[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 6/7] xen/arm: don't iomem_permit_access for reserved-memory regions

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Tue, 13 Aug 2019 14:34:37 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+A/hWZzefzlVqN2RH+GSwfskxqCCoWSZu205i/n4ML4=; b=BhKZ4aVaYfTRD1yo4PWINz0hEUZ7YYitJbh5GWCCuhIDnM84ttZu39ecVdvN2d9JD4str658xiPCCfp3mfopAq7teO+rlReZ76VZavR/NQs4nzpxYyK+o+OrzP0SjfRIv/EVzducvSI0DscaruyJwG5OkqQ3zzT1dAZs5O95iJ9dizi+VjJZVlBrWdpdT+qzXZxB6hEK3HOAIeYUuPoij3ACde36ZV/t35THS8ahuq89vjs9XLrh9wYlc3OujehkYkJywsk/PB0A4407epDnUCl8BkvemEKFmVyIVpWKELs1zj841tzR0Hvb/QyWTJBQmH78JHi2YcncBq/a/ZsmlA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oFO2p13bi7QVh6k8n2AUOy578Sm2dmFBYBfJpHja1sLUvfM06VpbndYz2CaisDFLtuF3qSDwKpXxSdGvvJKE7NGgS1HM5BNcWu8Qcx9FHc46KL6AgbvZre0Od9jFXSkCw2rHBvvNyyTKn7LNssb1J2s/43/zdOzPwDr/9Mw9BBt5J7iiFXd5Lb9Njy2DjPzd1U93tg86pl4fW4SOhlBav5sCNw17MgPdFLDFHTHonzyZfJSDDxOPIpdteaQIX+dVcOa8n2Evl7b/ar3Iw6JzHaqTGkXweCEpCjbM9Nn54umbcByN121ZQ4FpkDSO60YJtnkAc+nTn6MlgnKSc52+1A==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "julien.grall@xxxxxxx" <julien.grall@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Stefano Stabellini <stefanos@xxxxxxxxxx>
  • Delivery-date: Tue, 13 Aug 2019 14:34:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVUV1R4cCemTtGPUudkUSUkscveab5JbyA
  • Thread-topic: [PATCH v5 6/7] xen/arm: don't iomem_permit_access for reserved-memory regions
Stefano Stabellini writes:

> Don't allow reserved-memory regions to be remapped into any unprivileged
> guests, until reserved-memory regions are properly supported in Xen. For
> now, do not call iomem_permit_access on them, because giving
> iomem_permit_access to dom0 means that the toolstack will be able to
> assign the region to a domU.
>
> Signed-off-by: Stefano Stabellini <stefanos@xxxxxxxxxx>
> ---
>
> Changes in v5:
> - fix check condition
> - use strnicmp
> - return error
> - improve commit message
>
> Changes in v4:
> - compare the parent name with reserved-memory
> - use dt_node_cmp
>
> Changes in v3:
> - new patch
> ---
>  xen/arch/arm/domain_build.c | 24 ++++++++++++++++--------
>  1 file changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index 4c8404155a..e0c0c01c88 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -1155,15 +1155,23 @@ static int __init map_range_to_domain(const struct 
> dt_device_node *dev,
>      bool need_mapping = !dt_device_for_passthrough(dev);
>      int res;
>  
> -    res = iomem_permit_access(d, paddr_to_pfn(addr),
> -                              paddr_to_pfn(PAGE_ALIGN(addr + len - 1)));
> -    if ( res )
> +    /*
> +     * Don't give iomem permissions for reserved-memory ranges to domUs
> +     * until reserved-memory support is complete.
> +     */
> +    if ( strnicmp(dt_node_full_name(dev), "/reserved-memory",
> +         strlen("/reserved-memory")) != 0 )
Why are you using strnicmp there? With such usage it is the same as
strcasecmp(). But, if you want to find "/reserved-memory" anywhere in
dt_node_full_name(dev), then you probably want to use strcasestr()


>      {
> -        printk(XENLOG_ERR "Unable to permit to dom%d access to"
> -               " 0x%"PRIx64" - 0x%"PRIx64"\n",
> -               d->domain_id,
> -               addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1);
> -        return res;
> +        res = iomem_permit_access(d, paddr_to_pfn(addr),
> +                paddr_to_pfn(PAGE_ALIGN(addr + len - 1)));
> +        if ( res )
> +        {
> +            printk(XENLOG_ERR "Unable to permit to dom%d access to"
> +                    " 0x%"PRIx64" - 0x%"PRIx64"\n",
> +                    d->domain_id,
> +                    addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1);
> +            return res;
> +        }
>      }
>  
>      if ( need_mapping )


-- 
Volodymyr Babchuk at EPAM
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.