[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
  • From: Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>
  • Date: Wed, 18 Sep 2019 10:34:58 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bitdefender.com; dmarc=pass action=none header.from=bitdefender.com; dkim=pass header.d=bitdefender.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=InLOt0+4Jm3EBoybIVmezWyp6/ZPaBOe1k9WOdZHpUA=; b=BaUSPOFUsxo/l32xUcsEsf9vudSqAXJIzJlRIsDPVqk+ovPVqT76fVTCCMUEBbUIXdQI+vHvSld96NHn9qmPlEqtirJgcXcfc51aWAAdcDT7Te20clf/ALA4qwcD8yePNEuKdWY3vVUXvpFLgP3eWSe86CjB6DMu1gjs0wjWFn0n6LW45WwfZdcwMGOvxve2JWWriDvoLy9unX1JKpgWqpNHxBrIx9uETbBLiNRCHL09Lq105z4ZeC+rUcQp0/uSXtcWRoW07+MljmInMzM8F1NjApbnQrwto2qCp9TJwJVhovoP9zlAOOul+e+GTk4tTC1/wipjTQto4P6PVztsrw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n72YCXdnntsgzHUyEHhnfErc+OvU6PSn1j0yU8iNEmOR2ygTAeawwmR0VvftaxqGLuu51/BveasC/smruXzeX7y1UVun/Zk79aCSu6S+TfN1nJp09icyan6IjwWrW+EHR2fT/Q/UYIMNIH0b0jN1+Nx+MSpJoibsGiFbWE7kcg+YcZYakIiSb+t6Gq1DpBHN4omTxkQqryMRDvgd0FHCx5Vvi9jkm3+bsCxGt0omaA6HaZ2VqTcyfXOZzkmVVyEbfE0MsNCulIrd2Qn3UiBhVyv6prvyHSoEs7Tc3hW8WA/UNDdUmZOsWpLCqArjqsfVXYyRCaENgskKII5X3D/gpQ==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=aisaila@xxxxxxxxxxxxxxx;
  • Cc: Petre Ovidiu PIRCALABU <ppircalabu@xxxxxxxxxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>, Razvan COJOCARU <rcojocaru@xxxxxxxxxxxxxxx>, "george.dunlap@xxxxxxxxxxxxx" <george.dunlap@xxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "paul.durrant@xxxxxxxxxx" <paul.durrant@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 18 Sep 2019 10:35:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVbGY5LYraxeTPu06yM6Qe3Haip6cudlQAgAEKjgCAAATfAIAAl0IA///RXgCAAAyQAIABOHCAgAANPoA=
  • Thread-topic: [Xen-devel] [PATCH v10] x86/emulate: Send vm_event from emulate

On 18.09.2019 12:47, Jan Beulich wrote:
> On 17.09.2019 17:09, Tamas K Lengyel wrote:
>> On Tue, Sep 17, 2019 at 8:24 AM Razvan Cojocaru
>> <rcojocaru@xxxxxxxxxxxxxxxxxxx> wrote:
>>>
>>> On 9/17/19 5:11 PM, Alexandru Stefan ISAILA wrote:
>>>>>>>> +bool hvm_monitor_check_p2m(unsigned long gla, gfn_t gfn, uint32_t 
>>>>>>>> pfec,
>>>>>>>> +                           uint16_t kind)
>>>>>>>> +{
>>>>>>>> +    xenmem_access_t access;
>>>>>>>> +    vm_event_request_t req = {};
>>>>>>>> +    paddr_t gpa = (gfn_to_gaddr(gfn) | (gla & ~PAGE_MASK));
>>>>>>>> +
>>>>>>>> +    ASSERT(current->arch.vm_event->send_event);
>>>>>>>> +
>>>>>>>> +    current->arch.vm_event->send_event = false;
>>>>>>>> +
>>>>>>>> +    if ( p2m_get_mem_access(current->domain, gfn, &access,
>>>>>>>> +                            altp2m_vcpu_idx(current)) != 0 )
>>>>>>>> +        return false;
>>>>>>> ... next to the call here (but the maintainers of the file would
>>>>>>> have to judge in the end). That said, I continue to not understand
>>>>>>> why a not found entry means unrestricted access. Isn't it
>>>>>>> ->default_access which controls what such a "virtual" entry would
>>>>>>> permit?
>>>>>> I'm sorry for this misleading comment. The code states that if entry was
>>>>>> not found the access will be default_access and return 0. So in this
>>>>>> case the default_access will be checked.
>>>>>>
>>>>>> /* If request to get default access. */
>>>>>> if ( gfn_eq(gfn, INVALID_GFN) )
>>>>>> {
>>>>>>         *access = memaccess[p2m->default_access];
>>>>>>         return 0;
>>>>>> }
>>>>>>
>>>>>> If this clears thing up I can remove the "NOTE" part if the comment.
>>>>> I'm afraid it doesn't clear things up: I'm still lost as to why
>>>>> "entry not found" implies "full access". And I'm further lost as
>>>>> to what the code fragment above (dealing with INVALID_GFN, but
>>>>> not really the "entry not found" case, which would be INVALID_MFN
>>>>> coming back from a translation) is supposed to tell me.
>>>>>
>>>> It is safe enough to consider a invalid mfn from hostp2 to be a
>>>> violation. There is still a small problem with having the altp2m view
>>>> not having the page propagated from hostp2m. In this case we have to use
>>>> altp2m_get_effective_entry().
>>>
>>> In the absence of clear guidance from the Intel SDM on what the hardware
>>> default is for a page not present in the p2m, we should probably follow
>>> Jan's advice and check violations against default_access for such pages.
>>
>> The SDM is very clear that pages that are not present in the EPT are a
>> violation:
>>
>> 28.2.2
>> An EPT paging-structure entry is present if any of bits 2:0 is 1;
>> otherwise, the entry is not present. The processor
>> ignores bits 62:3 and uses the entry neither to reference another EPT
>> paging-structure entry nor to produce a
>> physical address. A reference using a guest-physical address whose
>> translation encounters an EPT paging-struc-
>> ture that is not present causes an EPT violation (see Section 28.2.3.2).
>>
>> 28.2.3.2
>> EPT Violations
>> An EPT violation may occur during an access using a guest-physical
>> address whose translation does not cause an
>> EPT misconfiguration. An EPT violation occurs in any of the following
>> situations:
>> • Translation of the guest-physical address encounters an EPT
>> paging-structure entry that is not present (see
>> Section 28.2.2).
> 
> I'm not sure if / how this helps (other than to answer Razvan's
> immediate question): It was for a reason that I talked about
> "virtual" entries, e.g. ones that would be there if they had
> been propagated already. Albeit propagated ones probably aren't
> a good case here, since those don't have default_access
> permissions anyway.
> 
> But anyway - what my original remark here was about was the
> (missing) distinction of the different failure modes of
> p2m_get_mem_access(). For example I'd expect a GFN mapping
> to physical memory access to which is emulated to go the
> -ESRCH return path, due to INVALID_MFN coming back. Yet such
> GFNs still ought to have access controls (at least in theory).
> 

I agree with this and I think they should be treated as XENMEM_access_n.
If everyone is OK with this I will add a -ESRCH path that uses 
XENMEM_access_n as access.

Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.