From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
Keir Fraser <keir@xen.org>, Jan Beulich <JBeulich@suse.com>,
Tim Deegan <tim@xen.org>
Subject: Re: [PATCH 2/2] x86/HVM: cache attribute pinning adjustments
Date: Thu, 3 Mar 2016 12:12:40 +0000 [thread overview]
Message-ID: <56D82A38.5090602@citrix.com> (raw)
In-Reply-To: <20160303121020.GD5535@citrix.com>
On 03/03/16 12:10, Wei Liu wrote:
> On Thu, Mar 03, 2016 at 11:03:43AM +0000, Andrew Cooper wrote:
> [...]
>>> @@ -587,20 +578,21 @@ static void free_pinned_cacheattr_entry(
>>> xfree(container_of(rcu, struct hvm_mem_pinned_cacheattr_range, rcu));
>>> }
>>>
>>> -int32_t hvm_set_mem_pinned_cacheattr(
>>> - struct domain *d,
>>> - uint64_t gfn_start,
>>> - uint64_t gfn_end,
>>> - uint32_t type)
>>> +int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start,
>>> + uint64_t gfn_end, uint32_t type)
>>> {
>>> struct hvm_mem_pinned_cacheattr_range *range;
>>> int rc = 1;
>>>
>>> - if ( !is_hvm_domain(d) || gfn_end < gfn_start )
>>> - return 0;
>>> + if ( !is_hvm_domain(d) )
>>> + return -EOPNOTSUPP;
>> You introduce an asymmetry between set and get here, both in terms of
>> the checks (hvm vs hvm_container), and assert vs plain failure. Why is
>> this?
>>
>> I would suggest ASSERT(is_hvm_domain(d)) in both cases.
>>
> I don't think we can have ASSERT() in the set function because it might
> be called by untrusted entity. On the other hand, the get function can
> only be used by hypervisor so the ASSERT should be fine.
The hypercall handler should sanitise the untrusted caller before we get
into this function.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-03 12:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-03 9:54 [PATCH 0/2] x86: more XSA-154 follow-ups Jan Beulich
2016-03-03 10:31 ` [PATCH 1/2] x86: use "unsigned int" for cache attribute values Jan Beulich
2016-03-03 10:36 ` Andrew Cooper
2016-03-03 10:31 ` [PATCH 2/2] x86/HVM: cache attribute pinning adjustments Jan Beulich
2016-03-03 11:03 ` Andrew Cooper
2016-03-03 12:10 ` Wei Liu
2016-03-03 12:12 ` Andrew Cooper [this message]
2016-03-03 12:19 ` Wei Liu
2016-03-03 12:46 ` Jan Beulich
2016-03-03 12:41 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56D82A38.5090602@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.