From patchwork Tue Feb 25 09:53:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 11403159 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4E74E17D5 for ; Tue, 25 Feb 2020 09:55:32 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1FA3F21744 for ; Tue, 25 Feb 2020 09:55:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="IuPIoLtg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1FA3F21744 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j6Wv1-0005tP-JG; Tue, 25 Feb 2020 09:54:23 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j6Wv0-0005tC-Cr for xen-devel@lists.xenproject.org; Tue, 25 Feb 2020 09:54:22 +0000 X-Inumbo-ID: cc3515e6-57b4-11ea-a490-bc764e2007e4 Received: from smtp-fw-2101.amazon.com (unknown [72.21.196.25]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id cc3515e6-57b4-11ea-a490-bc764e2007e4; Tue, 25 Feb 2020 09:54:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1582624462; x=1614160462; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1sXg7SMs1OOuoleGwD/9nyI+ClLPs6vgtcz2MNS4Vbs=; b=IuPIoLtgomq1k48yCKaZM7BxqwdtHxb43IpaS+meKkMqGDnxWUCTHu75 1mjlb1qJKUVR9JwuYCpRckdDJ3TktPQH/5OkXeN22i1uKGEJEOHg3sizy h61poq9xIMqc6CEp4QbOkaIHZWCHzHTWlKPK044nTL7GJRidwcogdI6ze I=; IronPort-SDR: LAMQuULCS9udKfAgALW7lU/ejBmnAfKMLvs4gHwL2U+uxm1SLoRCU3Os36ZACEbytvnZz4z+Dn mLeoTldkWBPg== X-IronPort-AV: E=Sophos;i="5.70,483,1574121600"; d="scan'208";a="18753197" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2c-87a10be6.us-west-2.amazon.com) ([10.43.8.2]) by smtp-border-fw-out-2101.iad2.amazon.com with ESMTP; 25 Feb 2020 09:54:08 +0000 Received: from EX13MTAUEA002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan2.pdx.amazon.com [10.170.41.162]) by email-inbound-relay-2c-87a10be6.us-west-2.amazon.com (Postfix) with ESMTPS id 86EF2A238E; Tue, 25 Feb 2020 09:54:07 +0000 (UTC) Received: from EX13D32EUC001.ant.amazon.com (10.43.164.159) by EX13MTAUEA002.ant.amazon.com (10.43.61.77) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Tue, 25 Feb 2020 09:54:07 +0000 Received: from EX13MTAUWA001.ant.amazon.com (10.43.160.58) by EX13D32EUC001.ant.amazon.com (10.43.164.159) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 25 Feb 2020 09:54:05 +0000 Received: from u2f063a87eabd5f.cbg10.amazon.com (10.125.106.135) by mail-relay.amazon.com (10.43.160.118) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Tue, 25 Feb 2020 09:54:02 +0000 From: Paul Durrant To: Date: Tue, 25 Feb 2020 09:53:56 +0000 Message-ID: <20200225095357.3923-2-pdurrant@amazon.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200225095357.3923-1-pdurrant@amazon.com> References: <20200225095357.3923-1-pdurrant@amazon.com> MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH 1/2] domain: introduce alloc/free_shared_info() helpers... X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , Andrew Cooper , Paul Durrant , Ian Jackson , George Dunlap , Jan Beulich , Volodymyr Babchuk , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" ... and save the MFN. This patch modifies the 'shared_info' field of struct domain to be a structure comprising an MFN and a virtual address. Allocations are still done from xenheap, so the virtual address still equates to virt_to_mfn() called on the MFN but subsequent patch will change this. Hence the need to save the MFN. NOTE: Whist defining the new helpers, virt_to_mfn() in common/domain.c is made type safe. The definition of nmi_reason() in asm-x86/shared.h is also re- flowed to avoid overly long lines. Signed-off-by: Paul Durrant Reviewed-by: Julien Grall --- Cc: Stefano Stabellini Cc: Julien Grall Cc: Volodymyr Babchuk Cc: Andrew Cooper Cc: George Dunlap Cc: Ian Jackson Cc: Jan Beulich Cc: Konrad Rzeszutek Wilk Cc: Wei Liu Cc: "Roger Pau MonnĂ©" --- xen/arch/arm/domain.c | 8 ++------ xen/arch/arm/mm.c | 2 +- xen/arch/x86/domain.c | 11 ++++------- xen/arch/x86/mm.c | 2 +- xen/arch/x86/pv/dom0_build.c | 2 +- xen/arch/x86/pv/shim.c | 2 +- xen/common/domain.c | 26 ++++++++++++++++++++++++++ xen/common/domctl.c | 2 +- xen/common/time.c | 4 ++-- xen/include/asm-x86/shared.h | 15 ++++++++------- xen/include/xen/domain.h | 3 +++ xen/include/xen/sched.h | 5 ++++- xen/include/xen/shared.h | 2 +- 13 files changed, 55 insertions(+), 29 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index aa3df3b3ba..2cbcdaac08 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -690,13 +690,9 @@ int arch_domain_create(struct domain *d, if ( (rc = p2m_init(d)) != 0 ) goto fail; - rc = -ENOMEM; - if ( (d->shared_info = alloc_xenheap_pages(0, 0)) == NULL ) + if ( (rc = alloc_shared_info(d, 0)) != 0 ) goto fail; - clear_page(d->shared_info); - share_xen_page_with_guest(virt_to_page(d->shared_info), d, SHARE_rw); - switch ( config->arch.gic_version ) { case XEN_DOMCTL_CONFIG_GIC_V2: @@ -767,7 +763,7 @@ void arch_domain_destroy(struct domain *d) p2m_teardown(d); domain_vgic_free(d); domain_vuart_free(d); - free_xenheap_page(d->shared_info); + free_shared_info(d); #ifdef CONFIG_ACPI free_xenheap_pages(d->arch.efi_acpi_table, get_order_from_bytes(d->arch.efi_acpi_len)); diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 727107eefa..2bb592101d 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1424,7 +1424,7 @@ int xenmem_add_to_physmap_one( if ( idx != 0 ) return -EINVAL; - mfn = virt_to_mfn(d->shared_info); + mfn = d->shared_info.mfn; t = p2m_ram_rw; break; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index fe63c23676..eb7b0fc51c 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -612,12 +612,9 @@ int arch_domain_create(struct domain *d, * The shared_info machine address must fit in a 32-bit field within a * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32). */ - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL ) + if ( (rc = alloc_shared_info(d, MEMF_bits(32))) != 0 ) goto fail; - clear_page(d->shared_info); - share_xen_page_with_guest(virt_to_page(d->shared_info), d, SHARE_rw); - if ( (rc = init_domain_irq_mapping(d)) != 0 ) goto fail; @@ -665,7 +662,7 @@ int arch_domain_create(struct domain *d, psr_domain_free(d); iommu_domain_destroy(d); cleanup_domain_irq_mapping(d); - free_xenheap_page(d->shared_info); + free_shared_info(d); xfree(d->arch.cpuid); xfree(d->arch.msr); if ( paging_initialised ) @@ -694,7 +691,7 @@ void arch_domain_destroy(struct domain *d) pv_domain_destroy(d); free_perdomain_mappings(d); - free_xenheap_page(d->shared_info); + free_shared_info(d); cleanup_domain_irq_mapping(d); psr_domain_free(d); @@ -720,7 +717,7 @@ void arch_domain_unpause(struct domain *d) int arch_domain_soft_reset(struct domain *d) { - struct page_info *page = virt_to_page(d->shared_info), *new_page; + struct page_info *page = mfn_to_page(d->shared_info.mfn), *new_page; int ret = 0; struct domain *owner; mfn_t mfn; diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 70b87c4830..5067125cbb 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4538,7 +4538,7 @@ int xenmem_add_to_physmap_one( { case XENMAPSPACE_shared_info: if ( idx == 0 ) - mfn = virt_to_mfn(d->shared_info); + mfn = d->shared_info.mfn; break; case XENMAPSPACE_grant_table: rc = gnttab_map_frame(d, idx, gpfn, &mfn); diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 5678da782d..dc16ef2e79 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -743,7 +743,7 @@ int __init dom0_construct_pv(struct domain *d, clear_page(si); si->nr_pages = nr_pages; - si->shared_info = virt_to_maddr(d->shared_info); + si->shared_info = mfn_to_maddr(d->shared_info.mfn); if ( !pv_shim ) si->flags = SIF_PRIVILEGED | SIF_INITDOMAIN; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index d86e2de118..f512809dad 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -282,7 +282,7 @@ static void write_start_info(struct domain *d) snprintf(si->magic, sizeof(si->magic), "xen-3.0-x86_%s", is_pv_32bit_domain(d) ? "32p" : "64"); si->nr_pages = domain_tot_pages(d); - si->shared_info = virt_to_maddr(d->shared_info); + si->shared_info = mfn_to_maddr(d->shared_info.mfn); si->flags = 0; BUG_ON(xen_hypercall_hvm_get_param(HVM_PARAM_STORE_PFN, &si->store_mfn)); BUG_ON(xen_hypercall_hvm_get_param(HVM_PARAM_STORE_EVTCHN, ¶m)); diff --git a/xen/common/domain.c b/xen/common/domain.c index 6ad458fa6b..ba7a905258 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -47,6 +47,10 @@ #include #endif +/* Override macros from asm/page.h to make them work with mfn_t */ +#undef virt_to_mfn +#define virt_to_mfn(v) _mfn(__virt_to_mfn(v)) + /* Linux config option: propageted to domain0 */ /* xen_processor_pmbits: xen control Cx, Px, ... */ unsigned int xen_processor_pmbits = XEN_PROCESSOR_PM_PX; @@ -1644,6 +1648,28 @@ int continue_hypercall_on_cpu( return 0; } +int alloc_shared_info(struct domain *d, unsigned int memflags) +{ + if ( (d->shared_info.virt = alloc_xenheap_pages(0, memflags)) == NULL ) + return -ENOMEM; + + d->shared_info.mfn = virt_to_mfn(d->shared_info.virt); + + clear_page(d->shared_info.virt); + share_xen_page_with_guest(mfn_to_page(d->shared_info.mfn), d, SHARE_rw); + + return 0; +} + +void free_shared_info(struct domain *d) +{ + if ( !d->shared_info.virt ) + return; + + free_xenheap_page(d->shared_info.virt); + d->shared_info.virt = NULL; +} + /* * Local variables: * mode: C diff --git a/xen/common/domctl.c b/xen/common/domctl.c index a69b3b59a8..81f18e63a7 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -196,7 +196,7 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) info->outstanding_pages = d->outstanding_pages; info->shr_pages = atomic_read(&d->shr_pages); info->paged_pages = atomic_read(&d->paged_pages); - info->shared_info_frame = mfn_to_gmfn(d, virt_to_mfn(d->shared_info)); + info->shared_info_frame = mfn_to_gmfn(d, mfn_x(d->shared_info.mfn)); BUG_ON(SHARED_M2P(info->shared_info_frame)); info->cpupool = cpupool_get_id(d); diff --git a/xen/common/time.c b/xen/common/time.c index 82336e2d5a..58fa9abc40 100644 --- a/xen/common/time.c +++ b/xen/common/time.c @@ -110,9 +110,9 @@ void update_domain_wallclock_time(struct domain *d) shared_info(d, wc_nsec) = wc_nsec; #ifdef CONFIG_X86 if ( likely(!has_32bit_shinfo(d)) ) - d->shared_info->native.wc_sec_hi = sec >> 32; + d->shared_info.virt->native.wc_sec_hi = sec >> 32; else - d->shared_info->compat.arch.wc_sec_hi = sec >> 32; + d->shared_info.virt->compat.arch.wc_sec_hi = sec >> 32; #else shared_info(d, wc_sec_hi) = sec >> 32; #endif diff --git a/xen/include/asm-x86/shared.h b/xen/include/asm-x86/shared.h index af5d959d04..d4588e08a6 100644 --- a/xen/include/asm-x86/shared.h +++ b/xen/include/asm-x86/shared.h @@ -1,24 +1,25 @@ #ifndef __XEN_X86_SHARED_H__ #define __XEN_X86_SHARED_H__ -#define nmi_reason(d) (!has_32bit_shinfo(d) ? \ - (u32 *)&(d)->shared_info->native.arch.nmi_reason : \ - (u32 *)&(d)->shared_info->compat.arch.nmi_reason) +#define nmi_reason(d) \ + (!has_32bit_shinfo(d) ? \ + (u32 *)&(d)->shared_info.virt->native.arch.nmi_reason : \ + (u32 *)&(d)->shared_info.virt->compat.arch.nmi_reason) #define GET_SET_SHARED(type, field) \ static inline type arch_get_##field(const struct domain *d) \ { \ return !has_32bit_shinfo(d) ? \ - d->shared_info->native.arch.field : \ - d->shared_info->compat.arch.field; \ + d->shared_info.virt->native.arch.field : \ + d->shared_info.virt->compat.arch.field; \ } \ static inline void arch_set_##field(struct domain *d, \ type val) \ { \ if ( !has_32bit_shinfo(d) ) \ - d->shared_info->native.arch.field = val; \ + d->shared_info.virt->native.arch.field = val; \ else \ - d->shared_info->compat.arch.field = val; \ + d->shared_info.virt->compat.arch.field = val; \ } #define GET_SET_VCPU(type, field) \ diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 7e51d361de..740e2032ad 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -130,4 +130,7 @@ struct vnuma_info { void vnuma_destroy(struct vnuma_info *vnuma); +int alloc_shared_info(struct domain *d, unsigned int memflags); +void free_shared_info(struct domain *d); + #endif /* __XEN_DOMAIN_H__ */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 3a4f43098c..f41d0ad2a0 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -346,7 +346,10 @@ struct domain unsigned int max_vcpus; struct vcpu **vcpu; - shared_info_t *shared_info; /* shared data area */ + struct { + mfn_t mfn; + shared_info_t *virt; + } shared_info; /* shared data area */ spinlock_t domain_lock; diff --git a/xen/include/xen/shared.h b/xen/include/xen/shared.h index a411a8a3e3..57b2ff1e34 100644 --- a/xen/include/xen/shared.h +++ b/xen/include/xen/shared.h @@ -43,7 +43,7 @@ typedef struct vcpu_info vcpu_info_t; extern vcpu_info_t dummy_vcpu_info; -#define shared_info(d, field) __shared_info(d, (d)->shared_info, field) +#define shared_info(d, field) __shared_info(d, (d)->shared_info.virt, field) #define vcpu_info(v, field) __vcpu_info(v, (v)->vcpu_info, field) #endif /* __XEN_SHARED_H__ */ From patchwork Tue Feb 25 09:53:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 11403163 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 005D014D5 for ; Tue, 25 Feb 2020 09:55:44 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C5A5321744 for ; Tue, 25 Feb 2020 09:55:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="B6xFmxhk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C5A5321744 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j6Wv6-0005v2-Sx; Tue, 25 Feb 2020 09:54:28 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j6Wv5-0005ub-8i for xen-devel@lists.xenproject.org; Tue, 25 Feb 2020 09:54:27 +0000 X-Inumbo-ID: c75dd4d6-57b4-11ea-a490-bc764e2007e4 Received: from smtp-fw-9102.amazon.com (unknown [207.171.184.29]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id c75dd4d6-57b4-11ea-a490-bc764e2007e4; Tue, 25 Feb 2020 09:54:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1582624455; x=1614160455; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZGnO7Sr7uKlEAQb3ApRus6MhV+natOlVsHlToI8RNeA=; b=B6xFmxhkuwdvJ25dIe2QI3j4O708oVSSlBd3u+gG1AlaviXvCycmrvtX cWUcY4Aa42LXteEuH2fmlpLl0HtP1mCINbqot/Ry8yY20lHsKcmGJIhjN 8h2ETdRHgahAo5mODaxHYiV3ajWkR/um4lvF0/96AV2gq16juetBXl/Ou I=; IronPort-SDR: 6m/2IL2yk44Hoi0gcpLG5cALC1ml63v01irv6ItU450hZZHCtVUE2FdPTbdKTWP6A7t47pW/Bj gxCVt9iVyABA== X-IronPort-AV: E=Sophos;i="5.70,483,1574121600"; d="scan'208";a="27308305" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2b-81e76b79.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP; 25 Feb 2020 09:54:13 +0000 Received: from EX13MTAUEA002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2b-81e76b79.us-west-2.amazon.com (Postfix) with ESMTPS id 42255A254A; Tue, 25 Feb 2020 09:54:11 +0000 (UTC) Received: from EX13D32EUB001.ant.amazon.com (10.43.166.125) by EX13MTAUEA002.ant.amazon.com (10.43.61.77) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Tue, 25 Feb 2020 09:54:10 +0000 Received: from EX13MTAUWA001.ant.amazon.com (10.43.160.58) by EX13D32EUB001.ant.amazon.com (10.43.166.125) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 25 Feb 2020 09:54:09 +0000 Received: from u2f063a87eabd5f.cbg10.amazon.com (10.125.106.135) by mail-relay.amazon.com (10.43.160.118) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Tue, 25 Feb 2020 09:54:06 +0000 From: Paul Durrant To: Date: Tue, 25 Feb 2020 09:53:57 +0000 Message-ID: <20200225095357.3923-3-pdurrant@amazon.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200225095357.3923-1-pdurrant@amazon.com> References: <20200225095357.3923-1-pdurrant@amazon.com> MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH 2/2] domain: use PGC_extra domheap page for shared_info X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , Andrew Cooper , Paul Durrant , Ian Jackson , George Dunlap , Jan Beulich , Volodymyr Babchuk Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" There's no particular reason shared_info need use a xenheap page. It's only purpose is to be mapped by the guest so use a PGC_extra domheap page instead. This does entail freeing shared_info during domain_relinquish_resources() rather than domain_destroy() so care is needed to avoid de-referencing a NULL shared_info pointer hence some extra checks of 'is_dying' are needed. ASSERTions are added before apparently vulnerable dereferences in the event channel code. These should not be hit because domain_kill() calls evtchn_destroy() before calling domain_relinquish_resources() but are added to catch any future re-ordering. For Arm, the call to free_shared_info() in arch_domain_destroy() is left in place since it called in the error path for arch_domain_create(). NOTE: A modification in p2m_alloc_table() is required to avoid a false positive when checking for domain memory. A fix is also needed in dom0_construct_pv() to avoid automatically adding PGC_extra pages to the physmap. Signed-off-by: Paul Durrant --- Cc: Stefano Stabellini Cc: Julien Grall Cc: Volodymyr Babchuk Cc: Andrew Cooper Cc: George Dunlap Cc: Ian Jackson Cc: Jan Beulich Cc: Konrad Rzeszutek Wilk Cc: Wei Liu --- xen/arch/arm/domain.c | 2 ++ xen/arch/x86/domain.c | 3 ++- xen/arch/x86/mm/p2m.c | 3 +-- xen/arch/x86/pv/dom0_build.c | 4 ++++ xen/common/domain.c | 25 +++++++++++++++++++------ xen/common/event_2l.c | 4 ++++ xen/common/event_fifo.c | 1 + xen/common/time.c | 3 +++ 8 files changed, 36 insertions(+), 9 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 2cbcdaac08..3904519256 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -1006,6 +1006,8 @@ int domain_relinquish_resources(struct domain *d) BUG(); } + free_shared_info(d); + return 0; } diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index eb7b0fc51c..3ad532eccf 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -691,7 +691,6 @@ void arch_domain_destroy(struct domain *d) pv_domain_destroy(d); free_perdomain_mappings(d); - free_shared_info(d); cleanup_domain_irq_mapping(d); psr_domain_free(d); @@ -2246,6 +2245,8 @@ int domain_relinquish_resources(struct domain *d) if ( is_hvm_domain(d) ) hvm_domain_relinquish_resources(d); + free_shared_info(d); + return 0; } diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index c5f428d67c..787d97d85e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -695,8 +695,7 @@ int p2m_alloc_table(struct p2m_domain *p2m) p2m_lock(p2m); - if ( p2m_is_hostp2m(p2m) - && !page_list_empty(&d->page_list) ) + if ( p2m_is_hostp2m(p2m) && domain_tot_pages(d) ) { P2M_ERROR("dom %d already has memory allocated\n", d->domain_id); p2m_unlock(p2m); diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index dc16ef2e79..f8f1bbe2f4 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -792,6 +792,10 @@ int __init dom0_construct_pv(struct domain *d, { mfn = mfn_x(page_to_mfn(page)); BUG_ON(SHARED_M2P(get_gpfn_from_mfn(mfn))); + + if ( page->count_info & PGC_extra ) + continue; + if ( get_gpfn_from_mfn(mfn) >= count ) { BUG_ON(is_pv_32bit_domain(d)); diff --git a/xen/common/domain.c b/xen/common/domain.c index ba7a905258..1d42fbcc0f 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -128,9 +128,9 @@ static void vcpu_info_reset(struct vcpu *v) { struct domain *d = v->domain; - v->vcpu_info = ((v->vcpu_id < XEN_LEGACY_MAX_VCPUS) + v->vcpu_info = (!d->is_dying && v->vcpu_id < XEN_LEGACY_MAX_VCPUS) ? (vcpu_info_t *)&shared_info(d, vcpu_info[v->vcpu_id]) - : &dummy_vcpu_info); + : &dummy_vcpu_info; v->vcpu_info_mfn = INVALID_MFN; } @@ -1650,24 +1650,37 @@ int continue_hypercall_on_cpu( int alloc_shared_info(struct domain *d, unsigned int memflags) { - if ( (d->shared_info.virt = alloc_xenheap_pages(0, memflags)) == NULL ) + struct page_info *pg; + + pg = alloc_domheap_page(d, MEMF_no_refcount | memflags); + if ( !pg ) return -ENOMEM; - d->shared_info.mfn = virt_to_mfn(d->shared_info.virt); + if ( !get_page_and_type(pg, d, PGT_writable_page) ) + return -ENODATA; + + d->shared_info.mfn = page_to_mfn(pg); + d->shared_info.virt = __map_domain_page_global(pg); clear_page(d->shared_info.virt); - share_xen_page_with_guest(mfn_to_page(d->shared_info.mfn), d, SHARE_rw); return 0; } void free_shared_info(struct domain *d) { + struct page_info *pg; + if ( !d->shared_info.virt ) return; - free_xenheap_page(d->shared_info.virt); + unmap_domain_page_global(d->shared_info.virt); d->shared_info.virt = NULL; + + pg = mfn_to_page(d->shared_info.mfn); + + put_page_alloc_ref(pg); + put_page_and_type(pg); } /* diff --git a/xen/common/event_2l.c b/xen/common/event_2l.c index e1dbb860f4..a72fe0232b 100644 --- a/xen/common/event_2l.c +++ b/xen/common/event_2l.c @@ -27,6 +27,7 @@ static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn) * others may require explicit memory barriers. */ + ASSERT(d->shared_info.virt); if ( guest_test_and_set_bit(d, port, &shared_info(d, evtchn_pending)) ) return; @@ -54,6 +55,7 @@ static void evtchn_2l_unmask(struct domain *d, struct evtchn *evtchn) * These operations must happen in strict order. Based on * evtchn_2l_set_pending() above. */ + ASSERT(d->shared_info.virt); if ( guest_test_and_clear_bit(d, port, &shared_info(d, evtchn_mask)) && guest_test_bit(d, port, &shared_info(d, evtchn_pending)) && !guest_test_and_set_bit(d, port / BITS_PER_EVTCHN_WORD(d), @@ -67,6 +69,7 @@ static bool evtchn_2l_is_pending(const struct domain *d, evtchn_port_t port) { unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + ASSERT(d->shared_info.virt); ASSERT(port < max_ports); return (port < max_ports && guest_test_bit(d, port, &shared_info(d, evtchn_pending))); @@ -76,6 +79,7 @@ static bool evtchn_2l_is_masked(const struct domain *d, evtchn_port_t port) { unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + ASSERT(d->shared_info.virt); ASSERT(port < max_ports); return (port >= max_ports || guest_test_bit(d, port, &shared_info(d, evtchn_mask))); diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index 230f440f14..e8c6045d72 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -497,6 +497,7 @@ static void setup_ports(struct domain *d) evtchn = evtchn_from_port(d, port); + ASSERT(d->shared_info.virt); if ( guest_test_bit(d, port, &shared_info(d, evtchn_pending)) ) evtchn->pending = 1; diff --git a/xen/common/time.c b/xen/common/time.c index 58fa9abc40..938226c7b1 100644 --- a/xen/common/time.c +++ b/xen/common/time.c @@ -99,6 +99,9 @@ void update_domain_wallclock_time(struct domain *d) uint32_t *wc_version; uint64_t sec; + if ( d->is_dying ) + return; + spin_lock(&wc_lock); wc_version = &shared_info(d, wc_version);