[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] common: map_vcpu_info() wants to unshare the underlying page

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 25 Oct 2022 18:04:49 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6FEXI0yMFe3oor7kXkJE7Q6mtVECp9cWIjTtiMKzsYQ=; b=ipj9ieBwHPmF0jyPDKY0pFfHuUkip/sOXX3RkZZIDUAIHlMuTuwuAQwZoCVfz+g5QwmJrSkkjgJ5uzwNwWE4QLZ1yLjpR0UTFwKLaQL2X2q27KU5bB8v8/FWYncp47Gh9ckE47/wg5yTXGJ0TTGM3uVp7tYEgDHoB3Km6q8O9I4d55fpWele42KzbTjgm5HGlhdDe5Y+G1c2yGc1V2lXg0IAtNDQyRTk9/d8aSgZU6K2dHrz9xQt5/xf1t6L0DgnPNtAk8QrG444w3KmaFxdPLz/yuE1H35icCwhPuLqScaIbtRITcPZ7GrsBkDihILD9DufZe+0XCdv4/bxwXKV+w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebnVgbaHztPfCylTBZF4YUNsaFC653xSJDc7ddTw8O7P4qo2Op/RKzhP7jRr98wnJaMfKpukM6UXHtBeRMrQWm8zD1jA3IkoMiX7tcZSDyLSMS2hfh3Bg0nv5rC4G9mU1aImmwWlDpeUgiX5dmlnD46nR0AIzbZblgtiIkl3bkTcPWSOUqSAxykl4WYYnv1Sn9/Yv26a4s3HnUtlOQFJMe+jeekrN3zSj8QUX8GNVYiuyRS6Ve9Zbky9lQro//U9h2+gptxuwvePM73AsCKby2SczHxGWjV1UluHPbzgXADFoIceiNBHQFSGyARRwhB6CPVReiDHfivUfWMXDJ/Fog==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 25 Oct 2022 16:04:57 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 25.10.2022 17:42, Roger Pau Monné wrote:
> On Tue, Oct 11, 2022 at 10:48:38AM +0200, Jan Beulich wrote:
>> Not passing P2M_UNSHARE to get_page_from_gfn() means there won't even be
>> an attempt to unshare the referenced page, without any indication to the
>> caller (e.g. -EAGAIN). Note that guests have no direct control over
>> which of their pages are shared (or paged out), and hence they have no
>> way to make sure all on their own that the subsequent obtaining of a
>> writable type reference can actually succeed.
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks.

>> ---
>> Really I wonder whether the function wouldn't better use
>> check_get_page_from_gfn() _and_ permit p2m_ram_rw only. Otoh the P2M
>> type is stale by the time it is being looked at, so all depends on the
>> subsequent obtaining of a writable type reference anyway ...
>>
>> A similar issue then apparently exists in guest_wrmsr_xen() when writing
>> the hypercall page. Interestingly there p2m_is_paging() is being checked
>> for (but shared pages aren't).
> 
> Doesn't guest_wrmsr_xen() also needs to use UNSHARE?

I think so (hence I did say "A similar issue then apparently exists ...").
With the one caveat that a page that was already initialized as a hypercall
one (and was shared afterwards) wouldn't need to be unshared.

> I wonder if it would be helpful to introduce some kind of helper so
> that all functions can use it, get_guest_writable_page() or similar.

Maybe. Using check_get_page_from_gfn() would already help, I guess.

>> --- a/xen/common/domain.c
>> +++ b/xen/common/domain.c
>> @@ -1484,7 +1484,7 @@ int map_vcpu_info(struct vcpu *v, unsign
>>      if ( (v != current) && !(v->pause_flags & VPF_down) )
>>          return -EINVAL;
>>  
>> -    page = get_page_from_gfn(d, gfn, NULL, P2M_ALLOC);
>> +    page = get_page_from_gfn(d, gfn, NULL, P2M_UNSHARE);
> 
> I had to go look up that P2M_UNSHARE implies P2M_ALLOC for the users
> of the parameter, it would be helpful to add a comment in p2m.h that
> UNSHARE implies ALLOC.

Same here, plus I needed to further figure out that the same implication
missing on Arm is okay merely because they ignore the respective argument.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.