Xen project Mailing List

Re: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

To: Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxxxxxx>

Date: Tue, 17 Sep 2019 14:24:18 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bbu.bitdefender.biz; dkim=pass header.d=bbu.bitdefender.biz; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BvABcL4BEPa3E4XQOL7YN6iEdbI9Nt17Y6/lw5QCzBQ=; b=Vntd8rfrcnANGHWNxmyC6vFKoXirUG5QWe3nV06lMn1ZAp46k1AMo6Sb5ss6DS61igcqNRMt+k2IfDLjoa0k3P2k16CFQB7TK9GlK3UnHf5OTHS3LE39iAIbiiMqln3HvZRf8wZXuJx6d5Gbm9kiVsDJZYqg05u7gZp6KCkR86BpHM9tKpTeuN4cBIAP4aZzlH2H2oUTcCyrQX4OcAB0p72R3WnI+cYsFVacjMAdDdMZF1KweUxBUzKtsR2YMiGWg2L+01jwGxBed2PjILvg9TM/If7DBscrTNbSTbFpsnOH/Rt5GDqXkNOlAGvh4+rHb1cn38r9I1au8eeW+f0ZzQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dzZAzE1nMUMzg4tHGy0CYNz1n6zjLgndY7LLKv0HvoeiEzjbnxi1TkwRlhheH7lsrE4oLxb7AisLe7In29vAwbi6GpmJ7FyUQ1Ql8SJumFZfpj3xgLFk8oGyJcG32IaluwwUYSdd9FoSzLWJviVdSNSR3eBkfGcShsMeHdld1UQuQ71k9aT5tdQ68zQi+xXUveXh/tl74W34pvIvVTyk6biAcoBeTLCqR7SnyoF1729QI2uTw83RLpOaziufzUDPGJL+l/zzWXmdTopRqOnjJwJhyAv472EeHHyI1Y5pYvVDCCYQkCaLVey9q0R+s/80/jrUlOTKPRXf7ojzbfwF7w==

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=rcojocaru@xxxxxxxxxxxxxxx;

Cc: Petre Ovidiu PIRCALABU <ppircalabu@xxxxxxxxxxxxxxx>, "tamas@xxxxxxxxxxxxx" <tamas@xxxxxxxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>, Razvan COJOCARU <rcojocaru@xxxxxxxxxxxxxxx>, "george.dunlap@xxxxxxxxxxxxx" <george.dunlap@xxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "paul.durrant@xxxxxxxxxx" <paul.durrant@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 17 Sep 2019 14:24:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVbGY5LYraxeTPu06yM6Qe3Haip6cudlQAgAEKjgCAAATfAIAAZPcAgAADo4A=

Thread-topic: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

On 9/17/19 5:11 PM, Alexandru Stefan ISAILA wrote: >>>>> +bool hvm_monitor_check_p2m(unsigned long gla, gfn_t gfn, uint32_t pfec, >>>>> + uint16_t kind) >>>>> +{ >>>>> + xenmem_access_t access; >>>>> + vm_event_request_t req = {}; >>>>> + paddr_t gpa = (gfn_to_gaddr(gfn) | (gla & ~PAGE_MASK)); >>>>> + >>>>> + ASSERT(current->arch.vm_event->send_event); >>>>> + >>>>> + current->arch.vm_event->send_event = false; >>>>> + >>>>> + if ( p2m_get_mem_access(current->domain, gfn, &access, >>>>> + altp2m_vcpu_idx(current)) != 0 ) >>>>> + return false; >>>> ... next to the call here (but the maintainers of the file would >>>> have to judge in the end). That said, I continue to not understand >>>> why a not found entry means unrestricted access. Isn't it >>>> ->default_access which controls what such a "virtual" entry would >>>> permit? >>> I'm sorry for this misleading comment. The code states that if entry was >>> not found the access will be default_access and return 0. So in this >>> case the default_access will be checked. >>> >>> /* If request to get default access. */ >>> if ( gfn_eq(gfn, INVALID_GFN) ) >>> { >>> *access = memaccess[p2m->default_access]; >>> return 0; >>> } >>> >>> If this clears thing up I can remove the "NOTE" part if the comment. >> I'm afraid it doesn't clear things up: I'm still lost as to why >> "entry not found" implies "full access". And I'm further lost as >> to what the code fragment above (dealing with INVALID_GFN, but >> not really the "entry not found" case, which would be INVALID_MFN >> coming back from a translation) is supposed to tell me. >> > It is safe enough to consider a invalid mfn from hostp2 to be a > violation. There is still a small problem with having the altp2m view > not having the page propagated from hostp2m. In this case we have to use > altp2m_get_effective_entry(). In the absence of clear guidance from the Intel SDM on what the hardware default is for a page not present in the p2m, we should probably follow Jan's advice and check violations against default_access for such pages. There are indeed - as discussed privately - two cases for an altp2m though: 1. Page not found in the altp2m, but set in the hostp2m - in which case I suggest that we take the hostp2m value into account (with or without propagation to the altp2m; I see no harm in propagating the entry but other may see something I'm missing). 2. Page not found in both altp2m and hostp2m - in which case we should probably check against default_access. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.