[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()

To: Julien Grall <julien@xxxxxxx>, Grygorii Strashko <gragst.linux@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
Date: Fri, 14 Feb 2025 16:10:23 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v5PTxxvAFtKUQlhbnWZSuLCHMj1W4iIBtsGKkqlsfqk=; b=r982gG5V6AxGcLCiyBmVbbzPWYOyGFeuVu4wnV63DiuqR1hHgwkSxdWh8iV5453Y3DEfjX4GwuFtVKYH/iefcWz1KVMfojdq12uNdJdGXQ8r46gBB4GFG6RNxS7UtXD2qrq5oxmjqZjDye/gSk/HtJveE3VKDgN4bZJeLQ72I+KqRzt8GqiuM5fIJvUjEUZ/PSU2q/fVzLz2YRBhQ6S8Clvfp08n6zCc+TmZtv1iVhie0xycscz748Yuxr3hz0xojIJ7w9hPmoXNJekUuPgDzrTNMZMHLt5hNiDi+0x7uxXzCCHKTP8giYwJ6lkWFi+lKYGjunI/eVTCQEAN7avd0Q==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pkTw4qxkW2R9Hql4mgOQFbO2H37PX9EBDtrPAG7ybAEuxiGeqL9mD2fDL5wct47u2WwpPklvwqwa0qzGqofq9phvyx7uTzStQ90wrTMrb6EdI4xijzJtyX7MnpflsVk+FigYYYjhs3M9c0e3VylPWkvPaW6aLyndgOLtbHL/iHEf7HZHW9X4nexDoqa7goq+m6nX/JQSEKOJqBrZkpAozuiJDQwriYnpL1rJIQE22DNNR6MfdZ6fpu61HeaLRqfcaXqn7MPf8lGMDsKTwSy7oy4jEIcU0rjoKwc8VwM71XLF0KNAd/uRP5mPIDgUoxuT0iWL4Awp0Oz3YgA+ltlW0A==
Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Fri, 14 Feb 2025 14:10:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>



On 14.02.25 15:15, Julien Grall wrote:

Hi,

On 14/02/2025 12:55, Grygorii Strashko wrote:

Now the following code in map_range_to_domain()

res = iomem_permit_access(d, paddr_to_pfn(addr),
                 paddr_to_pfn(PAGE_ALIGN(addr + len - 1)));

and

res = rangeset_add_range(mr_data->iomem_ranges,
                          paddr_to_pfn(addr),
                          paddr_to_pfn_aligned(addr + len - 1));

 > > will incorrectly calculate end address of the iomem_range by rounding it up

to the next Xen page, which in turn will give Control domain access to
manage incorrect MMIO range.


I think the key point that needs to be spelled out is that both functions are expecting 
"end" to be inclusive.

 Whereas the code is thinking that the end should be exclusive.
This is a very common error in Xen and why I have been advocating several times 
to switch to use

"start, nr" rather than "start, end".


"
Now the following code in map_range_to_domain()
...

calculates iomem_range end address by rounding it up to the next Xen page
with incorrect assumption that iomem_range end address passed to 
iomem_permit_access()/rangeset_add_range()
is exclusive, while it is expected to be inclusive.
It gives Control domain (Dom0) access to manage incorrect MMIO range with one 
additional page.
"

I can change it as above. Is it ok?


For example, requested range:
   00e6140000 - 00e6141004 should set e6140:e6141 nr=2, but will configure
e6140 e6142 nr=3 instead.


I am not sure what 'nr' is referring to here.


Sorry, will change to "num_pages"?

Also, with the range you provide above, it means that you will still give access to more than necessary.

That's because you give access to the full page but only the first four bytes 
are valid. Is this intended?

It's known and expected for Dom0 as MMIO addresses are taken from Host DT and 
not all HW is virtualization friendly
(have HW modules at least 4K page aligned). What is not expected - is to get 
access to one additional page.


Note. paddr_to_pfn_aligned() has PAGE_ALIGN() inside.

Fix it, by using paddr_to_pfn(addr + len - 1) in both places to get correct
end address of the iomem_range.

 > > Signed-off-by: Grygorii Strashko <grygorii_strashko@xxxxxxxx>

I think this wants to have a fixes tag and possibly split in two because I 
suspect we may need to backport the changes to different versions.


Ok.

For the second chunk it seems obvious:
Fixes: 57d4d7d4e8f3b (arm/asm/setup.h: Update struct map_range_data to add 
rangeset.")

For the first one - not sure, seems:
Fixes: 33233c2758345 ("arch/arm: domain build: let dom0 access I/O memory of mapped 
devices")

---

Hi All,

I have a question - the paddr_to_pfn_aligned() is not used any more,
should I remove it as part of this patch?


I would keep it. It might be used in the future.


[...]

Thank you for review.
BR,
-grygorii

Follow-Ups:
- Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
  - From: Andrew Cooper

References:
- [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
  - From: Grygorii Strashko
- Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
  - From: Julien Grall

Prev by Date: Re: [PATCH for-4.20?] x86/dom0: be less restrictive with the Interrupt Address Range
Next by Date: Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
Previous by thread: Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
Next by thread: Re: [PATCH] xen/arm: fix iomem_ranges cfg in map_range_to_domain()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.