From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Malcolm Crossley <malcolm.crossley@citrix.com>,
george.dunlap@eu.citrix.com, keir@xen.org, jbeulich@suse.com
Cc: xen-devel@lists.xen.org
Subject: Re: [PATCH] xen: Restore p2m_access_t enum order to allow bitmask semantics
Date: Tue, 8 Mar 2016 15:36:10 +0000 [thread overview]
Message-ID: <56DEF16A.60009@citrix.com> (raw)
In-Reply-To: <1457451028-3808-1-git-send-email-malcolm.crossley@citrix.com>
On 08/03/16 15:30, Malcolm Crossley wrote:
> Nested hap code assumed implict bitmask semantics of the p2m_access_t
> enum prior to C/S 4c63692d7c38c5ac414fe97f8ef37b66e05abe5c
>
> The change to the enum ordering broke this assumption and caused functional
> problems for the nested hap code. As it may be error prone to audit and find
> all other p2m_access users assuming bitmask semantics, instead restore the
> previous enum order and make it explict that bitmask semantics are to be
> preserved for the read, write and execute access types.
>
> Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Specifically, the bug causes memory corruption in the L2 guest, because
the code out of context in nestedhvm_hap_nested_page_fault() incorrectly
calculates the permission bits for the nested p2m.
> ---
> xen/arch/x86/mm/hap/nested_hap.c | 2 +-
> xen/include/xen/p2m-common.h | 17 +++++++++--------
> 2 files changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/xen/arch/x86/mm/hap/nested_hap.c b/xen/arch/x86/mm/hap/nested_hap.c
> index 0dbae13..9cee5a0 100644
> --- a/xen/arch/x86/mm/hap/nested_hap.c
> +++ b/xen/arch/x86/mm/hap/nested_hap.c
> @@ -263,7 +263,7 @@ nestedhvm_hap_nested_page_fault(struct vcpu *v, paddr_t *L2_gpa,
>
> switch ( p2ma_10 )
> {
> - case p2m_access_rwx ... p2m_access_n:
> + case p2m_access_n ... p2m_access_rwx:
> break;
> case p2m_access_rx2rw:
> p2ma_10 = p2m_access_rx;
> diff --git a/xen/include/xen/p2m-common.h b/xen/include/xen/p2m-common.h
> index 8b70459..6374a5b 100644
> --- a/xen/include/xen/p2m-common.h
> +++ b/xen/include/xen/p2m-common.h
> @@ -15,14 +15,15 @@
> * default.
> */
> typedef enum {
> - p2m_access_rwx = 0, /* The default access type when not used. */
> - p2m_access_wx = 1,
> - p2m_access_rx = 2,
> - p2m_access_x = 3,
> - p2m_access_rw = 4,
> - p2m_access_w = 5,
> - p2m_access_r = 6,
> - p2m_access_n = 7, /* No access allowed. */
> + /* Code uses bottom three bits with bitmask semantics */
> + p2m_access_n = 0, /* No access allowed. */
> + p2m_access_r = 1 << 0,
> + p2m_access_w = 1 << 1,
> + p2m_access_x = 1 << 2,
> + p2m_access_rw = p2m_access_r | p2m_access_w,
> + p2m_access_rx = p2m_access_r | p2m_access_x,
> + p2m_access_wx = p2m_access_w | p2m_access_x,
> + p2m_access_rwx = p2m_access_r | p2m_access_w | p2m_access_x,
>
> p2m_access_rx2rw = 8, /* Special: page goes from RX to RW on write */
> p2m_access_n2rwx = 9, /* Special: page goes from N to RWX on access, *
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-08 15:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-08 15:30 [PATCH] xen: Restore p2m_access_t enum order to allow bitmask semantics Malcolm Crossley
2016-03-08 15:36 ` Andrew Cooper [this message]
2016-03-08 15:52 ` Jan Beulich
2016-03-08 15:58 ` Tamas K Lengyel
2016-03-09 16:30 ` George Dunlap
2016-03-10 20:48 ` Tamas K Lengyel
2016-03-11 8:53 ` Malcolm Crossley
2016-03-14 18:12 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEF16A.60009@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=malcolm.crossley@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.