* [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values
@ 2020-01-08 14:08 Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
` (3 more replies)
0 siblings, 4 replies; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-08 14:08 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jan Beulich,
Jun Nakajima, Alexandru Stefan ISAILA, Roger Pau Monné
This patch aims to sanitize indexes, potentially guest provided
values, for altp2m_eptp[] and altp2m_p2m[] arrays.
Requested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
---
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: Jun Nakajima <jun.nakajima@intel.com>
CC: Kevin Tian <kevin.tian@intel.com>
---
Changes since V6:
- Remove stray spaces
- Use ARRAY_SIZE(d->arch.altp2m_p2m) insead of MAX_ALTP2M.
---
xen/arch/x86/mm/mem_access.c | 24 +++++++++++--------
xen/arch/x86/mm/p2m-ept.c | 6 +++--
xen/arch/x86/mm/p2m.c | 45 +++++++++++++++++++++++-------------
3 files changed, 48 insertions(+), 27 deletions(-)
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index 320b9fe621..f323d885b1 100644
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -366,11 +366,13 @@ long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
#ifdef CONFIG_HVM
if ( altp2m_idx )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
}
#else
ASSERT(!altp2m_idx);
@@ -425,11 +427,13 @@ long p2m_set_mem_access_multi(struct domain *d,
#ifdef CONFIG_HVM
if ( altp2m_idx )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
}
#else
ASSERT(!altp2m_idx);
@@ -491,11 +495,13 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
}
else if ( altp2m_idx ) /* altp2m view 0 is treated as the hostp2m */
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
}
#else
ASSERT(!altp2m_idx);
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index b5517769c9..1c23ea6169 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1353,7 +1353,9 @@ void setup_ept_dump(void)
void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
{
- struct p2m_domain *p2m = d->arch.altp2m_p2m[i];
+ struct p2m_domain *p2m = d->arch.
+ altp2m_p2m[array_index_nospec(i,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
struct ept_data *ept;
@@ -1366,7 +1368,7 @@ void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
ept = &p2m->ept;
ept->mfn = pagetable_get_pfn(p2m_get_pagetable(p2m));
- d->arch.altp2m_eptp[i] = ept->eptp;
+ d->arch.altp2m_eptp[array_index_nospec(i, MAX_EPTP)] = ept->eptp;
}
unsigned int p2m_find_altp2m_by_eptp(struct domain *d, uint64_t eptp)
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 3119269073..5f046960a9 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2502,7 +2502,8 @@ static void p2m_reset_altp2m(struct domain *d, unsigned int idx,
struct p2m_domain *p2m;
ASSERT(idx < MAX_ALTP2M);
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = d->arch.altp2m_p2m[array_index_nospec(idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
p2m_lock(p2m);
@@ -2543,7 +2544,8 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
ASSERT(idx < MAX_ALTP2M);
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = d->arch.altp2m_p2m[array_index_nospec(idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
hostp2m = p2m_get_hostp2m(d);
p2m_lock(p2m);
@@ -2574,12 +2576,13 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
{
int rc = -EINVAL;
- if ( idx >= MAX_ALTP2M )
+ if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
altp2m_list_lock(d);
- if ( d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) )
+ if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
rc = p2m_activate_altp2m(d, idx);
altp2m_list_unlock(d);
@@ -2615,7 +2618,7 @@ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx)
struct p2m_domain *p2m;
int rc = -EBUSY;
- if ( !idx || idx >= MAX_ALTP2M )
+ if ( !idx || idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
rc = domain_pause_except_self(d);
@@ -2625,14 +2628,17 @@ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx)
rc = -EBUSY;
altp2m_list_lock(d);
- if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) )
+ if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] !=
+ mfn_x(INVALID_MFN) )
{
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = d->arch.altp2m_p2m[array_index_nospec(idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
if ( !_atomic_read(p2m->active_vcpus) )
{
p2m_reset_altp2m(d, idx, ALTP2M_DEACTIVATE);
- d->arch.altp2m_eptp[idx] = mfn_x(INVALID_MFN);
+ d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] =
+ mfn_x(INVALID_MFN);
rc = 0;
}
}
@@ -2689,11 +2695,14 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx,
mfn_t mfn;
int rc = -EINVAL;
- if ( idx >= MAX_ALTP2M || d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) )
+ if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return rc;
hp2m = p2m_get_hostp2m(d);
- ap2m = d->arch.altp2m_p2m[idx];
+ ap2m = d->arch.altp2m_p2m[array_index_nospec(idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
p2m_lock(hp2m);
p2m_lock(ap2m);
@@ -3032,11 +3041,13 @@ int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
if ( altp2m_idx > 0 )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
}
else
p2m = host_p2m;
@@ -3075,11 +3086,13 @@ int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
if ( altp2m_idx > 0 )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ ARRAY_SIZE(d->arch.altp2m_p2m))];
}
else
p2m = host_p2m;
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-08 14:08 [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
@ 2020-01-08 14:08 ` Alexandru Stefan ISAILA
2020-01-10 16:20 ` Jan Beulich
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
` (2 subsequent siblings)
3 siblings, 1 reply; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-08 14:08 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Jan Beulich,
Alexandru Stefan ISAILA, Roger Pau Monné
By default the sve bits are not set.
This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
to set a range of sve bits.
The core function, p2m_set_suppress_ve_multi(), does not break in case
of a error and it is doing a best effort for setting the bits in the
given range. A check for continuation is made in order to have
preemption on large ranges.
The gfn of the first error is stored in
xen_hvm_altp2m_suppress_ve_multi.first_error and the error code is
stored in xen_hvm_altp2m_suppress_ve_multi.first_error_code.
If no error occurred the values will be 0.
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
---
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Julien Grall <julien@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
---
Changes since V6:
- Fix commit message
- Fix comments from struct xen_hvm_altp2m_suppress_ve_multi
- Save the first error from altp2m_get_effective_entry() and
skip set_entry() if any error occurred.
- Call p2m_set_suppress_ve_multi() in p2m_set_suppress_ve().
---
tools/libxc/include/xenctrl.h | 4 ++
tools/libxc/xc_altp2m.c | 33 ++++++++++++++
xen/arch/x86/hvm/hvm.c | 20 +++++++++
xen/arch/x86/mm/p2m.c | 78 +++++++++++++++++++++++++--------
xen/include/public/hvm/hvm_op.h | 13 ++++++
xen/include/xen/mem_access.h | 3 ++
6 files changed, 133 insertions(+), 18 deletions(-)
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index 75f191ae3a..cc4eb1e3d3 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -1923,6 +1923,10 @@ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid,
uint16_t view_id);
int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn, bool sve);
+int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
+ uint16_t view_id, xen_pfn_t first_gfn,
+ xen_pfn_t last_gfn, bool sve,
+ xen_pfn_t *error_gfn, int32_t *error_code);
int xc_altp2m_get_suppress_ve(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn, bool *sve);
int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c
index 09dad0355e..46fb725806 100644
--- a/tools/libxc/xc_altp2m.c
+++ b/tools/libxc/xc_altp2m.c
@@ -234,6 +234,39 @@ int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
return rc;
}
+int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
+ uint16_t view_id, xen_pfn_t first_gfn,
+ xen_pfn_t last_gfn, bool sve,
+ xen_pfn_t *error_gfn, int32_t *error_code)
+{
+ int rc;
+ DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg);
+
+ arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg));
+ if ( arg == NULL )
+ return -1;
+
+ arg->version = HVMOP_ALTP2M_INTERFACE_VERSION;
+ arg->cmd = HVMOP_altp2m_set_suppress_ve_multi;
+ arg->domain = domid;
+ arg->u.suppress_ve_multi.view = view_id;
+ arg->u.suppress_ve_multi.first_gfn = first_gfn;
+ arg->u.suppress_ve_multi.last_gfn = last_gfn;
+ arg->u.suppress_ve_multi.suppress_ve = sve;
+
+ rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m,
+ HYPERCALL_BUFFER_AS_ARG(arg));
+
+ if ( arg->u.suppress_ve_multi.first_error )
+ {
+ *error_gfn = arg->u.suppress_ve_multi.first_error_gfn;
+ *error_code = arg->u.suppress_ve_multi.first_error;
+ }
+
+ xc_hypercall_buffer_free(handle, arg);
+ return rc;
+}
+
int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn,
xenmem_access_t access)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 4723f5d09c..4d79b4934e 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4520,6 +4520,7 @@ static int do_altp2m_op(
case HVMOP_altp2m_destroy_p2m:
case HVMOP_altp2m_switch_p2m:
case HVMOP_altp2m_set_suppress_ve:
+ case HVMOP_altp2m_set_suppress_ve_multi:
case HVMOP_altp2m_get_suppress_ve:
case HVMOP_altp2m_set_mem_access:
case HVMOP_altp2m_set_mem_access_multi:
@@ -4678,6 +4679,25 @@ static int do_altp2m_op(
}
break;
+ case HVMOP_altp2m_set_suppress_ve_multi:
+ {
+ uint64_t max_phys_addr = (1UL << d->arch.cpuid->extd.maxphysaddr) - 1;
+
+ a.u.suppress_ve_multi.last_gfn = min(a.u.suppress_ve_multi.last_gfn,
+ max_phys_addr);
+
+ if ( a.u.suppress_ve_multi.pad1 ||
+ a.u.suppress_ve_multi.first_gfn > a.u.suppress_ve_multi.last_gfn )
+ rc = -EINVAL;
+ else
+ {
+ rc = p2m_set_suppress_ve_multi(d, &a.u.suppress_ve_multi);
+ if ( (!rc || rc == -ERESTART) && __copy_to_guest(arg, &a, 1) )
+ rc = -EFAULT;
+ }
+ break;
+ }
+
case HVMOP_altp2m_get_suppress_ve:
if ( a.u.suppress_ve.pad1 || a.u.suppress_ve.pad2 )
rc = -EINVAL;
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 5f046960a9..223ca0cf4c 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -3030,45 +3030,87 @@ out:
*/
int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
unsigned int altp2m_idx)
+{
+ int rc;
+ struct xen_hvm_altp2m_suppress_ve_multi sve = {0};
+
+ sve.view = altp2m_idx;
+ sve.suppress_ve = suppress_ve;
+ sve.first_gfn = gfn_x(gfn);
+ sve.last_gfn = gfn_x(gfn);
+
+ if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) && sve.first_error )
+ rc = sve.first_error;
+
+ return rc;
+}
+
+/*
+ * Set/clear the #VE suppress bit for multiple pages. Only available on VMX.
+ */
+int p2m_set_suppress_ve_multi(struct domain *d,
+ struct xen_hvm_altp2m_suppress_ve_multi *sve)
{
struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
struct p2m_domain *ap2m = NULL;
- struct p2m_domain *p2m;
- mfn_t mfn;
- p2m_access_t a;
- p2m_type_t t;
- int rc;
+ struct p2m_domain *p2m = host_p2m;
+ uint64_t start = sve->first_gfn;
+ int rc = 0;
- if ( altp2m_idx > 0 )
+ if ( sve->view > 0 )
{
- if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
- d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ if ( sve->view >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_EPTP)] ==
mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
+ p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(sve->view,
ARRAY_SIZE(d->arch.altp2m_p2m))];
}
- else
- p2m = host_p2m;
- gfn_lock(host_p2m, gfn, 0);
+ p2m_lock(host_p2m);
if ( ap2m )
p2m_lock(ap2m);
- rc = altp2m_get_effective_entry(p2m, gfn, &mfn, &t, &a, AP2MGET_query);
+ while ( sve->last_gfn >= start )
+ {
+ p2m_access_t a;
+ p2m_type_t t;
+ mfn_t mfn;
+ int err = 0;
- if ( rc )
- goto out;
+ if ( (err = altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a,
+ AP2MGET_query)) &&
+ !sve->first_error )
+ {
+ sve->first_error_gfn = start; /* Save the gfn of the first error */
+ sve->first_error = err; /* Save the first error code */
+ }
- rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve);
+ if ( !err && (err = p2m->set_entry(p2m, _gfn(start), mfn,
+ PAGE_ORDER_4K, t, a,
+ sve->suppress_ve)) &&
+ !sve->first_error )
+ {
+ sve->first_error_gfn = start; /* Save the gfn of the first error */
+ sve->first_error = err; /* Save the first error code */
+ }
+
+ /* Check for continuation if it's not the last iteration. */
+ if ( sve->last_gfn >= ++start && hypercall_preempt_check() )
+ {
+ rc = -ERESTART;
+ break;
+ }
+ }
+
+ sve->first_gfn = start;
-out:
if ( ap2m )
p2m_unlock(ap2m);
- gfn_unlock(host_p2m, gfn, 0);
+ p2m_unlock(host_p2m);
return rc;
}
diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
index 353f8034d9..d344606864 100644
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -46,6 +46,16 @@ struct xen_hvm_altp2m_suppress_ve {
uint64_t gfn;
};
+struct xen_hvm_altp2m_suppress_ve_multi {
+ uint16_t view;
+ uint8_t suppress_ve; /* Boolean type. */
+ uint8_t pad1;
+ int32_t first_error; /* Should be set to 0. */
+ uint64_t first_gfn; /* Value may be updated. */
+ uint64_t last_gfn;
+ uint64_t first_error_gfn; /* Gfn of the first error. */
+};
+
#if __XEN_INTERFACE_VERSION__ < 0x00040900
/* Set the logical level of one of a domain's PCI INTx wires. */
@@ -339,6 +349,8 @@ struct xen_hvm_altp2m_op {
#define HVMOP_altp2m_vcpu_disable_notify 13
/* Get the active vcpu p2m index */
#define HVMOP_altp2m_get_p2m_idx 14
+/* Set the "Supress #VE" bit for a range of pages */
+#define HVMOP_altp2m_set_suppress_ve_multi 15
domid_t domain;
uint16_t pad1;
uint32_t pad2;
@@ -353,6 +365,7 @@ struct xen_hvm_altp2m_op {
struct xen_hvm_altp2m_change_gfn change_gfn;
struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi;
struct xen_hvm_altp2m_suppress_ve suppress_ve;
+ struct xen_hvm_altp2m_suppress_ve_multi suppress_ve_multi;
struct xen_hvm_altp2m_vcpu_disable_notify disable_notify;
struct xen_hvm_altp2m_get_vcpu_p2m_idx get_vcpu_p2m_idx;
uint8_t pad[64];
diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
index e4d24502e0..00e594a0ad 100644
--- a/xen/include/xen/mem_access.h
+++ b/xen/include/xen/mem_access.h
@@ -75,6 +75,9 @@ long p2m_set_mem_access_multi(struct domain *d,
int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
unsigned int altp2m_idx);
+int p2m_set_suppress_ve_multi(struct domain *d,
+ struct xen_hvm_altp2m_suppress_ve_multi *suppress_ve);
+
int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
unsigned int altp2m_idx);
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c
2020-01-08 14:08 [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
@ 2020-01-08 14:08 ` Alexandru Stefan ISAILA
2020-01-19 4:15 ` Tian, Kevin
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
2020-01-10 16:12 ` [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
3 siblings, 1 reply; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-08 14:08 UTC (permalink / raw)
To: xen-devel
Cc: Kevin Tian, Jun Nakajima, Wei Liu, George Dunlap, Andrew Cooper,
Jan Beulich, Alexandru Stefan ISAILA, Roger Pau Monné
No functional changes.
Requested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jun Nakajima <jun.nakajima@intel.com>
CC: Kevin Tian <kevin.tian@intel.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
---
xen/arch/x86/mm/p2m-ept.c | 6 ------
xen/arch/x86/mm/p2m.c | 6 ++++++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index 1c23ea6169..7f9d560df8 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1359,13 +1359,7 @@ void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
struct ept_data *ept;
- p2m->default_access = hostp2m->default_access;
- p2m->domain = hostp2m->domain;
-
- p2m->global_logdirty = hostp2m->global_logdirty;
p2m->ept.ad = hostp2m->ept.ad;
- p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
- p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
ept = &p2m->ept;
ept->mfn = pagetable_get_pfn(p2m_get_pagetable(p2m));
d->arch.altp2m_eptp[array_index_nospec(i, MAX_EPTP)] = ept->eptp;
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 223ca0cf4c..1befc06641 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2564,6 +2564,12 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
goto out;
}
+ p2m->default_access = hostp2m->default_access;
+ p2m->domain = hostp2m->domain;
+ p2m->global_logdirty = hostp2m->global_logdirty;
+ p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
+ p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
+
p2m_init_altp2m_ept(d, idx);
out:
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-08 14:08 [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
@ 2020-01-08 14:08 ` Alexandru Stefan ISAILA
2020-01-10 16:41 ` Jan Beulich
2020-01-10 16:12 ` [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
3 siblings, 1 reply; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-08 14:08 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Jan Beulich,
Alexandru Stefan ISAILA, Roger Pau Monné
At this moment the default_access param from xc_altp2m_create_view is
not used.
This patch assigns default_access to p2m->default_access at the time of
initializing a new altp2m view.
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
---
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Julien Grall <julien@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
---
Changes since V6:
- Remove the NULL check for p2m in xenmem_access_to_p2m_access()
- Use hostp2m for default access in p2m_init_next_altp2m()
- Remove the artifact line from p2m_init_next_altp2m().
---
xen/arch/x86/hvm/hvm.c | 3 ++-
xen/arch/x86/mm/mem_access.c | 6 +++---
xen/arch/x86/mm/p2m.c | 20 +++++++++++++++-----
xen/include/asm-x86/p2m.h | 3 ++-
xen/include/public/hvm/hvm_op.h | 2 --
xen/include/xen/mem_access.h | 4 ++++
6 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 4d79b4934e..b96fafed65 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4654,7 +4654,8 @@ static int do_altp2m_op(
}
case HVMOP_altp2m_create_p2m:
- if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view)) )
+ if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view,
+ a.u.view.hvmmem_default_access)) )
rc = __copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
break;
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index f323d885b1..4ef6a62c31 100644
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -314,9 +314,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m,
return rc;
}
-static bool xenmem_access_to_p2m_access(struct p2m_domain *p2m,
- xenmem_access_t xaccess,
- p2m_access_t *paccess)
+bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
+ xenmem_access_t xaccess,
+ p2m_access_t *paccess)
{
static const p2m_access_t memaccess[] = {
#define ACCESS(ac) [XENMEM_access_##ac] = p2m_access_##ac
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 1befc06641..a811044d6e 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -25,6 +25,7 @@
#include <xen/guest_access.h> /* copy_from_guest() */
#include <xen/iommu.h>
+#include <xen/mem_access.h>
#include <xen/vm_event.h>
#include <xen/event.h>
#include <public/vm_event.h>
@@ -2537,7 +2538,8 @@ void p2m_flush_altp2m(struct domain *d)
altp2m_list_unlock(d);
}
-static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
+static int p2m_activate_altp2m(struct domain *d, unsigned int idx,
+ p2m_access_t hvmmem_default_access)
{
struct p2m_domain *hostp2m, *p2m;
int rc;
@@ -2564,7 +2566,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
goto out;
}
- p2m->default_access = hostp2m->default_access;
+ p2m->default_access = hvmmem_default_access;
p2m->domain = hostp2m->domain;
p2m->global_logdirty = hostp2m->global_logdirty;
p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
@@ -2581,6 +2583,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
{
int rc = -EINVAL;
+ struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
@@ -2589,16 +2592,23 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
mfn_x(INVALID_MFN) )
- rc = p2m_activate_altp2m(d, idx);
+ rc = p2m_activate_altp2m(d, idx, hostp2m->default_access);
altp2m_list_unlock(d);
return rc;
}
-int p2m_init_next_altp2m(struct domain *d, uint16_t *idx)
+int p2m_init_next_altp2m(struct domain *d, uint16_t *idx,
+ xenmem_access_t hvmmem_default_access)
{
int rc = -EINVAL;
unsigned int i;
+ p2m_access_t a;
+ struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
+
+ if ( hvmmem_default_access > XENMEM_access_default ||
+ !xenmem_access_to_p2m_access(hostp2m, hvmmem_default_access, &a) )
+ return rc;
altp2m_list_lock(d);
@@ -2607,7 +2617,7 @@ int p2m_init_next_altp2m(struct domain *d, uint16_t *idx)
if ( d->arch.altp2m_eptp[i] != mfn_x(INVALID_MFN) )
continue;
- rc = p2m_activate_altp2m(d, i);
+ rc = p2m_activate_altp2m(d, i, a);
if ( !rc )
*idx = i;
diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 94285db1b4..ac2d2787f4 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -884,7 +884,8 @@ bool p2m_altp2m_get_or_propagate(struct p2m_domain *ap2m, unsigned long gfn_l,
int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx);
/* Find an available alternate p2m and make it valid */
-int p2m_init_next_altp2m(struct domain *d, uint16_t *idx);
+int p2m_init_next_altp2m(struct domain *d, uint16_t *idx,
+ xenmem_access_t hvmmem_default_access);
/* Make a specific alternate p2m invalid */
int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx);
diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
index d344606864..610e020a62 100644
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -251,8 +251,6 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_vcpu_disable_notify_t);
struct xen_hvm_altp2m_view {
/* IN/OUT variable */
uint16_t view;
- /* Create view only: default access type
- * NOTE: currently ignored */
uint16_t hvmmem_default_access; /* xenmem_access_t */
};
typedef struct xen_hvm_altp2m_view xen_hvm_altp2m_view_t;
diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
index 00e594a0ad..5d53fb8ce4 100644
--- a/xen/include/xen/mem_access.h
+++ b/xen/include/xen/mem_access.h
@@ -58,6 +58,10 @@ typedef enum {
/* NOTE: Assumed to be only 4 bits right now on x86. */
} p2m_access_t;
+bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
+ xenmem_access_t xaccess,
+ p2m_access_t *paccess);
+
/*
* Set access type for a region of gfns.
* If gfn == INVALID_GFN, sets the default access type.
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-08 14:08 [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
` (2 preceding siblings ...)
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
@ 2020-01-10 16:12 ` Jan Beulich
2020-01-17 8:48 ` Alexandru Stefan ISAILA
3 siblings, 1 reply; 12+ messages in thread
From: Jan Beulich @ 2020-01-10 16:12 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jun Nakajima,
xen-devel, Roger Pau Monné
On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
> Changes since V6:
> - Remove stray spaces
> - Use ARRAY_SIZE(d->arch.altp2m_p2m) insead of MAX_ALTP2M.
I'm not utterly confused:
> --- a/xen/arch/x86/mm/mem_access.c
> +++ b/xen/arch/x86/mm/mem_access.c
> @@ -366,11 +366,13 @@ long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
> #ifdef CONFIG_HVM
> if ( altp2m_idx )
> {
> - if ( altp2m_idx >= MAX_ALTP2M ||
> - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
> + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
> + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
> + mfn_x(INVALID_MFN) )
> return -EINVAL;
>
> - ap2m = d->arch.altp2m_p2m[altp2m_idx];
> + ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
> + ARRAY_SIZE(d->arch.altp2m_p2m))];
Why is this still not
ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
? What am I missing?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
@ 2020-01-10 16:20 ` Jan Beulich
2020-01-13 10:32 ` Alexandru Stefan ISAILA
0 siblings, 1 reply; 12+ messages in thread
From: Jan Beulich @ 2020-01-10 16:20 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
> By default the sve bits are not set.
> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
> to set a range of sve bits.
> The core function, p2m_set_suppress_ve_multi(), does not break in case
> of a error and it is doing a best effort for setting the bits in the
> given range. A check for continuation is made in order to have
> preemption on large ranges.
> The gfn of the first error is stored in
> xen_hvm_altp2m_suppress_ve_multi.first_error and the error code is
> stored in xen_hvm_altp2m_suppress_ve_multi.first_error_code.
> If no error occurred the values will be 0.
These last two sentences must have been stale for a while. IOW ...
> Changes since V6:
> - Fix commit message
... has this really happened?
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -3030,45 +3030,87 @@ out:
> */
> int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
> unsigned int altp2m_idx)
> +{
> + int rc;
> + struct xen_hvm_altp2m_suppress_ve_multi sve = {0};
> +
> + sve.view = altp2m_idx;
> + sve.suppress_ve = suppress_ve;
> + sve.first_gfn = gfn_x(gfn);
> + sve.last_gfn = gfn_x(gfn);
Can't all of these move into the initializer, instead of the
somewhat odd 0?
> + if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) && sve.first_error )
> + rc = sve.first_error;
Why the right side of the && ?
> +/*
> + * Set/clear the #VE suppress bit for multiple pages. Only available on VMX.
> + */
> +int p2m_set_suppress_ve_multi(struct domain *d,
> + struct xen_hvm_altp2m_suppress_ve_multi *sve)
> {
> struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
> struct p2m_domain *ap2m = NULL;
> - struct p2m_domain *p2m;
> - mfn_t mfn;
> - p2m_access_t a;
> - p2m_type_t t;
> - int rc;
> + struct p2m_domain *p2m = host_p2m;
> + uint64_t start = sve->first_gfn;
> + int rc = 0;
>
> - if ( altp2m_idx > 0 )
> + if ( sve->view > 0 )
> {
> - if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
> - d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
> + if ( sve->view >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
> + d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_EPTP)] ==
> mfn_x(INVALID_MFN) )
> return -EINVAL;
>
> - p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
> + p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(sve->view,
> ARRAY_SIZE(d->arch.altp2m_p2m))];
> }
> - else
> - p2m = host_p2m;
>
> - gfn_lock(host_p2m, gfn, 0);
> + p2m_lock(host_p2m);
>
> if ( ap2m )
> p2m_lock(ap2m);
>
> - rc = altp2m_get_effective_entry(p2m, gfn, &mfn, &t, &a, AP2MGET_query);
> + while ( sve->last_gfn >= start )
> + {
> + p2m_access_t a;
> + p2m_type_t t;
> + mfn_t mfn;
> + int err = 0;
>
> - if ( rc )
> - goto out;
> + if ( (err = altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a,
> + AP2MGET_query)) &&
> + !sve->first_error )
> + {
> + sve->first_error_gfn = start; /* Save the gfn of the first error */
> + sve->first_error = err; /* Save the first error code */
> + }
>
> - rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve);
> + if ( !err && (err = p2m->set_entry(p2m, _gfn(start), mfn,
> + PAGE_ORDER_4K, t, a,
> + sve->suppress_ve)) &&
> + !sve->first_error )
> + {
> + sve->first_error_gfn = start; /* Save the gfn of the first error */
> + sve->first_error = err; /* Save the first error code */
> + }
I think it would help readability if you didn't do this error
saving twice.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
@ 2020-01-10 16:41 ` Jan Beulich
0 siblings, 0 replies; 12+ messages in thread
From: Jan Beulich @ 2020-01-10 16:41 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
> At this moment the default_access param from xc_altp2m_create_view is
> not used.
>
> This patch assigns default_access to p2m->default_access at the time of
> initializing a new altp2m view.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
The tiny parts this applies to:
Acked-by: Jan Beulich <jbeulich@suse.com>
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-10 16:20 ` Jan Beulich
@ 2020-01-13 10:32 ` Alexandru Stefan ISAILA
2020-01-13 12:53 ` Jan Beulich
0 siblings, 1 reply; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-13 10:32 UTC (permalink / raw)
To: Jan Beulich
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 10.01.2020 18:20, Jan Beulich wrote:
> On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
>> By default the sve bits are not set.
>> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
>> to set a range of sve bits.
>> The core function, p2m_set_suppress_ve_multi(), does not break in case
>> of a error and it is doing a best effort for setting the bits in the
>> given range. A check for continuation is made in order to have
>> preemption on large ranges.
>> The gfn of the first error is stored in
>> xen_hvm_altp2m_suppress_ve_multi.first_error and the error code is
>> stored in xen_hvm_altp2m_suppress_ve_multi.first_error_code.
>> If no error occurred the values will be 0.
>
> These last two sentences must have been stale for a while. IOW ...
I just saw that now, yes you are right, from when I changed the field names.
>
>> Changes since V6:
>> - Fix commit message
>
> ... has this really happened?
This was done for the "braek" typo and for large/big ranges but I will
fix the field names as well, thanks for pointing that out.
>
>> --- a/xen/arch/x86/mm/p2m.c
>> +++ b/xen/arch/x86/mm/p2m.c
>> @@ -3030,45 +3030,87 @@ out:
>> */
>> int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
>> unsigned int altp2m_idx)
>> +{
>> + int rc;
>> + struct xen_hvm_altp2m_suppress_ve_multi sve = {0};
>> +
>> + sve.view = altp2m_idx;
>> + sve.suppress_ve = suppress_ve;
>> + sve.first_gfn = gfn_x(gfn);
>> + sve.last_gfn = gfn_x(gfn);
>
> Can't all of these move into the initializer, instead of the
> somewhat odd 0?
Sure, it's no trouble.
>
>> + if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) && sve.first_error )
>> + rc = sve.first_error;
>
> Why the right side of the && ?
This is intended to have p2m_set_suppress_ve() call
p2m_set_suppress_ve_multi(). So here first I call the _multi version and
the check if there was any error from the set/get (that is what
p2m_set_suppress_ve did before). I don't know why git made the patch so
ugly.
>
>> +/*
>> + * Set/clear the #VE suppress bit for multiple pages. Only available on VMX.
>> + */
>> +int p2m_set_suppress_ve_multi(struct domain *d,
>> + struct xen_hvm_altp2m_suppress_ve_multi *sve)
>> {
>> struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
>> struct p2m_domain *ap2m = NULL;
>> - struct p2m_domain *p2m;
>> - mfn_t mfn;
>> - p2m_access_t a;
>> - p2m_type_t t;
>> - int rc;
>> + struct p2m_domain *p2m = host_p2m;
>> + uint64_t start = sve->first_gfn;
>> + int rc = 0;
>>
>> - if ( altp2m_idx > 0 )
>> + if ( sve->view > 0 )
>> {
>> - if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
>> - d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
>> + if ( sve->view >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
>> + d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_EPTP)] ==
>> mfn_x(INVALID_MFN) )
>> return -EINVAL;
>>
>> - p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
>> + p2m = ap2m = d->arch.altp2m_p2m[array_index_nospec(sve->view,
>> ARRAY_SIZE(d->arch.altp2m_p2m))];
>> }
>> - else
>> - p2m = host_p2m;
>>
>> - gfn_lock(host_p2m, gfn, 0);
>> + p2m_lock(host_p2m);
>>
>> if ( ap2m )
>> p2m_lock(ap2m);
>>
>> - rc = altp2m_get_effective_entry(p2m, gfn, &mfn, &t, &a, AP2MGET_query);
>> + while ( sve->last_gfn >= start )
>> + {
>> + p2m_access_t a;
>> + p2m_type_t t;
>> + mfn_t mfn;
>> + int err = 0;
>>
>> - if ( rc )
>> - goto out;
>> + if ( (err = altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a,
>> + AP2MGET_query)) &&
>> + !sve->first_error )
>> + {
>> + sve->first_error_gfn = start; /* Save the gfn of the first error */
>> + sve->first_error = err; /* Save the first error code */
>> + }
>>
>> - rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve);
>> + if ( !err && (err = p2m->set_entry(p2m, _gfn(start), mfn,
>> + PAGE_ORDER_4K, t, a,
>> + sve->suppress_ve)) &&
>> + !sve->first_error )
>> + {
>> + sve->first_error_gfn = start; /* Save the gfn of the first error */
>> + sve->first_error = err; /* Save the first error code */
>> + }
>
> I think it would help readability if you didn't do this error
> saving twice.
>
George requested this as well as having the single version call the
_multi version.
Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-13 10:32 ` Alexandru Stefan ISAILA
@ 2020-01-13 12:53 ` Jan Beulich
2020-01-13 13:44 ` Alexandru Stefan ISAILA
0 siblings, 1 reply; 12+ messages in thread
From: Jan Beulich @ 2020-01-13 12:53 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 13.01.2020 11:32, Alexandru Stefan ISAILA wrote:
> On 10.01.2020 18:20, Jan Beulich wrote:
>> On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
>>> + if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) && sve.first_error )
>>> + rc = sve.first_error;
>>
>> Why the right side of the && ?
>
> This is intended to have p2m_set_suppress_ve() call
> p2m_set_suppress_ve_multi(). So here first I call the _multi version and
> the check if there was any error from the set/get (that is what
> p2m_set_suppress_ve did before).
To put my original question differently: from a functionality pov,
how would
if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) )
rc = sve.first_error;
be different from your variant (as long as the field indeed starts
out as zero)?
> I don't know why git made the patch so ugly.
I have no idea what ugliness you refer to here.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-13 12:53 ` Jan Beulich
@ 2020-01-13 13:44 ` Alexandru Stefan ISAILA
0 siblings, 0 replies; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-13 13:44 UTC (permalink / raw)
To: Jan Beulich
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 13.01.2020 14:53, Jan Beulich wrote:
> On 13.01.2020 11:32, Alexandru Stefan ISAILA wrote:
>> On 10.01.2020 18:20, Jan Beulich wrote:
>>> On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
>>>> + if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) && sve.first_error )
>>>> + rc = sve.first_error;
>>>
>>> Why the right side of the && ?
>>
>> This is intended to have p2m_set_suppress_ve() call
>> p2m_set_suppress_ve_multi(). So here first I call the _multi version and
>> the check if there was any error from the set/get (that is what
>> p2m_set_suppress_ve did before).
>
> To put my original question differently: from a functionality pov,
> how would
>
> if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) )
> rc = sve.first_error; >
> be different from your variant (as long as the field indeed starts
> out as zero)?
It will be the same in this case and it can be dropped.
>
>> I don't know why git made the patch so ugly.
>
> I have no idea what ugliness you refer to here.
>
I was talking about the fact that the changes in p2m_set_suppress_ve()
got mixed with the ones in p2m_set_suppress_ve_multi().
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-10 16:12 ` [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
@ 2020-01-17 8:48 ` Alexandru Stefan ISAILA
0 siblings, 0 replies; 12+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-17 8:48 UTC (permalink / raw)
To: Jan Beulich
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jun Nakajima,
xen-devel, Roger Pau Monné
On 10.01.2020 18:12, Jan Beulich wrote:
> On 08.01.2020 15:08, Alexandru Stefan ISAILA wrote:
>> Changes since V6:
>> - Remove stray spaces
>> - Use ARRAY_SIZE(d->arch.altp2m_p2m) insead of MAX_ALTP2M.
>
> I'm not utterly confused:
>
>> --- a/xen/arch/x86/mm/mem_access.c
>> +++ b/xen/arch/x86/mm/mem_access.c
>> @@ -366,11 +366,13 @@ long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
>> #ifdef CONFIG_HVM
>> if ( altp2m_idx )
>> {
>> - if ( altp2m_idx >= MAX_ALTP2M ||
>> - d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
>> + if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
>> + d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
>> + mfn_x(INVALID_MFN) )
>> return -EINVAL;
>>
>> - ap2m = d->arch.altp2m_p2m[altp2m_idx];
>> + ap2m = d->arch.altp2m_p2m[array_index_nospec(altp2m_idx,
>> + ARRAY_SIZE(d->arch.altp2m_p2m))];
>
> Why is this still not
>
> ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
>
> ? What am I missing?
>
Sorry for the misunderstanding here, I will use array_access_nospec()
where the ARRAY_SIZE(d->arch.altp2m_p2m) is used.
Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
@ 2020-01-19 4:15 ` Tian, Kevin
0 siblings, 0 replies; 12+ messages in thread
From: Tian, Kevin @ 2020-01-19 4:15 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Nakajima, Jun, Wei Liu, George Dunlap, Andrew Cooper,
Jan Beulich, Roger Pau Monné
> From: Alexandru Stefan ISAILA <aisaila@bitdefender.com>
> Sent: Wednesday, January 8, 2020 10:09 PM
>
> No functional changes.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-01-19 4:16 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-08 14:08 [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-10 16:20 ` Jan Beulich
2020-01-13 10:32 ` Alexandru Stefan ISAILA
2020-01-13 12:53 ` Jan Beulich
2020-01-13 13:44 ` Alexandru Stefan ISAILA
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
2020-01-19 4:15 ` Tian, Kevin
2020-01-08 14:08 ` [Xen-devel] [PATCH V7 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
2020-01-10 16:41 ` Jan Beulich
2020-01-10 16:12 ` [Xen-devel] [PATCH V7 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
2020-01-17 8:48 ` Alexandru Stefan ISAILA
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.