From: Julien Grall <julien.grall@linaro.org>
To: Arianna Avanzini <avanzini.arianna@gmail.com>
Cc: paolo.valente@unimore.it, stefano.stabellini@eu.citrix.com,
dario.faggioli@citrix.com, Ian.Jackson@eu.citrix.com,
xen-devel@lists.xen.org, Ian.Campbell@eu.citrix.com,
etrudeau@broadcom.com, viktor.kleinik@globallogic.com
Subject: Re: [RFC PATCH v2 2/3] arch, arm: add the XEN_DOMCTL_memory_mapping hypercall
Date: Mon, 10 Mar 2014 12:03:37 +0000 [thread overview]
Message-ID: <531DAA19.40405@linaro.org> (raw)
In-Reply-To: <1394439953-5723-3-git-send-email-avanzini.arianna@gmail.com>
Hello Arianna,
On 03/10/2014 08:25 AM, Arianna Avanzini wrote:
> This commit introduces a first attempt of implementation of the
> XEN_DOMCTL_memory_mapping hypercall for ARM. The range of I/O
> memory addresses is mapped all at once with map_mmio_regions().
>
> Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>
> Cc: Dario Faggioli <dario.faggioli@citrix.com>
> Cc: Paolo Valente <paolo.valente@unimore.it>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
> Cc: Julien Grall <julien.grall@citrix.com>
> Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>
> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
> Cc: Eric Trudeau <etrudeau@broadcom.com>
> Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
> ---
> xen/arch/arm/domctl.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/p2m.c | 9 +++++++
> xen/include/asm-arm/p2m.h | 2 ++
> 3 files changed, 80 insertions(+)
>
> diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
> index 45974e7..078b165 100644
> --- a/xen/arch/arm/domctl.c
> +++ b/xen/arch/arm/domctl.c
> @@ -10,6 +10,7 @@
> #include <xen/errno.h>
> #include <xen/sched.h>
> #include <xen/hypercall.h>
> +#include <xen/iocap.h>
> #include <public/domctl.h>
>
> long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
> @@ -30,7 +31,75 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
>
> return p2m_cache_flush(d, s, e);
> }
> + case XEN_DOMCTL_memory_mapping:
> + {
> + unsigned long gfn = domctl->u.memory_mapping.first_gfn;
> + unsigned long mfn = domctl->u.memory_mapping.first_mfn;
> + unsigned long nr_mfns = domctl->u.memory_mapping.nr_mfns;
> + int add = domctl->u.memory_mapping.add_mapping;
> + long int ret;
> +
> + ret = -EINVAL;
> + if ( (mfn + nr_mfns - 1) < mfn || /* wrap? */
> + ((mfn | (mfn + nr_mfns - 1)) >> (PADDR_BITS - PAGE_SHIFT)) ||
> + (gfn + nr_mfns - 1) < gfn ) /* wrap? */
> + return ret;
> +
> + ret = -EPERM;
> + if ( !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
> + return ret;
>
> + ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, add);
> + if ( ret )
> + return ret;
> +
> + if ( add )
> + {
> + printk(XENLOG_G_INFO
> + "memory_map: add: dom%d gfn=%lx mfn=%lx nr=%lx\n",
> + d->domain_id, gfn, mfn, nr_mfns);
> + ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
> + if ( !ret )
> + {
> + ret = map_mmio_regions(d, PAGE_ALIGN(pfn_to_paddr(gfn)),
> + PAGE_ALIGN(
> + pfn_to_paddr(gfn + nr_mfns)) - 1,
> + PAGE_ALIGN(pfn_to_paddr(mfn)));
> + if ( ret )
> + {
> + printk(XENLOG_G_WARNING
> + "memory_map: fail: dom%d gfn=%lx mfn=%lx\n",
> + d->domain_id, gfn, mfn);
> + if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
> + is_hardware_domain(current->domain) )
> + printk(XENLOG_ERR
> + "memory_map: failed to deny dom%d access "
> + "to [%lx,%lx]\n",
> + d->domain_id, mfn, mfn + nr_mfns - 1);
> + }
> + }
> + }
> + else
> + {
> + printk(XENLOG_G_INFO
> + "memory_map: remove: dom%d gfn=%lx mfn=%lx nr=%lx\n",
> + d->domain_id, gfn, mfn, nr_mfns);
> +
> + add = unmap_mmio_regions(d, PAGE_ALIGN(pfn_to_paddr(gfn)),
> + PAGE_ALIGN(
> + pfn_to_paddr(gfn + nr_mfns)) - 1,
> + PAGE_ALIGN(pfn_to_paddr(mfn)));
> + ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
> + if ( ret && add )
> + ret = -EIO;
> + if ( ret && is_hardware_domain(current->domain) )
> + printk(XENLOG_ERR
> + "memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
> + ret, add ? "removing" : "denying", d->domain_id,
> + mfn, mfn + nr_mfns - 1);
The unmap part doesn't seem correct to me. With your solution, you are
allowed to remove any gfn as long as the current domain is permitted to
modify the mfn. No matter if gfn is effectively mapped to the mfn or not.
You should at least check that gfn is typed p2m_mmio_direct (This is
done by clean_mmio_p2m_entry on x86). You can also check that the gfn is
mapped to the mfn.
I would do that in the switch REMOVE in apply_p2m_changes.
> + }
> + return ret;
> + }
> default:
> return subarch_do_domctl(domctl, d, u_domctl);
> }
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index d00c882..710f74e 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -461,6 +461,15 @@ int map_mmio_regions(struct domain *d,
> maddr, MATTR_DEV, p2m_mmio_direct);
> }
>
> +int unmap_mmio_regions(struct domain *d,
> + paddr_t start_gaddr,
> + paddr_t end_gaddr,
> + paddr_t maddr)
> +{
Can you use pfn instead of physical address?
Regards,
--
Julien Grall
next prev parent reply other threads:[~2014-03-10 12:03 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-10 8:25 [RFC PATCH v2 0/3] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM Arianna Avanzini
2014-03-10 8:25 ` [RFC PATCH v2 1/3] arch, arm: allow dom0 access to I/O memory of mapped devices Arianna Avanzini
2014-03-10 11:30 ` Julien Grall
2014-03-11 0:49 ` Arianna Avanzini
2014-03-13 15:27 ` Ian Campbell
2014-03-13 15:40 ` Julien Grall
2014-03-10 8:25 ` [RFC PATCH v2 2/3] arch, arm: add the XEN_DOMCTL_memory_mapping hypercall Arianna Avanzini
2014-03-10 12:03 ` Julien Grall [this message]
2014-03-11 1:20 ` Arianna Avanzini
2014-03-13 15:29 ` Ian Campbell
2014-03-13 15:36 ` Jan Beulich
2014-03-13 15:51 ` Dario Faggioli
2014-03-13 15:57 ` Ian Campbell
2014-03-13 16:08 ` Jan Beulich
2014-03-10 8:25 ` [RFC PATCH v2 3/3] tools, libxl: handle the iomem parameter with the memory_mapping hcall Arianna Avanzini
2014-03-13 15:27 ` Ian Campbell
2014-03-13 15:34 ` Julien Grall
2014-03-13 15:49 ` Ian Campbell
2014-03-13 16:36 ` Dario Faggioli
2014-03-13 16:47 ` Julien Grall
2014-03-13 17:32 ` Ian Campbell
2014-03-13 18:37 ` Dario Faggioli
2014-03-13 20:29 ` Julien Grall
2014-03-14 9:55 ` Dario Faggioli
2014-03-14 9:46 ` Ian Campbell
2014-03-14 12:00 ` Julien Grall
2014-03-14 12:15 ` Dario Faggioli
2014-03-14 12:39 ` Arianna Avanzini
2014-03-14 12:49 ` Ian Campbell
2014-03-14 15:10 ` Stefano Stabellini
2014-03-14 15:45 ` Dario Faggioli
2014-03-14 16:19 ` Ian Campbell
2014-03-14 16:25 ` Dario Faggioli
2014-03-14 18:39 ` Eric Trudeau
2014-03-17 9:37 ` Ian Campbell
2014-03-13 15:43 ` Jan Beulich
2014-03-13 15:51 ` Ian Campbell
2014-03-13 16:53 ` Dario Faggioli
2014-03-13 17:04 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531DAA19.40405@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=avanzini.arianna@gmail.com \
--cc=dario.faggioli@citrix.com \
--cc=etrudeau@broadcom.com \
--cc=paolo.valente@unimore.it \
--cc=stefano.stabellini@eu.citrix.com \
--cc=viktor.kleinik@globallogic.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).