Xen project Mailing List

Re: [XEN PATCH v2 2/5] xen: export get_free_port

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Wed, 26 Jan 2022 08:26:59 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OEX4N2B01Jxm0BJaGdJHzMtz1VgusAUO3h04R7rCRj4=; b=nze/kLHRDjzqJoWj0Epp9lOwQH0jDX8Yod783FrgowPz/JfhaRgMxMAUABfb1wOsT6AiThXQn1E47N8UrcVh9ukzY9nQC/YKnrGGxOFEuc8d4KGAy6LbtCocKUoVyiX05q9o3yGHUjWkEbX5RrDmsaBBnOSYSUPZd4JhSP6GY489DSlOM174nf8jbHjrkML0j6Z4F8lJNMw9IKY7rk4vvXNZtAR7hL1iDRQxWq6ADAW0cMtSvT1c1PVPS/Rf3sQmrrvKGji/iE0lVgJ2Mcvni2oujSjTW2n1f+7GD390XNk08tHDbvW4JrcAvXlXoGUh2hKfYTrt5rf6nAv3rdKKkQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hac++wy36rKJjnofiAASRw+8JsEQGhIzy5yPtlai524Gy8ISiPLQKi68R7NDtn/I5UnPKkl/eST5E/rHNKfhmWCCcjsTIOvIxizLLWASCKDOsPPcQEXlveeC8bZc0hn+hHMK0inMQCPRvSQuHPOheN+4Z9OGzVjb2P976L3hc1xm/KKdWR1+VdgrYPLCYZHxfj0VSTb3A7PoEfHMZFvRqA9pW8QAGnvw8uii/UJtwwLHUPUz8H5ua5BT8m5zUZ1uAqW1U//FySaHTV9F3jetLGeSeo2lqOLZ2yVMf/16aKDFfVwhJh12TY2UWLfzS2l+oUcmJ9g5jAqpC9qYv1kNPQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, jgross@xxxxxxxx, Bertrand.Marquis@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>

Delivery-date: Wed, 26 Jan 2022 07:27:31 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25.01.2022 23:49, Stefano Stabellini wrote: > On Tue, 25 Jan 2022, Jan Beulich wrote: >> On 25.01.2022 02:10, Stefano Stabellini wrote: >>> @@ -284,7 +285,27 @@ void evtchn_free(struct domain *d, struct evtchn *chn) >>> xsm_evtchn_close_post(chn); >>> } >>> >>> -static int evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) >>> +struct evtchn *evtchn_alloc_unbound(struct domain *d, domid_t remote_dom) >>> +{ >>> + struct evtchn *chn; >>> + int port; >>> + >>> + if ( (port = get_free_port(d)) < 0 ) >>> + return ERR_PTR(port); >>> + chn = evtchn_from_port(d, port); >>> + >>> + evtchn_write_lock(chn); >>> + >>> + chn->state = ECS_UNBOUND; >>> + chn->u.unbound.remote_domid = remote_dom; >>> + evtchn_port_init(d, chn); >>> + >>> + evtchn_write_unlock(chn); >>> + >>> + return chn; >>> +} >>> + >>> +static int _evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) >>> { >>> struct evtchn *chn; >>> struct domain *d; >> >> Instead of introducing a clone of this function (with, btw, still >> insufficient locking), did you consider simply using the existing >> evtchn_alloc_unbound() as-is, i.e. with the caller passing >> evtchn_alloc_unbound_t *? > > Yes, we tried that first. Unfortunately the (dummy) XSM check cannot > work. This is how we would want to call the function: > > > alloc.dom = d->domain_id; > alloc.remote_dom = hardware_domain->domain_id; > rc = evtchn_alloc_unbound(&alloc); > > > This is the implementation of the XSM check: > > static XSM_INLINE int xsm_evtchn_unbound( > XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) > { > XSM_ASSERT_ACTION(XSM_TARGET); > return xsm_default_action(action, current->domain, d); > } > > > Note the usage of current->domain. If you have any suggestions on how to > fix it please let me know. As an alternative to Julien's suggestion the function could also simply be given a new boolean parameter indicating whether to bypass the XSM check. That would be more explicit than deriving from system state. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.