From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xenproject.org
Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>,
Paolo Valente <paolo.valente@unimore.it>,
Keir Fraser <keir@xen.org>,
ian.campbell@citrix.com,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Dario Faggioli <dario.faggioli@citrix.com>,
tim@xen.org, Julien Grall <julien.grall@citrix.com>,
Eric Trudeau <etrudeau@broadcom.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
stefano.stabellini@citrix.com, Jan Beulich <JBeulich@suse.com>,
Arianna Avanzini <avanzini.arianna@gmail.com>,
Viktor Kleinik <viktor.kleinik@globallogic.com>
Subject: Re: [PATCH v2 01/21] xen/common: do not implicitly permit access to mapped I/O memory
Date: Thu, 31 Jul 2014 16:22:18 +0100 [thread overview]
Message-ID: <53DA5F2A.9070705@linaro.org> (raw)
In-Reply-To: <1406818852-31856-2-git-send-email-julien.grall@linaro.org>
Hi all,
Please forgot this patch. I've added it by mistake in my series.
Regards,
On 07/31/2014 04:00 PM, Julien Grall wrote:
> From: Arianna Avanzini <avanzini.arianna@gmail.com>
>
> Currently, the XEN_DOMCTL_memory_mapping hypercall implicitly grants
> to a domain access permission to the I/O memory areas mapped in its
> guest address space. This conflicts with the presence of a specific
> hypercall (XEN_DOMCTL_iomem_permission) used to grant such a permission
> to a domain.
> This commit separates the functions of the two hypercalls by having only
> the latter be able to permit I/O memory access to a domain, and the
> former just performing the mapping after a permissions check on both the
> granting and the grantee domains.
>
> Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>
> Cc: Dario Faggioli <dario.faggioli@citrix.com>
> Cc: Paolo Valente <paolo.valente@unimore.it>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
> Cc: Julien Grall <julien.grall@citrix.com>
> Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>
> Cc: Jan Beulich <JBeulich@suse.com>
> Cc: Keir Fraser <keir@xen.org>
> Cc: Tim Deegan <tim@xen.org>
> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Eric Trudeau <etrudeau@broadcom.com>
> Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
> ---
> xen/common/domctl.c | 36 ++++++++++--------------------------
> 1 file changed, 10 insertions(+), 26 deletions(-)
>
> diff --git a/xen/common/domctl.c b/xen/common/domctl.c
> index 80b7800..04ecd53 100644
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -917,7 +917,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> break;
>
> ret = -EPERM;
> - if ( !iomem_access_permitted(current->domain, mfn, mfn_end) )
> + if ( !iomem_access_permitted(current->domain, mfn, mfn_end) ||
> + !iomem_access_permitted(d, mfn, mfn_end) )
> break;
>
> ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn_end, add);
> @@ -930,40 +931,23 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> "memory_map:add: dom%d gfn=%lx mfn=%lx nr=%lx\n",
> d->domain_id, gfn, mfn, nr_mfns);
>
> - ret = iomem_permit_access(d, mfn, mfn_end);
> - if ( !ret )
> - {
> - ret = map_mmio_regions(d, gfn, nr_mfns, mfn);
> - if ( ret )
> - {
> - printk(XENLOG_G_WARNING
> - "memory_map:fail: dom%d gfn=%lx mfn=%lx nr=%lx ret:%ld\n",
> - d->domain_id, gfn, mfn, nr_mfns, ret);
> - if ( iomem_deny_access(d, mfn, mfn_end) &&
> - is_hardware_domain(current->domain) )
> - printk(XENLOG_ERR
> - "memory_map: failed to deny dom%d access to [%lx,%lx]\n",
> - d->domain_id, mfn, mfn_end);
> - }
> - }
> + ret = map_mmio_regions(d, gfn, nr_mfns, mfn);
> + if ( ret )
> + printk(XENLOG_G_WARNING
> + "memory_map:fail: dom%d gfn=%lx mfn=%lx nr=%lx ret:%ld\n",
> + d->domain_id, gfn, mfn, nr_mfns, ret);
> }
> else
> {
> - int rc = 0;
> -
> printk(XENLOG_G_INFO
> "memory_map:remove: dom%d gfn=%lx mfn=%lx nr=%lx\n",
> d->domain_id, gfn, mfn, nr_mfns);
>
> - rc = unmap_mmio_regions(d, gfn, nr_mfns, mfn);
> - ret = iomem_deny_access(d, mfn, mfn_end);
> - if ( !ret )
> - ret = rc;
> + ret = unmap_mmio_regions(d, gfn, nr_mfns, mfn);
> if ( ret && is_hardware_domain(current->domain) )
> printk(XENLOG_ERR
> - "memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
> - ret, rc ? "removing" : "denying", d->domain_id,
> - mfn, mfn_end);
> + "memory_map: error %ld removing dom%d access to [%lx,%lx]\n",
> + ret, d->domain_id, mfn, mfn_end);
> }
> /* Do this unconditionally to cover errors on above failure paths. */
> memory_type_changed(d);
>
--
Julien Grall
next prev parent reply other threads:[~2014-07-31 15:22 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-31 15:00 [PATCH v2 00/21] xen/arm: Add support for non-pci passthrough Julien Grall
2014-07-31 15:00 ` [PATCH v2 01/21] xen/common: do not implicitly permit access to mapped I/O memory Julien Grall
2014-07-31 15:22 ` Julien Grall [this message]
2014-07-31 15:00 ` [PATCH v2 02/21] xen: guestcopy: Provide an helper to safely copy string from guest Julien Grall
2014-08-01 8:40 ` Jan Beulich
2014-08-06 14:18 ` Julien Grall
2014-09-09 12:52 ` Ian Campbell
2014-09-09 13:17 ` Jan Beulich
2014-09-09 13:40 ` Ian Campbell
2014-08-06 13:56 ` Stefano Stabellini
2014-08-06 14:22 ` Julien Grall
2014-08-06 16:06 ` Daniel De Graaf
2014-07-31 15:00 ` [PATCH v2 03/21] xen/arm: vgic: Rename nr_lines into nr_spis Julien Grall
2014-08-06 13:58 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 04/21] xen/arm: vgic: Introduce a function to initialize pending_irq Julien Grall
2014-08-06 14:06 ` Stefano Stabellini
2014-08-06 14:52 ` Julien Grall
2014-08-06 14:57 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 05/21] xen/arm: follow-up to allow DOM0 manage IRQ and MMIO Julien Grall
2014-09-09 13:07 ` Ian Campbell
2014-09-11 22:32 ` Julien Grall
2014-09-12 10:13 ` Ian Campbell
2014-09-12 19:04 ` Julien Grall
2014-07-31 15:00 ` [PATCH v2 06/21] xen/arm: Allow virq != irq Julien Grall
2014-08-06 14:50 ` Stefano Stabellini
2014-08-06 15:07 ` Julien Grall
2014-08-06 16:48 ` Stefano Stabellini
2014-09-09 13:29 ` Ian Campbell
2014-09-09 18:42 ` Julien Grall
2014-09-11 22:50 ` Julien Grall
2014-09-12 10:13 ` Ian Campbell
2014-09-12 10:19 ` Ian Campbell
2014-07-31 15:00 ` [PATCH v2 07/21] xen/arm: route_irq_to_guest: Check validity of the IRQ Julien Grall
2014-08-06 14:56 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 08/21] xen/arm: Initialize the virtual GIC later Julien Grall
2014-08-06 15:35 ` Stefano Stabellini
2014-09-09 13:35 ` Ian Campbell
2014-09-09 18:57 ` Julien Grall
2014-09-10 10:08 ` Ian Campbell
2014-09-11 23:01 ` Julien Grall
2014-09-12 10:14 ` Ian Campbell
2014-08-06 17:06 ` Daniel De Graaf
2014-08-29 13:09 ` Andrii Tseglytskyi
2014-08-29 18:57 ` Julien Grall
2014-08-29 19:49 ` Andrii Tseglytskyi
2014-08-29 20:04 ` Julien Grall
2014-08-29 20:14 ` Andrii Tseglytskyi
2014-09-09 13:33 ` Ian Campbell
2014-09-09 19:11 ` Julien Grall
2014-09-10 9:45 ` Andrii Tseglytskyi
2014-09-09 13:37 ` Ian Campbell
[not found] ` <CAAHg+HhhsZonrEDdHET93dy=dR1+YF-VPGJ=VwB20RRxWqdSYA@mail.gmail.com>
2014-10-06 16:04 ` Julien Grall
2014-07-31 15:00 ` [PATCH v2 09/21] xen/arm: Release IRQ routed to a domain when it's destroying Julien Grall
2014-08-06 15:49 ` Stefano Stabellini
2014-08-06 16:01 ` Julien Grall
2014-08-06 16:53 ` Stefano Stabellini
2014-08-06 17:09 ` Julien Grall
2014-08-07 15:36 ` Stefano Stabellini
2014-08-07 15:40 ` Julien Grall
2014-08-07 16:31 ` Stefano Stabellini
2014-08-07 16:35 ` Julien Grall
2014-08-07 16:39 ` Stefano Stabellini
2014-09-09 13:53 ` Ian Campbell
2014-09-09 22:29 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 10/21] xen/arm: Implement hypercall PHYSDEVOP_{, un}map_pirq Julien Grall
2014-08-06 16:10 ` Stefano Stabellini
2014-08-29 12:34 ` Andrii Tseglytskyi
2014-08-29 19:08 ` Julien Grall
2014-08-29 19:44 ` Andrii Tseglytskyi
2014-07-31 15:00 ` [PATCH v2 11/21] xen/dts: Use unsigned int for MMIO and IRQ index Julien Grall
2014-08-06 16:12 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 12/21] xen/dts: Provide an helper to get a DT node from a path provided by a guest Julien Grall
2014-09-09 13:55 ` Ian Campbell
2014-07-31 15:00 ` [PATCH v2 13/21] xen/dts: Add hypercalls to retrieve device node information Julien Grall
2014-08-01 8:50 ` Jan Beulich
2014-08-06 15:17 ` Julien Grall
2014-08-06 15:47 ` Jan Beulich
2014-07-31 15:00 ` [PATCH v2 14/21] xen/passthrough: Introduce iommu_construct Julien Grall
2014-08-01 8:55 ` Jan Beulich
2014-07-31 15:00 ` [PATCH v2 15/21] xen/passthrough: Call arch_iommu_domain_destroy before calling iommu_teardown Julien Grall
2014-08-01 9:00 ` Jan Beulich
2014-07-31 15:00 ` [PATCH v2 16/21] xen/passthrough: iommu_deassign_device_dt: By default reassign device to nobody Julien Grall
2014-08-06 16:23 ` Stefano Stabellini
2015-01-12 16:33 ` Julien Grall
2014-07-31 15:00 ` [PATCH v2 17/21] xen/iommu: arm: Wire iommu DOMCTL for ARM Julien Grall
2014-08-06 16:24 ` Stefano Stabellini
2014-07-31 15:00 ` [PATCH v2 18/21] xen/passthrough: dt: Add new domctl XEN_DOMCTL_assign_dt_device Julien Grall
2014-08-01 9:05 ` Jan Beulich
2014-07-31 15:00 ` [PATCH v2 19/21] xen/arm: Reserve region in guest memory for device passthrough Julien Grall
2014-08-06 16:27 ` Stefano Stabellini
2014-08-06 16:33 ` Julien Grall
2014-08-06 16:44 ` Stefano Stabellini
2014-08-06 16:45 ` Stefano Stabellini
2014-08-06 16:55 ` Julien Grall
2014-08-06 16:57 ` Stefano Stabellini
2014-08-06 16:47 ` Julien Grall
2014-07-31 15:00 ` [PATCH v2 20/21] libxl: Add support for non-PCI passthrough Julien Grall
2014-08-06 16:44 ` Stefano Stabellini
2014-08-06 16:50 ` Julien Grall
2014-08-06 16:58 ` Stefano Stabellini
2014-08-08 14:15 ` Julien Grall
2014-09-09 19:12 ` Julien Grall
2014-09-10 10:08 ` Ian Campbell
2014-07-31 15:00 ` [PATCH v2 21/21] xl: Add new option dtdev Julien Grall
2014-09-09 14:34 ` [PATCH v2 00/21] xen/arm: Add support for non-pci passthrough Ian Campbell
2014-09-09 19:34 ` Julien Grall
2014-09-10 9:22 ` Christoffer Dall
2014-09-10 10:51 ` Ian Campbell
2014-09-10 11:45 ` Christoffer Dall
2014-09-10 12:05 ` Ian Campbell
2014-09-10 22:03 ` Stefano Stabellini
2014-09-11 4:03 ` Christoffer Dall
2014-09-11 8:56 ` Ian Campbell
2014-09-12 19:16 ` Julien Grall
2014-09-10 10:11 ` Ian Campbell
2014-09-10 18:45 ` Julien Grall
2014-09-11 8:58 ` Ian Campbell
2014-09-11 19:11 ` Julien Grall
2014-09-12 10:16 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53DA5F2A.9070705@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=avanzini.arianna@gmail.com \
--cc=dario.faggioli@citrix.com \
--cc=etrudeau@broadcom.com \
--cc=ian.campbell@citrix.com \
--cc=julien.grall@citrix.com \
--cc=keir@xen.org \
--cc=paolo.valente@unimore.it \
--cc=stefano.stabellini@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=viktor.kleinik@globallogic.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.