From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>
Cc: Tim Deegan <tim@xen.org>, Keir Fraser <keir@xen.org>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 17/20] arch/x86: use XSM hooks for get_pg_owner access checks
Date: Tue, 11 Sep 2012 10:33:28 -0400 [thread overview]
Message-ID: <504F4BB8.7090601@tycho.nsa.gov> (raw)
In-Reply-To: <504F63D8020000780009AAB4@nat28.tlf.novell.com>
On 09/11/2012 10:16 AM, Jan Beulich wrote:
>>>> On 11.09.12 at 15:40, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> On 09/11/2012 03:55 AM, Jan Beulich wrote:
>>>>>> On 10.09.12 at 21:49, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>>>> --- a/xen/arch/x86/mm.c
>>>> +++ b/xen/arch/x86/mm.c
>>>> @@ -2882,11 +2882,6 @@ static struct domain *get_pg_owner(domid_t domid)
>>>> pg_owner = rcu_lock_domain(dom_io);
>>>> break;
>>>> case DOMID_XEN:
>>>> - if ( !IS_PRIV(curr) )
>>>> - {
>>>> - MEM_LOG("Cannot set foreign dom");
>>>> - break;
>>>> - }
>>>> pg_owner = rcu_lock_domain(dom_xen);
>>>> break;
>>>> default:
>>>> @@ -2895,12 +2890,6 @@ static struct domain *get_pg_owner(domid_t domid)
>>>> MEM_LOG("Unknown domain '%u'", domid);
>>>> break;
>>>> }
>>>> - if ( !IS_PRIV_FOR(curr, pg_owner) )
>>>> - {
>>>> - MEM_LOG("Cannot set foreign dom");
>>>> - rcu_unlock_domain(pg_owner);
>>>> - pg_owner = NULL;
>>>> - }
>>>> break;
>>>> }
>>>>
>>>> @@ -3008,6 +2997,13 @@ long do_mmuext_op(
>>>> goto out;
>>>> }
>>>>
>>>> + rc = xsm_mmuext_op(d, pg_owner);
>>>> + if ( rc )
>>>> + {
>>>> + rcu_unlock_domain(pg_owner);
>>>> + goto out;
>>>> + }
>>>> +
>>>
>>> While this part is fine, ...
>>>
>>>> for ( i = 0; i < count; i++ )
>>>> {
>>>> if ( hypercall_preempt_check() )
>>>> @@ -3483,11 +3479,6 @@ long do_mmu_update(
>>>> rc = -EINVAL;
>>>> goto out;
>>>> }
>>>> - if ( !IS_PRIV_FOR(d, pt_owner) )
>>>> - {
>>>> - rc = -ESRCH;
>>>> - goto out;
>>>> - }
>>>
>>> ... this one isn't (at least in conjunction with them all becoming
>>> indirect calls unconditionally) - you replace a single validation per
>>> set of requests with one validation per request.
>>
>> Is it still a problem if the check is inlined? If so, I could add an
>> additional XSM hook where the old IS_PRIV check was done, and make the
>> check inside the loop an inlined noop in the XSM-disabled case.
>
> It's not a problem for the inlined case I would say, but I do
> think that performance here matters even if XSM is enabled.
>
> Jan
>
That's a problem that should probably be addressed in a different patch,
since the current XSM hook is already implemented as one per request.
This is because it needs access to the page being mapped in order to check
for MMIO mappings. Since those are not the normal case, I think this could
be improved using a lazier hook - or by dropping the per-request XSM check,
because I think it might be re-implementing the existing mmio rangeset
checks, and should just rely on those.
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2012-09-11 14:33 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-10 19:48 [PATCH v2] Merge IS_PRIV checks into XSM hooks Daniel De Graaf
2012-09-10 19:48 ` [PATCH 01/20] xsm/flask: remove inherited class attributes Daniel De Graaf
2012-09-10 19:48 ` [PATCH 02/20] xsm/flask: remove unneeded create_sid field Daniel De Graaf
2012-09-10 19:48 ` [PATCH 03/20] xen: Add versions of rcu_lock_*_domain without IS_PRIV checks Daniel De Graaf
2012-09-10 19:48 ` [PATCH 04/20] xsm/flask: add domain relabel support Daniel De Graaf
2012-09-10 19:48 ` [PATCH 05/20] libxl: introduce XSM relabel on build Daniel De Graaf
2012-09-10 19:48 ` [PATCH 06/20] flask/policy: Add domain relabel example Daniel De Graaf
2012-09-10 19:49 ` [PATCH 07/20] arch/x86: add distinct XSM hooks for map/unmap Daniel De Graaf
2012-09-10 19:49 ` [PATCH 08/20] arch/x86: add missing XSM checks to XENPF_ commands Daniel De Graaf
2012-09-10 19:49 ` [PATCH 09/20] xsm/flask: Add checks on the domain performing the set_target operation Daniel De Graaf
2012-09-10 19:49 ` [PATCH 10/20] xsm: Add IS_PRIV checks to dummy XSM module Daniel De Graaf
2012-09-11 7:44 ` Jan Beulich
2012-09-11 13:24 ` Daniel De Graaf
2012-09-10 19:49 ` [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-09-11 7:29 ` Jan Beulich
2012-09-11 9:05 ` Ian Campbell
2012-09-11 13:33 ` Daniel De Graaf
2012-09-11 13:33 ` [PATCH] xen/console: Add domain ID to output if VERBOSE Daniel De Graaf
2012-09-11 14:23 ` Jan Beulich
2012-09-11 14:26 ` Ian Campbell
2012-09-11 14:10 ` [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-09-10 19:49 ` [PATCH 12/20] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists Daniel De Graaf
2012-09-11 7:36 ` Jan Beulich
2012-09-11 13:26 ` Daniel De Graaf
2012-09-11 14:15 ` Jan Beulich
2012-09-10 19:49 ` [PATCH 13/20] arch/x86: Add missing domctl and mem_sharing XSM hooks Daniel De Graaf
2012-09-10 19:49 ` [PATCH 14/20] tmem: Add access control check Daniel De Graaf
2012-09-11 7:40 ` Jan Beulich
2012-09-10 19:49 ` [PATCH 15/20] xsm: remove unneeded xsm_call macro Daniel De Graaf
2012-09-10 19:49 ` [PATCH 16/20] xsm/flask: add distinct SIDs for self/target access Daniel De Graaf
2012-09-10 19:49 ` [PATCH 17/20] arch/x86: use XSM hooks for get_pg_owner access checks Daniel De Graaf
2012-09-11 7:55 ` Jan Beulich
2012-09-11 13:40 ` Daniel De Graaf
2012-09-11 14:16 ` Jan Beulich
2012-09-11 14:33 ` Daniel De Graaf [this message]
2012-09-11 14:50 ` Jan Beulich
2012-09-10 19:49 ` [PATCH 18/20] xen: Add XSM hook for XENMEM_exchange Daniel De Graaf
2012-09-10 19:49 ` [PATCH 19/20] xen: remove rcu_lock_{remote_, }target_domain_by_id Daniel De Graaf
2012-09-11 7:59 ` Jan Beulich
2012-09-10 19:49 ` [PATCH 20/20] flask: add missing operations Daniel De Graaf
2012-09-10 20:51 ` [PATCH v2] Merge IS_PRIV checks into XSM hooks Keir Fraser
2012-09-10 21:10 ` Daniel De Graaf
2012-09-10 21:13 ` [PATCH 21/20] arch/arm: replace rcu_lock_target_domain_by_id with XSM Daniel De Graaf
2012-09-10 21:35 ` [PATCH v2] Merge IS_PRIV checks into XSM hooks Keir Fraser
2012-09-11 8:54 ` Ian Campbell
2012-09-11 13:49 ` Daniel De Graaf
2012-09-11 8:09 ` Jan Beulich
2012-09-11 13:21 ` Daniel De Graaf
2012-09-11 14:11 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=504F4BB8.7090601@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.