From: Tamas K Lengyel <tklengyel@sec.in.tum.de>
To: xen-devel@lists.xen.org
Cc: ian.campbell@citrix.com, tim@xen.org, julien.grall@linaro.org,
ian.jackson@eu.citrix.com, stefano.stabellini@citrix.com,
andres@lagarcavilla.org, jbeulich@suse.com,
dgdegra@tycho.nsa.gov, Tamas K Lengyel <tklengyel@sec.in.tum.de>
Subject: [PATCH for-4.5 v10 15/19] xen/arm: Temporarily disable mem_access for hypervisor access
Date: Thu, 25 Sep 2014 13:56:48 +0200 [thread overview]
Message-ID: <1411646212-17041-16-git-send-email-tklengyel@sec.in.tum.de> (raw)
In-Reply-To: <1411646212-17041-1-git-send-email-tklengyel@sec.in.tum.de>
The guestcopy helpers use the MMU to verify that the given guest has read/write
access to a given page during hypercalls. As we may have custom mem_access
permissions set on these pages, we temporarily disable them to allow Xen to
finish the hypercalls. This is permissible as mem_access events are only
reported for events when the guest directly accesses protected memory on x86
as well.
Signed-off-by: Tamas K Lengyel <tklengyel@sec.in.tum.de>
---
xen/arch/arm/guestcopy.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/xen/arch/arm/guestcopy.c b/xen/arch/arm/guestcopy.c
index 0173597..4aa041f 100644
--- a/xen/arch/arm/guestcopy.c
+++ b/xen/arch/arm/guestcopy.c
@@ -6,6 +6,43 @@
#include <asm/mm.h>
#include <asm/guest_access.h>
+#include <asm/p2m.h>
+
+/*
+ * Temporarily disable mem_access permission restrictions.
+ * Note: In the future, events generated by the hypervisor accessing
+ * protected memory regions could be added here.
+ */
+static long temp_disable_mem_access(vaddr_t gva, unsigned long *gfn,
+ xenmem_access_t *xma)
+{
+ long rc;
+ paddr_t gpa;
+
+ rc = gva_to_ipa((vaddr_t) gva, &gpa);
+ if ( rc < 0 )
+ return rc;
+
+ *gfn = paddr_to_pfn(gpa);
+
+ rc = p2m_get_mem_access(current->domain, *gfn, xma);
+ if ( rc < 0 )
+ return rc;
+
+ if ( *xma != XENMEM_access_rwx )
+ rc = p2m_set_mem_access(current->domain, *gfn, 1, 0, ~0,
+ XENMEM_access_rwx);
+
+ return rc;
+}
+
+/* Re-enable mem_access for this page (if in use). */
+static inline
+void temp_reenable_mem_access(unsigned long gfn, xenmem_access_t xma)
+{
+ if ( xma != XENMEM_access_rwx )
+ p2m_set_mem_access(current->domain, gfn, 1, 0, ~0, xma);
+}
static unsigned long raw_copy_to_guest_helper(void *to, const void *from,
unsigned len, int flush_dcache)
@@ -18,6 +55,11 @@ static unsigned long raw_copy_to_guest_helper(void *to, const void *from,
void *p;
unsigned size = min(len, (unsigned)PAGE_SIZE - offset);
struct page_info *page;
+ unsigned long gfn;
+ xenmem_access_t xma;
+
+ if ( temp_disable_mem_access((vaddr_t) to, &gfn, &xma) < 0 )
+ return len;
page = get_page_from_gva(current->domain, (vaddr_t) to, GV2M_WRITE);
if ( page == NULL )
@@ -34,6 +76,9 @@ static unsigned long raw_copy_to_guest_helper(void *to, const void *from,
len -= size;
from += size;
to += size;
+
+ temp_reenable_mem_access(gfn, xma);
+
/*
* After the first iteration, guest virtual address is correctly
* aligned to PAGE_SIZE.
@@ -65,6 +110,11 @@ unsigned long raw_clear_guest(void *to, unsigned len)
void *p;
unsigned size = min(len, (unsigned)PAGE_SIZE - offset);
struct page_info *page;
+ unsigned long gfn;
+ xenmem_access_t xma;
+
+ if ( temp_disable_mem_access((vaddr_t) to, &gfn, &xma) < 0 )
+ return len;
page = get_page_from_gva(current->domain, (vaddr_t) to, GV2M_WRITE);
if ( page == NULL )
@@ -78,6 +128,9 @@ unsigned long raw_clear_guest(void *to, unsigned len)
put_page(page);
len -= size;
to += size;
+
+ temp_reenable_mem_access(gfn, xma);
+
/*
* After the first iteration, guest virtual address is correctly
* aligned to PAGE_SIZE.
@@ -97,6 +150,11 @@ unsigned long raw_copy_from_guest(void *to, const void __user *from, unsigned le
void *p;
unsigned size = min(len, (unsigned)(PAGE_SIZE - offset));
struct page_info *page;
+ unsigned long gfn;
+ xenmem_access_t xma;
+
+ if ( temp_disable_mem_access((vaddr_t) from, &gfn, &xma) < 0 )
+ return len;
page = get_page_from_gva(current->domain, (vaddr_t) from, GV2M_READ);
if ( page == NULL )
@@ -112,6 +170,9 @@ unsigned long raw_copy_from_guest(void *to, const void __user *from, unsigned le
len -= size;
from += size;
to += size;
+
+ temp_reenable_mem_access(gfn, xma);
+
/*
* After the first iteration, guest virtual address is correctly
* aligned to PAGE_SIZE.
--
2.1.0
next prev parent reply other threads:[~2014-09-25 11:56 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-25 11:56 [PATCH for-4.5 v10 00/19] Mem_event and mem_access for ARM Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 01/19] xen: Relocate mem_access and mem_event into common Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 02/19] xen: Relocate struct npfec definition " Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 03/19] xen: Relocate p2m_access_t into common and swap the order Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 04/19] xen: Relocate p2m_mem_access_resume to mem_access common Tamas K Lengyel
2014-09-25 18:59 ` Tim Deegan
2014-09-26 14:34 ` Jan Beulich
2014-09-26 19:54 ` Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 05/19] xen: Relocate set_access_required domctl into common Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 06/19] xen: Relocate mem_event_op domctl and access_op memop " Tamas K Lengyel
2014-09-25 18:59 ` Tim Deegan
2014-09-25 11:56 ` [PATCH for-4.5 v10 07/19] xen/mem_event: Clean out superfluous white-spaces Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 08/19] xen/mem_event: Relax error condition on debug builds Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 09/19] xen/mem_event: Abstract architecture specific sanity checks Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 10/19] xen/mem_access: Abstract architecture specific sanity check Tamas K Lengyel
2014-09-26 14:05 ` Jan Beulich
2014-09-25 11:56 ` [PATCH for-4.5 v10 11/19] xen/arm: p2m changes for mem_access support Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 12/19] xen/arm: Implement domain_get_maximum_gpfn Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 13/19] xen/arm: Add p2m_set_permission and p2m_shatter_page helpers Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 14/19] xen/arm: Data abort exception (R/W) mem_events Tamas K Lengyel
2014-09-25 11:56 ` Tamas K Lengyel [this message]
2014-09-25 16:19 ` [PATCH for-4.5 v10 15/19] xen/arm: Temporarily disable mem_access for hypervisor access Julien Grall
2014-09-26 8:39 ` Tamas K Lengyel
2014-09-26 12:43 ` Julien Grall
2014-09-26 13:29 ` Tamas K Lengyel
2014-09-26 13:41 ` Julien Grall
2014-09-26 13:45 ` Tamas K Lengyel
2014-09-26 15:55 ` Ian Campbell
2014-09-25 11:56 ` [PATCH for-4.5 v10 16/19] xen/arm: Instruction prefetch abort (X) mem_event handling Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 17/19] xen/arm: Enable the compilation of mem_access and mem_event on ARM Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 18/19] tools/libxc: Allocate magic page for mem access " Tamas K Lengyel
2014-09-25 11:56 ` [PATCH for-4.5 v10 19/19] tools/tests: Enable xen-access " Tamas K Lengyel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1411646212-17041-16-git-send-email-tklengyel@sec.in.tum.de \
--to=tklengyel@sec.in.tum.de \
--cc=andres@lagarcavilla.org \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@linaro.org \
--cc=stefano.stabellini@citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).