From: Julien Grall <julien@xen.org>
To: Roger Pau Monne <roger.pau@citrix.com>, xen-devel@lists.xenproject.org
Cc: Ian Jackson <iwj@xenproject.org>, Wei Liu <wl@xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Anthony PERARD <anthony.perard@citrix.com>,
Juergen Gross <jgross@suse.com>
Subject: Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
Date: Wed, 22 Sep 2021 14:19:04 +0500 [thread overview]
Message-ID: <b900f179-c6c2-00f5-e531-5110307fa491@xen.org> (raw)
In-Reply-To: <20210922082123.54374-7-roger.pau@citrix.com>
Hi Roger,
On 22/09/2021 13:21, Roger Pau Monne wrote:
> Allow setting max_grant_version to 0 in order to disable grant table
> usage by a domain. This prevents allocating the grant-table structure
> inside of Xen and requires guards to be added in several functions in
> order to prevent dereferencing the structure.
>
> Note that a domain without a grant table could still use some of the
> grant related hypercalls, it could for example issue a GNTTABOP_copy
> of a grant reference from a remote domain into a local frame.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
> docs/man/xl.cfg.5.pod.in | 4 +-
> tools/libs/light/libxl_dom.c | 2 +-
> xen/common/grant_table.c | 100 +++++++++++++++++++++++++++++++++--
> 3 files changed, 98 insertions(+), 8 deletions(-)
>
> diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
> index c5a447dfcd..d507540c2c 100644
> --- a/docs/man/xl.cfg.5.pod.in
> +++ b/docs/man/xl.cfg.5.pod.in
> @@ -583,8 +583,8 @@ L<xl.conf(5)>.
> =item B<max_grant_version=NUMBER>
>
> Specify the maximum grant table version the domain is allowed to use. Current
> -supported versions are 1 and 2. The default value is settable via
> -L<xl.conf(5)>.
> +supported versions are 1 and 2. Setting to 0 disables the grant table for the
> +domain. The default value is settable via L<xl.conf(5)>.
Technically, the version only applies to format of the table for
granting page. The mapping itself is version agnostic. So this feels a
bit wrong to use max_grant_version to not allocate d->grant_table.
I also can see use-cases where we may want to allow a domain to grant
page but not map grant (for instance, a further hardening of XSA-380).
Therefore, I think we want to keep max_grant_version for the table
itself and manage the mappings separately (possibly by letting the admin
to select the max number of entries in the maptrack).
Cheers,
--
Julien Grall
next prev parent reply other threads:[~2021-09-22 9:19 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 8:21 [PATCH v2 0/6] gnttab: add per-domain controls Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 1/6] tools/console: use xenforeigmemory to map console ring Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 2/6] gnttab: allow setting max version per-domain Roger Pau Monne
2021-10-15 9:39 ` Jan Beulich
2021-10-15 9:48 ` Jan Beulich
2021-10-20 8:04 ` Roger Pau Monné
2021-10-20 10:57 ` Jan Beulich
2021-10-20 11:45 ` Juergen Gross
2021-10-20 13:00 ` Roger Pau Monné
2021-10-15 11:47 ` Jan Beulich
2021-10-20 11:58 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 3/6] gnttab: allow per-domain control over transitive grants Roger Pau Monne
2021-09-22 9:28 ` Christian Lindig
2021-10-15 10:05 ` Jan Beulich
2021-10-20 10:14 ` Roger Pau Monné
2021-10-20 11:51 ` Jan Beulich
2021-10-15 11:46 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 4/6] tools/xenstored: use atexit to close interfaces Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring Roger Pau Monne
2021-09-22 9:07 ` Julien Grall
2021-09-22 9:58 ` Roger Pau Monné
2021-09-22 10:23 ` Julien Grall
2021-09-22 12:34 ` Juergen Gross
2021-09-22 13:46 ` Julien Grall
2021-09-23 7:23 ` Roger Pau Monné
2021-09-23 7:56 ` Julien Grall
2021-10-20 14:48 ` Julien Grall
2021-09-22 8:21 ` [PATCH v2 6/6] gnttab: allow disabling grant table per-domain Roger Pau Monne
2021-09-22 9:19 ` Julien Grall [this message]
2021-09-22 9:38 ` Juergen Gross
2021-09-23 8:41 ` Julien Grall
2021-10-15 11:51 ` Jan Beulich
2021-10-15 12:09 ` Jan Beulich
2021-09-22 8:57 ` [PATCH v2 0/6] gnttab: add per-domain controls Julien Grall
2021-09-22 9:39 ` Roger Pau Monné
2021-09-23 8:47 ` Julien Grall
2021-09-23 11:19 ` Roger Pau Monné
2021-09-24 2:30 ` Julien Grall
2021-09-24 6:21 ` Jan Beulich
2021-09-24 7:30 ` Julien Grall
2021-09-24 7:49 ` Jan Beulich
2021-09-24 7:46 ` Roger Pau Monné
2021-10-11 9:36 ` Roger Pau Monné
2021-10-11 9:52 ` Christian Lindig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b900f179-c6c2-00f5-e531-5110307fa491@xen.org \
--to=julien@xen.org \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=iwj@xenproject.org \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.