[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/3] x86/HVM: __hvm_copy() should not write to p2m_ioreq_server pages



> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: 13 November 2018 11:15
> To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Paul Durrant
> <Paul.Durrant@xxxxxxxxxx>
> Cc: Wei Liu <wei.liu2@xxxxxxxxxx>; xen-devel <xen-
> devel@xxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [PATCH 1/3] x86/HVM: __hvm_copy() should not write to
> p2m_ioreq_server pages
> 
> >>> On 13.11.18 at 12:08, <andrew.cooper3@xxxxxxxxxx> wrote:
> > On 13/11/2018 10:53, Paul Durrant wrote:
> >>> -----Original Message-----
> >>> From: Andrew Cooper
> >>> Sent: 13 November 2018 10:47
> >>> To: Jan Beulich <JBeulich@xxxxxxxx>; xen-devel <xen-
> >>> devel@xxxxxxxxxxxxxxxxxxxx>
> >>> Cc: Paul Durrant <Paul.Durrant@xxxxxxxxxx>; Wei Liu
> <wei.liu2@xxxxxxxxxx>
> >>> Subject: Re: [PATCH 1/3] x86/HVM: __hvm_copy() should not write to
> >>> p2m_ioreq_server pages
> >>>
> >>> On 13/11/18 10:13, Jan Beulich wrote:
> >>>> Commit 3bdec530a5 ("x86/HVM: split page straddling emulated accesses
> in
> >>>> more cases") introduced a hvm_copy_to_guest_linear() attempt before
> >>>> falling back to hvmemul_linear_mmio_write(). This is wrong for the
> >>>> p2m_ioreq_server special case. That change widened a pre-existing
> issue
> >>>> though: Other writes to such pages also need to be failed (or forced
> >>>> through emulation), in particular hypercall buffer writes.
> >>>>
> >>>> Reported-by: ??? <???@citrix.com>
> >>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >>>>
> >>>> --- a/xen/arch/x86/hvm/hvm.c
> >>>> +++ b/xen/arch/x86/hvm/hvm.c
> >>>> @@ -3202,6 +3202,12 @@ static enum hvm_translation_result __hvm
> >>>>          if ( res != HVMTRANS_okay )
> >>>>              return res;
> >>>>
> >>>> +        if ( (flags & HVMCOPY_to_guest) && p2mt == p2m_ioreq_server
> )
> >>> While this does address the issue, I'm concerned about hardcoding the
> >>> behaviour here.
> >>>
> >>> p2m_ioreq_server doesn't mean "I want shadowing properties". It has an
> >>> as-yet unspecified per-ioreq-client meaning.
> >>>
> >>> We either want to rename p2m_ioreq_server to something which indicates
> >>> its "allow-reads/emulate writes" behaviour, or design a way for the
> >>> ioreq client to specify the behaviour it wants.
> >>>
> >> The comment in the public header is:
> >>
> >> /*
> >>  * XEN_DMOP_map_mem_type_to_ioreq_server : map or unmap the IOREQ
> Server <id>
> >>  *                                      to specific memory type <type>
> >>  *                                      for specific accesses <flags>
> >>  *
> >>  * For now, flags only accept the value of
> XEN_DMOP_IOREQ_MEM_ACCESS_WRITE,
> >>  * which means only write operations are to be forwarded to an ioreq
> server.
> >>  * Support for the emulation of read operations can be added when an
> ioreq
> >>  * server has such requirement in future.
> >>  */
> >>
> >> ...so the write-intercept-only behaviour is baked in. Whilst I agree it
> > would be nice not to proliferate this, I don't think it needs addressing
> in
> > the short term.
> >
> > Lovely :(
> 
> Wasn't the rationale back then that we'd add further p2m types if we
> needed new distinct behavior (and in particular accept flags other than
> the single form currently accepted)?
> 

Yes, the idea was to have page-to-type map so that we could have dedicate types 
for each ioreq server and behaviour.

  Paul

> Jan
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.