From: Stefano Stabellini <sstabellini@kernel.org>
To: Jan Beulich <JBeulich@suse.com>
Cc: Stefano Stabellini <stefanos@xilinx.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>, Sky Liu <blackskygg@gmail.com>,
George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
xen-devel@lists.xen.org, Julien Grall <julien.grall@arm.com>,
tim@xen.org, jbeulich@suse.com,
Daniel de Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v6 1/7] xen: xsm: flask: introduce XENMAPSPACE_gmfn_share for memory sharing
Date: Wed, 1 Aug 2018 15:21:18 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.10.1808011457120.5781@sstabellini-ThinkPad-X260> (raw)
In-Reply-To: <5B6171CE02000078001D9C39@prv1-mh.provo.novell.com>
On Wed, 1 Aug 2018, Jan Beulich wrote:
> First of all I think your Cc list is too short here - all of REST should be
> included imo.
CC'ing them now. I'll also add them automatically from next time.
> >>> On 31.07.18 at 20:23, <sstabellini@kernel.org> wrote:
> > --- a/xen/include/xsm/dummy.h
> > +++ b/xen/include/xsm/dummy.h
> > @@ -535,6 +535,21 @@ static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, str
> > return xsm_default_action(action, d, t);
> > }
> >
> > +/*
> > + * This action also requires that @current targets @d, but it has already been
> > + * checked somewhere higher in the call stack.
>
> I'm not convinced it is a good idea to have such a dependency, even
> more so with this cloudy a reference. If there's another XSM check
> that has necessarily been done before, you should at least name it
> here so it's easy to later verify that the assumption still holds. But
> even better would imo be to re-do the check here, just in case.
I am fine with that. It should be just a matter of doing the following,
right?
static XSM_INLINE int xsm_map_gmfn_share(XSM_DEFAULT_ARG struct domain *d,
struct domain *t)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(XSM_TARGET, current->domain, d) &&
xsm_default_action(action, current->domain, t);
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -1198,6 +1198,17 @@ static int flask_map_gmfn_foreign(struct domain *d, struct domain *t)
> > return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE);
> > }
> >
> > +/*
> > + * This action also requires that @current has MMU__MAP_READ/WRITE over @d,
> > + * but that has already been checked somewhere higher in the call stack (for
> > + * example, by flask_add_to_physmap()).
>
> This one's better in that it at least names the other hook. Still I'm
> not fully convinced that omitting the other half of the check here
> is prudent. We'll see what others think ...
Sure, it should be simple to change (I hope I am not missing something).
static int flask_map_gmfn_share(struct domain *d, struct domain *t)
{
return current_has_perm(d, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE) &&
(current_has_perm(t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE) ?:
domain_has_perm(d, t, SECCLASS_MMU, MMU__SHARE_MEM));
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-08-01 22:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-31 18:22 [PATCH v6 0/7] Allow setting up shared memory areas between VMs from xl config files Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 1/7] xen: xsm: flask: introduce XENMAPSPACE_gmfn_share for memory sharing Stefano Stabellini
2018-08-01 8:39 ` Jan Beulich
2018-08-01 22:21 ` Stefano Stabellini [this message]
2018-08-02 6:47 ` Jan Beulich
2018-08-02 20:57 ` Stefano Stabellini
2018-08-03 6:37 ` Jan Beulich
2018-08-03 20:17 ` Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 2/7] libxl: introduce a new structure to represent static shared memory regions Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 3/7] libxl: support mapping static shared memory areas during domain creation Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 4/7] libxl: support unmapping static shared memory areas during domain destruction Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 5/7] libxl:xl: add parsing code to parse "libxl_static_sshm" from xl config files Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 6/7] docs: documentation about static shared memory regions Stefano Stabellini
2018-07-31 18:23 ` [PATCH v6 7/7] xen/arm: export shared memory regions as reserved-memory on device tree Stefano Stabellini
2018-08-01 9:26 ` Julien Grall
2018-08-01 22:25 ` Stefano Stabellini
2018-08-03 9:12 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.10.1808011457120.5781@sstabellini-ThinkPad-X260 \
--to=sstabellini@kernel.org \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=blackskygg@gmail.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=julien.grall@arm.com \
--cc=stefanos@xilinx.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.