[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features

To: Julien Grall <julien@xxxxxxx>
From: Oleksandr <olekstysh@xxxxxxxxx>
Date: Mon, 17 Aug 2020 17:36:22 +0300
Cc: paul@xxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, 'Stefano Stabellini' <sstabellini@xxxxxxxxxx>, 'Wei Liu' <wl@xxxxxxx>, 'Andrew Cooper' <andrew.cooper3@xxxxxxxxxx>, 'Ian Jackson' <ian.jackson@xxxxxxxxxxxxx>, 'George Dunlap' <george.dunlap@xxxxxxxxxx>, 'Oleksandr Tyshchenko' <oleksandr_tyshchenko@xxxxxxxx>, 'Julien Grall' <julien.grall@xxxxxxx>, 'Jan Beulich' <jbeulich@xxxxxxxx>, 'Daniel De Graaf' <dgdegra@xxxxxxxxxxxxx>, 'Volodymyr Babchuk' <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Mon, 17 Aug 2020 14:36:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 15.08.20 20:56, Julien Grall wrote:

Hi Julien.

Hi,

On 04/08/2020 15:01, Julien Grall wrote:
On 04/08/2020 08:49, Paul Durrant wrote:
diff --git a/tools/libxc/xc_dom_arm.c b/tools/libxc/xc_dom_arm.c
index 931404c..b5fc066 100644
--- a/tools/libxc/xc_dom_arm.c
+++ b/tools/libxc/xc_dom_arm.c
@@ -26,11 +26,19 @@
  #include "xg_private.h"
  #include "xc_dom.h"

-#define NR_MAGIC_PAGES 4
+
  #define CONSOLE_PFN_OFFSET 0
  #define XENSTORE_PFN_OFFSET 1
  #define MEMACCESS_PFN_OFFSET 2
  #define VUART_PFN_OFFSET 3
+#define IOREQ_SERVER_PFN_OFFSET 4
+
+#define NR_IOREQ_SERVER_PAGES 8
+#define NR_MAGIC_PAGES (4 + NR_IOREQ_SERVER_PAGES)
+
+#define GUEST_MAGIC_BASE_PFN (GUEST_MAGIC_BASE >> XC_PAGE_SHIFT)
+
+#define special_pfn(x)  (GUEST_MAGIC_BASE_PFN + (x))
Why introduce 'magic pages' for Arm? It's quite a horrible hack thatwe have begun to do away with by adding resource mapping.
This would require us to mandate at least Linux 4.17 in a domain thatwill run an IOREQ server. If we don't mandate this, the minimumversion would be 4.10 where DM OP was introduced.
Because of XSA-300, we could technically not safely run an IOREQserver with existing Linux. So it is probably OK to enforce the useof the acquire interface.
One more thing. We are using atomic operations on the IOREQ pages. Asour implementation is based on LL/SC instructions so far, we havemitigation in place to prevent a domain DoS Xen. However, this relieson the page to be mapped in a single domain at the time.
AFAICT, with the legacy interface, the pages will be mapped in boththe target and the emulator. So this would defeat the mitigation wehave in place.
Because the legacy interface is relying on foreign mapping, the pagehas to be mapped in the target P2M. It might be possible to restrictthe access for the target by setting the p2m bits r, w to 0. Thiswould still allow the foreign mapping to work as we only check the p2mtype during mapping.
Anyway, I think we agreed that we want to avoid to introduce thelegacy interface. But I wanted to answer just for completeness andkeep a record of potential pitfalls with the legacy interface on Arm.

ok, the HVMOP plumbing on Arm will be dropped for non-RFC series. Itseems that xenforeignmemory_map_resource() does needed things. Ofcourse, the corresponding Linux patch to supportIOCTL_PRIVCMD_MMAP_RESOURCE was cherry-picked for that purpose (I amcurrently using v4.14).


Thank you.


--
Regards,

Oleksandr Tyshchenko

References:
- [RFC PATCH V1 00/12] IOREQ feature (+ virtio-mmio) on Arm
  - From: Oleksandr Tyshchenko
- [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
  - From: Oleksandr Tyshchenko
- RE: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
  - From: Paul Durrant
- Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
  - From: Julien Grall
- Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
  - From: Julien Grall

Prev by Date: Re: [PATCH] xen: Introduce cmpxchg64() and guest_cmpxchg64()
Next by Date: Re: [PATCH] xen/x86: irq: Avoid a TOCTOU race in pirq_spin_lock_irq_desc()
Previous by thread: Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
Next by thread: Re: [RFC PATCH V1 04/12] xen/arm: Introduce arch specific bits for IOREQ/DM features
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.