[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 12/14] arm/mem_access: Add long-descriptor based gpt

To: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien.grall@xxxxxxx>
Date: Mon, 17 Jul 2017 17:18:04 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Mon, 17 Jul 2017 16:18:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Sergej,

On 06/07/17 12:50, Sergej Proskurin wrote:

+/*
+ * Get the MSB number of the GVA, according to "AddrTop" pseudocode
+ * implementation in ARM DDI 0487B.a J1-6066.
+ */
+static unsigned int get_top_bit(struct domain *d, vaddr_t gva, register_t tcr)
+{
+    unsigned int topbit;
+
+    /*
+     * IF EL1 is using AArch64 then addresses from EL0 using AArch32 are


NIT: s/IF/If/

+     * zero-extended to 64 bits (ARM DDI 0487B.a J1-6066).
+     */
+    if ( is_32bit_domain(d) )
+        topbit = 31;
+    else if ( is_64bit_domain(d) )
+    {
+        if ( ((gva & BIT_ULL(55)) && (tcr & TCR_EL1_TBI1)) ||
+             (!(gva & BIT_ULL(55)) && (tcr & TCR_EL1_TBI0)) )
+            topbit = 55;
+        else
+            topbit = 63;
+    }
+
+    return topbit;
+}
+
+/* Make sure the base address does not exceed its configured size. */
+static int check_base_size(unsigned int output_size, uint64_t base)
+{
+    paddr_t mask = GENMASK_ULL((TCR_EL1_IPS_48_BIT_VAL - 1), output_size);
+
+    if ( (output_size < TCR_EL1_IPS_48_BIT_VAL) && (base & mask) )
+        return -EFAULT;
+
+    return 0;

This function only return 0 or -EFAULT and the caller doesn't care ofthe exact value. I would prefer if you return a boolean here.


[...]

+    /*
+     * According to to ARM DDI 0487B.a J1-5927, we return an error if the found
+     * PTE is invalid or holds a reserved entry (PTE<1:0> == x0)) or if the PTE
+     * maps a memory block at level 3 (PTE<1:0> == 01).
+     */
+    if ( !lpae_is_page(pte, level) && !lpae_is_superpage(pte, level) )
+        return -EFAULT;
+
+    *ipa = pfn_to_paddr(pte.walk.base) | (gva & masks[gran][level]);

I haven't noticed it until now. When using 16KB and 64KB, you rely onthe bottom bits to be zeroed. Although, the guest could purposefully putwrong value here. So you want to mask it as you do just above.

Furthermore, as other part of the Xen ARM you rely on the page size ofXen to always be 4KB. This is not really true and this code will breakas soon as we introduce 16KB/64KB page granularity support in Xen. Iwill have a look on what to do here. No need to worry about that for now.

+
+    /*
+     * Set permissions so that the caller can check the flags by herself. Note
+     * that stage 1 translations also inherit attributes from the tables
+     * (ARM DDI 0487B.a J1-5928).
+     */
+    if ( !pte.pt.ro && !ro_table )
+        *perms |= GV2M_WRITE;
+    if ( !pte.pt.xn && !xn_table )
+        *perms |= GV2M_EXEC;
+
+    return 0;
 }

 int guest_walk_tables(const struct vcpu *v, vaddr_t gva,


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v6 00/14] arm/mem_access: Walk guest page tables in SW if mem_access is active
  - From: Sergej Proskurin
- [Xen-devel] [PATCH v6 12/14] arm/mem_access: Add long-descriptor based gpt
  - From: Sergej Proskurin

Prev by Date: Re: [Xen-devel] [PATCH 1/6] xen-blkfront: quiesce/unquiesce queue instead of start/stop queues
Next by Date: Re: [Xen-devel] ARM: Adjusting guest memory size through xl mem-{set|max} fails
Previous by thread: [Xen-devel] [PATCH v6 12/14] arm/mem_access: Add long-descriptor based gpt
Next by thread: [Xen-devel] [linux-4.9 test] 111411: tolerable FAIL - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.