[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>
  • Date: Tue, 17 Sep 2019 14:11:15 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hSU7H9IjGY4nf8E+du8f7Am0AXRoQDbqLGjV6l5SdW0=; b=QHgDP9QegxG6AeHVT3a6uGE9VR0oDKOyBP58lQ6zrvu9oQaj9ixmMHNV6foLWwUZ1jmYjm9BdHsB6rCmQvMxYiUJrGWk8r178qoF7XXxuG89indVJollm9jnvCls/2o9Rb/b8AJJc2L2wP9RtmPH74Qil1MEMy1omFjIt7u6HX4NUQ/PPCp3DpxmSrtBsH24+9ZMrmIUKjweZ9REFvCK7YpWbcPlomzpOB70+DVbGJzH/jgBq/qunZZ93juBupir09ulKx373j0i+12tIa3IIrXKnUXE7cSBOsul4s6SMymvUlmoXpFg6d4ccfNO61svGt+TPTCqzbDDHx3Qf/4XBA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sulu0OOTEVtoxks2LGXrsA7YFPCZHPHj1C8rDIeg2JslrtvC5FSHmpggmJ7/GKm8sc04WZgeggDaqJPnlOSN6Vsp2VnW5qS0B6MYLy3yKX9w3WviubyxS38Cpd5mpVH24TgsjLNeJlHABotxZWPlTIAmvu7hbxeRECWOqHAF9NW5YqFgZLRmyvhlr5cfF1/xXJx2Vqx0alArGVf6tbP1IY4a56t8yqtkxZWUnuJrgqZOfdyAhpzXsTgZSDoyVSExTtwGnvo0SbYlSNIvDN6H0GWLsxNFF+8WoyJkH93lF56zW+sSxfp4/leXlFXeGaeJkNy+vXJvnspEG9qcOf5Zog==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@xxxxxxxxxxxxxxx;
  • Cc: Petre Ovidiu PIRCALABU <ppircalabu@xxxxxxxxxxxxxxx>, "tamas@xxxxxxxxxxxxx" <tamas@xxxxxxxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>, Razvan COJOCARU <rcojocaru@xxxxxxxxxxxxxxx>, "george.dunlap@xxxxxxxxxxxxx" <george.dunlap@xxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "paul.durrant@xxxxxxxxxx" <paul.durrant@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 17 Sep 2019 14:11:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVbGY5LYraxeTPu06yM6Qe3Haip6cudlQAgAEKjgCAAATfAIAAZPcA
  • Thread-topic: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

On 17.09.2019 11:09, Jan Beulich wrote:
> On 17.09.2019 09:52, Alexandru Stefan ISAILA wrote:
>> On 16.09.2019 18:58, Jan Beulich wrote:
>>> On 16.09.2019 10:10, Alexandru Stefan ISAILA wrote:
>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>> @@ -3224,6 +3224,14 @@ static enum hvm_translation_result __hvm_copy(
>>>>                return HVMTRANS_bad_gfn_to_mfn;
>>>>            }
>>>>    
>>>> +        if ( unlikely(v->arch.vm_event) &&
>>>> +             v->arch.vm_event->send_event &&
>>>> +             hvm_monitor_check_p2m(addr, gfn, pfec, npfec_kind_with_gla) )
>>>> +        {
>>>> +            put_page(page);
>>>> +            return HVMTRANS_gfn_paged_out;
>>>
>>> I'm sorry, but there is _still_ no comment next to this apparent
>>> mis-use of HVMTRANS_gfn_paged_out.
>>
>> I will add this comment here:
>>
>> "/*
>>     * In case a vm event was sent return paged_out so the emulation will
>>     * stop with no side effect
>>     */"
> 
> First of all - why "was sent"? The event is yet to be sent, isn't it?

Yes it should state "if the event is sent".

> And then I'm afraid this still isn't enough. __hvm_copy() gets used
> for many purposes. For example, while looking into this again when
> preparing the reply here, I've noticed that above you may wrongly
> call hvm_monitor_check_p2m() with npfec_kind_with_gla - there's no
> linear address when HVMCOPY_linear is not set. If, while putting

You are right, a check for HVMCOPY_linear should go in the if so we are 
sure that it is called with a linear address only.

> together what the comment needs to explain (i.e. everything that
> can't be implied from the code you add), you considered all cases
> you should have noticed this yourself.

With this new check in place (HVMCOPY_linear) __hvm_copy() will be 
called from linear_read() linear_write() where it will pass down 
X86EMUL_RETRY.

The comment can change to:
"If a event is sent return paged_out. The emulation will have no side 
effect and will return X86EMUL_RETRY"

> 
>>>> @@ -215,6 +217,79 @@ void hvm_monitor_interrupt(unsigned int vector, 
>>>> unsigned int type,
>>>>        monitor_traps(current, 1, &req);
>>>>    }
>>>>    
>>>> +/*
>>>> + * Send memory access vm_events based on pfec. Returns true if the event 
>>>> was
>>>> + * sent and false for p2m_get_mem_access() error, no violation and event 
>>>> send
>>>> + * error. Assumes the caller will check arch.vm_event->send_event.
>>>> + *
>>>> + * NOTE: p2m_get_mem_access() can fail if the entry was not found in the 
>>>> EPT
>>>> + * (in which case access to it is unrestricted, so no violations can 
>>>> occur).
>>>> + * In this cases it is fine to continue the emulation.
>>>> + */
>>>
>>> I think this part of the comment would better go ...
>>>
>>>> +bool hvm_monitor_check_p2m(unsigned long gla, gfn_t gfn, uint32_t pfec,
>>>> +                           uint16_t kind)
>>>> +{
>>>> +    xenmem_access_t access;
>>>> +    vm_event_request_t req = {};
>>>> +    paddr_t gpa = (gfn_to_gaddr(gfn) | (gla & ~PAGE_MASK));
>>>> +
>>>> +    ASSERT(current->arch.vm_event->send_event);
>>>> +
>>>> +    current->arch.vm_event->send_event = false;
>>>> +
>>>> +    if ( p2m_get_mem_access(current->domain, gfn, &access,
>>>> +                            altp2m_vcpu_idx(current)) != 0 )
>>>> +        return false;
>>>
>>> ... next to the call here (but the maintainers of the file would
>>> have to judge in the end). That said, I continue to not understand
>>> why a not found entry means unrestricted access. Isn't it
>>> ->default_access which controls what such a "virtual" entry would
>>> permit?
>>
>> I'm sorry for this misleading comment. The code states that if entry was
>> not found the access will be default_access and return 0. So in this
>> case the default_access will be checked.
>>
>> /* If request to get default access. */
>> if ( gfn_eq(gfn, INVALID_GFN) )
>> {
>>       *access = memaccess[p2m->default_access];
>>       return 0;
>> }
>>
>> If this clears thing up I can remove the "NOTE" part if the comment.
> 
> I'm afraid it doesn't clear things up: I'm still lost as to why
> "entry not found" implies "full access". And I'm further lost as
> to what the code fragment above (dealing with INVALID_GFN, but
> not really the "entry not found" case, which would be INVALID_MFN
> coming back from a translation) is supposed to tell me.
> 
It is safe enough to consider a invalid mfn from hostp2 to be a 
violation. There is still a small problem with having the altp2m view 
not having the page propagated from hostp2m. In this case we have to use
altp2m_get_effective_entry().

Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.