    BUG_ON(level > 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));
> +    BUG_ON(level != 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));

Wouldn't you better leave this alone and add BUG_ON(!level)?

Jan

Roger Pau Monné July 3, 2019, 11:01 a.m. UTC | #2

On Wed, Jul 03, 2019 at 10:22:03AM +0000, Jan Beulich wrote:
> On 03.07.2019 11:43, Roger Pau Monne wrote:
> > EPT differs from NPT and shadow when translating page orders to levels
> > in the physmap page tables. EPT page tables level for order 0 pages is
> > 0, while NPT and shadow instead use 1, ie: EPT page tables levels
> > starts at 0 while NPT and shadow starts at 1.
> > 
> > Fix the p2m_entry_modify call in atomic_write_ept_entry to always add
> > one to the level, in order to match NPT and shadow usage.
> > 
> > While there also fix p2m_entry_modify BUG condition to trigger when
> > foreign or ioreq entries with level different than 0 are attempted.
> > That should allow to catch future errors related to the level
> > parameter.
> > 
> > Fixes: c7a4c0 ('x86/mm: split p2m ioreq server pages special handling into helper')
> 
> A 6-digit hash is definitely too short in the long run. I understand
> that this then wants backporting to the 4.12 tree.

Yes.

Is there consensus on how many digits to use 8, 12, 16?

> > --- a/xen/include/asm-x86/p2m.h
> > +++ b/xen/include/asm-x86/p2m.h
> > @@ -946,7 +946,7 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt,
> >                                      p2m_type_t ot, mfn_t nfn, mfn_t ofn,
> >                                      unsigned int level)
> >   {
> > -    BUG_ON(level > 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));
> > +    BUG_ON(level != 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));
> 
> Wouldn't you better leave this alone and add BUG_ON(!level)?

That's an option also. I guess your check is better because it will
trigger for any call with level == 0, while mine would only do if such
call is also to add an entry of type ioreq or foreign.

Thanks, Roger.

Jan Beulich July 3, 2019, 11:23 a.m. UTC | #3

On 03.07.2019 13:01, Roger Pau Monné  wrote:
> On Wed, Jul 03, 2019 at 10:22:03AM +0000, Jan Beulich wrote:
>> On 03.07.2019 11:43, Roger Pau Monne wrote:
>>> EPT differs from NPT and shadow when translating page orders to levels
>>> in the physmap page tables. EPT page tables level for order 0 pages is
>>> 0, while NPT and shadow instead use 1, ie: EPT page tables levels
>>> starts at 0 while NPT and shadow starts at 1.
>>>
>>> Fix the p2m_entry_modify call in atomic_write_ept_entry to always add
>>> one to the level, in order to match NPT and shadow usage.
>>>
>>> While there also fix p2m_entry_modify BUG condition to trigger when
>>> foreign or ioreq entries with level different than 0 are attempted.
>>> That should allow to catch future errors related to the level
>>> parameter.
>>>
>>> Fixes: c7a4c0 ('x86/mm: split p2m ioreq server pages special handling into helper')
>>
>> A 6-digit hash is definitely too short in the long run. I understand
>> that this then wants backporting to the 4.12 tree.
> 
> Yes.
> 
> Is there consensus on how many digits to use 8, 12, 16?

Consensus - no, I don't think so. But anything below 8 seems
open for collisions in the foreseeable future (albeit I don't
know if git has separate hash name spaces for commits and
objects in general). I've been using 10 for the last so many
years ...

Jan

diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index e3044bee2e..6b8468c793 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -51,7 +51,7 @@  static int atomic_write_ept_entry(struct p2m_domain *p2m,
                                   int level)
 {
     int rc = p2m_entry_modify(p2m, new.sa_p2mt, entryptr->sa_p2mt,
-                              _mfn(new.mfn), _mfn(entryptr->mfn), level);
+                              _mfn(new.mfn), _mfn(entryptr->mfn), level + 1);
 
     if ( rc )
         return rc;
diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 09ef7e02fd..756929d5c0 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -946,7 +946,7 @@  static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt,
                                    p2m_type_t ot, mfn_t nfn, mfn_t ofn,
                                    unsigned int level)
 {
-    BUG_ON(level > 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));
+    BUG_ON(level != 1 && (nt == p2m_ioreq_server || nt == p2m_map_foreign));
 
     if ( level != 1 || (nt == ot && mfn_eq(nfn, ofn)) )
         return 0;

x86/ept: pass correct level to p2m_entry_modify

Commit Message

Comments

Patch