[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] x86 / vmx: use a 'normal' domheap page for APIC_DEFAULT_PHYS_BASE
> -----Original Message----- > From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of > Julien Grall > Sent: 21 January 2020 12:29 > To: Durrant, Paul <pdurrant@xxxxxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx > Cc: Kevin Tian <kevin.tian@xxxxxxxxx>; Stefano Stabellini > <sstabellini@xxxxxxxxxx>; Jun Nakajima <jun.nakajima@xxxxxxxxx>; Wei Liu > <wl@xxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>; George > Dunlap <George.Dunlap@xxxxxxxxxxxxx>; Andrew Cooper > <andrew.cooper3@xxxxxxxxxx>; Ian Jackson <ian.jackson@xxxxxxxxxxxxx>; > Roger Pau Monné <roger.pau@xxxxxxxxxx> > Subject: Re: [Xen-devel] [PATCH 3/3] x86 / vmx: use a 'normal' domheap > page for APIC_DEFAULT_PHYS_BASE > > Hi, > > On 21/01/2020 12:00, Paul Durrant wrote: > > diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c > > index 919a270587..ef327072ed 100644 > > --- a/xen/common/page_alloc.c > > +++ b/xen/common/page_alloc.c > > @@ -2269,7 +2269,8 @@ int assign_pages( > > > > if ( !(memflags & MEMF_no_refcount) ) > > { > > - if ( unlikely((d->tot_pages + (1 << order)) > d->max_pages) ) > > + if ( unlikely((d->tot_pages + (1 << order)) > d->max_pages) && > > + d->creation_finished ) > > This is not entirely obvious to me how this is safe. What would happen > if d->creation_finished is set on another CPU at the same time? At least > on Arm, this may not be seen directly. > > I guess the problem would not only happen in this use case (I am more > concerned in the physmap code), but it would be good to document how it > is meant to be safe to use. > > However, AFAIU, the only reason for the check to be here is because > d->max_pages is set quite late. How about setting max_pages as part of > the domain_create hypercall? That would be useful but certainly more invasive. There's no way a guest vcpu can see creation_finished set to true as it is still paused. The only concern would be a stub domain causing domheap pages to be allocated on behalf of the guest, and can we not trust a stub domain until it's guest has been unpaused (since there is no scope for the guest to attack it until then)? Paul > > Cheers, > > -- > Julien Grall > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxxx > https://lists.xenproject.org/mailman/listinfo/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |