WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] GNTTAB_copy

> This patch is required even for a "copy via grant reference" mechanism. 
> Patch contains changes to support both gmfn and gref copies.
I'd guess you're referring to this hunk?

> *** /home/vduvvuru/xen-3.3.0/xen/common/grant_table.c 2008-12-19 
> 19:41:28.000000000 +0530
> --- xen/common/grant_table.c  2009-02-02 21:38:23.000000000 +0530
> ***************
> *** 1300,1313 ****
>           for ( ; ; )
>           {
>               /* If not already pinned, check the grant domid and type. */
> !             if ( !act->pin &&
>                    (((scombo.shorts.flags & GTF_type_mask) !=
>                      GTF_permit_access) ||
>                     (scombo.shorts.domid != current->domain->domain_id)) )
>                    PIN_FAIL(unlock_out, GNTST_general_error,
>                             "Bad flags (%x) or dom (%d). (expected dom %d)\n",
>                             scombo.shorts.flags, scombo.shorts.domid,
>                             current->domain->domain_id);
>   
>               new_scombo = scombo;
>               new_scombo.shorts.flags |= GTF_reading;
> --- 1301,1317 ----
>           for ( ; ; )
>           {
>               /* If not already pinned, check the grant domid and type. */
> ! /*            if ( !act->pin &&
>                    (((scombo.shorts.flags & GTF_type_mask) !=
>                      GTF_permit_access) ||
>                     (scombo.shorts.domid != current->domain->domain_id)) )
> + {
> +     gdprintk(XENLOG_INFO, "Grant entry Info \n Domid=%d, Flags=%d, 
> Frame=%d\n",sha->domid,sha->flags,sha->frame);
>                    PIN_FAIL(unlock_out, GNTST_general_error,
>                             "Bad flags (%x) or dom (%d). (expected dom %d)\n",
>                             scombo.shorts.flags, scombo.shorts.domid,
>                             current->domain->domain_id);
> + }*/
>   
>               new_scombo = scombo;
>               new_scombo.shorts.flags |= GTF_reading;
This effectively turns off access checking on grant references used in
a copy operation, so that any domain is able to access any grant
reference, regardless of who the granting domain originally granted
access to.  That's obviously not ideal from a security point of view.

Are you sure you're setting up the grants correctly, and granting
access to the right domain?

Steven.


> -----Original Message-----
> From: Steven Smith [mailto:steven.smith@xxxxxxxxxx] 
> Sent: Thursday, February 05, 2009 4:38 PM
> To: Kumar, Venkat
> Cc: Steven Smith; xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] GNTTAB_copy
> 
> 
> > Please find the patches attached with this email.
> > 
> > The changes you are interested are in grant_table.patch
> Ah, okay.  It looks from the patch as if you're using the grant copy
> hypercall to do direct MFN-to-MFN copies across a domain boundary,
> without any actual grant references getting in the way.  Is that
> correct?  If so, you may want to re-think your design; grant
> references are Xen's principle access control mechanism for memory,
> and if you're not using them then it's likely to be difficult to make
> your design suitably secure.
> 
> (Of course, if this is just a research prototype, you may decide you
> don't care about such things, in which case best of luck to you.)
> 
> Steven.
> 
> 
> > -----Original Message-----
> > From: Steven Smith [mailto:steven.smith@xxxxxxxxxx]
> > Sent: Thursday, February 05, 2009 4:13 PM
> > To: Kumar, Venkat
> > Cc: Steven Smith; xen-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Xen-devel] GNTTAB_copy
> > 
> > 
> > 
> > > Atlast it worked out. I had to make some changes in Xen (it wasn't
> > 
> > > allowing a copy across domains) to make it work apart from the patch
> > 
> > > you sent.
> > 
> > That's odd.  Would you mind sending me your patch, please, so that I
> > 
> > can see what's wrong with the existing implementation?
> > 
> > 
> > 
> > Steven.
> > 
> > 
> > 
> > 
> > 
> > > -----Original Message-----
> > 
> > > From: Steven Smith [mailto:steven.smith@xxxxxxxxxx]
> > 
> > > Sent: Friday, January 30, 2009 10:04 PM
> > 
> > > To: Kumar, Venkat
> > 
> > > Cc: Steven Smith; xen-devel@xxxxxxxxxxxxxxxxxxx
> > 
> > > Subject: Re: [Xen-devel] GNTTAB_copy
> > 
> > >
> > 
> > > > Steve,
> > 
> > > >
> > 
> > > > I have ported the GNTTAB_copy part from netchannel2 xen-unstable to 
> > > > xen-unstable. But the hypercall is failing with a status -1.
> > 
> > > >
> > 
> > > > xm dmesg says
> > 
> > > > ===========================================
> > 
> > > > Bad flags (0) or dom (0). (expected dom 9)
> > 
> > > > ===========================================
> > 
> > > Okay, so Xen started processing the grant table operation, but found
> > 
> > > that the grant entry in the granting domain's grant table was bad
> > 
> > > (because it was full of zeroes).  That probably indicates that it was
> > 
> > > accessing completely the wrong gref.
> > 
> > >
> > 
> > > > I am granting the page with a flag ( GTF_reading | GTF_writing & 
> > > > GTF_permit_access ) but still it did not work.
> > 
> > > >
> > 
> > > > What could be wrong here?
> > 
> > > I'm not sure.  I'd suggest you put some printks in your guests (both
> > 
> > > the granting one and the HVM one) to make sure that they agree on the
> > 
> > > grant reference number, and some in Xen to make sure that it's reading
> > 
> > > the hypercall arguments correctly.
> > 
> > >
> > 
> > > Steven.
> > 
> > >
> > 
> > >
> > 
> > > > -----Original Message-----
> > 
> > > > From: Steven Smith [mailto:steven.smith@xxxxxxxxxx]
> > 
> > > > Sent: Friday, January 30, 2009 4:52 PM
> > 
> > > > To: Kumar, Venkat
> > 
> > > > Cc: Steven Smith; xen-devel@xxxxxxxxxxxxxxxxxxx
> > 
> > > > Subject: Re: [Xen-devel] GNTTAB_copy
> > 
> > > >
> > 
> > > > That's unfortunate; the repository works fine for me.
> > 
> > > >
> > 
> > > > There aren't any other ways of downloading the entire repository, but
> > 
> > > > the changes you need to make are pretty self-contained, so I've
> > 
> > > > attached the relevant cset.  You'll need to get rid of the
> > 
> > > > GNTTABOP_set_version bits, but apart from that it should all be fairly
> > 
> > > > obvious.
> > 
> > > >
> > 
> > > > Steven.
> > 
> > > >
> > 
> > > >
> > 
> > > > > Steven - Thanks for the pointer.
> > 
> > > > > I get an error while downloading the code.
> > 
> > > > >
> > 
> > > > > =======================================================================
> > 
> > > > > hg clone http://xenbits.xensource.com/ext/netchannel2/xen-unstable.hg
> > 
> > > > > destination directory: xen-unstable.hg
> > 
> > > > > requesting all changes
> > 
> > > > > adding changesets
> > 
> > > > > transaction abort!
> > 
> > > > > rollback completed
> > 
> > > > > abort: Connection reset by peer
> > 
> > > > > =======================================================================
> > 
> > > > >
> > 
> > > > > Do you know any alternate download?
> > 
> > > > >
> > 
> > > > > Venkat
> > 
> > > > >
> > 
> > > > > -----Original Message-----
> > 
> > > > > From: Steven Smith [mailto:steven.smith@xxxxxxxxxx]
> > 
> > > > > Sent: Friday, January 30, 2009 4:18 PM
> > 
> > > > > To: Kumar, Venkat
> > 
> > > > > Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> > 
> > > > > Subject: Re: [Xen-devel] GNTTAB_copy
> > 
> > > > >
> > 
> > > > > > Is GNTTAB_copy command in the Hypercall "HYPERVISOR_grant_table_op"
> > 
> > > > > > supported between two HVM's?
> > 
> > > > > It's not in xen-unstable, no, but it is if you use the netchannel2
> > 
> > > > > hypervisor (available from
> > 
> > > > > http://xenbits.xensource.com/ext/netchannel2/xen-unstable.hg).  It'd
> > 
> > > > > be pretty easy to cross-port, if you wanted to have a go at that.  The
> > 
> > > > > interesting cset is this one:
> > 
> > > > >
> > 
> > > > > changeset:   19112:ea4b9c439ac3
> > 
> > > > > user:        Steven Smith <steven.smith@xxxxxxxxxxxxx>
> > 
> > > > > date:        Thu Jan 22 09:53:12 2009 +0000
> > 
> > > > > files:       xen/arch/x86/hvm/hvm.c xen/include/xen/hypercall.h
> > 
> > > > > description:
> > 
> > > > > Allow GNTABOP_copy to be used from HVM domains.
> > 
> > > > >
> > 
> > > > > Steven.
> 
> 
> 
> 

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>