qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Paul Durrant <Paul.Durrant@citrix.com>,
	Stefano Stabellini <Stefano.Stabellini@citrix.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Olaf Hering <olaf@aepfle.de>,
	Alexey Kardashevskiy <aik@ozlabs.ru>,
	Stefan Weil <sw@weilnetz.de>, Michael Tokarev <mjt@tls.msk.ru>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	Alexander Graf <agraf@suse.de>, Gerd Hoffmann <kraxel@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [Xen-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available
Date: Wed, 15 Oct 2014 16:04:42 +0100	[thread overview]
Message-ID: <543E8D0A.4000500@citrix.com> (raw)
In-Reply-To: <9AAE0902D5BC7E449B7C8E4E778ABCD011102581@AMSPEX01CL01.citrite.net>

On 15/10/14 15:51, Paul Durrant wrote:
>> -----Original Message-----
>> From: Stefano Stabellini [mailto:stefano.stabellini@eu.citrix.com]
>> Sent: 15 October 2014 15:38
>> To: Paul Durrant
>> Cc: qemu-devel@nongnu.org; xen-devel@lists.xenproject.org; Stefano
>> Stabellini; Peter Maydell; Paolo Bonzini; Michael Tokarev; Stefan Hajnoczi;
>> Stefan Weil; Olaf Hering; Gerd Hoffmann; Alexey Kardashevskiy; Alexander
>> Graf
>> Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
>>
>> On Wed, 15 Oct 2014, Paul Durrant wrote:
>>> The ioreq-server API added to Xen 4.5 offers better security than
>>> the existing Xen/QEMU interface because the shared pages that are
>>> used to pass emulation request/results back and forth are removed
>>> from the guest's memory space before any requests are serviced.
>>> This prevents the guest from mapping these pages (they are in a
>>> well known location) and attempting to attack QEMU by synthesizing
>>> its own request structures. Hence, this patch modifies configure
>>> to detect whether the API is available, and adds the necessary
>>> code to use the API if it is.
>>>
>>> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
>> The patch is OK, so you can add my Acked-by.
>> I have a couple of minor comments below. If you need to repost it then
>> would be nice if you could address them.
>>
>>
>>> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>>> Cc: Peter Maydell <peter.maydell@linaro.org>
>>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>>> Cc: Michael Tokarev <mjt@tls.msk.ru>
>>> Cc: Stefan Hajnoczi <stefanha@redhat.com>
>>> Cc: Stefan Weil <sw@weilnetz.de>
>>> Cc: Olaf Hering <olaf@aepfle.de>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>> Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
>>> Cc: Alexander Graf <agraf@suse.de>
>>> ---
>>>  configure                   |   29 ++++++
>>>  include/hw/xen/xen_common.h |  222
>> +++++++++++++++++++++++++++++++++++++++++++
>>>  trace-events                |    8 ++
>>>  xen-hvm.c                   |  174 +++++++++++++++++++++++++++++----
>>>  4 files changed, 412 insertions(+), 21 deletions(-)
>>>
>> [...]
>>
>>> diff --git a/xen-hvm.c b/xen-hvm.c
>>> index 05e522c..0bbbf2a 100644
>>> --- a/xen-hvm.c
>>> +++ b/xen-hvm.c
>>> @@ -62,9 +62,6 @@ static inline ioreq_t
>> *xen_vcpu_ioreq(shared_iopage_t *shared_page, int vcpu)
>>>  }
>>>  #  define FMT_ioreq_size "u"
>>>  #endif
>>> -#ifndef HVM_PARAM_BUFIOREQ_EVTCHN
>>> -#define HVM_PARAM_BUFIOREQ_EVTCHN 26
>>> -#endif
>>>
>>>  #define BUFFER_IO_MAX_DELAY  100
>>>
>>> @@ -78,6 +75,7 @@ typedef struct XenPhysmap {
>>>  } XenPhysmap;
>>>
>>>  typedef struct XenIOState {
>>> +    ioservid_t ioservid;
>>>      shared_iopage_t *shared_page;
>>>      buffered_iopage_t *buffered_io_page;
>>>      QEMUTimer *buffered_io_timer;
>>> @@ -92,6 +90,8 @@ typedef struct XenIOState {
>>>
>>>      struct xs_handle *xenstore;
>>>      MemoryListener memory_listener;
>>> +    MemoryListener io_listener;
>>> +    DeviceListener device_listener;
>>>      QLIST_HEAD(, XenPhysmap) physmap;
>>>      hwaddr free_phys_offset;
>>>      const XenPhysmap *log_for_dirtybit;
>>> @@ -442,12 +442,23 @@ static void xen_set_memory(struct
>> MemoryListener *listener,
>>>      bool log_dirty = memory_region_is_logging(section->mr);
>>>      hvmmem_type_t mem_type;
>>>
>>> +    if (section->mr == &ram_memory) {
>>> +        return;
>>> +    } else {
>>> +        if (add) {
>>> +            xen_map_memory_section(xen_xc, xen_domid, state->ioservid,
>>> +                                   section);
>>> +        } else {
>>> +            xen_unmap_memory_section(xen_xc, xen_domid, state->ioservid,
>>> +                                     section);
>>> +        }
>>> +    }
>>>      if (!memory_region_is_ram(section->mr)) {
>>>          return;
>>>      }
>>>
>>> -    if (!(section->mr != &ram_memory
>>> -          && ( (log_dirty && add) || (!log_dirty && !add)))) {
>>> +    if (!(log_dirty && add) && !(!log_dirty && !add)) {
>>>          return;
>> if (!((log_dirty && add) || (!log_dirty && !add)))
>>
> I'm not sure which is better TBH.

I set simplification problems like this to my Part 1a digital
electronics supervisees.

This is "if (!(log_dirty ^ add))" as they are both booleans, and reads
rather more easily that either of the above.

~Andrew

  reply	other threads:[~2014-10-15 15:05 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-15  9:16 [Qemu-devel] [PATCH v3 0/2] Xen: Use ioreq-server API Paul Durrant
2014-10-15  9:16 ` [Qemu-devel] [PATCH v3 1/2] Add device listener interface Paul Durrant
2014-10-15  9:54   ` Igor Mammedov
2014-10-15 10:05     ` Paul Durrant
2014-10-16 12:41       ` Igor Mammedov
2014-10-16 12:54         ` Paul Durrant
2014-10-15  9:16 ` [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available Paul Durrant
2014-10-15 14:37   ` Stefano Stabellini
2014-10-15 14:51     ` Paul Durrant
2014-10-15 15:04       ` Andrew Cooper [this message]
2014-10-15 15:04         ` [Qemu-devel] [Xen-devel] " Stefano Stabellini
2014-10-16  9:51     ` [Qemu-devel] " Paul Durrant
2014-10-16 10:44       ` Stefano Stabellini
2014-10-15 17:30   ` Peter Maydell
2014-10-16  7:37     ` Paolo Bonzini
2014-10-16  8:25       ` Paul Durrant
2014-10-16 10:09         ` Paolo Bonzini
2014-10-16 10:16           ` Paul Durrant
2014-10-16 10:23             ` Paolo Bonzini
2014-10-16 10:25           ` Paul Durrant
2014-10-16  8:23     ` Paul Durrant
2014-10-16 11:29     ` Stefano Stabellini
2014-10-16 12:31       ` Peter Maydell
2014-10-16 15:25         ` Stefano Stabellini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=543E8D0A.4000500@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=Paul.Durrant@citrix.com \
    --cc=Stefano.Stabellini@citrix.com \
    --cc=agraf@suse.de \
    --cc=aik@ozlabs.ru \
    --cc=kraxel@redhat.com \
    --cc=mjt@tls.msk.ru \
    --cc=olaf@aepfle.de \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=sw@weilnetz.de \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).