* [PATCH] x86/shadow: Clarify the safety of guest-linear mapping construction
@ 2017-09-01 15:29 Andrew Cooper
2017-09-03 11:44 ` Tim Deegan
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Cooper @ 2017-09-01 15:29 UTC (permalink / raw)
To: Xen-devel; +Cc: Andrew Cooper, Tim Deegan
sh_install_xen_entries_in_l4() looks unsafe, as it creates a guest-linear
mapping with gl4mfn. However, it is correct because of the way monitor tables
are constructed for translated domains.
Leave a comment and some clarifying assertions.
Also, there is no longer support for translate != external, so drop the clause
as it is dead.
Finally, correct the comment for sh_install_xen_entries_in_l2h(). We need to
add Xen mappings into l2h for 3-on-any PV guests.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Tim Deegan <tim@xen.org>
---
xen/arch/x86/mm/shadow/multi.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c
index c5c0af8..7ab8f29 100644
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -1492,28 +1492,29 @@ void sh_install_xen_entries_in_l4(struct domain *d, mfn_t gl4mfn, mfn_t sl4mfn)
sl4e[shadow_l4_table_offset(SH_LINEAR_PT_VIRT_START)] =
shadow_l4e_from_mfn(sl4mfn, __PAGE_HYPERVISOR_RW);
- /* Self linear mapping. */
- if ( shadow_mode_translate(d) && !shadow_mode_external(d) )
- {
- // linear tables may not be used with translated PV guests
- sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
- shadow_l4e_empty();
- }
+ /*
+ * It is not safe to create guest linear mappings into a translated
+ * domain. For translated domains, this function is used once to create a
+ * monitor table, and gl4mfn matches sl4mfn. For non-translated domains,
+ * gl4mfn points to the real guest tables and will differ from sl4mfn.
+ */
+ if ( shadow_mode_translate(d) )
+ ASSERT(mfn_eq(gl4mfn, sl4mfn));
else
- {
- sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
- shadow_l4e_from_mfn(gl4mfn, __PAGE_HYPERVISOR_RW);
- }
+ ASSERT(!mfn_eq(gl4mfn, sl4mfn));
+
+ sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
+ shadow_l4e_from_mfn(gl4mfn, __PAGE_HYPERVISOR_RW);
unmap_domain_page(sl4e);
}
#endif
#if GUEST_PAGING_LEVELS >= 3
-// For 3-on-3 PV guests, we need to make sure the xen mappings are in
-// place, which means that we need to populate the l2h entry in the l3
-// table.
-
+/*
+ * For 3-level PV guests, we need to make sure the xen mappings are in place,
+ * which means that we need to populate the l2h entry in the l3 table.
+ */
static void sh_install_xen_entries_in_l2h(struct domain *d, mfn_t sl2hmfn)
{
shadow_l2e_t *sl2e;
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] x86/shadow: Clarify the safety of guest-linear mapping construction
2017-09-01 15:29 [PATCH] x86/shadow: Clarify the safety of guest-linear mapping construction Andrew Cooper
@ 2017-09-03 11:44 ` Tim Deegan
0 siblings, 0 replies; 2+ messages in thread
From: Tim Deegan @ 2017-09-03 11:44 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Xen-devel
At 16:29 +0100 on 01 Sep (1504283350), Andrew Cooper wrote:
> sh_install_xen_entries_in_l4() looks unsafe, as it creates a guest-linear
> mapping with gl4mfn. However, it is correct because of the way monitor tables
> are constructed for translated domains.
>
> Leave a comment and some clarifying assertions.
>
> Also, there is no longer support for translate != external, so drop the clause
> as it is dead.
>
> Finally, correct the comment for sh_install_xen_entries_in_l2h(). We need to
> add Xen mappings into l2h for 3-on-any PV guests.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Tim Deegan <tim@xen.org>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-09-03 11:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-01 15:29 [PATCH] x86/shadow: Clarify the safety of guest-linear mapping construction Andrew Cooper
2017-09-03 11:44 ` Tim Deegan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.