From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1422834AbcFMMln (ORCPT <rfc822;w@1wt.eu>);
	Mon, 13 Jun 2016 08:41:43 -0400
Received: from foss.arm.com ([217.140.101.70]:51505 "EHLO foss.arm.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S964968AbcFMMlk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 13 Jun 2016 08:41:40 -0400
Subject: Re: [Xen-devel] [PATCH] xen: grant-table: Check truncation when
 giving access to a frame
To: Paul Durrant <Paul.Durrant@citrix.com>,
        "boris.ostrovsky@oracle.com" <boris.ostrovsky@oracle.com>,
        David Vrabel <david.vrabel@citrix.com>,
        "jgross@suse.com" <jgross@suse.com>,
        "sstabellini@kernel.org" <sstabellini@kernel.org>,
        "konrad.wilk@oracle.com" <konrad.wilk@oracle.com>
References: <1465815046-5390-1-git-send-email-julien.grall@arm.com>
 <f840483492114a56b4bada9d3367aa76@AMSPEX02CL03.citrite.net>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>,
        "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "JBeulich@suse.com" <JBeulich@suse.com>,
        "steve.capper@arm.com" <steve.capper@arm.com>
From: Julien Grall <julien.grall@arm.com>
Message-ID: <575EAA00.10705@arm.com>
Date: Mon, 13 Jun 2016 13:41:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <f840483492114a56b4bada9d3367aa76@AMSPEX02CL03.citrite.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello Paul,

On 13/06/16 13:12, Paul Durrant wrote:
>> -----Original Message-----
>> From: Xen-devel [mailto:xen-devel-bounces@lists.xen.org] On Behalf Of
>> Julien Grall
>> Sent: 13 June 2016 11:51
>> To: boris.ostrovsky@oracle.com; David Vrabel; jgross@suse.com;
>> sstabellini@kernel.org; konrad.wilk@oracle.com
>> Cc: steve.capper@arm.com; Andrew Cooper; linux-kernel@vger.kernel.org;
>> xen-devel@lists.xen.org; Julien Grall; JBeulich@suse.com
>> Subject: [Xen-devel] [PATCH] xen: grant-table: Check truncation when giving
>> access to a frame
>>
>> The version 1 of the grant-table protocol only supports frame encoded on
>> 32-bit.
>>
>> When the platform is supporting 48-bit physical address, the frame will
>> be encoded on 36-bit which will lead a truncation and give access to
>> the wrong frame.
>>
>> On ARM Xen will always allow the guest to use all the physical address,
>> although today the RAM is always located under 40-bits (see
>> xen/include/public/arch-arm.h).
>>
>> Add a truncation check in gnttab_update_entry_v1 to prevent the guest to
>> give access to the wrong frame.
>>
>> Signed-off-by: Julien Grall <julien.grall@arm.com>
>>
>> ---
>>      This is limiting us to a 44-bit address space whilst ARM can support
>>      up to 48-bit today. This number of bit will increase to 52-bit in
>>      upcoming processors [1].
>>
>>      It might be good to start thinking to extend the version 1 of the
>>      protocol to use 64-bit frame number.
>
> ...or simply use version 2 of the protocol.

On another mail [1], you said that "[v2] didn't scale it became 
bottle-necked on dom0's grant table size,...".

So it looks like to me that version 2 is the wrong way to go.
The performance should stay the same whether the platform support 
40-bit, 44-bit, 48-bit, 52-bit address space.

Regards,

-- 
Julien Grall