[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Julien Grall <Julien.Grall@xxxxxxx>
Date: Thu, 13 Jun 2019 21:21:05 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Julien.Grall@xxxxxxx;
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, nd <nd@xxxxxxx>, Andrii Anisov <Andrii_Anisov@xxxxxxxx>, "Oleksandr_Tyshchenko@xxxxxxxx" <Oleksandr_Tyshchenko@xxxxxxxx>
Delivery-date: Thu, 13 Jun 2019 21:21:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Nodisclaimer: True
Thread-index: AQHVClEBnC3N9D2eAEWnP3d7IEmdJKaYyPWAgAC4EwCAAJxRgIAAKdIA
Thread-topic: [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()

Hi Stefano,

On 13/06/2019 19:51, Stefano Stabellini wrote:
> On Thu, 13 Jun 2019, Julien Grall wrote:
>> On 6/12/19 11:33 PM, Stefano Stabellini wrote:
>>> On Tue, 14 May 2019, Julien Grall wrote:
> I think the basic principle is that with BUG_ON is "easy" for a guest to
> be able to trigger it, potentially causing a DOS. Without the BUG_ON,
> the guest is unlikely to be able to trigger a crash. However, if all the
> calls happen during boot in regards to operations that have nothing to
> do with guests behavior, then it is fine.

Sadly, we don't seem to have used that approach on Arm so far. We have 
quite a few BUG_ON() that could be triggered by the guest. For instance, 
we used it to confirm that we interpreted correctly the spec... (see 
GUEST_BUG_ON). The rationale was that a DOS is better than data leak.

I have a series to try to reduce such BUG_ON.

> 
> I checked all the call sites and I agree that in this case they are all
> done during boot only. So in this case it is OK to have the
> panic/BUG_ON.

Can I consider this as an acked-by/reviewed-by?

Cheers,

-- 
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
  - From: Stefano Stabellini

References:
- Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
  - From: Julien Grall
- Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [PATCH v2] xen/swiotlb: don't initialize swiotlb twice on arm64
Next by Date: Re: [Xen-devel] [PATCH MM-PART3 v2 12/12] xen/arm: mm: Remove set_pte_flags_on_range()
Previous by thread: Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
Next by thread: Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.