Xen project Mailing List

Re: [Xen-devel] [PATCH 3/3] x86 / vmx: use a 'normal' domheap page for APIC_DEFAULT_PHYS_BASE

To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Durrant, Paul" <pdurrant@xxxxxxxxxxxx>

Date: Tue, 21 Jan 2020 12:37:53 +0000

Accept-language: en-GB, en-US

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 21 Jan 2020 12:38:15 +0000

Ironport-sdr: aYBa04Ki7lLI/FGb6zOQwzNbZPKBDQgAkFpd7QDFX6qOCAjgeHnFEst/lhRaMinELYvRDgiDWW at6+fhkwUilg==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHV0FJcY7J90OgIvEqx31hCfypvqqf1DBaAgAAAkwA=

Thread-topic: [Xen-devel] [PATCH 3/3] x86 / vmx: use a 'normal' domheap page for APIC_DEFAULT_PHYS_BASE

> -----Original Message----- > From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of > Julien Grall > Sent: 21 January 2020 12:29 > To: Durrant, Paul <pdurrant@xxxxxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx > Cc: Kevin Tian <kevin.tian@xxxxxxxxx>; Stefano Stabellini > <sstabellini@xxxxxxxxxx>; Jun Nakajima <jun.nakajima@xxxxxxxxx>; Wei Liu > <wl@xxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>; George > Dunlap <George.Dunlap@xxxxxxxxxxxxx>; Andrew Cooper > <andrew.cooper3@xxxxxxxxxx>; Ian Jackson <ian.jackson@xxxxxxxxxxxxx>; > Roger Pau Monné <roger.pau@xxxxxxxxxx> > Subject: Re: [Xen-devel] [PATCH 3/3] x86 / vmx: use a 'normal' domheap > page for APIC_DEFAULT_PHYS_BASE > > Hi, > > On 21/01/2020 12:00, Paul Durrant wrote: > > diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c > > index 919a270587..ef327072ed 100644 > > --- a/xen/common/page_alloc.c > > +++ b/xen/common/page_alloc.c > > @@ -2269,7 +2269,8 @@ int assign_pages( > > > > if ( !(memflags & MEMF_no_refcount) ) > > { > > - if ( unlikely((d->tot_pages + (1 << order)) > d->max_pages) ) > > + if ( unlikely((d->tot_pages + (1 << order)) > d->max_pages) && > > + d->creation_finished ) > > This is not entirely obvious to me how this is safe. What would happen > if d->creation_finished is set on another CPU at the same time? At least > on Arm, this may not be seen directly. > > I guess the problem would not only happen in this use case (I am more > concerned in the physmap code), but it would be good to document how it > is meant to be safe to use. > > However, AFAIU, the only reason for the check to be here is because > d->max_pages is set quite late. How about setting max_pages as part of > the domain_create hypercall? That would be useful but certainly more invasive. There's no way a guest vcpu can see creation_finished set to true as it is still paused. The only concern would be a stub domain causing domheap pages to be allocated on behalf of the guest, and can we not trust a stub domain until it's guest has been unpaused (since there is no scope for the guest to attack it until then)? Paul > > Cheers, > > -- > Julien Grall > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxxx > https://lists.xenproject.org/mailman/listinfo/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.