From: Julien Grall <julien.grall@linaro.org>
To: Arianna Avanzini <avanzini.arianna@gmail.com>, xen-devel@lists.xen.org
Cc: julien.grall@citrix.com, paolo.valente@unimore.it, keir@xen.org,
stefano.stabellini@eu.citrix.com, tim@xen.org,
dario.faggioli@citrix.com, Ian.Jackson@eu.citrix.com,
Ian.Campbell@eu.citrix.com, etrudeau@broadcom.com,
JBeulich@suse.com, andrew.cooper3@citrix.com,
viktor.kleinik@globallogic.com
Subject: Re: [PATCH v8 02/14] arch/arm: add consistency check to REMOVE p2m changes
Date: Sun, 25 May 2014 16:50:03 +0100 [thread overview]
Message-ID: <5382112B.9030406@linaro.org> (raw)
In-Reply-To: <1401015115-7610-3-git-send-email-avanzini.arianna@gmail.com>
Hi Arianna,
On 25/05/14 11:51, Arianna Avanzini wrote:
> + unsigned long mfn = pte.p2m.base;
> +
> + /*
> + * Ensure that the guest address given as argument to
> + * this function is actually mapped to the specified
> + * machine address. maddr here is the machine address
> + * given to the function, while mfn is the machine
> + * frame number actually mapped to the guest address:
> + * check if the two correspond.
> + */
> + if ( !pte.p2m.valid || maddr != pfn_to_paddr(mfn) )
> + {
> + printk("p2m_remove: nonexistent mapping: "
> + "%"PRIx64" and %"PRIx64"\n",
> + pfn_to_paddr(mfn), maddr);
> + /*
> + * If we have successfully removed other mappings,
> + * overload flush local variable to store if we need
> + * to flush TLBs.
> + */
> + if (count) flush = 1; else flush = 0;
Hrrm, why do you need this line? Flush is already correctly set
previously (see flush |= ... few lines above).
> + rc = -EINVAL;
> + goto out_flush;
As I said on a previous mail, you should continue to unmap even if we
fail to remove one mapping. Otherwise, we may let the guest access to
some MMIO region by mistake.
> + }
> + }
> + /* fall through */
> + case RELINQUISH:
> + {
> if ( !pte.p2m.valid )
> {
> count++;
> @@ -462,28 +490,30 @@ static int apply_p2m_changes(struct domain *d,
>
> /* Got the next page */
> addr += PAGE_SIZE;
> + maddr += PAGE_SIZE;
> }
>
> - if ( flush )
> + if ( op == ALLOCATE || op == INSERT )
> {
> unsigned long sgfn = paddr_to_pfn(start_gpaddr);
> unsigned long egfn = paddr_to_pfn(end_gpaddr);
>
> - flush_tlb_domain(d);
> - iommu_iotlb_flush(d, sgfn, egfn - sgfn);
> + p2m->max_mapped_gfn = MAX(p2m->max_mapped_gfn, egfn);
> + p2m->lowest_mapped_gfn = MIN(p2m->lowest_mapped_gfn, sgfn);
> }
>
> - if ( op == ALLOCATE || op == INSERT )
> + rc = 0;
> +
> +out_flush:
There is no need to create a new label. You can move the label "out"
here and avoid to invert the position of the 2 if. It doesn't harm to
update p2m->max_mapped_gfn and p2m->lowest_mapped_gfn and/or flush TLBs
if we fail.
It could also be safeguard for later :).
Regards,
--
Julien Grall
next prev parent reply other threads:[~2014-05-25 15:50 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-25 10:51 [PATCH v8 00/14] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM Arianna Avanzini
2014-05-25 10:51 ` [PATCH v8 01/14] arch/arm: domain build: let dom0 access I/O memory of mapped devices Arianna Avanzini
2014-06-10 15:04 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 02/14] arch/arm: add consistency check to REMOVE p2m changes Arianna Avanzini
2014-05-25 15:50 ` Julien Grall [this message]
2014-06-05 13:45 ` Ian Campbell
2014-06-05 13:50 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 03/14] arch/arm: let map_mmio_regions() take pfn as parameters Arianna Avanzini
2014-05-25 10:51 ` [PATCH v8 04/14] arch/arm: let map_mmio_regions() use start and count Arianna Avanzini
2014-05-25 15:56 ` Julien Grall
2014-06-05 13:53 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 05/14] arch/arm: unmap partially-mapped I/O-memory regions Arianna Avanzini
2014-05-25 16:04 ` Julien Grall
2014-06-05 14:03 ` Ian Campbell
2014-06-05 14:09 ` Julien Grall
2014-05-25 10:51 ` [PATCH v8 06/14] arch/x86: warn if to-be-removed mapping does not exist Arianna Avanzini
2014-06-05 14:06 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 07/14] arch/x86: cleanup memory_mapping DOMCTL Arianna Avanzini
2014-05-26 9:57 ` Jan Beulich
2014-05-25 10:51 ` [PATCH v8 08/14] xen/common: move memory_type_changed() function to common code Arianna Avanzini
2014-05-25 16:15 ` Julien Grall
2014-05-26 9:58 ` Jan Beulich
2014-06-05 14:08 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 09/14] xen/x86: factor out map and unmap from the memory_mapping DOMCTL Arianna Avanzini
2014-05-26 10:04 ` Jan Beulich
2014-05-25 10:51 ` [PATCH v8 10/14] xen/common: move the memory_mapping DOMCTL hypercall to common code Arianna Avanzini
2014-05-25 16:42 ` Julien Grall
2014-05-26 10:07 ` Jan Beulich
2014-05-26 11:03 ` Julien Grall
2014-06-05 14:21 ` Ian Campbell
2014-06-05 14:33 ` Tim Deegan
2014-06-05 14:39 ` Ian Campbell
2014-05-26 10:06 ` Jan Beulich
2014-05-25 10:51 ` [PATCH v8 11/14] tools/libxl: parse optional start gfn from the iomem config option Arianna Avanzini
2014-05-25 10:51 ` [PATCH v8 12/14] tools/libxl: handle the iomem parameter with the memory_mapping hcall Arianna Avanzini
2014-05-25 17:04 ` Julien Grall
2014-06-05 14:27 ` Ian Campbell
2014-05-25 10:51 ` [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges Arianna Avanzini
2014-05-25 17:08 ` Julien Grall
2014-05-26 10:11 ` Jan Beulich
2014-05-26 10:58 ` Julien Grall
2014-05-26 11:15 ` Jan Beulich
2014-06-05 14:31 ` Ian Campbell
2014-06-05 14:37 ` Ian Campbell
2014-06-05 14:54 ` Jan Beulich
2014-06-05 14:53 ` Jan Beulich
2014-05-26 10:10 ` Jan Beulich
2014-05-25 10:51 ` [PATCH v8 14/14] xen/common: do not implicitly permit access to mapped I/O memory Arianna Avanzini
2014-07-01 10:45 ` [PATCH v8 00/14] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM Julien Grall
2014-07-01 10:55 ` Arianna Avanzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5382112B.9030406@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=avanzini.arianna@gmail.com \
--cc=dario.faggioli@citrix.com \
--cc=etrudeau@broadcom.com \
--cc=julien.grall@citrix.com \
--cc=keir@xen.org \
--cc=paolo.valente@unimore.it \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=viktor.kleinik@globallogic.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.