[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86/altp2m: p2m_altp2m_get_or_propagate() should honor ap2m->default_access



commit 7e5b662b289ac66ee347113f94c46c89d127e774
Author:     Petr Beneš <w1benny@xxxxxxxxx>
AuthorDate: Tue Feb 6 10:08:22 2024 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Feb 23 17:43:06 2024 +0000

    x86/altp2m: p2m_altp2m_get_or_propagate() should honor ap2m->default_access
    
    This patch addresses a behavior discrepancy in the handling of altp2m views,
    where upon the creation and subsequent EPT violation, the page access
    permissions were incorrectly inherited from the hostp2m instead of 
respecting
    the altp2m default_access.
    
    Previously, when a new altp2m view was established with restrictive
    default_access permissions and activated via xc_altp2m_switch_to_view(),
    it failed to trigger an event on the first access violation.  This behavior
    diverged from the intended mechanism, where the altp2m's default_access
    should dictate the initial permissions, ensuring proper event triggering on
    access violations.
    
    The correction involves modifying the handling mechanism to respect the
    altp2m view's default_access upon its activation, eliminating the need for
    setting memory access permissions for the entire altp2m range (e.g. within
    xen-access.c).  This change not only aligns the behavior with the expected
    access control logic but also results in a significant performance 
improvement
    by reducing the overhead associated with setting memory access permissions
    across the altp2m range.
    
    Signed-off-by: Petr Beneš <w1benny@xxxxxxxxx>
    Acked-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
---
 tools/misc/xen-access.c | 14 --------------
 xen/arch/x86/mm/p2m.c   |  3 +++
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/tools/misc/xen-access.c b/tools/misc/xen-access.c
index 4097eebe6f..6cf3b6a42c 100644
--- a/tools/misc/xen-access.c
+++ b/tools/misc/xen-access.c
@@ -517,9 +517,6 @@ int main(int argc, char *argv[])
     /* With altp2m we just create a new, restricted view of the memory */
     if ( memaccess && altp2m )
     {
-        xen_pfn_t gfn = 0;
-        unsigned long perm_set = 0;
-
         if( altp2m_write_no_gpt )
         {
             rc = xc_monitor_inguest_pagefault(xch, domain_id, 1);
@@ -551,17 +548,6 @@ int main(int argc, char *argv[])
         }
 
         DPRINTF("altp2m view created with id %u\n", altp2m_view_id);
-        DPRINTF("Setting altp2m mem_access permissions.. ");
-
-        for(; gfn < xenaccess->max_gpfn; ++gfn)
-        {
-            rc = xc_altp2m_set_mem_access( xch, domain_id, altp2m_view_id, gfn,
-                                           default_access);
-            if ( !rc )
-                perm_set++;
-        }
-
-        DPRINTF("done! Permissions set on %lu pages.\n", perm_set);
 
         rc = xc_altp2m_switch_to_view( xch, domain_id, altp2m_view_id );
         if ( rc < 0 )
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index d118d27ab9..4dd41193f5 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1850,6 +1850,9 @@ bool p2m_altp2m_get_or_propagate(struct p2m_domain *ap2m, 
unsigned long gfn_l,
     amfn = _mfn(mfn_x(*mfn) & mask);
     gfn = _gfn(gfn_l & mask);
 
+    /* Override the altp2m entry with its default access. */
+    *p2ma = ap2m->default_access;
+
     rc = p2m_set_entry(ap2m, gfn, amfn, cur_order, *p2mt, *p2ma);
     p2m_unlock(ap2m);
 
--
generated by git-patchbot for /home/xen/git/xen.git#master



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.