[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Wed, 22 Sep 2021 14:19:04 +0500
Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
Delivery-date: Wed, 22 Sep 2021 09:19:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Roger,

On 22/09/2021 13:21, Roger Pau Monne wrote:

Allow setting max_grant_version to 0 in order to disable grant table
usage by a domain. This prevents allocating the grant-table structure
inside of Xen and requires guards to be added in several functions in
order to prevent dereferencing the structure.

Note that a domain without a grant table could still use some of the
grant related hypercalls, it could for example issue a GNTTABOP_copy
of a grant reference from a remote domain into a local frame.

Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
  docs/man/xl.cfg.5.pod.in     |   4 +-
  tools/libs/light/libxl_dom.c |   2 +-
  xen/common/grant_table.c     | 100 +++++++++++++++++++++++++++++++++--
  3 files changed, 98 insertions(+), 8 deletions(-)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index c5a447dfcd..d507540c2c 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -583,8 +583,8 @@ L<xl.conf(5)>.
  =item B<max_grant_version=NUMBER>

Specify the maximum grant table version the domain is allowed to use. Current

-supported versions are 1 and 2. The default value is settable via
-L<xl.conf(5)>.
+supported versions are 1 and 2. Setting to 0 disables the grant table for the
+domain. The default value is settable via L<xl.conf(5)>.

Technically, the version only applies to format of the table forgranting page. The mapping itself is version agnostic. So this feels abit wrong to use max_grant_version to not allocate d->grant_table.

I also can see use-cases where we may want to allow a domain to grantpage but not map grant (for instance, a further hardening of XSA-380).Therefore, I think we want to keep max_grant_version for the tableitself and manage the mappings separately (possibly by letting the adminto select the max number of entries in the maptrack).


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
  - From: Juergen Gross

References:
- [PATCH v2 0/6] gnttab: add per-domain controls
  - From: Roger Pau Monne
- [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
  - From: Roger Pau Monne

Prev by Date: Re: [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring
Next by Date: Re: [PATCH 1/2] gnttab: remove guest_physmap_remove_page() call from gnttab_map_frame()
Previous by thread: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
Next by thread: Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.