From patchwork Tue Feb 4 09:34:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 11364275 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9FA3A112B for ; Tue, 4 Feb 2020 09:35:47 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8681320674 for ; Tue, 4 Feb 2020 09:35:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8681320674 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iyubF-0001G2-7x; Tue, 04 Feb 2020 09:34:29 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iyubD-0001FT-Ew for xen-devel@lists.xenproject.org; Tue, 04 Feb 2020 09:34:27 +0000 X-Inumbo-ID: 84294602-4731-11ea-b211-bc764e2007e4 Received: from mail-wm1-f66.google.com (unknown [209.85.128.66]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 84294602-4731-11ea-b211-bc764e2007e4; Tue, 04 Feb 2020 09:34:18 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id t14so2621436wmi.5 for ; Tue, 04 Feb 2020 01:34:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1W1vGXWZttL4CQFkiARWP8FetNVIdUlgyXT4wYgM7O4=; b=h3MtVWX8eyjPMEyDggxtaS+5Vbjb7+kIXBCIJ7twyroAKmIeLepTQbFMR3KFADTpxQ uKw3DnWzoc6/yv126WAyc4oKwmO2VoeyUnN3SsuoiGwE3u5hsMMqW9sZPXryVyHXQrVO bdSg6vLZS2u+9Zht2AoF11PUrt0I2kBgec+MseLJlNWZKmFbe0g6X16Zprk4bvEQBbsK 7agjub9N77Si4bm1TRD1ZwvtTA48njIQsAQo+50KVkCmJTEf9K1EKggIAjs+w1i01Cqi a7R5uAZ5YBTGVRzLACudJzboDSpOBAKHQYHnN2iUob1wua4c58jCr0krummstZEhFIa6 +Z9w== X-Gm-Message-State: APjAAAXkqrYpuPG1hpMxpk+dR5DYGFeLavfuoy+Z6m/I9PaF97wcjaT7 sI6LU6dH739WTa5s7jikuQb9XKFDuPw= X-Google-Smtp-Source: APXvYqyJy0IZHkWqP239Oy9X2QYGVsa0oLlEzLPgYqQwqsC71RyLKRn4Uyig9J0/B2njsw3SFLhB9w== X-Received: by 2002:a1c:16:: with SMTP id 22mr4723202wma.8.1580808857966; Tue, 04 Feb 2020 01:34:17 -0800 (PST) Received: from ufe34d9ed68d054.ant.amazon.com (54-240-197-235.amazon.com. [54.240.197.235]) by smtp.gmail.com with ESMTPSA id p11sm16923031wrn.40.2020.02.04.01.34.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2020 01:34:17 -0800 (PST) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 4 Feb 2020 09:34:11 +0000 Message-Id: <20200204093411.15887-3-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200204093411.15887-1-julien@xen.org> References: <20200204093411.15887-1-julien@xen.org> Subject: [Xen-devel] [PATCH 2/2] xen/x86: hap: Clean-up and harden hap_enable() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Wei Liu , George Dunlap , Andrew Cooper , Julien Grall , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall Unlike shadow_enable(), hap_enable() can only be called once during domain creation and with the mode equal to mode equal to PG_external | PG_translate | PG_refcounts. If it were called twice, then we might have something interesting problem as the p2m tables would be re-allocated (and therefore all the mappings would be lost). Add code to sanity check the mode and that the function is only called once. Take the opportunity to an if checking that PG_translate is set. Signed-off-by: Julien Grall --- It is not entirely clear when PG_translate was enforced. --- xen/arch/x86/mm/hap/hap.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 31362a31b6..b734e2e6d3 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -445,6 +445,13 @@ int hap_enable(struct domain *d, u32 mode) unsigned int i; int rv = 0; + if ( mode != (PG_external | PG_translate | PG_refcounts) ) + return -EINVAL; + + /* The function can only be called once */ + if ( d->arch.paging.mode != 0 ) + return -EINVAL; + domain_pause(d); old_pages = d->arch.paging.hap.total_pages; @@ -465,13 +472,10 @@ int hap_enable(struct domain *d, u32 mode) d->arch.paging.alloc_page = hap_alloc_p2m_page; d->arch.paging.free_page = hap_free_p2m_page; - /* allocate P2m table */ - if ( mode & PG_translate ) - { - rv = p2m_alloc_table(p2m_get_hostp2m(d)); - if ( rv != 0 ) - goto out; - } + /* allocate P2M table */ + rv = p2m_alloc_table(p2m_get_hostp2m(d)); + if ( rv != 0 ) + goto out; for ( i = 0; i < MAX_NESTEDP2M; i++ ) {