From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@suse.com>
Subject: Re: [PATCH v4 07/17] x86/hvm: add length to mmio check
	op
Date: Thu, 25 Jun 2015 14:29:26 +0100
Message-ID: <558C1E560200007800089A8B@mail.emea.novell.com>
References: <1435145089-21999-1-git-send-email-paul.durrant@citrix.com>
	<1435145089-21999-8-git-send-email-paul.durrant@citrix.com>
	<558BF247.9000208@citrix.com>
	<558C14370200007800089A1F@mail.emea.novell.com>
	<9AAE0902D5BC7E449B7C8E4E778ABCD025971101@AMSPEX01CL02.citrite.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <JBeulich@suse.com>) id 1Z87De-0001Po-T5
	for xen-devel@lists.xenproject.org; Thu, 25 Jun 2015 13:29:31 +0000
In-Reply-To: <9AAE0902D5BC7E449B7C8E4E778ABCD025971101@AMSPEX01CL02.citrite.net>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <Andrew.Cooper3@citrix.com>, Paul Durrant <Paul.Durrant@citrix.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>, "Keir(Xen.org)" <keir@xen.org>
List-Id: xen-devel@lists.xenproject.org

>>> On 25.06.15 at 15:08, <Paul.Durrant@citrix.com> wrote:
>>  -----Original Message-----
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>> Sent: 25 June 2015 13:46
>> To: Andrew Cooper
>> Cc: Paul Durrant; xen-devel@lists.xenproject.org; Keir (Xen.org)
>> Subject: Re: [PATCH v4 07/17] x86/hvm: add length to mmio check op
>> 
>> >>> On 25.06.15 at 14:21, <andrew.cooper3@citrix.com> wrote:
>> > On 24/06/15 12:24, Paul Durrant wrote:
>> >> When memory mapped I/O is range checked by internal handlers, the
>> length
>> >> of the access should be taken into account.
>> >>
>> >> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
>> >> Cc: Keir Fraser <keir@xen.org>
>> >> Cc: Jan Beulich <jbeulich@suse.com>
>> >> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>> >>
>> >
>> > For what purpose?  The length of the access doesn't affect which handler
>> > should accept the IO.
>> >
>> > This length check now causes an MMIO handler to not claim an access
>> > which straddles the upper boundary.
>> >
>> > It is probably fine to terminate such an access early, but it isn't fine
>> > to pass such a straddled access to the default ioreq server.
>> 
>> No, without involving the length in the check we can end up with
>> check() saying "Yes, mine" but read() or write() saying "Not me".
>> What I would agree with is for the generic handler to split the
>> access if the first byte fits, but the final byte doesn't.
> 
> That's not a trivial thing to do. Could we, for now, have the check claim 
> based on address but domain_crash() if length does not fit?

Would seem acceptable to me; if problems arise we could drop
that domain_crash() later on with a trivial patch.

Jan