From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Chen, Tiejun" Subject: Re: [RFC][v3][PATCH 2/6] xen:x86: introduce a new hypercall to get RMRR mappings Date: Mon, 18 Aug 2014 15:46:34 +0800 Message-ID: <53F1AF5A.2030308@intel.com> References: <1408091238-18364-1-git-send-email-tiejun.chen@intel.com> <1408091238-18364-3-git-send-email-tiejun.chen@intel.com> <53EDD6F7.6000500@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <53EDD6F7.6000500@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper , JBeulich@suse.com, ian.jackson@eu.citrix.com, stefano.stabellini@eu.citrix.com, ian.campbell@citrix.com, yang.z.zhang@intel.com, kevin.tian@intel.com Cc: xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 2014/8/15 17:46, Andrew Cooper wrote: > On 15/08/14 09:27, Tiejun Chen wrote: >> We need this new hypercall to get RMRR mapping for VM. >> >> Signed-off-by: Tiejun Chen >> --- >> xen/arch/x86/x86_64/compat/mm.c | 9 +++++++++ >> xen/include/public/memory.h | 14 +++++++++++++- >> 2 files changed, 22 insertions(+), 1 deletion(-) >> >> diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c >> index 69c6195..ff16f17 100644 >> --- a/xen/arch/x86/x86_64/compat/mm.c >> +++ b/xen/arch/x86/x86_64/compat/mm.c >> @@ -132,6 +132,15 @@ int compat_arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) >> break; >> } >> >> + case XENMEM_reserved_device_memory_map: >> + { >> + /* Currently we just need to cover RMRR. */ >> + if ( copy_to_guest(arg, &rmrr_maps, 1) ) >> + return -EFAULT; > > This will trivially clobber the hypercaller's stack/heap. > > You are not even using the correct indirection of > xen_rmrr_memory_map_t.buffer > > You *must* start by copying xen_rmrr_memory_map_t from the guest. Okay, I will try to do this. Thanks Tiejun > > ~Andrew > >> + >> + return 0; >> + } >> + >> case XENMEM_machphys_mapping: >> { >> struct domain *d = current->domain; >> diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h >> index 2c57aa0..13e539f 100644 >> --- a/xen/include/public/memory.h >> +++ b/xen/include/public/memory.h >> @@ -523,7 +523,19 @@ DEFINE_XEN_GUEST_HANDLE(xen_mem_sharing_op_t); >> >> #endif /* defined(__XEN__) || defined(__XEN_TOOLS__) */ >> >> -/* Next available subop number is 26 */ >> +/* >> + * Some devices may reserve some range. >> + * >> + * Currently we just have RMRR >> + * - Reserved memory Region Reporting Structure, >> + * So returns the RMRR memory map as it was when the domain >> + * was started. >> + */ >> +#define XENMEM_reserved_device_memory_map 26 >> +typedef struct xen_memory_map xen_rmrr_memory_map_t; >> +DEFINE_XEN_GUEST_HANDLE(xen_rmrr_memory_map_t); >> + >> +/* Next available subop number is 27 */ >> >> #endif /* __XEN_PUBLIC_MEMORY_H__ */ >> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel >