From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: jun.nakajima@intel.com, kevin.tian@intel.com,
wei.liu2@citrix.com, ian.campbell@citrix.com,
stefano.stabellini@eu.citrix.com, george.dunlap@eu.citrix.com,
andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com,
xen-devel@lists.xen.org, eddie.dong@intel.com,
Aravind.Gopalakrishnan@amd.com, suravee.suthikulpanit@amd.com,
tlengyel@novetta.com, keir@xen.org, boris.ostrovsky@oracle.com
Subject: Re: [PATCH V4 1/3] xen/mem_access: Support for memory-content hiding
Date: Fri, 10 Jul 2015 17:00:33 +0300 [thread overview]
Message-ID: <559FD001.2030702@bitdefender.com> (raw)
In-Reply-To: <559FD987020000780008F7D8@mail.emea.novell.com>
On 07/10/2015 03:41 PM, Jan Beulich wrote:
>>>> On 08.07.15 at 12:22, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/hvm/emulate.c
>> +++ b/xen/arch/x86/hvm/emulate.c
>> @@ -653,6 +653,31 @@ static int hvmemul_read(
>> unsigned int bytes,
>> struct x86_emulate_ctxt *ctxt)
>> {
>> + struct hvm_emulate_ctxt *hvmemul_ctxt =
>> + container_of(ctxt, struct hvm_emulate_ctxt, ctxt);
>> +
>> + if ( unlikely(hvmemul_ctxt->set_context) )
>> + {
>> + struct vcpu *curr = current;
>> + unsigned int safe_bytes;
>> +
>> + if ( !curr->arch.vm_event.emul_read_data )
>> + return X86EMUL_UNHANDLEABLE;
>> +
>> + safe_bytes = min_t(unsigned int,
>> + bytes, curr->arch.vm_event.emul_read_data->size);
>
> Afaict min() would work here.
Ack.
>> + if ( safe_bytes )
>> + {
>> + memcpy(p_data, curr->arch.vm_event.emul_read_data->data, safe_bytes);
>
> Why is this conditional? Doesn't ->size being zero mean all data
> should be zeroed? Otherwise this isn't really consistent behavior...
>
> Also - long line.
Ack.
>> +
>> + if ( bytes > safe_bytes )
>> + memset(p_data + safe_bytes, 0, bytes - safe_bytes);
>
> No need for the conditional here.
Ack.
>> @@ -893,6 +918,28 @@ static int hvmemul_cmpxchg(
>> unsigned int bytes,
>> struct x86_emulate_ctxt *ctxt)
>> {
>> + struct hvm_emulate_ctxt *hvmemul_ctxt =
>> + container_of(ctxt, struct hvm_emulate_ctxt, ctxt);
>> +
>> + if ( unlikely(hvmemul_ctxt->set_context) )
>> + {
>> + struct vcpu *curr = current;
>> +
>> + if ( curr->arch.vm_event.emul_read_data )
>> + {
>> + unsigned int safe_bytes = min_t(unsigned int, bytes,
>> + curr->arch.vm_event.emul_read_data->size);
>> +
>> + memcpy(p_new, curr->arch.vm_event.emul_read_data->data,
>> + safe_bytes);
>> +
>> + if ( bytes > safe_bytes )
>> + memset(p_new + safe_bytes, 0, bytes - safe_bytes);
>> + }
>> + else
>> + return X86EMUL_UNHANDLEABLE;
>
> Please make this look as similar to hvmemul_read() as possible (invert
> the if() condition etc). Once done, you'll be seeing that this would
> better be factored out...
Very true, I should have factored it out from the beginning, I only have
not done so because there's been a somewhat convoluted trip to the
current state of the code. Ack.
>> @@ -935,6 +982,43 @@ static int hvmemul_rep_ins(
>> !!(ctxt->regs->eflags & X86_EFLAGS_DF), gpa);
>> }
>>
>> +static int hvmemul_rep_outs_set_context(
>> + enum x86_segment src_seg,
>> + unsigned long src_offset,
>> + uint16_t dst_port,
>> + unsigned int bytes_per_rep,
>> + unsigned long *reps,
>> + struct x86_emulate_ctxt *ctxt)
>> +{
>> + unsigned int bytes = *reps * bytes_per_rep;
>> + struct vcpu *curr = current;
>> + unsigned int safe_bytes;
>> + char *buf = NULL;
>
> Pointless initializer.
Ack.
>> @@ -1063,7 +1151,23 @@ static int hvmemul_rep_movs(
>> */
>> rc = hvm_copy_from_guest_phys(buf, sgpa, bytes);
>> if ( rc == HVMCOPY_okay )
>> + {
>> + struct vcpu *curr = current;
>> +
>> + if ( unlikely(hvmemul_ctxt->set_context) &&
>> + curr->arch.vm_event.emul_read_data )
>
> Factoring out will also make obvious that here you're _still_ not
> handling things consistently with the other cases.
True. Will fix it.
>> @@ -1466,6 +1466,10 @@ void p2m_mem_access_emulate_check(struct vcpu *v,
>> }
>>
>> v->arch.vm_event.emulate_flags = violation ? rsp->flags : 0;
>> +
>> + if ( rsp->flags & VM_EVENT_FLAG_SET_EMUL_READ_DATA &&
>
> Please parenthesize the &.
Ack.
>> --- a/xen/common/domain.c
>> +++ b/xen/common/domain.c
>> @@ -166,6 +166,7 @@ struct vcpu *alloc_vcpu(
>> free_cpumask_var(v->cpu_hard_affinity_saved);
>> free_cpumask_var(v->cpu_soft_affinity);
>> free_cpumask_var(v->vcpu_dirty_cpumask);
>> + xfree(v->arch.vm_event.emul_read_data);
>> free_vcpu_struct(v);
>> return NULL;
>> }
>> @@ -821,6 +822,7 @@ static void complete_domain_destroy(struct rcu_head *head)
>> free_cpumask_var(v->cpu_hard_affinity_saved);
>> free_cpumask_var(v->cpu_soft_affinity);
>> free_cpumask_var(v->vcpu_dirty_cpumask);
>> + xfree(v->arch.vm_event.emul_read_data);
>
> Common code fiddling with arch-specific bits. I can't see how this
> would build on ARM.
Indeed, I should have been more careful with the xfree() move.
>
>> @@ -63,6 +64,21 @@ static int vm_event_enable(
>> vm_event_ring_lock_init(ved);
>> vm_event_ring_lock(ved);
>>
>> + for_each_vcpu( d, v )
>> + {
>> + if ( v->arch.vm_event.emul_read_data )
>> + continue;
>> +
>> + v->arch.vm_event.emul_read_data =
>> + xmalloc(struct vm_event_emul_read_data);
>> +
>> + if ( !v->arch.vm_event.emul_read_data )
>> + {
>> + rc = -ENOMEM;
>> + goto err;
>> + }
>> + }
>
> Same here. You need to decide whether this is to be a generic
> feature (then the pointer needs to move to struct vcpu) or x86
> specific (then the code needs to move to x86-specific files).
I think the best bet is probably to move it to struct vcpu, especially
since Tamas intends to use the feature in new scenarios, so it's
probably best to not restrict it to x86. Tamas, what do you think?
Thanks,
Razvan
next prev parent reply other threads:[~2015-07-10 14:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 10:22 [PATCH V4 0/3] Vm_event memory introspection helpers Razvan Cojocaru
2015-07-08 10:22 ` [PATCH V4 1/3] xen/mem_access: Support for memory-content hiding Razvan Cojocaru
2015-07-08 12:24 ` Lengyel, Tamas
2015-07-10 12:41 ` Jan Beulich
2015-07-10 14:00 ` Razvan Cojocaru [this message]
2015-07-08 10:22 ` [PATCH V4 2/3] xen/vm_event: Support for guest-requested events Razvan Cojocaru
2015-07-08 12:41 ` George Dunlap
2015-07-08 10:22 ` [PATCH V4 3/3] xen/vm_event: Deny register writes if refused by vm_event reply Razvan Cojocaru
2015-07-08 12:18 ` Lengyel, Tamas
2015-07-08 12:26 ` Razvan Cojocaru
2015-07-08 12:39 ` Lengyel, Tamas
2015-07-08 12:52 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559FD001.2030702@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=Aravind.Gopalakrishnan@amd.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=eddie.dong@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.