From patchwork Mon Nov 30 10:31:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksandr Tyshchenko X-Patchwork-Id: 11940161 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 470E6C64E90 for ; Mon, 30 Nov 2020 10:44:40 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D5D84207BC for ; Mon, 30 Nov 2020 10:44:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jK99CXJO" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D5D84207BC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.40929.73984 (Exim 4.92) (envelope-from ) id 1kjgfW-0003nN-Qf; Mon, 30 Nov 2020 10:44:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 40929.73984; Mon, 30 Nov 2020 10:44:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kjgfW-0003n3-MM; Mon, 30 Nov 2020 10:44:30 +0000 Received: by outflank-mailman (input) for mailman id 40929; Mon, 30 Nov 2020 10:44:29 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kjgUO-0000Uu-DP for xen-devel@lists.xenproject.org; Mon, 30 Nov 2020 10:33:00 +0000 Received: from mail-lf1-x144.google.com (unknown [2a00:1450:4864:20::144]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 475c828b-c025-4108-a7fe-694966bbda51; Mon, 30 Nov 2020 10:32:13 +0000 (UTC) Received: by mail-lf1-x144.google.com with SMTP id d8so20627634lfa.1 for ; Mon, 30 Nov 2020 02:32:13 -0800 (PST) Received: from otyshchenko.www.tendawifi.com ([212.22.223.21]) by smtp.gmail.com with ESMTPSA id 136sm2399393lfb.62.2020.11.30.02.32.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Nov 2020 02:32:11 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 475c828b-c025-4108-a7fe-694966bbda51 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nMA1D5QyuY6nqUL9SQWis4OrJ06p7JM6vXYO/WRZnDQ=; b=jK99CXJOBFidWNf8C240OVzB5yoEfyU15B2+M7W/8Daf5lmtZuXDIdsAjV2s85dKMH eg4p9Iv9wIom4ohIKNtmwsW+6oTfdv68QLZOfizUCAyswBWvgxQufepXuZlbzu6AoMMN /xE9QZ8huIFDaNz5yg8MCyAqB/ZlNj+zhyJo+M5arDeh1cJOVwlQkg7VypkVWKsq/6wN /rsMncuE1LNTSTz1LsFriaHeg8m4W4b8LP90fIWctCmPO56de5xK36yGGIxz07Rr48ax Sthgqur8dsVIPh9KrmXiiZyBwwrf/0wBMLG9I84eg3IbbHf5ODdtUmd4dAPG2RGiLX7a 7yag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nMA1D5QyuY6nqUL9SQWis4OrJ06p7JM6vXYO/WRZnDQ=; b=PAi4uMJ4G1cc4sWeTsrPLwgAGjmx2Gkny0UDLNm9SXui+BmgmPBCZrvDY+fbzRCAJ6 mlCoGm/LYlBSXXIQ9m4sPmvMtaqGqy9a7mNvDddmIuu3tIu6axymWIGlthqDSr/NU+e7 UbbKJBhjZpDN2tn33JpQtgNsmHvZWQcReotHwNUmX/ynSD7RCzqOvNWINqYtFpb4FizV ackTI04zxTBSZPDCPf1Aw20Z3E1cf9TAxaIb8LyFivyTEtIUVOMKNmUCtVSLRd02Ejgd u2vj35AAjuoxT2PPuiVMUcgZht1o10pud4bVKZW/o7e8jdIXpOqvgMGxpPU8ZexmEDEc qIWQ== X-Gm-Message-State: AOAM530dWcEWcM6YLO2zOGpe6JsxtaveQve7CYYM40FXwpbDMNesFcE9 zw/eoSXr/6AlymOnWxVQPRVh+vGXc4+A/Q== X-Google-Smtp-Source: ABdhPJyPEH5EGMt8g7+ksXyuOES+H1T4Dvl+dgtWK2QVenb8rwRLrqqN7nDDLL9ibneLpMfhtYE4tw== X-Received: by 2002:a19:248a:: with SMTP id k132mr9638514lfk.387.1606732332030; Mon, 30 Nov 2020 02:32:12 -0800 (PST) From: Oleksandr Tyshchenko To: xen-devel@lists.xenproject.org Cc: Oleksandr Tyshchenko , Stefano Stabellini , Julien Grall , Volodymyr Babchuk , Paul Durrant , Julien Grall Subject: [PATCH V3 13/23] xen/ioreq: Use guest_cmpxchg64() instead of cmpxchg() Date: Mon, 30 Nov 2020 12:31:28 +0200 Message-Id: <1606732298-22107-14-git-send-email-olekstysh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1606732298-22107-1-git-send-email-olekstysh@gmail.com> References: <1606732298-22107-1-git-send-email-olekstysh@gmail.com> From: Oleksandr Tyshchenko The cmpxchg() in ioreq_send_buffered() operates on memory shared with the emulator domain (and the target domain if the legacy interface is used). In order to be on the safe side we need to switch to guest_cmpxchg64() to prevent a domain to DoS Xen on Arm. As there is no plan to support the legacy interface on Arm, we will have a page to be mapped in a single domain at the time, so we can use s->emulator in guest_cmpxchg64() safely. Thankfully the only user of the legacy interface is x86 so far and there is not concern regarding the atomics operations. Please note, that the legacy interface *must* not be used on Arm without revisiting the code. Signed-off-by: Oleksandr Tyshchenko CC: Julien Grall Acked-by: Stefano Stabellini --- Please note, this is a split/cleanup/hardening of Julien's PoC: "Add support for Guest IO forwarding to a device emulator" Changes RFC -> V1: - new patch Changes V1 -> V2: - move earlier to avoid breaking arm32 compilation - add an explanation to commit description and hvm_allow_set_param() - pass s->emulator Changes V2 -> V3: - update patch description --- --- xen/arch/arm/hvm.c | 4 ++++ xen/common/ioreq.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c index 8951b34..9694e5a 100644 --- a/xen/arch/arm/hvm.c +++ b/xen/arch/arm/hvm.c @@ -31,6 +31,10 @@ #include +/* + * The legacy interface (which involves magic IOREQ pages) *must* not be used + * without revisiting the code. + */ static int hvm_allow_set_param(const struct domain *d, unsigned int param) { switch ( param ) diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c index 3ca5b96..4855dd8 100644 --- a/xen/common/ioreq.c +++ b/xen/common/ioreq.c @@ -29,6 +29,7 @@ #include #include +#include #include #include @@ -1182,7 +1183,7 @@ static int ioreq_send_buffered(struct ioreq_server *s, ioreq_t *p) new.read_pointer = old.read_pointer - n * IOREQ_BUFFER_SLOT_NUM; new.write_pointer = old.write_pointer - n * IOREQ_BUFFER_SLOT_NUM; - cmpxchg(&pg->ptrs.full, old.full, new.full); + guest_cmpxchg64(s->emulator, &pg->ptrs.full, old.full, new.full); } notify_via_xen_event_channel(d, s->bufioreq_evtchn);