From: Oleksandr <olekstysh@gmail.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Cc: xen-devel@lists.xenproject.org,
"Oleksandr Tyshchenko" <oleksandr_tyshchenko@epam.com>,
"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
"Ian Jackson" <iwj@xenproject.org>, "Wei Liu" <wl@xen.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Julien Grall" <julien@xen.org>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Bertrand Marquis" <bertrand.marquis@arm.com>,
"Wei Chen" <Wei.Chen@arm.com>
Subject: Re: [RFC PATCH] xen/memory: Introduce a hypercall to provide unallocated space
Date: Thu, 5 Aug 2021 18:59:35 +0300 [thread overview]
Message-ID: <ee685f11-4f34-614d-e0ba-7cafeda08344@gmail.com> (raw)
In-Reply-To: <6e573489-ceb7-03f4-3511-e6c166b318a6@apertussolutions.com>
On 05.08.21 18:03, Daniel P. Smith wrote:
Hi Daniel.
> On 7/28/21 12:18 PM, Oleksandr Tyshchenko wrote:
>> From: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> ...
>
>> diff --git a/xen/common/memory.c b/xen/common/memory.c
>> index e07bd9a..3f9b816 100644
>> --- a/xen/common/memory.c
>> +++ b/xen/common/memory.c
>> @@ -1811,6 +1811,62 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>> start_extent);
>> break;
>>
>> + case XENMEM_get_unallocated_space:
>> + {
>> + struct xen_get_unallocated_space xgus;
>> + struct xen_unallocated_region *regions;
>> +
>> + if ( unlikely(start_extent) )
>> + return -EINVAL;
>> +
>> + if ( copy_from_guest(&xgus, arg, 1) ||
>> + !guest_handle_okay(xgus.buffer, xgus.nr_regions) )
>> + return -EFAULT;
>> +
>> + d = rcu_lock_domain_by_any_id(xgus.domid);
>> + if ( d == NULL )
>> + return -ESRCH;
>> +
>> + rc = xsm_get_unallocated_space(XSM_HOOK, d);
> Not sure if you are aware but XSM_HOOK is a no-op check, meaning that
> you are allowing any domain to do this operation on any other domain. In
> most cases there is an XSM check at the beginning of the hypercall
> processing to do an initial clamp down but I am pretty sure there is no
> prior XSM check on this path. Based on my understanding of how this is
> intended, which may be incorrect, but I think you would actually want
> XSM_TARGET.the
Thank you for pointing this out.
I am aware what the XSM_HOOK is, but I was thinking what the default
action would be better suited for that hypercall, and failed to think of
a better alternative.
I was going to choose XSM_TARGET, but the description "/* Can perform on
self or your target domain */" confused me a bit, as there was no target
domain involved as I thought, XSM_PRIV
sounded too strictly to me, etc. So, I decided to leave a "hook" for the
RFC version. But, now I see that XSM_TARGET might be indeed better
choice across all possible variants.
>
>> + if ( rc )
>> + {
>> + rcu_unlock_domain(d);
>> + return rc;
>> + }
>> +
>> + if ( !xgus.nr_regions || xgus.nr_regions > XEN_MAX_UNALLOCATED_REGIONS )
>> + {
>> + rcu_unlock_domain(d);
>> + return -EINVAL;
>> + }
>> +
>> + regions = xzalloc_array(struct xen_unallocated_region, xgus.nr_regions);
>> + if ( !regions )
>> + {
>> + rcu_unlock_domain(d);
>> + return -ENOMEM;
>> + }
>> +
>> + rc = arch_get_unallocated_space(d, regions, &xgus.nr_regions);
>> + if ( rc )
>> + goto unallocated_out;
>> +
>> + if ( __copy_to_guest(xgus.buffer, regions, xgus.nr_regions) )
>> + {
>> + rc = -EFAULT;
>> + goto unallocated_out;
>> + }
>> +
>> + if ( __copy_to_guest(arg, &xgus, 1) )
>> + rc = -EFAULT;
>> +
>> +unallocated_out:
>> + rcu_unlock_domain(d);
>> + xfree(regions);
>> +
>> + break;
>> + }
>> +
>> default:
>> rc = arch_memory_op(cmd, arg);
>> break;
> ...
>
>> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
>> index 363c6d7..2761fbd 100644
>> --- a/xen/include/xsm/dummy.h
>> +++ b/xen/include/xsm/dummy.h
>> @@ -772,3 +772,9 @@ static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d)
>> XSM_ASSERT_ACTION(XSM_DM_PRIV);
>> return xsm_default_action(action, current->domain, d);
>> }
>> +
>> +static XSM_INLINE int xsm_get_unallocated_space(XSM_DEFAULT_ARG struct domain *d)
>> +{
>> + XSM_ASSERT_ACTION(XSM_HOOK);
> For completeness, if you switch to XSM_TARGET at the call site, you will
> want to change it here as well.
Yes.
>
>> + return xsm_default_action(action, current->domain, d);
>> +}
> V/r,
> Daniel P. Smith
--
Regards,
Oleksandr Tyshchenko
next prev parent reply other threads:[~2021-08-05 15:59 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 16:18 [RFC PATCH] xen/memory: Introduce a hypercall to provide unallocated space Oleksandr Tyshchenko
2021-07-28 17:06 ` Oleksandr
2021-07-28 17:19 ` Andrew Cooper
2021-07-28 17:27 ` Julien Grall
2021-07-28 19:00 ` Andrew Cooper
2021-07-28 19:53 ` Julien Grall
2021-07-30 16:13 ` Oleksandr
2021-07-30 23:57 ` Stefano Stabellini
2021-08-02 19:12 ` Oleksandr
2021-08-04 20:56 ` Oleksandr
2021-08-04 22:00 ` Julien Grall
2021-08-05 14:52 ` Oleksandr
2021-08-05 17:25 ` Julien Grall
2021-08-05 20:48 ` Oleksandr
2021-08-06 0:20 ` Stefano Stabellini
2021-08-06 18:03 ` Oleksandr
2021-08-13 23:49 ` Oleksandr
2021-08-06 0:30 ` Stefano Stabellini
2021-08-07 17:03 ` Oleksandr
2021-08-09 15:42 ` Julien Grall
2021-08-09 18:24 ` Oleksandr
2021-08-09 20:45 ` Julien Grall
2021-08-09 21:18 ` Oleksandr
2021-08-10 16:28 ` Julien Grall
2021-08-10 17:03 ` Oleksandr
2021-08-17 17:53 ` Julien Grall
2021-08-17 17:54 ` Julien Grall
2021-08-27 20:34 ` Oleksandr
2021-08-10 6:34 ` Wei Chen
2021-08-10 11:58 ` Oleksandr
2021-08-10 16:21 ` Julien Grall
2021-08-10 16:49 ` Oleksandr
2021-08-09 14:51 ` Julien Grall
2021-08-09 17:14 ` Oleksandr
2021-08-09 17:18 ` Julien Grall
2021-08-09 17:49 ` Oleksandr
2021-08-13 21:45 ` Oleksandr
2021-08-03 12:53 ` Jan Beulich
2021-08-04 19:18 ` Oleksandr
2021-08-05 5:58 ` Jan Beulich
2021-08-05 15:10 ` Oleksandr
2021-08-03 12:49 ` Jan Beulich
2021-08-03 12:53 ` Julien Grall
2021-08-17 17:59 ` Julien Grall
2021-08-05 15:03 ` Daniel P. Smith
2021-08-05 15:59 ` Oleksandr [this message]
2021-08-05 16:37 ` Daniel P. Smith
2021-08-05 21:56 ` Oleksandr
2021-08-06 6:09 ` Jan Beulich
2021-08-06 15:08 ` Daniel P. Smith
2021-09-07 8:53 ` Henry Wang
2021-09-07 21:34 ` Oleksandr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee685f11-4f34-614d-e0ba-7cafeda08344@gmail.com \
--to=olekstysh@gmail.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=Wei.Chen@arm.com \
--cc=andrew.cooper3@citrix.com \
--cc=bertrand.marquis@arm.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dpsmith@apertussolutions.com \
--cc=george.dunlap@citrix.com \
--cc=iwj@xenproject.org \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.