All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Punit Agrawal <punit.agrawal@arm.com>, xen-devel@lists.xen.org
Cc: sstabellini@kernel.org, wei.liu2@citrix.com,
	George.Dunlap@eu.citrix.com, ian.jackson@eu.citrix.com,
	tim@xen.org, julien.grall@arm.com, jbeulich@suse.com
Subject: Re: [For Xen-4.10 PATCH v2 3/3] Avoid excess icache flushes in populate_physmap() before domain has been created
Date: Wed, 7 Jun 2017 12:19:43 +0100	[thread overview]
Message-ID: <568966ce-c790-e8a2-5cd5-647196811990@citrix.com> (raw)
In-Reply-To: <20170526111407.13537-4-punit.agrawal@arm.com>

On 26/05/17 12:14, Punit Agrawal wrote:
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 52879e7438..34d2dda8b4 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -152,16 +152,26 @@ static void populate_physmap(struct memop_args *a)
>                              max_order(curr_d)) )
>          return;
>  
> -    /*
> -     * With MEMF_no_tlbflush set, alloc_heap_pages() will ignore
> -     * TLB-flushes. After VM creation, this is a security issue (it can
> -     * make pages accessible to guest B, when guest A may still have a
> -     * cached mapping to them). So we do this only during domain creation,
> -     * when the domain itself has not yet been unpaused for the first
> -     * time.
> -     */
>      if ( unlikely(!d->creation_finished) )
> +    {
> +        /*
> +         * With MEMF_no_tlbflush set, alloc_heap_pages() will ignore
> +         * TLB-flushes. After VM creation, this is a security issue (it can
> +         * make pages accessible to guest B, when guest A may still have a
> +         * cached mapping to them). So we do this only during domain creation,
> +         * when the domain itself has not yet been unpaused for the first
> +         * time.
> +         */
>          a->memflags |= MEMF_no_tlbflush;
> +        /*
> +         * With MEMF_no_icache_flush, alloc_heap_pages() will skip
> +         * performing icache flushes. We do it only before domain
> +         * creation as once the domain is running there is a danger of
> +         * executing instructions from stale caches if icache flush is
> +         * delayed.
> +         */
> +        a->memflags |= MEMF_no_icache_flush;
> +    }
>  
>      for ( i = a->nr_done; i < a->nr_extents; i++ )
>      {
> @@ -211,7 +221,6 @@ static void populate_physmap(struct memop_args *a)
>                  }
>  
>                  mfn = gpfn;
> -                page = mfn_to_page(mfn);

What is the purpose of this hunk?

It is not mentioned in the commit message at all, and looks unsafe to me.

~Andrew

>              }
>              else
>              {
>


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  parent reply	other threads:[~2017-06-07 11:19 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-26 11:14 [For Xen-4.10 PATCH v2 0/3] Reduce unnecessary icache maintenance operations Punit Agrawal
2017-05-26 11:14 ` [For Xen-4.10 PATCH v2 1/3] Allow control of icache invalidations when calling flush_page_to_ram() Punit Agrawal
2017-05-26 11:14 ` [For Xen-4.10 PATCH v2 2/3] arm: p2m: Prevent redundant icache flushes Punit Agrawal
2017-05-26 11:14 ` [For Xen-4.10 PATCH v2 3/3] Avoid excess icache flushes in populate_physmap() before domain has been created Punit Agrawal
2017-05-26 11:51   ` Jan Beulich
2017-06-07  8:38   ` Jan Beulich
2017-06-07  8:59     ` Punit Agrawal
2017-06-07  9:34   ` [For Xen-4.10 PATCH] Ensure invalidate_icache() definition is visible only when !__ASSEMBLY__ Punit Agrawal
2017-06-07 10:37     ` Jan Beulich
2017-06-07 11:19   ` Andrew Cooper [this message]
2017-06-07 11:32     ` [For Xen-4.10 PATCH v2 3/3] Avoid excess icache flushes in populate_physmap() before domain has been created Julien Grall
2017-06-07 11:41       ` Punit Agrawal
2017-06-07 12:04   ` [For Xen-4.10 PATCH] memory: Re-introduce an erroneously dropped line Punit Agrawal
2017-06-07 12:13     ` Jan Beulich
2017-06-07 12:16       ` Julien Grall
2017-06-06 16:32 ` [For Xen-4.10 PATCH v2 0/3] Reduce unnecessary icache maintenance operations Julien Grall
2017-06-06 16:36   ` Jan Beulich
2017-06-06 18:51   ` Stefano Stabellini
2017-06-07  9:46     ` Punit Agrawal
2017-06-07 17:46       ` Stefano Stabellini
2017-06-07 17:47         ` Julien Grall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=568966ce-c790-e8a2-5cd5-647196811990@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien.grall@arm.com \
    --cc=punit.agrawal@arm.com \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.