From patchwork Fri Dec 6 10:14:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11275933 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF57D930 for ; Fri, 6 Dec 2019 10:15:03 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B400221823 for ; Fri, 6 Dec 2019 10:15:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B400221823 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAci-0002dI-9p; Fri, 06 Dec 2019 10:14:08 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAch-0002dD-48 for xen-devel@lists.xenproject.org; Fri, 06 Dec 2019 10:14:07 +0000 X-Inumbo-ID: 21ff7162-1811-11ea-824f-12813bfff9fa Received: from mx1.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 21ff7162-1811-11ea-824f-12813bfff9fa; Fri, 06 Dec 2019 10:14:05 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id EFFE6B227; Fri, 6 Dec 2019 10:14:04 +0000 (UTC) From: Jan Beulich To: "xen-devel@lists.xenproject.org" References: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Message-ID: <313f5f41-1572-aa0e-1112-d606ad5dee9c@suse.com> Date: Fri, 6 Dec 2019 11:14:20 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH 1/3] x86: relax GDT check in arch_set_info_guest() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" It is wrong for us to check frames beyond the guest specified limit. Signed-off-by: Jan Beulich --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -840,6 +840,7 @@ int arch_set_info_guest( #ifdef CONFIG_PV mfn_t cr3_mfn; struct page_info *cr3_page = NULL; + unsigned int nr_gdt_frames; int rc = 0; #endif @@ -951,6 +952,8 @@ int arch_set_info_guest( /* Ensure real hardware interrupts are enabled. */ v->arch.user_regs.eflags |= X86_EFLAGS_IF; + nr_gdt_frames = DIV_ROUND_UP(c(gdt_ents), 512); + if ( !v->is_initialised ) { if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] ) @@ -982,9 +985,9 @@ int arch_set_info_guest( fail = compat_pfn_to_cr3(pfn) != c.cmp->ctrlreg[3]; } - for ( i = 0; i < ARRAY_SIZE(v->arch.pv.gdt_frames); ++i ) - fail |= v->arch.pv.gdt_frames[i] != c(gdt_frames[i]); fail |= v->arch.pv.gdt_ents != c(gdt_ents); + for ( i = 0; !fail && i < nr_gdt_frames; ++i ) + fail |= v->arch.pv.gdt_frames[i] != c(gdt_frames[i]); fail |= v->arch.pv.ldt_base != c(ldt_base); fail |= v->arch.pv.ldt_ents != c(ldt_ents); @@ -1089,12 +1092,11 @@ int arch_set_info_guest( else { unsigned long gdt_frames[ARRAY_SIZE(v->arch.pv.gdt_frames)]; - unsigned int nr_frames = DIV_ROUND_UP(c.cmp->gdt_ents, 512); - if ( nr_frames > ARRAY_SIZE(v->arch.pv.gdt_frames) ) + if ( nr_gdt_frames > ARRAY_SIZE(v->arch.pv.gdt_frames) ) return -EINVAL; - for ( i = 0; i < nr_frames; ++i ) + for ( i = 0; i < nr_gdt_frames; ++i ) gdt_frames[i] = c.cmp->gdt_frames[i]; rc = (int)pv_set_gdt(v, gdt_frames, c.cmp->gdt_ents); From patchwork Fri Dec 6 10:14:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11275937 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CDCF8138D for ; Fri, 6 Dec 2019 10:15:17 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B42BD2245C for ; Fri, 6 Dec 2019 10:15:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B42BD2245C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAd0-0002hk-Ij; Fri, 06 Dec 2019 10:14:26 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAcz-0002hd-BD for xen-devel@lists.xenproject.org; Fri, 06 Dec 2019 10:14:25 +0000 X-Inumbo-ID: 2d557e30-1811-11ea-b4e9-bc764e2007e4 Received: from mx1.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 2d557e30-1811-11ea-b4e9-bc764e2007e4; Fri, 06 Dec 2019 10:14:24 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 02799B217; Fri, 6 Dec 2019 10:14:24 +0000 (UTC) From: Jan Beulich To: "xen-devel@lists.xenproject.org" References: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Message-ID: Date: Fri, 6 Dec 2019 11:14:39 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH 2/3] x86: relax LDT check in arch_set_info_guest() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" It is wrong for us to check the base address when there's no LDT in the first place. Signed-off-by: Jan Beulich --- TBD: I also wonder whether we wouldn't better set v->arch.pv.ldt_base to zero for an empty LDT, just like do_mmuext_op() does. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -989,8 +989,9 @@ int arch_set_info_guest( for ( i = 0; !fail && i < nr_gdt_frames; ++i ) fail |= v->arch.pv.gdt_frames[i] != c(gdt_frames[i]); - fail |= v->arch.pv.ldt_base != c(ldt_base); fail |= v->arch.pv.ldt_ents != c(ldt_ents); + if ( v->arch.pv.ldt_ents ) + fail |= v->arch.pv.ldt_base != c(ldt_base); if ( fail ) return -EOPNOTSUPP; From patchwork Fri Dec 6 10:15:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11275939 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6CF5A138D for ; Fri, 6 Dec 2019 10:15:42 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 534B221823 for ; Fri, 6 Dec 2019 10:15:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 534B221823 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAdM-0002lg-Sd; Fri, 06 Dec 2019 10:14:48 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1idAdL-0002lT-Lj for xen-devel@lists.xenproject.org; Fri, 06 Dec 2019 10:14:47 +0000 X-Inumbo-ID: 39f92844-1811-11ea-824f-12813bfff9fa Received: from mx1.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 39f92844-1811-11ea-824f-12813bfff9fa; Fri, 06 Dec 2019 10:14:45 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 334CFB23E; Fri, 6 Dec 2019 10:14:45 +0000 (UTC) From: Jan Beulich To: "xen-devel@lists.xenproject.org" References: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Message-ID: <8eb40851-a4ac-e346-a823-b7d39c040195@suse.com> Date: Fri, 6 Dec 2019 11:15:00 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH 3/3] x86/PV: polish pv_set_gdt() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" There's no need to invoke get_page_from_gfn(), and there's also no need to update the passed in frames[]. Invoke get_page_and_type() directly. Also make the function's frames[] parameter const, change its return type to int, and drop the bogus casts from two of its invocations. Finally a little bit of cosmetics. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1089,7 +1089,7 @@ int arch_set_info_guest( return rc; if ( !compat ) - rc = (int)pv_set_gdt(v, c.nat->gdt_frames, c.nat->gdt_ents); + rc = pv_set_gdt(v, c.nat->gdt_frames, c.nat->gdt_ents); else { unsigned long gdt_frames[ARRAY_SIZE(v->arch.pv.gdt_frames)]; @@ -1100,7 +1100,7 @@ int arch_set_info_guest( for ( i = 0; i < nr_gdt_frames; ++i ) gdt_frames[i] = c.cmp->gdt_frames[i]; - rc = (int)pv_set_gdt(v, gdt_frames, c.cmp->gdt_ents); + rc = pv_set_gdt(v, gdt_frames, c.cmp->gdt_ents); } if ( rc != 0 ) return rc; --- a/xen/arch/x86/pv/descriptor-tables.c +++ b/xen/arch/x86/pv/descriptor-tables.c @@ -96,7 +96,8 @@ void pv_destroy_gdt(struct vcpu *v) } } -long pv_set_gdt(struct vcpu *v, unsigned long *frames, unsigned int entries) +int pv_set_gdt(struct vcpu *v, const unsigned long frames[], + unsigned int entries) { struct domain *d = v->domain; l1_pgentry_t *pl1e; @@ -110,17 +111,11 @@ long pv_set_gdt(struct vcpu *v, unsigned /* Check the pages in the new GDT. */ for ( i = 0; i < nr_frames; i++ ) { - struct page_info *page; + mfn_t mfn = _mfn(frames[i]); - page = get_page_from_gfn(d, frames[i], NULL, P2M_ALLOC); - if ( !page ) + if ( !mfn_valid(mfn) || + !get_page_and_type(mfn_to_page(mfn), d, PGT_seg_desc_page) ) goto fail; - if ( !get_page_type(page, PGT_seg_desc_page) ) - { - put_page(page); - goto fail; - } - frames[i] = mfn_x(page_to_mfn(page)); } /* Tear down the old GDT. */ @@ -139,9 +134,8 @@ long pv_set_gdt(struct vcpu *v, unsigned fail: while ( i-- > 0 ) - { put_page_and_type(mfn_to_page(_mfn(frames[i]))); - } + return -EINVAL; } --- a/xen/include/asm-x86/pv/mm.h +++ b/xen/include/asm-x86/pv/mm.h @@ -25,7 +25,8 @@ int pv_ro_page_fault(unsigned long addr, struct cpu_user_regs *regs); -long pv_set_gdt(struct vcpu *v, unsigned long *frames, unsigned int entries); +int pv_set_gdt(struct vcpu *v, const unsigned long frames[], + unsigned int entries); void pv_destroy_gdt(struct vcpu *v); bool pv_map_ldt_shadow_page(unsigned int off); @@ -43,8 +44,8 @@ static inline int pv_ro_page_fault(unsig return 0; } -static inline long pv_set_gdt(struct vcpu *v, unsigned long *frames, - unsigned int entries) +static inline int pv_set_gdt(struct vcpu *v, const unsigned long frames[], + unsigned int entries) { ASSERT_UNREACHABLE(); return -EINVAL; } static inline void pv_destroy_gdt(struct vcpu *v) { ASSERT_UNREACHABLE(); }