From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: Henry Wang <Henry.Wang@arm.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v2 1/2] domain: fix misaligned unmap address in {,un}map_guest_area()
Date: Mon, 16 Oct 2023 14:44:25 +0200 [thread overview]
Message-ID: <ZS0wKWr8yjwwdpk8@macbook> (raw)
In-Reply-To: <6442445a-458d-3ccd-057c-f8d2ac208232@suse.com>
On Mon, Oct 16, 2023 at 02:30:12PM +0200, Jan Beulich wrote:
> On 06.10.2023 15:00, Roger Pau Monne wrote:> --- a/xen/common/domain.c
> > +++ b/xen/common/domain.c
> > @@ -1601,7 +1601,7 @@ int map_guest_area(struct vcpu *v, paddr_t gaddr, unsigned int size,
> > unmap:
> > if ( pg )
> > {
> > - unmap_domain_page_global(map);
> > + unmap_domain_page_global((void *)((unsigned long)map & PAGE_MASK));
> > put_page_and_type(pg);
> > }
> >
> > @@ -1634,7 +1634,7 @@ void unmap_guest_area(struct vcpu *v, struct guest_area *area)
> >
> > if ( pg )
> > {
> > - unmap_domain_page_global(map);
> > + unmap_domain_page_global((void *)((unsigned long)map & PAGE_MASK));
> > put_page_and_type(pg);
> > }
> > }
>
> On v1 in a reply to Julien you talk of "limiting misuse" by not relaxing
> expecations in Arm's backing code, but I wonder what kind of misuse you
> think about. Aiui there's no strong need to insist on page aligned input,
> and relaxing things there may simplify code elsewhere as well.
destroy_xen_mappings() both on Arm and x86 will trigger asserts if the
passed address is not page aligned. I do think it makes sense to call
unmap_domain_page_global() with page-aligned addresses, as that could
help detect bogus callers or corrupted data passed as input.
IMO an assert for page aligned input address should be placed at
vunmap() in order to not get differing expectations on input address
being page aligned or not whether destroy_xen_mappings() or
map_pages_to_xen() is used. map_pages_to_xen() doesn't require
page-aligned virtual addresses as input.
Roger.
next prev parent reply other threads:[~2023-10-16 12:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-06 13:00 [PATCH v2 0/2] domain: followup for phys address mapping series Roger Pau Monne
2023-10-06 13:00 ` [PATCH v2 1/2] domain: fix misaligned unmap address in {,un}map_guest_area() Roger Pau Monne
2023-10-06 14:02 ` Henry Wang
2023-10-06 14:04 ` Julien Grall
2023-10-16 12:30 ` Jan Beulich
2023-10-16 12:44 ` Roger Pau Monné [this message]
2023-10-06 13:00 ` [PATCH v2 2/2] domain: expose newly introduced hypercalls as XENFEAT Roger Pau Monne
2023-10-06 13:05 ` Andrew Cooper
2023-10-06 13:19 ` Roger Pau Monné
2023-10-06 14:47 ` Andrew Cooper
2023-10-06 14:02 ` Henry Wang
2023-10-16 12:35 ` Jan Beulich
2023-10-16 13:00 ` Roger Pau Monné
2023-10-16 13:58 ` Jan Beulich
2023-10-16 14:01 ` Roger Pau Monné
2023-10-16 14:04 ` Jan Beulich
2023-10-16 14:39 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZS0wKWr8yjwwdpk8@macbook \
--to=roger.pau@citrix.com \
--cc=Henry.Wang@arm.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.