From patchwork Mon Dec 23 14:04:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexandru Stefan ISAILA X-Patchwork-Id: 11308259 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B6E83138D for ; Mon, 23 Dec 2019 14:06:11 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7E49920663 for ; Mon, 23 Dec 2019 14:06:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=bitdefender.onmicrosoft.com header.i=@bitdefender.onmicrosoft.com header.b="R2nRh41v" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7E49920663 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bitdefender.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOK6-0008Uj-5s; Mon, 23 Dec 2019 14:04:38 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOK4-0008Ue-4M for xen-devel@lists.xenproject.org; Mon, 23 Dec 2019 14:04:36 +0000 X-Inumbo-ID: 25902e82-258d-11ea-96db-12813bfff9fa Received: from EUR04-VI1-obe.outbound.protection.outlook.com (unknown [40.107.8.99]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 25902e82-258d-11ea-96db-12813bfff9fa; Mon, 23 Dec 2019 14:04:34 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NfoCuACDTIwgeSNph6Xg8TVtEcmqIv9QyvbDJPDkYmId95E5X7ctHYUpnb/lONmC0IC7xZZYqolcomGeOSqXPnFYX1NhFypDRQIniQL8teIqKcEGNcRzh8r1lqekOHzRvbCabZ8T5SaXWS7//TiQ+kf3cD4Vi5b/k/ctthh17bZa7UzLlIQ8+ZPoQ/OpqI7xV7eaAYtuLxF9K2y0AQgQ7XA0IPEBc73i2q7D4jq84BP2z1ipueuvz5JQfH79Xt66jRuX0oaWg20Q9mBwDntZ0/Ki7nmmhH6NP3QWX6E1D2ibXv4n4V15Wzbz1krX226ngzN276HJSjJ/qjN6TlP/Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VvIfy5a/YfPlkUI9jOTuVnKpUn1kMUymiCTxMS6hw1g=; b=Hr6CkJmP2qlDUepa82atRpbMUGTVRcKQtHe1aE2PE6958Nc7o/f6DiXbLlCLDVp/bwv0H8EFkKNhp51ClKNL2GAbFisxzF+G3QTwJ6qBgchEsNtAOMgEaPINHXLRGhcPFga/iWsOvqQgjoWhT9N2tjiV1iLrbdVgdozRD4sEN7mOX7NnrEU2RkPJisIr3vW3cDLGJpDrIUfbRrLR/nLOD3bSAwn+wnlpCJxBkQ+cgd1Ff//W3+va96HPqXnqFGFiSIG54j93e+o4PGy3v49NDxb33ktPvI61gC4rbbBGaB3IOrmL4b3w00Qb1TBqZxyJPcOViNZMwU7PwODCv5FU3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitdefender.onmicrosoft.com; s=selector2-bitdefender-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VvIfy5a/YfPlkUI9jOTuVnKpUn1kMUymiCTxMS6hw1g=; b=R2nRh41vYlkI0AmwlWMgYlFZiftegf1biSZaSZmjuESyNJMlGfHaAAZpl0WT/nt6wCaD8nDWMPkst1Wq/1Ml/3rsAHgAtLtjSKtEoy3SB59JDppt1vKG2T6zDZ6/1i9zOHYIcLzwoVZpzTMRL/E1qfcJPnB7FIP2sEJnkCqYzW4= Received: from AM0PR02MB5553.eurprd02.prod.outlook.com (10.255.30.78) by AM0PR02MB4964.eurprd02.prod.outlook.com (20.178.22.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.20; Mon, 23 Dec 2019 14:04:32 +0000 Received: from AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d]) by AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d%4]) with mapi id 15.20.2559.017; Mon, 23 Dec 2019 14:04:32 +0000 From: Alexandru Stefan ISAILA To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH V6 1/4] x86/mm: Add array_index_nospec to guest provided index values Thread-Index: AQHVuZnmK7OgfjFiuE29BC4XwHoq4Q== Date: Mon, 23 Dec 2019 14:04:31 +0000 Message-ID: <20191223140409.32449-1-aisaila@bitdefender.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR05CA0156.eurprd05.prod.outlook.com (2603:10a6:207:3::34) To AM0PR02MB5553.eurprd02.prod.outlook.com (2603:10a6:208:160::14) authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@bitdefender.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [91.199.104.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4cb410f1-6f6a-4f8b-e6ab-08d787b1087b x-ms-traffictypediagnostic: AM0PR02MB4964:|AM0PR02MB4964:|AM0PR02MB4964: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1388; x-forefront-prvs: 0260457E99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(136003)(376002)(39860400002)(346002)(199004)(189003)(66446008)(186003)(66476007)(6506007)(26005)(64756008)(2906002)(1076003)(478600001)(2616005)(52116002)(66946007)(66556008)(5660300002)(316002)(6916009)(8936002)(4326008)(81156014)(54906003)(81166006)(6512007)(71200400001)(36756003)(86362001)(8676002)(6486002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR02MB4964; H:AM0PR02MB5553.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bitdefender.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9XF7NQKUKnMzQaUeAe96jjv5A4qRMFj0xynqlMBPgEDEz5TEL/r2/WXe9gmn0CjKrDVJMuqUaxCpUFL7EEewwdIZq7RJZCALbmntJ+F5Hm0RNB9gJJk3+J0mZLe5kd1d1J3f8lzhI+xBJloqfdWwrSQlbq2eIYz3Rxv4rIBWTUE+RV4EoPyqps+ba+0YmTyEutAsS1pTYdV5je84uM+w5RDZGlJ+wYkjkir7VqdL5EOthkB0qp7hxRBRPb1dqkHqsdm8kiEGMW2eO0AL/Rd2ItIHw6scmFFjtlKgy0bfMrrkNGv+87EQ0VXMEMVC3keepaNCOA8a49LrY6Rk+N/tRBxW8YWdvGKbaVooJJr+8OsCHFcigniy1532gQd+cLGhCHVW1Oz7S6giJkPsN09NLO4gSLkSA92J8lUD+0XHKpI5mQcS9k2J9HKpi6QSUc/k Content-ID: <1481ED27BA624F4693A04423057E5698@eurprd02.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: bitdefender.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4cb410f1-6f6a-4f8b-e6ab-08d787b1087b X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Dec 2019 14:04:32.3080 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 487baf29-f1da-469a-9221-243f830c36f3 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bC+Lcp+4WLirVJHu9HYdhq0bG8TVnfU4t3SKGvRjUGZscHkU8U01EmQcrd6SmLu6CHQAF2KwmE8BFU75AcfRmsonDsxDxiNeyHph/bo+Fy4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR02MB4964 Subject: [Xen-devel] [PATCH V6 1/4] x86/mm: Add array_index_nospec to guest provided index values X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Petre Ovidiu PIRCALABU , Kevin Tian , Tamas K Lengyel , Wei Liu , Razvan COJOCARU , George Dunlap , Andrew Cooper , Jan Beulich , Jun Nakajima , Alexandru Stefan ISAILA , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" This patch aims to sanitize indexes, potentially guest provided values, for altp2m_eptp[] and altp2m_p2m[] arrays. Requested-by: Jan Beulich Signed-off-by: Alexandru Isaila Acked-by: Tamas K Lengyel --- CC: Razvan Cojocaru CC: Tamas K Lengyel CC: Petre Pircalabu CC: George Dunlap CC: Jan Beulich CC: Andrew Cooper CC: Wei Liu CC: "Roger Pau Monné" CC: Jun Nakajima CC: Kevin Tian --- Changes since V5: - Add black lines - Check altp2m_idx against min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP). --- xen/arch/x86/mm/mem_access.c | 21 ++++++++++++--------- xen/arch/x86/mm/p2m.c | 26 ++++++++++++++++++-------- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index 320b9fe621..a95a50bcae 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -366,11 +366,12 @@ long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr, #ifdef CONFIG_HVM if ( altp2m_idx ) { - if ( altp2m_idx >= MAX_ALTP2M || - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return -EINVAL; - ap2m = d->arch.altp2m_p2m[altp2m_idx]; + ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx, MAX_ALTP2M)]; } #else ASSERT(!altp2m_idx); @@ -425,11 +426,12 @@ long p2m_set_mem_access_multi(struct domain *d, #ifdef CONFIG_HVM if ( altp2m_idx ) { - if ( altp2m_idx >= MAX_ALTP2M || - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return -EINVAL; - ap2m = d->arch.altp2m_p2m[altp2m_idx]; + ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx, MAX_ALTP2M)]; } #else ASSERT(!altp2m_idx); @@ -491,11 +493,12 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access, } else if ( altp2m_idx ) /* altp2m view 0 is treated as the hostp2m */ { - if ( altp2m_idx >= MAX_ALTP2M || - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return -EINVAL; - p2m = d->arch.altp2m_p2m[altp2m_idx]; + p2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx, MAX_ALTP2M)]; } #else ASSERT(!altp2m_idx); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3119269073..4fc919a9c5 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2577,6 +2577,8 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx) if ( idx >= MAX_ALTP2M ) return rc; + idx = array_index_nospec(idx, MAX_ALTP2M); + altp2m_list_lock(d); if ( d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) ) @@ -2618,6 +2620,8 @@ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx) if ( !idx || idx >= MAX_ALTP2M ) return rc; + idx = array_index_nospec(idx, MAX_ALTP2M); + rc = domain_pause_except_self(d); if ( rc ) return rc; @@ -2689,11 +2693,13 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, mfn_t mfn; int rc = -EINVAL; - if ( idx >= MAX_ALTP2M || d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) ) + if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return rc; hp2m = p2m_get_hostp2m(d); - ap2m = d->arch.altp2m_p2m[idx]; + ap2m = d->arch.altp2m_p2m[array_index_nospec(idx, MAX_ALTP2M)]; p2m_lock(hp2m); p2m_lock(ap2m); @@ -3032,11 +3038,13 @@ int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, if ( altp2m_idx > 0 ) { - if ( altp2m_idx >= MAX_ALTP2M || - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return -EINVAL; - p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx]; + p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx, + MAX_ALTP2M)]; } else p2m = host_p2m; @@ -3075,11 +3083,13 @@ int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve, if ( altp2m_idx > 0 ) { - if ( altp2m_idx >= MAX_ALTP2M || - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) || + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] == + mfn_x(INVALID_MFN) ) return -EINVAL; - p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx]; + p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx, + MAX_ALTP2M)]; } else p2m = host_p2m; From patchwork Mon Dec 23 14:04:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexandru Stefan ISAILA X-Patchwork-Id: 11308263 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 24D33138D for ; Mon, 23 Dec 2019 14:06:14 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E9D0C20663 for ; Mon, 23 Dec 2019 14:06:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=bitdefender.onmicrosoft.com header.i=@bitdefender.onmicrosoft.com header.b="NnavTzdn" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E9D0C20663 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bitdefender.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOKE-0008VH-Q7; Mon, 23 Dec 2019 14:04:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOKE-0008VA-32 for xen-devel@lists.xenproject.org; Mon, 23 Dec 2019 14:04:46 +0000 X-Inumbo-ID: 28afbe53-258d-11ea-96db-12813bfff9fa Received: from EUR03-DB5-obe.outbound.protection.outlook.com (unknown [40.107.4.93]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 28afbe53-258d-11ea-96db-12813bfff9fa; Mon, 23 Dec 2019 14:04:40 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nPmG05/1UAo+uN95oi743P44fUu6QWHrA7lqwQ8LnXdsF8RZbsfkYwIoFZhabCYWNixxKq+GQiAIab0jlUErXh1LZiBL00VRcDPMsvQOhXfnbSs1tRJ9o2Cgk9r/Bi8Txq4PTPF+XcGcIuaM55iXOMGVyFe14MG1WkBqAXexQpCSx7gIXJ9mGX6AdUPg/o99xcYErBZ+tbVBdn4AzbC971lNflo8oOOOWzjcEdIqK+48s+rB/z4MSRJAMWcUcXAQbN5Zy1F1AaZLGviZTk1BriMF5hDUJOjT/oLtxEVdFGqgGDxTWQ0tu5j3z6TmNvCXWcJQP+vwDkV1cbk7KzbbZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H7sAHSbH8L2ZY3ln2tZIXsZaYT6KWiORRmlbvRksHXc=; b=nwm+Sw46Ud1EKaaVzbcVoVMtnaa86UMezd8FQjx+kES4iiQijASVgVdzj8pl1nVsiAn1hIbexQaJasjZntillLp/4MlS5URPLhYf+JrDPfJpkHuQI4U+NtvlaQzWFntd8B7/H15OlqQndzRYGKwJPHmwKkpe685Sd7Cgg0OPiU6Ntym6J40D+cRzUAA0ULf67EPjZbK4wV1LSzmzXpUs2R6AFehRq+jtP/7OrrZt1oj58e2tWiPg8Xfh3wfyFLcHKjrIAyz3JUrdJtAyzgyGSQCx6oZAwJw1bpKvhlX7fplYi1XrJQbleoz6AnOxYKBdDaVhqZP6m6VTbly+BHccJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitdefender.onmicrosoft.com; s=selector2-bitdefender-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H7sAHSbH8L2ZY3ln2tZIXsZaYT6KWiORRmlbvRksHXc=; b=NnavTzdnHMbt6yW7yp1nD54yZwYycMISz60LHAdj69ndNqiCC8DoL4NolOFytEwLQBmJnjBCzMPmcZZQnoZDymnhaSWpIo34sVvngTdxMqb8hn22psjOoRgtlshlvIETkvkWBG1Tn0P1jNtdqLEDoabyzNcZTdpqeVmhyQM9cRE= Received: from AM0PR02MB5553.eurprd02.prod.outlook.com (10.255.30.78) by AM0PR02MB5170.eurprd02.prod.outlook.com (20.178.22.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.14; Mon, 23 Dec 2019 14:04:36 +0000 Received: from AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d]) by AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d%4]) with mapi id 15.20.2559.017; Mon, 23 Dec 2019 14:04:36 +0000 From: Alexandru Stefan ISAILA To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH V6 2/4] x86/altp2m: Add hypercall to set a range of sve bits Thread-Index: AQHVuZnoQDql7d7Su0+P124sSAtk3w== Date: Mon, 23 Dec 2019 14:04:36 +0000 Message-ID: <20191223140409.32449-2-aisaila@bitdefender.com> References: <20191223140409.32449-1-aisaila@bitdefender.com> In-Reply-To: <20191223140409.32449-1-aisaila@bitdefender.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR05CA0156.eurprd05.prod.outlook.com (2603:10a6:207:3::34) To AM0PR02MB5553.eurprd02.prod.outlook.com (2603:10a6:208:160::14) authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@bitdefender.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [91.199.104.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c5d89507-ec1a-41e2-d8bd-08d787b10afe x-ms-traffictypediagnostic: AM0PR02MB5170:|AM0PR02MB5170:|AM0PR02MB5170: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:529; x-forefront-prvs: 0260457E99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(136003)(366004)(396003)(39860400002)(189003)(199004)(81156014)(107886003)(8676002)(81166006)(6506007)(66446008)(64756008)(66476007)(66556008)(66946007)(7416002)(186003)(26005)(478600001)(8936002)(36756003)(4326008)(71200400001)(2616005)(2906002)(1076003)(6512007)(86362001)(5660300002)(54906003)(316002)(6486002)(52116002)(6916009); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR02MB5170; H:AM0PR02MB5553.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bitdefender.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FERPRYRenWQgQVj0VBA++Kom0XSTuS8hKCRFibtPr5YGtyhNUDP+14F5nM0tFxlDqgwsTd0Xr6iKfWLSHHVTupmVYTc4QQfsfyxQiwH+6+a5UquKy/16Qg6NVSsWrgJ8Z/u41KWEkSvVTF9ornV2L663Bl5jgRwJ88PNJ/xXlT1HIeHtvs8YVAm5TuzvoefLv5xpW6xheJG0OkIUbJcmpgyC9aZwZV7BjodFrcOAGjn7RqVh8SjpvK8M1ZOc973EZnM6cpujinYr/eDvpAibGdH4Ija8LGQb9mcJntJdMQkeH4Tc5cwwPusGqFn7reyYNpGV0+etuel+EMDLjQYuu2LKkXPPQfZoNPYDj0R4drCQV7OT0xEXtKvAcw2uYiABJn7TtztBKd0mUYOW2g9+4PrhEoQJ3lxeuGE57Ab5D/wffch7XjI8toqZ0qaNP+gO Content-ID: MIME-Version: 1.0 X-OriginatorOrg: bitdefender.com X-MS-Exchange-CrossTenant-Network-Message-Id: c5d89507-ec1a-41e2-d8bd-08d787b10afe X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Dec 2019 14:04:36.1548 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 487baf29-f1da-469a-9221-243f830c36f3 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iwAy/5lXlmpU5w99NQ7rk9vEPDAHf9p9Ho97MyiNVOUat9tkJv5zM+rCrjcKoC+c3IWKD9QNSevoJvLTzsRlbWMSjtM/FJBHMqFrphhmglo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR02MB5170 Subject: [Xen-devel] [PATCH V6 2/4] x86/altp2m: Add hypercall to set a range of sve bits X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Petre Ovidiu PIRCALABU , Stefano Stabellini , Julien Grall , Razvan COJOCARU , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Tamas K Lengyel , Jan Beulich , Alexandru Stefan ISAILA , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" By default the sve bits are not set. This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(), to set a range of sve bits. The core function, p2m_set_suppress_ve_multi(), does not brake in case of a error and it is doing a best effort for setting the bits in the given range. A check for continuation is made in order to have preemption on big ranges. The gfn of the first error is stored in xen_hvm_altp2m_suppress_ve_multi.first_error and the error code is stored in xen_hvm_altp2m_suppress_ve_multi.first_error_code. If no error occurred the values will be 0. Signed-off-by: Alexandru Isaila Acked-by: Jan Beulich --- CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: George Dunlap CC: Jan Beulich CC: Julien Grall CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: "Roger Pau Monné" CC: George Dunlap CC: Razvan Cojocaru CC: Tamas K Lengyel CC: Petre Pircalabu --- Changes since V5: - Change first_error_code to first_error and first_error to first_error_gfn - Update the requested comments. --- tools/libxc/include/xenctrl.h | 4 +++ tools/libxc/xc_altp2m.c | 33 +++++++++++++++++ xen/arch/x86/hvm/hvm.c | 20 +++++++++++ xen/arch/x86/mm/p2m.c | 64 +++++++++++++++++++++++++++++++++ xen/include/public/hvm/hvm_op.h | 13 +++++++ xen/include/xen/mem_access.h | 3 ++ 6 files changed, 137 insertions(+) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 75f191ae3a..cc4eb1e3d3 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1923,6 +1923,10 @@ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid, uint16_t view_id); int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid, uint16_t view_id, xen_pfn_t gfn, bool sve); +int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid, + uint16_t view_id, xen_pfn_t first_gfn, + xen_pfn_t last_gfn, bool sve, + xen_pfn_t *error_gfn, int32_t *error_code); int xc_altp2m_get_suppress_ve(xc_interface *handle, uint32_t domid, uint16_t view_id, xen_pfn_t gfn, bool *sve); int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid, diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c index 09dad0355e..46fb725806 100644 --- a/tools/libxc/xc_altp2m.c +++ b/tools/libxc/xc_altp2m.c @@ -234,6 +234,39 @@ int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid, return rc; } +int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid, + uint16_t view_id, xen_pfn_t first_gfn, + xen_pfn_t last_gfn, bool sve, + xen_pfn_t *error_gfn, int32_t *error_code) +{ + int rc; + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg); + + arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION; + arg->cmd = HVMOP_altp2m_set_suppress_ve_multi; + arg->domain = domid; + arg->u.suppress_ve_multi.view = view_id; + arg->u.suppress_ve_multi.first_gfn = first_gfn; + arg->u.suppress_ve_multi.last_gfn = last_gfn; + arg->u.suppress_ve_multi.suppress_ve = sve; + + rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m, + HYPERCALL_BUFFER_AS_ARG(arg)); + + if ( arg->u.suppress_ve_multi.first_error ) + { + *error_gfn = arg->u.suppress_ve_multi.first_error_gfn; + *error_code = arg->u.suppress_ve_multi.first_error; + } + + xc_hypercall_buffer_free(handle, arg); + return rc; +} + int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4dfaf35566..4db15768d4 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4526,6 +4526,7 @@ static int do_altp2m_op( case HVMOP_altp2m_destroy_p2m: case HVMOP_altp2m_switch_p2m: case HVMOP_altp2m_set_suppress_ve: + case HVMOP_altp2m_set_suppress_ve_multi: case HVMOP_altp2m_get_suppress_ve: case HVMOP_altp2m_set_mem_access: case HVMOP_altp2m_set_mem_access_multi: @@ -4684,6 +4685,25 @@ static int do_altp2m_op( } break; + case HVMOP_altp2m_set_suppress_ve_multi: + { + uint64_t max_phys_addr = (1UL << d->arch.cpuid->extd.maxphysaddr) - 1; + + a.u.suppress_ve_multi.last_gfn = min(a.u.suppress_ve_multi.last_gfn, + max_phys_addr); + + if ( a.u.suppress_ve_multi.pad1 || + a.u.suppress_ve_multi.first_gfn > a.u.suppress_ve_multi.last_gfn ) + rc = -EINVAL; + else + { + rc = p2m_set_suppress_ve_multi(d, &a.u.suppress_ve_multi); + if ( (!rc || rc == -ERESTART) && __copy_to_guest(arg, &a, 1) ) + rc = -EFAULT; + } + break; + } + case HVMOP_altp2m_get_suppress_ve: if ( a.u.suppress_ve.pad1 || a.u.suppress_ve.pad2 ) rc = -EINVAL; diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4fc919a9c5..de832dcc6d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -3070,6 +3070,70 @@ out: return rc; } +/* + * Set/clear the #VE suppress bit for multiple pages. Only available on VMX. + */ +int p2m_set_suppress_ve_multi(struct domain *d, + struct xen_hvm_altp2m_suppress_ve_multi *sve) +{ + struct p2m_domain *host_p2m = p2m_get_hostp2m(d); + struct p2m_domain *ap2m = NULL; + struct p2m_domain *p2m = host_p2m; + uint64_t start = sve->first_gfn; + int rc = 0; + + if ( sve->view > 0 ) + { + if ( sve->view >= MAX_ALTP2M || + d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_ALTP2M)] == + mfn_x(INVALID_MFN) ) + return -EINVAL; + + p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(sve->view, + MAX_ALTP2M)]; + } + + p2m_lock(host_p2m); + + if ( ap2m ) + p2m_lock(ap2m); + + while ( sve->last_gfn >= start ) + { + p2m_access_t a; + p2m_type_t t; + mfn_t mfn; + int err = 0; + + if ( altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a, AP2MGET_query) ) + a = p2m->default_access; + + if ( (err = p2m->set_entry(p2m, _gfn(start), mfn, PAGE_ORDER_4K, t, a, + sve->suppress_ve)) && + !sve->first_error) + { + sve->first_error_gfn = start; /* Save the gfn of the first error */ + sve->first_error = err; /* Save the first error code */ + } + + /* Check for continuation if it's not the last iteration. */ + if ( sve->last_gfn >= ++start && hypercall_preempt_check() ) + { + rc = -ERESTART; + break; + } + } + + sve->first_gfn = start; + + if ( ap2m ) + p2m_unlock(ap2m); + + p2m_unlock(host_p2m); + + return rc; +} + int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve, unsigned int altp2m_idx) { diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 353f8034d9..1f049cfa2e 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -46,6 +46,16 @@ struct xen_hvm_altp2m_suppress_ve { uint64_t gfn; }; +struct xen_hvm_altp2m_suppress_ve_multi { + uint16_t view; + uint8_t suppress_ve; /* Boolean type. */ + uint8_t pad1; + int32_t first_error; /* Should be set to 0 . */ + uint64_t first_gfn; /* Value may be updated */ + uint64_t last_gfn; + uint64_t first_error_gfn; /* Gfn of the first error. */ +}; + #if __XEN_INTERFACE_VERSION__ < 0x00040900 /* Set the logical level of one of a domain's PCI INTx wires. */ @@ -339,6 +349,8 @@ struct xen_hvm_altp2m_op { #define HVMOP_altp2m_vcpu_disable_notify 13 /* Get the active vcpu p2m index */ #define HVMOP_altp2m_get_p2m_idx 14 +/* Set the "Supress #VE" bit for a range of pages */ +#define HVMOP_altp2m_set_suppress_ve_multi 15 domid_t domain; uint16_t pad1; uint32_t pad2; @@ -353,6 +365,7 @@ struct xen_hvm_altp2m_op { struct xen_hvm_altp2m_change_gfn change_gfn; struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi; struct xen_hvm_altp2m_suppress_ve suppress_ve; + struct xen_hvm_altp2m_suppress_ve_multi suppress_ve_multi; struct xen_hvm_altp2m_vcpu_disable_notify disable_notify; struct xen_hvm_altp2m_get_vcpu_p2m_idx get_vcpu_p2m_idx; uint8_t pad[64]; diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h index e4d24502e0..00e594a0ad 100644 --- a/xen/include/xen/mem_access.h +++ b/xen/include/xen/mem_access.h @@ -75,6 +75,9 @@ long p2m_set_mem_access_multi(struct domain *d, int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, unsigned int altp2m_idx); +int p2m_set_suppress_ve_multi(struct domain *d, + struct xen_hvm_altp2m_suppress_ve_multi *suppress_ve); + int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve, unsigned int altp2m_idx); From patchwork Mon Dec 23 14:04:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexandru Stefan ISAILA X-Patchwork-Id: 11308265 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 53776109A for ; Mon, 23 Dec 2019 14:07:01 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 238F720709 for ; Mon, 23 Dec 2019 14:07:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=bitdefender.onmicrosoft.com header.i=@bitdefender.onmicrosoft.com header.b="N9fxJ5R6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 238F720709 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bitdefender.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOKK-0008WC-89; Mon, 23 Dec 2019 14:04:52 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ijOKJ-0008W1-34 for xen-devel@lists.xenproject.org; Mon, 23 Dec 2019 14:04:51 +0000 X-Inumbo-ID: 29fa07d6-258d-11ea-96db-12813bfff9fa Received: from EUR04-DB3-obe.outbound.protection.outlook.com (unknown [40.107.6.127]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 29fa07d6-258d-11ea-96db-12813bfff9fa; Mon, 23 Dec 2019 14:04:41 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IKL5RaVD/X7U1NOY5NzLMUN0SVJDeqSOsLElFHbE8OP1s8d6d3E5RW2Fxzhq9y3LuqXdHkVIbaVCohCsXDg7p91ZlalUPZqYhQ3CP7iuOCvbFmIFMWvkJujj0pxqa7UVRU7ibbJJGKG9xnNMRioT2apfSehJUl8J7C6tAmeSxxcnHZD/6VOmWqrAFJxRIY2bc6sY8rWpsa7Tv0ytRVKGDAKLvcDCyjgs8Eqfg3RUkDmsItibCq/skaDQBzUBtlSjBXFIShfdptZU4Y4W8JHhwLn79lntXETZSAH0ls7c/QNotMIzxfps5dEyHXMPL2K+T/RrEDaW7dneyql3nK6wag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=STJYkzHuMQOjPi1eSto3WGMYA2euyZCZoPrMmlF2HJE=; b=gWuxq0WJY+S4vI5OBFzFTjezrEymp+HY4KE9L7J6OK+RA/uU9SMwwohhtGXiEkVRrvQBRdfa4aNLeuCb4Yf1pLahSj31MPd1OIQHmavCeqnbMRj8U1bVANOKJE/r46DEsz0c3l3i5frGvqdEAPEDZPWbCrj+P6LolxZQ4egyiiumUddPV6MU0cYjPPuO14vbj4WV9rjbE1XG9fas9kio7EhVMQkiY6TWk9IFHmf8wLVgKUuVarnoZAv9DJGZ6dnUpSn1eSCqvBkVnAjcyihQkzve9cNVVqybyieK5pM8nV7VKX01oNyjNtGF2J/O6PDBEwOhsAbsFUJhG9dnDkfaBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitdefender.onmicrosoft.com; s=selector2-bitdefender-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=STJYkzHuMQOjPi1eSto3WGMYA2euyZCZoPrMmlF2HJE=; b=N9fxJ5R6LCIml95COO/owF26V5E/tOPejFMi5ZlZvStwSy8Ap0KzC4PzI3X/4Dt6+wova3lpIO/BRfBw9xOdJSMbUrdEWnBNhR3FnYsAYHDFXq6ncFNG39brb+8YAz0AfpwKpn1Fo5jtPn8rAY/IuE4huVlkTLp9EzcMJgvNAj4= Received: from AM0PR02MB5553.eurprd02.prod.outlook.com (10.255.30.78) by AM0PR02MB4964.eurprd02.prod.outlook.com (20.178.22.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.20; Mon, 23 Dec 2019 14:04:40 +0000 Received: from AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d]) by AM0PR02MB5553.eurprd02.prod.outlook.com ([fe80::8cec:7638:734c:89d%4]) with mapi id 15.20.2559.017; Mon, 23 Dec 2019 14:04:40 +0000 From: Alexandru Stefan ISAILA To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH V6 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Thread-Index: AQHVuZnrNlPztLTziE+Y8R0jH4JRdA== Date: Mon, 23 Dec 2019 14:04:40 +0000 Message-ID: <20191223140409.32449-4-aisaila@bitdefender.com> References: <20191223140409.32449-1-aisaila@bitdefender.com> In-Reply-To: <20191223140409.32449-1-aisaila@bitdefender.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR05CA0156.eurprd05.prod.outlook.com (2603:10a6:207:3::34) To AM0PR02MB5553.eurprd02.prod.outlook.com (2603:10a6:208:160::14) authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@bitdefender.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [91.199.104.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1c30d5d9-1cc1-4310-0df0-08d787b10d64 x-ms-traffictypediagnostic: AM0PR02MB4964:|AM0PR02MB4964:|AM0PR02MB4964: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2582; x-forefront-prvs: 0260457E99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(136003)(376002)(39860400002)(346002)(199004)(189003)(66446008)(186003)(66476007)(6506007)(26005)(64756008)(2906002)(1076003)(478600001)(2616005)(52116002)(66946007)(66556008)(5660300002)(316002)(6916009)(8936002)(4326008)(81156014)(54906003)(81166006)(6512007)(71200400001)(36756003)(86362001)(7416002)(8676002)(6486002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR02MB4964; H:AM0PR02MB5553.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bitdefender.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 10x6jv41fLqsFywQ0Ir6IPhijlkxYe46NAR3T9LIVP1Lr9BEYXCz+aFMeiXwB0ld0ZMwQ3oOAZiAw19bV3ujPMNeXKgFBkHtyW2H3te1+2vNmLBRkYVkrlOj2vcx0UshDDpPlJHUamPEkcYDOZ6TTDrHzJXH/2jDNhKwtmGwy/HRonJ8S1t29SxdV8uC4celQZ0nh/yqQsWVVijoWUmGb5rng0iPkLdOZ4FggMmjxqnYvnmC9tWBLp+7LQzTZmSaH1dXv0q2bLsrDi5obZ6YCZs28qUZ4MkIAhBqttTKQRAJattuZBZGPCHWbuo2BMpyBQtlyL1RS+nxq3DbKkrNpaYnaocLZhtNxrHi2QnyI9JkEE1LctfeE0pBhWsOQi+0tIrPo+oz/qwnGduMjj22/RSGxQewfnrzxhTSIbpuFEnK2du/Fz1xLfm11cApFEl0 Content-ID: MIME-Version: 1.0 X-OriginatorOrg: bitdefender.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1c30d5d9-1cc1-4310-0df0-08d787b10d64 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Dec 2019 14:04:40.2165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 487baf29-f1da-469a-9221-243f830c36f3 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +a2NATqpxF5ge9HBanGu6occVQNxeBcRhaEaCxmH7PaV8OLI6ZtlTArca4T23uhI81kCVL1abrbkbdbIDykWlZpV7bhydWw9qblGgGJ0RIE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR02MB4964 Subject: [Xen-devel] [PATCH V6 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Petre Ovidiu PIRCALABU , Stefano Stabellini , Julien Grall , Razvan COJOCARU , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Tamas K Lengyel , Jan Beulich , Alexandru Stefan ISAILA , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" At this moment the default_access param from xc_altp2m_create_view is not used. This patch assigns default_access to p2m->default_access at the time of initializing a new altp2m view. Signed-off-by: Alexandru Isaila --- CC: Jan Beulich CC: Andrew Cooper CC: Wei Liu CC: "Roger Pau Monné" CC: George Dunlap CC: Ian Jackson CC: Julien Grall CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Razvan Cojocaru CC: Tamas K Lengyel CC: Petre Pircalabu CC: George Dunlap --- Changes since V4: - Add const struct p2m_domain *p2m to xenmem_access_to_p2m_access() - Pull xenmem_access_to_p2m_access() out of the locked area - Add a check for NULL p2m in xenmem_access_to_p2m_access(). --- xen/arch/x86/hvm/hvm.c | 3 ++- xen/arch/x86/mm/mem_access.c | 11 +++++++---- xen/arch/x86/mm/p2m.c | 21 ++++++++++++++++----- xen/include/asm-x86/p2m.h | 3 ++- xen/include/public/hvm/hvm_op.h | 2 -- xen/include/xen/mem_access.h | 4 ++++ 6 files changed, 31 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4db15768d4..678faa4b14 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4660,7 +4660,8 @@ static int do_altp2m_op( } case HVMOP_altp2m_create_p2m: - if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view)) ) + if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view, + a.u.view.hvmmem_default_access)) ) rc = __copy_to_guest(arg, &a, 1) ? -EFAULT : 0; break; diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index a95a50bcae..80de6c2c65 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -314,9 +314,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m, return rc; } -static bool xenmem_access_to_p2m_access(struct p2m_domain *p2m, - xenmem_access_t xaccess, - p2m_access_t *paccess) +bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m, + xenmem_access_t xaccess, + p2m_access_t *paccess) { static const p2m_access_t memaccess[] = { #define ACCESS(ac) [XENMEM_access_##ac] = p2m_access_##ac @@ -340,7 +340,10 @@ static bool xenmem_access_to_p2m_access(struct p2m_domain *p2m, *paccess = memaccess[xaccess]; break; case XENMEM_access_default: - *paccess = p2m->default_access; + if ( !p2m ) + *paccess = p2m_access_rwx; + else + *paccess = p2m->default_access; break; default: return false; diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 5b99d1eb97..926438ed64 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -25,6 +25,7 @@ #include /* copy_from_guest() */ #include +#include #include #include #include @@ -2536,7 +2537,8 @@ void p2m_flush_altp2m(struct domain *d) altp2m_list_unlock(d); } -static int p2m_activate_altp2m(struct domain *d, unsigned int idx) +static int p2m_activate_altp2m(struct domain *d, unsigned int idx, + p2m_access_t hvmmem_default_access) { struct p2m_domain *hostp2m, *p2m; int rc; @@ -2562,7 +2564,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx) goto out; } - p2m->default_access = hostp2m->default_access; + p2m->default_access = hvmmem_default_access; p2m->domain = hostp2m->domain; p2m->global_logdirty = hostp2m->global_logdirty; p2m->min_remapped_gfn = gfn_x(INVALID_GFN); @@ -2579,6 +2581,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx) int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx) { int rc = -EINVAL; + struct p2m_domain *hostp2m = p2m_get_hostp2m(d); if ( idx >= MAX_ALTP2M ) return rc; @@ -2588,16 +2591,23 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx) altp2m_list_lock(d); if ( d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) ) - rc = p2m_activate_altp2m(d, idx); + rc = p2m_activate_altp2m(d, idx, hostp2m->default_access); altp2m_list_unlock(d); return rc; } -int p2m_init_next_altp2m(struct domain *d, uint16_t *idx) +int p2m_init_next_altp2m(struct domain *d, uint16_t *idx, + xenmem_access_t hvmmem_default_access) { int rc = -EINVAL; unsigned int i; + p2m_access_t a; + struct p2m_domain *p2m; + + if ( hvmmem_default_access > XENMEM_access_default || + !xenmem_access_to_p2m_access(NULL, hvmmem_default_access, &a) ) + return rc; altp2m_list_lock(d); @@ -2606,7 +2616,8 @@ int p2m_init_next_altp2m(struct domain *d, uint16_t *idx) if ( d->arch.altp2m_eptp[i] != mfn_x(INVALID_MFN) ) continue; - rc = p2m_activate_altp2m(d, i); + p2m = d->arch.altp2m_p2m[i]; + rc = p2m_activate_altp2m(d, i, a); if ( !rc ) *idx = i; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 94285db1b4..ac2d2787f4 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -884,7 +884,8 @@ bool p2m_altp2m_get_or_propagate(struct p2m_domain *ap2m, unsigned long gfn_l, int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx); /* Find an available alternate p2m and make it valid */ -int p2m_init_next_altp2m(struct domain *d, uint16_t *idx); +int p2m_init_next_altp2m(struct domain *d, uint16_t *idx, + xenmem_access_t hvmmem_default_access); /* Make a specific alternate p2m invalid */ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx); diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 1f049cfa2e..bb98abec88 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -251,8 +251,6 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_vcpu_disable_notify_t); struct xen_hvm_altp2m_view { /* IN/OUT variable */ uint16_t view; - /* Create view only: default access type - * NOTE: currently ignored */ uint16_t hvmmem_default_access; /* xenmem_access_t */ }; typedef struct xen_hvm_altp2m_view xen_hvm_altp2m_view_t; diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h index 00e594a0ad..5d53fb8ce4 100644 --- a/xen/include/xen/mem_access.h +++ b/xen/include/xen/mem_access.h @@ -58,6 +58,10 @@ typedef enum { /* NOTE: Assumed to be only 4 bits right now on x86. */ } p2m_access_t; +bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m, + xenmem_access_t xaccess, + p2m_access_t *paccess); + /* * Set access type for a region of gfns. * If gfn == INVALID_GFN, sets the default access type.