[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC XEN PATCH v4 2/5] x86/pvh: Allow (un)map_pirq when caller isn't DOMID_SELF
- To: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- From: "Chen, Jiqian" <Jiqian.Chen@xxxxxxx>
- Date: Mon, 8 Jan 2024 09:15:20 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c2lDFpIWBiF6MdPFFbAL7eEpdXv/FdOsw6GpGUxmexs=; b=lCDuNaktE/1ZG4nQlRogq5CPPAC49Lodh838Wz+J5+8DChlW3o7NpRg2e/NKXLqI5N27Ck9As9SW09AJiYbMZld3dCozoW6q5Pbb4/sgM8s2xqROMViaTjVNttkZeYWYUARUa03focH/MgiR4BE6ZElCDPH/EcjZRsiTDWODqEPpIa7wBckXFz1zuuA9z5ampaDT5vQfjxJJzGufGDwG7mSPbcm2WUIz4CCcft6+9t/eQYajrtGK1bwx7cvZRvRfw54uqY1KwC6Lhtkn+ImHSdcZgSMg8DCe0vzK5YXwIA5fO+rc2SZG2oWBbZKZ/q0+aAgNuHKqHsKQQC5g9sBAmw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ndoi/fgsdvH8H20o1sJd9mDbchMngAY78SEjfLsqJMfUMimp8mAzxAFsSngQcJd6Ybyb4OXMm6wxBYUhaUV8N5+O5U2wbeA0CrFdlFPMJDsI9u+h03rZH3tds9/jfc9earVGgYEucVHELHzhbokL+bqgxzE5g/84MkbyhGpQup+sov7UJJ3JAZCQ0i2+eH8A0ZhPzIvlvZP2EPSxvyFUX4vIgB5epUClWYZKxjXfZBU0X20ufWWXsQhVbp7LZaueAK8Ok9FRTxgkr3CJ3CjZmMhg4DEBJP7HsuRZ3iwwrx2idbV6tZaff3IxYBBAiJbxQsiwTrENE9SUMknN5CYCug==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Hildebrand, Stewart" <Stewart.Hildebrand@xxxxxxx>, "Huang, Ray" <Ray.Huang@xxxxxxx>, "Chen, Jiqian" <Jiqian.Chen@xxxxxxx>
- Delivery-date: Mon, 08 Jan 2024 09:15:55 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHaP6YuSUk29qg8QEWwkYk64ozIULDL9CiAgAOrDICAAImKAA==
- Thread-topic: [RFC XEN PATCH v4 2/5] x86/pvh: Allow (un)map_pirq when caller isn't DOMID_SELF
On 2024/1/8 16:47, Jan Beulich wrote:
> On 06.01.2024 01:46, Stefano Stabellini wrote:
>> On Fri, 5 Jan 2024, Jiqian Chen wrote:
>>> @@ -72,8 +73,30 @@ long hvm_physdev_op(int cmd,
>>> XEN_GUEST_HANDLE_PARAM(void) arg)
>>>
>>> switch ( cmd )
>>> {
>>> - case PHYSDEVOP_map_pirq:
>>> - case PHYSDEVOP_unmap_pirq:
>>> + case PHYSDEVOP_map_pirq: {
>>> + physdev_map_pirq_t map;
>>> +
>>> + if ( copy_from_guest(&map, arg, 1) != 0 )
>>> + return -EFAULT;
>>> +
>>> + if ( !has_pirq(currd) && map.domid == DOMID_SELF )
>>> + return -ENOSYS;
>>
>> This looks OK to me although there is already another copy_from_guest in
>> do_physdev_op, but I don't see an easy way to make it better.
>
> How can double reads of hypercall args ever be okay? The new check clearly
> needs to be inserted in the code path where the structure is being read
> already anyway.
I also tried to add this check in PHYSDEVOP_map_pirq in physdev.c, but pv has
no flag X86_EMU_USE_PIRQ too.
If want to add it into physdev.c and combine Stefano's opinions, this check may
be like:
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 47c4da0af7e1..c38d4d405726 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -303,11 +303,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_map_pirq: {
physdev_map_pirq_t map;
struct msi_info msi;
+ struct domain *d;
ret = -EFAULT;
if ( copy_from_guest(&map, arg, 1) != 0 )
break;
+ d = rcu_lock_domain_by_any_id(map.domid);
+ if ( d == NULL )
+ return -ESRCH;
+ if ( !is_pv_domain(d) && !has_pirq(d) )
+ return -ENOSYS;
+ rcu_unlock_domain(d);
+
switch ( map.type )
{
case MAP_PIRQ_TYPE_MSI_SEG:
>
> Jan
--
Best regards,
Jiqian Chen.
|