[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] common: map_vcpu_info() wants to unshare the underlying page


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 25 Oct 2022 17:42:36 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tzDEh4vH7z9yL9N9dgVx6VvWzaWaDIFkoSiaLBZVvbo=; b=VTPcLmCtwZDbC4VUB0L06uoNhPwYQksU2UrwEhdLZ7/L3QpqunGWhtqypkEK7P6tdDWUNdE6q86EjQU3kh26LRfUstgvL1mEtYPRNJkp/p4C2XGbZiHe/ZhyXXba1nI8IEBrGX27R7r/ZmlMCGywZP8D5uYPM6LbCEK4bYD4KFUW1fipOdLKJuwQnUzqO7XgsV3oJ3UKwrRArX2WtOXQIAzU2Bs+osDczlLqqAbIPVmyA+8EZ7Y+U9Hzb6UcPLjQzoB9PQLTSuUlC3/Hrgsc79FYofSgOf+S3wDi3x4i+CDhZCaXjBT/BqsVP3JQjS9gO5dlINxg9FBykGwPduZXMw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WXaRcXc0r9l68ehayzgacWkDoLRFVKPVEu4IHvc+URNvFjmrbGAWz5GJ/SDmI44e8dGH0g7C5fO3msK1sS51HyE38JZ8ef5wBcdzyYzlksk0B/fC8IM/0J6ePFLBwQ8BJY0zh12n4D0uaWm+mMM8kEonzA72usBFLF+DuvnfeNREsnvxdBUlUOza1vXFY+Ax7pA1VrDYxh9neQcG/NYLUvJuQ2hu0zdQb803vWqPX82s80nCpy82K1orxstPNheJtjsKKYiJOPOC6S9RlujC+BWFZSN0IFtWxuB8QTQW5AczWWMjPS/vKzfUTA6AlWqmFZ2tDHxMiNn6OoZ/kJMetw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 25 Oct 2022 15:42:56 +0000
  • Ironport-data: A9a23:YUThK632W7jTpwaeI/bD5RBwkn2cJEfYwER7XKvMYLTBsI5bpzVTn DAbD26BOv7ZNzOnfdpxa9uxox4A7ZCHyYRhQVBqpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefSAOKU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNJg06/gEk35q6r4GlF5gZWic1j5zcyqVFEVPrzGonpR5fIatE8NvK3Q e/F0Ia48gvxl/v6Ior4+lpTWhRiro/6ZWBiuFIPM0SRqkEqShgJ+rQ6LJIhhXJ/0F1lqTzTJ OJl7vRcQS9xVkHFdX90vxNwS0mSNoUekFPLzOTWXWV+ACQqflO1q8iCAn3aMqUqp81UGXh21 McXdg8zcUmshOGP8rKkH7wEasQLdKEHPas5k1Q5l3TzK6ZjRprOBaLX+dVfwTE8wNhUGurTb NYYbjwpawncZxpIOREcD5dWcOWA3yGjNWEH7g/I4/NpswA/zyQouFTpGMDSddGQA91cg26Tp 37c/nS/CRYfXDCa4Wrerizy37Sf9c/9cK0VG56/39o1u2SKhWUyOgUdDmqE+cDs3yZSXPoac ST44BEGr6I/6UiqRdnVRACjrTiPuRt0c8pdFag25R+AzoLQ4h2FHS4UQzhZctskucQqAzsw2 Tehnc7tBDFpmK2YTzSa7Lj8hSipJSEfIGsGZCkFZQgI+d/upMc0lB2nZslnOL64iJvyAz6Y/ tyRhC03hrFWh8hb0ay+pArDm2j1+MiPSRMp7ALKWG7j9hl+eIOue42v7x7c8OpEK4GaCFKGu RDohvSj0QzHNrnV/ATlfQnHNOjBCyqtWNEEvWNSIg==
  • Ironport-hdrordr: A9a23:iM9PN6n9MpPH4o+SsIe4jA0U4aHpDfO3imdD5ihNYBxZY6Wkfp +V8cjzhCWftN9OYhodcLC7V5Voj0mskKKdxbNhRYtKOzOWw1dATbsSlLcKpgeNJ8SQzI5gPM tbAstD4ZjLfCJHZKXBkXaF+rQbsb66GcmT7I+xrkuFDzsaDZ2Ihz0JdjpzeXcGIDWua6BJdq Z1saF81kedkDksH7KGL0hAe9KGi8zAlZrgbxJDLxk76DOWhTftzLLhCRCX0joXTjsKmN4ZgC D4uj28wp/mn+Cwyxfa2WOWx5NKmOH5wt8GIMCXkMAaJhjllw7tToV8XL+puiwzvYiUmR8Xue iJhy1lE9V46nvXcG3wiRzx2zP42DJr0HPmwU/wuwqXneXJABYBT+ZRj4NQdRXUr2A6ustn7a 5N12WF87JKEBLphk3GlpT1fiAvsnDxjWspkOYVgXAae5AZcqVtoYsW+14QOIscHRj99JssHI BVfYzhDc5tAB2nhk3izyhSKITGZAVyIv7GeDlJhiWt6UkYoJgjpHFoh/D2nR87heAAotd/lq b5259T5cFzp/8tHNxA7dg6MLqK40z2MGbx2TGpUCPaPZBCHU7xgLjKx5hwzN2WWfUzvegPcd L6IRhliVI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Oct 11, 2022 at 10:48:38AM +0200, Jan Beulich wrote:
> Not passing P2M_UNSHARE to get_page_from_gfn() means there won't even be
> an attempt to unshare the referenced page, without any indication to the
> caller (e.g. -EAGAIN). Note that guests have no direct control over
> which of their pages are shared (or paged out), and hence they have no
> way to make sure all on their own that the subsequent obtaining of a
> writable type reference can actually succeed.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

> ---
> Really I wonder whether the function wouldn't better use
> check_get_page_from_gfn() _and_ permit p2m_ram_rw only. Otoh the P2M
> type is stale by the time it is being looked at, so all depends on the
> subsequent obtaining of a writable type reference anyway ...
> 
> A similar issue then apparently exists in guest_wrmsr_xen() when writing
> the hypercall page. Interestingly there p2m_is_paging() is being checked
> for (but shared pages aren't).

Doesn't guest_wrmsr_xen() also needs to use UNSHARE?

I wonder if it would be helpful to introduce some kind of helper so
that all functions can use it, get_guest_writable_page() or similar.

> 
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -1484,7 +1484,7 @@ int map_vcpu_info(struct vcpu *v, unsign
>      if ( (v != current) && !(v->pause_flags & VPF_down) )
>          return -EINVAL;
>  
> -    page = get_page_from_gfn(d, gfn, NULL, P2M_ALLOC);
> +    page = get_page_from_gfn(d, gfn, NULL, P2M_UNSHARE);

I had to go look up that P2M_UNSHARE implies P2M_ALLOC for the users
of the parameter, it would be helpful to add a comment in p2m.h that
UNSHARE implies ALLOC.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.