From: Arianna Avanzini <avanzini.arianna@gmail.com>
To: Julien Grall <julien.grall@linaro.org>
Cc: paolo.valente@unimore.it, stefano.stabellini@eu.citrix.com,
dario.faggioli@citrix.com, Ian.Jackson@eu.citrix.com,
xen-devel@lists.xen.org, Ian.Campbell@eu.citrix.com,
etrudeau@broadcom.com, viktor.kleinik@globallogic.com
Subject: Re: [RFC PATCH v2 2/3] arch, arm: add the XEN_DOMCTL_memory_mapping hypercall
Date: Tue, 11 Mar 2014 02:20:34 +0100 [thread overview]
Message-ID: <531E64E2.1000500@gmail.com> (raw)
In-Reply-To: <531DAA19.40405@linaro.org>
On 03/10/2014 01:03 PM, Julien Grall wrote:
> Hello Arianna,
>
> On 03/10/2014 08:25 AM, Arianna Avanzini wrote:
>> This commit introduces a first attempt of implementation of the
>> XEN_DOMCTL_memory_mapping hypercall for ARM. The range of I/O
>> memory addresses is mapped all at once with map_mmio_regions().
>>
>> Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>
>> Cc: Dario Faggioli <dario.faggioli@citrix.com>
>> Cc: Paolo Valente <paolo.valente@unimore.it>
>> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>> Cc: Julien Grall <julien.grall@citrix.com>
>> Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>
>> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
>> Cc: Eric Trudeau <etrudeau@broadcom.com>
>> Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
>> ---
>> xen/arch/arm/domctl.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++
>> xen/arch/arm/p2m.c | 9 +++++++
>> xen/include/asm-arm/p2m.h | 2 ++
>> 3 files changed, 80 insertions(+)
>>
>> diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
>> index 45974e7..078b165 100644
>> --- a/xen/arch/arm/domctl.c
>> +++ b/xen/arch/arm/domctl.c
>> @@ -10,6 +10,7 @@
>> #include <xen/errno.h>
>> #include <xen/sched.h>
>> #include <xen/hypercall.h>
>> +#include <xen/iocap.h>
>> #include <public/domctl.h>
>>
>> long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
>> @@ -30,7 +31,75 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
>>
>> return p2m_cache_flush(d, s, e);
>> }
>> + case XEN_DOMCTL_memory_mapping:
>> + {
>> + unsigned long gfn = domctl->u.memory_mapping.first_gfn;
>> + unsigned long mfn = domctl->u.memory_mapping.first_mfn;
>> + unsigned long nr_mfns = domctl->u.memory_mapping.nr_mfns;
>> + int add = domctl->u.memory_mapping.add_mapping;
>> + long int ret;
>> +
>> + ret = -EINVAL;
>> + if ( (mfn + nr_mfns - 1) < mfn || /* wrap? */
>> + ((mfn | (mfn + nr_mfns - 1)) >> (PADDR_BITS - PAGE_SHIFT)) ||
>> + (gfn + nr_mfns - 1) < gfn ) /* wrap? */
>> + return ret;
>> +
>> + ret = -EPERM;
>> + if ( !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
>> + return ret;
>>
>> + ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, add);
>> + if ( ret )
>> + return ret;
>> +
>> + if ( add )
>> + {
>> + printk(XENLOG_G_INFO
>> + "memory_map: add: dom%d gfn=%lx mfn=%lx nr=%lx\n",
>> + d->domain_id, gfn, mfn, nr_mfns);
>> + ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
>> + if ( !ret )
>> + {
>> + ret = map_mmio_regions(d, PAGE_ALIGN(pfn_to_paddr(gfn)),
>> + PAGE_ALIGN(
>> + pfn_to_paddr(gfn + nr_mfns)) - 1,
>> + PAGE_ALIGN(pfn_to_paddr(mfn)));
>> + if ( ret )
>> + {
>> + printk(XENLOG_G_WARNING
>> + "memory_map: fail: dom%d gfn=%lx mfn=%lx\n",
>> + d->domain_id, gfn, mfn);
>> + if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
>> + is_hardware_domain(current->domain) )
>> + printk(XENLOG_ERR
>> + "memory_map: failed to deny dom%d access "
>> + "to [%lx,%lx]\n",
>> + d->domain_id, mfn, mfn + nr_mfns - 1);
>> + }
>> + }
>> + }
>> + else
>> + {
>> + printk(XENLOG_G_INFO
>> + "memory_map: remove: dom%d gfn=%lx mfn=%lx nr=%lx\n",
>> + d->domain_id, gfn, mfn, nr_mfns);
>> +
>> + add = unmap_mmio_regions(d, PAGE_ALIGN(pfn_to_paddr(gfn)),
>> + PAGE_ALIGN(
>> + pfn_to_paddr(gfn + nr_mfns)) - 1,
>> + PAGE_ALIGN(pfn_to_paddr(mfn)));
>> + ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
>> + if ( ret && add )
>> + ret = -EIO;
>> + if ( ret && is_hardware_domain(current->domain) )
>> + printk(XENLOG_ERR
>> + "memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
>> + ret, add ? "removing" : "denying", d->domain_id,
>> + mfn, mfn + nr_mfns - 1);
>
>
> The unmap part doesn't seem correct to me. With your solution, you are
> allowed to remove any gfn as long as the current domain is permitted to
> modify the mfn. No matter if gfn is effectively mapped to the mfn or not.
>
> You should at least check that gfn is typed p2m_mmio_direct (This is
> done by clean_mmio_p2m_entry on x86). You can also check that the gfn is
> mapped to the mfn.
>
> I would do that in the switch REMOVE in apply_p2m_changes.
>
OK, thank you for the detailed feedback and for the suggestions. I'll certainly
try to implement the checks you indicated.
>> + }
>> + return ret;
>> + }
>> default:
>> return subarch_do_domctl(domctl, d, u_domctl);
>> }
>> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
>> index d00c882..710f74e 100644
>> --- a/xen/arch/arm/p2m.c
>> +++ b/xen/arch/arm/p2m.c
>> @@ -461,6 +461,15 @@ int map_mmio_regions(struct domain *d,
>> maddr, MATTR_DEV, p2m_mmio_direct);
>> }
>>
>> +int unmap_mmio_regions(struct domain *d,
>> + paddr_t start_gaddr,
>> + paddr_t end_gaddr,
>> + paddr_t maddr)
>> +{
>
> Can you use pfn instead of physical address?
>
Sure, thank you for the feedback.
Sorry if I bother you with another question, unmap_mmio_regions() is a wrapper
to apply_p2m_changes(), which takes paddr_t as parameters. Is it OK to just have
unmap_mmio_regions() take pfn as parameters and then convert them to paddr_t
when calling apply_p2m_changes(), or would you prefer that changes are performed
also to apply_p2m_changes()?
> Regards,
>
--
/*
* Arianna Avanzini
* avanzini.arianna@gmail.com
* 73628@studenti.unimore.it
*/
next prev parent reply other threads:[~2014-03-11 1:20 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-10 8:25 [RFC PATCH v2 0/3] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM Arianna Avanzini
2014-03-10 8:25 ` [RFC PATCH v2 1/3] arch, arm: allow dom0 access to I/O memory of mapped devices Arianna Avanzini
2014-03-10 11:30 ` Julien Grall
2014-03-11 0:49 ` Arianna Avanzini
2014-03-13 15:27 ` Ian Campbell
2014-03-13 15:40 ` Julien Grall
2014-03-10 8:25 ` [RFC PATCH v2 2/3] arch, arm: add the XEN_DOMCTL_memory_mapping hypercall Arianna Avanzini
2014-03-10 12:03 ` Julien Grall
2014-03-11 1:20 ` Arianna Avanzini [this message]
2014-03-13 15:29 ` Ian Campbell
2014-03-13 15:36 ` Jan Beulich
2014-03-13 15:51 ` Dario Faggioli
2014-03-13 15:57 ` Ian Campbell
2014-03-13 16:08 ` Jan Beulich
2014-03-10 8:25 ` [RFC PATCH v2 3/3] tools, libxl: handle the iomem parameter with the memory_mapping hcall Arianna Avanzini
2014-03-13 15:27 ` Ian Campbell
2014-03-13 15:34 ` Julien Grall
2014-03-13 15:49 ` Ian Campbell
2014-03-13 16:36 ` Dario Faggioli
2014-03-13 16:47 ` Julien Grall
2014-03-13 17:32 ` Ian Campbell
2014-03-13 18:37 ` Dario Faggioli
2014-03-13 20:29 ` Julien Grall
2014-03-14 9:55 ` Dario Faggioli
2014-03-14 9:46 ` Ian Campbell
2014-03-14 12:00 ` Julien Grall
2014-03-14 12:15 ` Dario Faggioli
2014-03-14 12:39 ` Arianna Avanzini
2014-03-14 12:49 ` Ian Campbell
2014-03-14 15:10 ` Stefano Stabellini
2014-03-14 15:45 ` Dario Faggioli
2014-03-14 16:19 ` Ian Campbell
2014-03-14 16:25 ` Dario Faggioli
2014-03-14 18:39 ` Eric Trudeau
2014-03-17 9:37 ` Ian Campbell
2014-03-13 15:43 ` Jan Beulich
2014-03-13 15:51 ` Ian Campbell
2014-03-13 16:53 ` Dario Faggioli
2014-03-13 17:04 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531E64E2.1000500@gmail.com \
--to=avanzini.arianna@gmail.com \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=etrudeau@broadcom.com \
--cc=julien.grall@linaro.org \
--cc=paolo.valente@unimore.it \
--cc=stefano.stabellini@eu.citrix.com \
--cc=viktor.kleinik@globallogic.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.