From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [PATCH v6 05/11] arch, x86: check if mapping exists before memory_mapping removes it Date: Tue, 22 Apr 2014 09:53:37 +0100 Message-ID: <53562E11.7040406@linaro.org> References: <1398087904-16594-1-git-send-email-avanzini.arianna@gmail.com> <1398087904-16594-6-git-send-email-avanzini.arianna@gmail.com> <535645B2020000780000A956@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <535645B2020000780000A956@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , Arianna Avanzini Cc: julien.grall@citrix.com, paolo.valente@unimore.it, keir@xen.org, stefano.stabellini@eu.citrix.com, Ian.Jackson@eu.citrix.com, dario.faggioli@citrix.com, tim@xen.org, xen-devel@lists.xen.org, Ian.Campbell@eu.citrix.com, etrudeau@broadcom.com, viktor.kleinik@globallogic.com List-Id: xen-devel@lists.xenproject.org Hi Jan, On 22/04/14 09:34, Jan Beulich wrote: >>>> On 21.04.14 at 15:44, wrote: >> Currently, when a memory mapping is removed with the memory_mapping >> DOMCTL, no check is performed on the existence of such a mapping. >> This commit attempts to add such a consistency check to the code >> performing the unmap. > > I think this goes too far: Did you check that all existing tool stacks > actually pass a valid MFN for the unmap? It would seem quite natural > to me if some didn't, since tool stacks can be expected to know what > they're doing. If the toolstack doesn't give a valid MFN that would mean that the toolstack can mess up the range permission. On a previous mail, I suggested to skip the MFN parameter when the toolstack is unmapping the range. Xen will take care to translate the GFN into an MFN. AFAIU, it's what we do on the other unmap hypercalls. -- Julien Grall