Re: [Xen-devel] [PATCH 15/23] arch/x86: use XSM hooks for get_pg_owner access checks

[Tim Deegan <tim@xxxxxxx>]

At 10:37 -0500 on 30 Nov (1354271822), Daniel De Graaf wrote:
> There are three callers of get_pg_owner:
>  * do_mmuext_op, which does not have XSM hooks on all subfunctions
>  * do_mmu_update, which has hooks that are inefficient
>  * do_update_va_mapping_otherdomain, which has a simple XSM hook
> 
> In order to preserve return values for the do_mmuext_op hypercall, an
> additional XSM hook is required to check the operation even for those
> subfunctions that do not use the pg_owner field. This also covers the
> MMUEXT_UNPIN_TABLE operation which did previously have an XSM hook.
> 
> The XSM hooks in do_mmu_update were capable of replacing the checks in
> get_pg_owner; however, the hooks are buried in the inner loop of the
> function - not very good for performance when XSM is enabled and these
> turn in to indirect function calls. This patch removes the PTE from the
> hooks and replaces it with a bitfield describing what accesses are being
> requested. The XSM hook can then be called only when additional bits are
> set instead of once per iteration of the loop.
> 
> This patch results in a change in the FLASK permissions used for mapping
> an MMIO page: the target for the permisison check on the memory mapping
> is no longer resolved to the device-specific type, and is instead either
> the domain's own type or domio_t (depending on if the domain uses
> DOMID_SELF or DOMID_IO in the map command). Device-specific access is
> still controlled via the "resource use" permisison checked at domain
> creation (or device hotplug).
> 
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
> Cc: Tim Deegan <tim@xxxxxxx>
> Cc: Keir Fraser <keir@xxxxxxx>

Acked-by: Tim Deegan <tim@xxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel