From: Alexandru Stefan ISAILA <aisaila@bitdefender.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Kevin Tian" <kevin.tian@intel.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Julien Grall" <julien@xen.org>, "Wei Liu" <wl@xen.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"George Dunlap" <George.Dunlap@eu.citrix.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Ian Jackson" <ian.jackson@eu.citrix.com>,
"Jun Nakajima" <jun.nakajima@intel.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility
Date: Thu, 20 Feb 2020 09:59:59 +0000 [thread overview]
Message-ID: <1b42e2e2-1559-9014-1022-e5d5bf65eaa6@bitdefender.com> (raw)
In-Reply-To: <6ec21fc9-a4fc-58b3-d823-8bdb291a22ac@suse.com>
On 19.02.2020 19:00, Jan Beulich wrote:
> On 19.02.2020 10:18, Alexandru Stefan ISAILA wrote:
>> @@ -4835,6 +4836,23 @@ static int do_altp2m_op(
>> break;
>> }
>>
>> + case HVMOP_altp2m_set_visibility:
>> + {
>> + uint16_t altp2m_idx = a.u.set_visibility.altp2m_idx;
>> +
>> + if ( a.u.set_visibility.pad )
>> + rc = -EINVAL;
>> + else if ( !altp2m_active(d) )
>> + rc = -EOPNOTSUPP;
>> + else if ( a.u.set_visibility.visible )
>> + d->arch.altp2m_working_eptp[altp2m_idx] =
>> + d->arch.altp2m_eptp[altp2m_idx];
>> + else
>> + d->arch.altp2m_working_eptp[altp2m_idx] =
>> + mfn_x(INVALID_MFN);
>
> Don't you need to bounds check the index before its use?
Unless we want a index out of bounds from the user. Sorry for not having
that, I will add a "altp2m_eptp[array_index_nospec(altp2m_idx,
MAX_EPTP)]" in place for the next version.
> And
> shouldn't you return an error also for in-range ones which
> aren't actually valid?
That is a good thing. Maybe -EINVAL could fit this?
And together with the bounds check it will end up something like this:
if ( !altp2m_idx < 0 || altp2m_idx >=
min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
mfn_x(INVALID_MFN) )
return -EINVAL;
And looking again, it could be coupled with the a.u.set_visibility.pad.
Thanks,
Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2020-02-20 10:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-19 9:18 [Xen-devel] [PATCH V3] x86/altp2m: Hypercall to set altp2m view visibility Alexandru Stefan ISAILA
2020-02-19 16:37 ` Tamas K Lengyel
2020-02-20 9:25 ` Alexandru Stefan ISAILA
2020-02-19 17:00 ` Jan Beulich
2020-02-20 9:59 ` Alexandru Stefan ISAILA [this message]
2020-02-20 10:23 ` Jan Beulich
2020-02-20 12:21 ` George Dunlap
2020-02-20 12:51 ` Alexandru Stefan ISAILA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b42e2e2-1559-9014-1022-e5d5bf65eaa6@bitdefender.com \
--to=aisaila@bitdefender.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=konrad.wilk@oracle.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.