From patchwork Fri Sep 8 15:21:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 9944597 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AC77F60224 for ; Fri, 8 Sep 2017 15:48:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8EADD28806 for ; Fri, 8 Sep 2017 15:48:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 830B328809; Fri, 8 Sep 2017 15:48:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A178F28806 for ; Fri, 8 Sep 2017 15:48:48 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dqLUJ-0002VN-Dg; Fri, 08 Sep 2017 15:46:35 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dqLUH-0002VB-NN for xen-devel@lists.xenproject.org; Fri, 08 Sep 2017 15:46:33 +0000 Received: from [85.158.139.211] by server-1.bemta-5.messagelabs.com id 29/2E-16676-95BB2B95; Fri, 08 Sep 2017 15:46:33 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRWlGSWpSXmKPExsXitHRDpG7E7k2 RBm0XBCy+b5nM5MDocfjDFZYAxijWzLyk/IoE1owD66ayFiwMr5i+/AxbA2OnUxcjB4eEgL/E kbaqLkZODjYBHYmpTy+xgoRFBFQkbu81AAkzCzxjkvhzhBXEFhaIkdjasIgdxGYBKjl8/jcTi M0rYCtx/PNzsBoJAXmJXW0XwWxOoPjB7SvBaoQEbCSWbd/GDFEvKHFy5hMWiPmaEq3bf7ND2P ISzVtnM0PUq0isnzqLbQIj3ywkLbOQtMxC0rKAkXkVo0ZxalFZapGukYFeUlFmekZJbmJmjq6 hgalebmpxcWJ6ak5iUrFecn7uJkZgoNUzMDDuYGyc7XeIUZKDSUmUV6ZnU6QQX1J+SmVGYnFG fFFpTmrxIUYZDg4lCd4LO4FygkWp6akVaZk5wJCHSUtw8CiJ8AqCpHmLCxJzizPTIVKnGI05u qZd+cPE0XHz7h8mIZa8/LxUKXHe0yClAiClGaV5cINgsXiJUVZKmJeRgYFBiKcgtSg3swRV/h WjOAejkjDvHZApPJl5JXD7XgGdwgR0SsnzDSCnlCQipKQaGOWrK9vELi/7/+1X97+qPdUTpGw nbkp35XdO+3vjS03YQf/lclKf/z46vl8sfJZ4/5ailB/x7PPTzu2+v3bu2Qc2bv43b7uYaHYU pX1aH8N8oixYwlnvm9Dt6p2muwvuTT10n+3R7IUHHaTKDl/uyPp71Wu20KRHpq87jMMeHve2v 9Czg/mflokSS3FGoqEWc1FxIgAoDAyowAIAAA== X-Env-Sender: prvs=4178e663a=Paul.Durrant@citrix.com X-Msg-Ref: server-4.tower-206.messagelabs.com!1504885590!110723488!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 42257 invoked from network); 8 Sep 2017 15:46:31 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-4.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 8 Sep 2017 15:46:31 -0000 X-IronPort-AV: E=Sophos;i="5.42,362,1500940800"; d="scan'208";a="439024371" From: Paul Durrant To: Date: Fri, 8 Sep 2017 16:21:36 +0100 Message-ID: <20170908152137.22808-12-paul.durrant@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170908152137.22808-1-paul.durrant@citrix.com> References: <20170908152137.22808-1-paul.durrant@citrix.com> MIME-Version: 1.0 Cc: Stefano Stabellini , Wei Liu , George Dunlap , Andrew Cooper , Ian Jackson , Tim Deegan , Paul Durrant , Jan Beulich Subject: [Xen-devel] [PATCH v5 11/12] x86/hvm/ioreq: defer mapping gfns until they are actually requsted X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP A subsequent patch will introduce a new scheme to allow an emulator to map ioreq server pages directly from Xen rather than the guest P2M. This patch lays the groundwork for that change by deferring mapping of gfns until their values are requested by an emulator. To that end, the pad field of the xen_dm_op_get_ioreq_server_info structure is re-purposed to a flags field and new flag, XEN_DMOP_no_gfns, defined which modifies the behaviour of XEN_DMOP_get_ioreq_server_info to allow the caller to avoid requesting the gfn values. Signed-off-by: Paul Durrant Reviewed-by: Roger Pau Monné Acked-by: Wei Liu --- Cc: Ian Jackson Cc: Wei Liu Cc: Andrew Cooper Cc: George Dunlap Cc: Jan Beulich Cc: Konrad Rzeszutek Wilk Cc: Stefano Stabellini Cc: Tim Deegan v3: - Updated in response to review comments from Wei and Roger. - Added a HANDLE_BUFIOREQ macro to make the code neater. - This patch no longer introduces a security vulnerability since there is now an explicit limit on the number of ioreq servers that may be created for any one domain. --- tools/libs/devicemodel/core.c | 8 +++++ tools/libs/devicemodel/include/xendevicemodel.h | 6 ++-- xen/arch/x86/hvm/dm.c | 9 ++++-- xen/arch/x86/hvm/ioreq.c | 41 +++++++++++++------------ xen/include/asm-x86/hvm/domain.h | 2 +- xen/include/public/hvm/dm_op.h | 32 +++++++++++-------- 6 files changed, 59 insertions(+), 39 deletions(-) diff --git a/tools/libs/devicemodel/core.c b/tools/libs/devicemodel/core.c index fcb260d29b..28958934bf 100644 --- a/tools/libs/devicemodel/core.c +++ b/tools/libs/devicemodel/core.c @@ -188,6 +188,14 @@ int xendevicemodel_get_ioreq_server_info( data->id = id; + /* + * If the caller is not requesting gfn values then instruct the + * hypercall not to retrieve them as this may cause them to be + * mapped. + */ + if (!ioreq_gfn && !bufioreq_gfn) + data->flags |= XEN_DMOP_no_gfns; + rc = xendevicemodel_op(dmod, domid, 1, &op, sizeof(op)); if (rc) return rc; diff --git a/tools/libs/devicemodel/include/xendevicemodel.h b/tools/libs/devicemodel/include/xendevicemodel.h index 13216db04a..d73a76da35 100644 --- a/tools/libs/devicemodel/include/xendevicemodel.h +++ b/tools/libs/devicemodel/include/xendevicemodel.h @@ -61,11 +61,11 @@ int xendevicemodel_create_ioreq_server( * @parm domid the domain id to be serviced * @parm id the IOREQ Server id. * @parm ioreq_gfn pointer to a xen_pfn_t to receive the synchronous ioreq - * gfn + * gfn. (May be NULL if not required) * @parm bufioreq_gfn pointer to a xen_pfn_t to receive the buffered ioreq - * gfn + * gfn. (May be NULL if not required) * @parm bufioreq_port pointer to a evtchn_port_t to receive the buffered - * ioreq event channel + * ioreq event channel. (May be NULL if not required) * @return 0 on success, -1 on failure. */ int xendevicemodel_get_ioreq_server_info( diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index 87ef4b6ca9..c020f0c99f 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -418,16 +418,19 @@ static int dm_op(const struct dmop_args *op_args) { struct xen_dm_op_get_ioreq_server_info *data = &op.u.get_ioreq_server_info; + const uint16_t valid_flags = XEN_DMOP_no_gfns; const_op = false; rc = -EINVAL; - if ( data->pad ) + if ( data->flags & ~valid_flags ) break; rc = hvm_get_ioreq_server_info(d, data->id, - &data->ioreq_gfn, - &data->bufioreq_gfn, + (data->flags & XEN_DMOP_no_gfns) ? + NULL : &data->ioreq_gfn, + (data->flags & XEN_DMOP_no_gfns) ? + NULL : &data->bufioreq_gfn, &data->bufioreq_port); break; } diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 57dbe852d6..f297806489 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -354,6 +354,9 @@ static void hvm_update_ioreq_evtchn(struct hvm_ioreq_server *s, } } +#define HANDLE_BUFIOREQ(s) \ + (s->bufioreq_handling != HVM_IOREQSRV_BUFIOREQ_OFF) + static int hvm_ioreq_server_add_vcpu(struct hvm_ioreq_server *s, struct vcpu *v) { @@ -375,7 +378,7 @@ static int hvm_ioreq_server_add_vcpu(struct hvm_ioreq_server *s, sv->ioreq_evtchn = rc; - if ( v->vcpu_id == 0 && s->bufioreq.va != NULL ) + if ( v->vcpu_id == 0 && HANDLE_BUFIOREQ(s) ) { struct domain *d = s->domain; @@ -426,7 +429,7 @@ static void hvm_ioreq_server_remove_vcpu(struct hvm_ioreq_server *s, list_del(&sv->list_entry); - if ( v->vcpu_id == 0 && s->bufioreq.va != NULL ) + if ( v->vcpu_id == 0 && HANDLE_BUFIOREQ(s) ) free_xen_event_channel(v->domain, s->bufioreq_evtchn); free_xen_event_channel(v->domain, sv->ioreq_evtchn); @@ -453,7 +456,7 @@ static void hvm_ioreq_server_remove_all_vcpus(struct hvm_ioreq_server *s) list_del(&sv->list_entry); - if ( v->vcpu_id == 0 && s->bufioreq.va != NULL ) + if ( v->vcpu_id == 0 && HANDLE_BUFIOREQ(s) ) free_xen_event_channel(v->domain, s->bufioreq_evtchn); free_xen_event_channel(v->domain, sv->ioreq_evtchn); @@ -464,14 +467,13 @@ static void hvm_ioreq_server_remove_all_vcpus(struct hvm_ioreq_server *s) spin_unlock(&s->lock); } -static int hvm_ioreq_server_map_pages(struct hvm_ioreq_server *s, - bool handle_bufioreq) +static int hvm_ioreq_server_map_pages(struct hvm_ioreq_server *s) { int rc; rc = hvm_map_ioreq_gfn(s, false); - if ( !rc && handle_bufioreq ) + if ( !rc && HANDLE_BUFIOREQ(s) ) rc = hvm_map_ioreq_gfn(s, true); if ( rc ) @@ -599,13 +601,7 @@ static int hvm_ioreq_server_init(struct hvm_ioreq_server *s, if ( rc ) return rc; - if ( bufioreq_handling == HVM_IOREQSRV_BUFIOREQ_ATOMIC ) - s->bufioreq_atomic = true; - - rc = hvm_ioreq_server_map_pages( - s, bufioreq_handling != HVM_IOREQSRV_BUFIOREQ_OFF); - if ( rc ) - goto fail_map; + s->bufioreq_handling = bufioreq_handling; for_each_vcpu ( d, v ) { @@ -620,9 +616,6 @@ static int hvm_ioreq_server_init(struct hvm_ioreq_server *s, hvm_ioreq_server_remove_all_vcpus(s); hvm_ioreq_server_unmap_pages(s); - fail_map: - hvm_ioreq_server_free_rangesets(s); - return rc; } @@ -755,11 +748,20 @@ int hvm_get_ioreq_server_info(struct domain *d, ioservid_t id, if ( !s || IS_DEFAULT(s) ) goto out; + if ( ioreq_gfn || bufioreq_gfn ) + { + rc = hvm_ioreq_server_map_pages(s); + if ( rc ) + goto out; + } + *ioreq_gfn = gfn_x(s->ioreq.gfn); - if ( s->bufioreq.va != NULL ) + if ( HANDLE_BUFIOREQ(s) ) { - *bufioreq_gfn = gfn_x(s->bufioreq.gfn); + if ( bufioreq_gfn ) + *bufioreq_gfn = gfn_x(s->bufioreq.gfn); + *bufioreq_port = s->bufioreq_evtchn; } @@ -1259,7 +1261,8 @@ static int hvm_send_buffered_ioreq(struct hvm_ioreq_server *s, ioreq_t *p) pg->ptrs.write_pointer += qw ? 2 : 1; /* Canonicalize read/write pointers to prevent their overflow. */ - while ( s->bufioreq_atomic && qw++ < IOREQ_BUFFER_SLOT_NUM && + while ( (s->bufioreq_handling == HVM_IOREQSRV_BUFIOREQ_ATOMIC) && + qw++ < IOREQ_BUFFER_SLOT_NUM && pg->ptrs.read_pointer >= IOREQ_BUFFER_SLOT_NUM ) { union bufioreq_pointers old = pg->ptrs, new; diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h index 2be9353e37..4491a96350 100644 --- a/xen/include/asm-x86/hvm/domain.h +++ b/xen/include/asm-x86/hvm/domain.h @@ -68,8 +68,8 @@ struct hvm_ioreq_server { spinlock_t bufioreq_lock; evtchn_port_t bufioreq_evtchn; struct rangeset *range[NR_IO_RANGE_TYPES]; + int bufioreq_handling; bool enabled; - bool bufioreq_atomic; }; /* diff --git a/xen/include/public/hvm/dm_op.h b/xen/include/public/hvm/dm_op.h index 6bbab5fca3..9677bd74e7 100644 --- a/xen/include/public/hvm/dm_op.h +++ b/xen/include/public/hvm/dm_op.h @@ -79,28 +79,34 @@ struct xen_dm_op_create_ioreq_server { * XEN_DMOP_get_ioreq_server_info: Get all the information necessary to * access IOREQ Server . * - * The emulator needs to map the synchronous ioreq structures and buffered - * ioreq ring (if it exists) that Xen uses to request emulation. These are - * hosted in the target domain's gmfns and - * respectively. In addition, if the IOREQ Server is handling buffered - * emulation requests, the emulator needs to bind to event channel - * to listen for them. (The event channels used for - * synchronous emulation requests are specified in the per-CPU ioreq - * structures in ). - * If the IOREQ Server is not handling buffered emulation requests then the - * values handed back in and will both be 0. + * If the IOREQ Server is handling buffered emulation requests, the + * emulator needs to bind to event channel to listen for + * them. (The event channels used for synchronous emulation requests are + * specified in the per-CPU ioreq structures). + * In addition, if the XENMEM_acquire_resource memory op cannot be used, + * the emulator will need to map the synchronous ioreq structures and + * buffered ioreq ring (if it exists) from guest memory. If does + * not contain XEN_DMOP_no_gfns then these pages will be made available and + * the frame numbers passed back in gfns and + * respectively. (If the IOREQ Server is not handling buffered emulation + * only will be valid). */ #define XEN_DMOP_get_ioreq_server_info 2 struct xen_dm_op_get_ioreq_server_info { /* IN - server id */ ioservid_t id; - uint16_t pad; + /* IN - flags */ + uint16_t flags; + +#define _XEN_DMOP_no_gfns 0 +#define XEN_DMOP_no_gfns (1u << _XEN_DMOP_no_gfns) + /* OUT - buffered ioreq port */ evtchn_port_t bufioreq_port; - /* OUT - sync ioreq gfn */ + /* OUT - sync ioreq gfn (see block comment above) */ uint64_aligned_t ioreq_gfn; - /* OUT - buffered ioreq gfn */ + /* OUT - buffered ioreq gfn (see block comment above)*/ uint64_aligned_t bufioreq_gfn; };