[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 22 Mar 2016 19:28:57 +0000
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, mpohlack@xxxxxxxxx, ross.lagerwall@xxxxxxxxxx, Julien Grall <julien.grall@xxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, sasha.levin@xxxxxxxxxx
Delivery-date: Tue, 22 Mar 2016 19:29:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 22/03/16 18:57, Konrad Rzeszutek Wilk wrote:
>>>>> --- a/xen/include/xsm/dummy.h
>>>>> +++ b/xen/include/xsm/dummy.h
>>>>> @@ -751,3 +751,22 @@ static XSM_INLINE int xsm_xen_version 
>>>>> (XSM_DEFAULT_ARG uint32_t op)
>>>>>          return xsm_default_action(XSM_PRIV, current->domain, NULL);
>>>>>      }
>>>>>  }
>>>>> +
>>>>> +static XSM_INLINE int xsm_version_op (XSM_DEFAULT_ARG uint32_t op)
>>>>> +{
>>>>> +    XSM_ASSERT_ACTION(XSM_OTHER);
>>>>> +    switch ( op )
>>>>> +    {
>>>>> +    case XEN_VERSION_version:
>>>>> +    case XEN_VERSION_extraversion:
>>>>> +    case XEN_VERSION_capabilities:
>>>>> +    case XEN_VERSION_platform_parameters:
>>>>> +    case XEN_VERSION_get_features:
>>>>> +    case XEN_VERSION_pagesize:
>>>>> +    case XEN_VERSION_guest_handle:
>>>>> +        /* These MUST always be accessible to any guest by default. */
>>>>> +        return xsm_default_action(XSM_HOOK, current->domain, NULL);
>>>>> +    default:
>>>>> +        return xsm_default_action(XSM_PRIV, current->domain, NULL);
>>>> Considering that we seem to have settled on some exceptions here
>>>> for the change adding XSM check to the legacy version op, do you
>>>> really think going with no exception at all here is the right approach?
>>>> Because if we do, that'll prevent guests getting fully converted over
>>>> to the new interface. Of course, we could also make this conversion
>>>> specifically a non-goal, and omit e.g. XEN_VERSION_VERSION from
>>>> this new interface.
>>> No no. I think convesion is the right long-term goal. 
>>>
>>> However the nice thing about this hypercall is that it can return -EPERM.
>>>
>>> Making it always return an value for XEN_VERSION_version,
>>> XEN_VERSION_platform_parameters, XEN_VERSION_get_features means that
>>> there are some exceptions to this "can return -EPERM" as they will
>>> be guaranteed an postive return value. They can ignore the -EPERM
>>> case.
>>>
>>> And means that guest can still take shortcuts.
>>>
>>> I agree with you that guests need these hypercalls but at the same
>>> time I am not sure what can be done so they don't fall flat on their
>>> faces if they are presented with -EPERM. The Linux xenbus_init can be
>>> modified to deal with this returning -EPERM where it makes some assumptions.
>>>
>>> But in a likelyhood it is the bad assumption!
>> I'm afraid I can't conclude what you mean to say with all of the
>> above.
> That I am waffling.
>
> Andrew, what is your opinion?

Nothing good can come from failing a XEN_VERSION_version hypercall. 
There are a number easy ways for a guest to infer such information.

XEN_VERSION_platform_parameters is only useful for 32bit PV guests, and
the toolstack.  Given that it is returning a fixed number in the ABI,
nothing good can come of failing this either.

get_features can effectively be failed for permission reasons by
returning 0.  As such, explicitly failing with -EPERM is similarly
pointless.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] [PATCH v4] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
  - From: Konrad Rzeszutek Wilk

Prev by Date: Re: [Xen-devel] [PATCH v2 1/6] x86/mm/pat: Change PAT to support non-default PAT MSR
Next by Date: Re: [Xen-devel] [PATCH v6 17/22] arm/gic: Add a new callback to deny Dom0 access to GIC regions
Previous by thread: Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
Next by thread: Re: [Xen-devel] [PATCH v4 04/34] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.