[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 03/17] x86: split __copy_{from,to}_user() into "guest" and "unsafe" variants

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 9 Feb 2021 17:06:10 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=69J3HOQhUjTMGEkNOvJ1siyYj8g7/5aQXC6Co04pVF8=; b=C2m46v+u34T+nstL6F/2J1FD1fFP0tJgXYD+g+OjQWaYjCQlPFZn6Q3SWpxNZ89y6mvlWbb761qLmy7edbnzxwjlRpUYXaBT4Xas2gLu7O79wolcD04buEqV5sQSKMk1MZq9RmiIrJzDVVFxKDSsa369yyUuCTNWPRaYUtG87RtA1xpa2pIHcc0NpGZ1rD6dfQlYBk1aTZDGmtNLLCuyXMOFF08ctwuQOMNI9aFXGt5fmy3YBELHPAVbaJ2YTwjIsTef/y9aAFe4xALGul4dkorc/+z8ummXi6p9F2g+tvy+RC/sxWFkJ42AmfhN/fH1TqdzFE3Vme1CTv+IyeXB0A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SDC2duD4FcKi3L1gkRcCqXDUL3K3sc++P/pyUZwXuVJrzX6dtsbY9NjyDYNhpksyzHGVBRzGqpRi8/KBUIG4kkVbTAaynEeluTUVWRTM/2u6EAnqI4QVUplVgRPDosPDMdqiCISBl2YyTM1FeY+nS5MFtr9rfeDvzXEsXpa0EMk/fWMqPPE5dH7z2zlvBcY3rMB+62U6SUy1Jy4N6l8TjX8fp+rLmfq0RBWgGa9HEyvpKF1nEOLuUWa4j2i06/j8Fe0xmftdRQ9er6XKuZLjgFeWAEoSl+kwYRujuANovWcUFvHqiV0rW32bWTHuqnvBujerHiIScERX5J2etG90tw==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Tue, 09 Feb 2021 16:06:48 +0000
  • Ironport-sdr: YrnJxObSb9qn6D3kJ7/fwIxqLbO9c7ct+cyYxsCY4syHuGQy5tIktycwyqa9PF2RwNgpIdeS5S +JNrc/VLvFe+zBGNU0T1FGDaY9oaDUe/tUs1L1xDkerFAXkakAdSWpHdMpGINXoWfdrZWsDH7a jcxgLmiy5GaeWRumVyiQDr/Y4dKeLvZYaSWcaDUmejqaEnIrMIQQxB9WGJ78aO6X+jQE+YicEn TwOnMJm6M6fJeRB3xuOy75auY7TI+g/djLag0LqMS5TTJwGSgoP3FD2053FJ4+zqcu7OjArXRS BDg=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Jan 14, 2021 at 04:04:32PM +0100, Jan Beulich wrote:
> The "guest" variants are intended to work with (potentially) fully guest
> controlled addresses, while the "unsafe" variants are not. Subsequently
> we will want them to have different behavior, so as first step identify
> which one is which. For now, both groups of constructs alias one another.
> 
> Double underscore prefixes are retained only on
> __copy_{from,to}_guest_pv(), to allow still distinguishing them from
> their "checking" counterparts once they also get renamed (to
> copy_{from,to}_guest_pv()).
> 
> Add previously missing __user at some call sites.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> Instead of __copy_{from,to}_guest_pv(), perhaps name them just
> __copy_{from,to}_pv()?
> 
> --- a/xen/arch/x86/gdbstub.c
> +++ b/xen/arch/x86/gdbstub.c
> @@ -33,13 +33,13 @@ gdb_arch_signal_num(struct cpu_user_regs
>  unsigned int
>  gdb_arch_copy_from_user(void *dest, const void *src, unsigned len)
>  {
> -    return __copy_from_user(dest, src, len);
> +    return copy_from_unsafe(dest, src, len);
>  }
>  
>  unsigned int 
>  gdb_arch_copy_to_user(void *dest, const void *src, unsigned len)
>  {
> -    return __copy_to_user(dest, src, len);
> +    return copy_to_unsafe(dest, src, len);

I assume we need to use the unsafe variants here, because the input
addresses are fully controlled by gdb, and hence not suitable as
speculation vectors?

Also could point to addresses belonging to both Xen or the guest
address space AFAICT.

> --- a/xen/include/asm-x86/uaccess.h
> +++ b/xen/include/asm-x86/uaccess.h

At some point we should also rename this to pvaccess.h maybe?

> @@ -197,21 +197,20 @@ do {
>  #define get_guest_size get_unsafe_size
>  
>  /**
> - * __copy_to_user: - Copy a block of data into user space, with less checking
> - * @to:   Destination address, in user space.
> - * @from: Source address, in kernel space.
> + * __copy_to_guest_pv: - Copy a block of data into guest space, with less
> + *                       checking

I would have preferred pv to be a prefix rather than a suffix, but we
already have the hvm accessors using that nomenclature.

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.