From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH for-4.5 v10 15/19] xen/arm: Temporarily
 disable mem_access for hypervisor access
Date: Fri, 26 Sep 2014 15:41:11 +0200
Message-ID: <54256CF7.3030005@linaro.org>
References: <1411646212-17041-1-git-send-email-tklengyel@sec.in.tum.de>	<1411646212-17041-16-git-send-email-tklengyel@sec.in.tum.de>	<5424407D.70904@linaro.org>	<CAErYnsjZoBZsqrnH3cpzJBJantt+9_-YAOQG6412_LHxddVCAQ@mail.gmail.com>	<54255F7D.8070107@linaro.org>
	<CAErYnsix9gOX0DtVybkeDLKMmCDR2BA+kRoD3GL_a2giMrHNjQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAErYnsix9gOX0DtVybkeDLKMmCDR2BA+kRoD3GL_a2giMrHNjQ@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Tamas K Lengyel <tamas.lengyel@zentific.com>
Cc: Ian Campbell <ian.campbell@citrix.com>, Tim Deegan <tim@xen.org>, Ian Jackson <ian.jackson@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Stefano Stabellini <stefano.stabellini@citrix.com>, Andres Lagar-Cavilla <andres@lagarcavilla.org>, Jan Beulich <jbeulich@suse.com>, Daniel De Graaf <dgdegra@tycho.nsa.gov>, Tamas K Lengyel <tklengyel@sec.in.tum.de>
List-Id: xen-devel@lists.xenproject.org



On 26/09/2014 15:29, Tamas K Lengyel wrote:
> As I said, I'm not sure what you are describing exactly. Based on the
> p2m type we could already decide if the hypercall should be allowed to
> read/write form the page. AFAIU the MMU here is only used as a fast-path
> to determine if that's the case.
>
> What I was getting at, its not a good idea to simply disable hypercalls
> that use this path when there is a mem_access permission set because it
> would reveal that there is a mem_access listener to the guest. So what
> I'll do here is pausing the domain when access_in_use is set, temporary
> disable the mem_access permissions, let the read/write through, then
> re-enable + unpause the domain.

My solution is based on p2m_lookup, i.e getting the p2m type. Even if 
it's still slow (we can't really use the MMU translation facility), it 
would still be faster than pausing the domain and modifying twice the 
p2m. See the code skeleton below:

page = get_gva(...)
if ( !page )
{
    ipa = get ipa from va(va)
    mfn = p2m_lookup(d, ipa, &type);
    if ( mfn == INVALID_PADDR )
      return -EFAULT;
    page = get_page(mfn_to_page(mfn));
    if ( !page )
      return -EFAULT;

    if type check fail
    {
      put_page(page);
      return -EFAULT;
    }
}

You may have to modify a bit the skeleton above to take the p2m->look.

Regards,

-- 
Julien Grall