From: Stefano Stabellini <sstabellini@kernel.org>
To: Juergen Gross <jgross@suse.com>
Cc: xen-devel@lists.xenproject.org,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Julien Grall" <julien@xen.org>,
"Bertrand Marquis" <bertrand.marquis@arm.com>,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>, "Wei Liu" <wl@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Paul Durrant" <paul@xen.org>
Subject: Re: [PATCH v4] xen/iommu: cleanup iommu related domctl handling
Date: Fri, 22 Apr 2022 16:41:37 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2204221640290.915916@ubuntu-linux-20-04-desktop> (raw)
In-Reply-To: <20220420055736.27901-1-jgross@suse.com>
On Wed, 20 Apr 2022, Juergen Gross wrote:
> Today iommu_do_domctl() is being called from arch_do_domctl() in the
> "default:" case of a switch statement. This has led already to crashes
> due to unvalidated parameters.
>
> Fix that by moving the call of iommu_do_domctl() to the main switch
> statement of do_domctl().
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
For the ARM side:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
I have no opinion on the ENOSYS vs EOPNOTSUPP discussion.
> ---
> V3:
> - new patch
> V4:
> - add iommu_do_domctl() stub for !CONFIG_HAS_PASSTHROUGH (Andrew Cooper,
> Jan Beulich)
> ---
> xen/arch/arm/domctl.c | 11 +----------
> xen/arch/x86/domctl.c | 2 +-
> xen/common/domctl.c | 7 +++++++
> xen/include/xen/iommu.h | 12 +++++++++---
> 4 files changed, 18 insertions(+), 14 deletions(-)
>
> diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
> index 6245af6d0b..1baf25c3d9 100644
> --- a/xen/arch/arm/domctl.c
> +++ b/xen/arch/arm/domctl.c
> @@ -176,16 +176,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
> return rc;
> }
> default:
> - {
> - int rc;
> -
> - rc = subarch_do_domctl(domctl, d, u_domctl);
> -
> - if ( rc == -ENOSYS )
> - rc = iommu_do_domctl(domctl, d, u_domctl);
> -
> - return rc;
> - }
> + return subarch_do_domctl(domctl, d, u_domctl);
> }
> }
>
> diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
> index a6aae500a3..c9699bb868 100644
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -1380,7 +1380,7 @@ long arch_do_domctl(
> break;
>
> default:
> - ret = iommu_do_domctl(domctl, d, u_domctl);
> + ret = -ENOSYS;
> break;
> }
>
> diff --git a/xen/common/domctl.c b/xen/common/domctl.c
> index 5879117580..0a866e3132 100644
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -871,6 +871,13 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> copyback = 1;
> break;
>
> + case XEN_DOMCTL_assign_device:
> + case XEN_DOMCTL_test_assign_device:
> + case XEN_DOMCTL_deassign_device:
> + case XEN_DOMCTL_get_device_group:
> + ret = iommu_do_domctl(op, d, u_domctl);
> + break;
> +
> default:
> ret = arch_do_domctl(op, d, u_domctl);
> break;
> diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h
> index 3a83981464..c6bbb65bbf 100644
> --- a/xen/include/xen/iommu.h
> +++ b/xen/include/xen/iommu.h
> @@ -341,8 +341,17 @@ struct domain_iommu {
> /* Does the IOMMU pagetable need to be kept synchronized with the P2M */
> #ifdef CONFIG_HAS_PASSTHROUGH
> #define need_iommu_pt_sync(d) (dom_iommu(d)->need_sync)
> +
> +int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d,
> + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl);
> #else
> #define need_iommu_pt_sync(d) ({ (void)(d); false; })
> +
> +static inline int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d,
> + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> +{
> + return -ENOSYS;
> +}
> #endif
>
> int __must_check iommu_suspend(void);
> @@ -356,9 +365,6 @@ int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d,
> XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
> #endif
>
> -int iommu_do_domctl(struct xen_domctl *, struct domain *d,
> - XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
> -
> void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev);
>
> /*
> --
> 2.34.1
>
prev parent reply other threads:[~2022-04-22 23:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-20 5:57 [PATCH v4] xen/iommu: cleanup iommu related domctl handling Juergen Gross
2022-04-20 6:11 ` Jan Beulich
2022-04-20 6:22 ` Juergen Gross
2022-04-20 6:27 ` Jan Beulich
2022-04-21 17:47 ` Andrew Cooper
2022-04-22 7:09 ` Jan Beulich
2022-04-22 19:01 ` Andrew Cooper
2022-04-23 5:55 ` Juergen Gross
2022-04-21 17:51 ` Andrew Cooper
2022-04-22 23:41 ` Stefano Stabellini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2204221640290.915916@ubuntu-linux-20-04-desktop \
--to=sstabellini@kernel.org \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=bertrand.marquis@arm.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=paul@xen.org \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.