* [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
@ 2020-01-17 13:31 Alexandru Stefan ISAILA
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
` (6 more replies)
0 siblings, 7 replies; 19+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-17 13:31 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jan Beulich,
Jun Nakajima, Alexandru Stefan ISAILA, Roger Pau Monné
This patch aims to sanitize indexes, potentially guest provided
values, for altp2m_eptp[] and altp2m_p2m[] arrays.
Requested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
---
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: Jun Nakajima <jun.nakajima@intel.com>
CC: Kevin Tian <kevin.tian@intel.com>
---
Changes since V7:
- Make use of array_access_nospec() over
array_index_nospec(altp2m_idx, ARRAY_SIZE(d->arch.altp2m_p2m).
---
xen/arch/x86/mm/mem_access.c | 21 ++++++++++---------
xen/arch/x86/mm/p2m-ept.c | 4 ++--
xen/arch/x86/mm/p2m.c | 39 +++++++++++++++++++++---------------
3 files changed, 37 insertions(+), 27 deletions(-)
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index 320b9fe621..31ff826393 100644
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -366,11 +366,12 @@ long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
#ifdef CONFIG_HVM
if ( altp2m_idx )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
}
#else
ASSERT(!altp2m_idx);
@@ -425,11 +426,12 @@ long p2m_set_mem_access_multi(struct domain *d,
#ifdef CONFIG_HVM
if ( altp2m_idx )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
}
#else
ASSERT(!altp2m_idx);
@@ -491,11 +493,12 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
}
else if ( altp2m_idx ) /* altp2m view 0 is treated as the hostp2m */
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
}
#else
ASSERT(!altp2m_idx);
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index b5517769c9..b078a9a59e 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1353,7 +1353,7 @@ void setup_ept_dump(void)
void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
{
- struct p2m_domain *p2m = d->arch.altp2m_p2m[i];
+ struct p2m_domain *p2m = array_access_nospec(d->arch.altp2m_p2m, i);
struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
struct ept_data *ept;
@@ -1366,7 +1366,7 @@ void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
ept = &p2m->ept;
ept->mfn = pagetable_get_pfn(p2m_get_pagetable(p2m));
- d->arch.altp2m_eptp[i] = ept->eptp;
+ d->arch.altp2m_eptp[array_index_nospec(i, MAX_EPTP)] = ept->eptp;
}
unsigned int p2m_find_altp2m_by_eptp(struct domain *d, uint64_t eptp)
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 3119269073..00b24342fc 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2502,7 +2502,7 @@ static void p2m_reset_altp2m(struct domain *d, unsigned int idx,
struct p2m_domain *p2m;
ASSERT(idx < MAX_ALTP2M);
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = array_access_nospec(d->arch.altp2m_p2m, idx);
p2m_lock(p2m);
@@ -2543,7 +2543,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
ASSERT(idx < MAX_ALTP2M);
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = array_access_nospec(d->arch.altp2m_p2m, idx);
hostp2m = p2m_get_hostp2m(d);
p2m_lock(p2m);
@@ -2574,12 +2574,13 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
{
int rc = -EINVAL;
- if ( idx >= MAX_ALTP2M )
+ if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
altp2m_list_lock(d);
- if ( d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) )
+ if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
rc = p2m_activate_altp2m(d, idx);
altp2m_list_unlock(d);
@@ -2615,7 +2616,7 @@ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx)
struct p2m_domain *p2m;
int rc = -EBUSY;
- if ( !idx || idx >= MAX_ALTP2M )
+ if ( !idx || idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
rc = domain_pause_except_self(d);
@@ -2625,14 +2626,16 @@ int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx)
rc = -EBUSY;
altp2m_list_lock(d);
- if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) )
+ if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] !=
+ mfn_x(INVALID_MFN) )
{
- p2m = d->arch.altp2m_p2m[idx];
+ p2m = array_access_nospec(d->arch.altp2m_p2m, idx);
if ( !_atomic_read(p2m->active_vcpus) )
{
p2m_reset_altp2m(d, idx, ALTP2M_DEACTIVATE);
- d->arch.altp2m_eptp[idx] = mfn_x(INVALID_MFN);
+ d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] =
+ mfn_x(INVALID_MFN);
rc = 0;
}
}
@@ -2689,11 +2692,13 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx,
mfn_t mfn;
int rc = -EINVAL;
- if ( idx >= MAX_ALTP2M || d->arch.altp2m_eptp[idx] == mfn_x(INVALID_MFN) )
+ if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return rc;
hp2m = p2m_get_hostp2m(d);
- ap2m = d->arch.altp2m_p2m[idx];
+ ap2m = array_access_nospec(d->arch.altp2m_p2m, idx);
p2m_lock(hp2m);
p2m_lock(ap2m);
@@ -3032,11 +3037,12 @@ int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
if ( altp2m_idx > 0 )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
}
else
p2m = host_p2m;
@@ -3075,11 +3081,12 @@ int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
if ( altp2m_idx > 0 )
{
- if ( altp2m_idx >= MAX_ALTP2M ||
- d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
}
else
p2m = host_p2m;
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
@ 2020-01-17 13:31 ` Alexandru Stefan ISAILA
2020-01-17 14:33 ` Jan Beulich
` (3 more replies)
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
` (5 subsequent siblings)
6 siblings, 4 replies; 19+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-17 13:31 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Jan Beulich,
Alexandru Stefan ISAILA, Roger Pau Monné
By default the sve bits are not set.
This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
to set a range of sve bits.
The core function, p2m_set_suppress_ve_multi(), does not break in case
of a error and it is doing a best effort for setting the bits in the
given range. A check for continuation is made in order to have
preemption on large ranges.
The gfn of the first error is stored in
xen_hvm_altp2m_suppress_ve_multi.first_error_gfn and the error code is
stored in xen_hvm_altp2m_suppress_ve_multi.first_error.
If no error occurred the values will be 0.
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
---
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Julien Grall <julien@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
---
Changes since V7:
- Fix commit message
- Move all in values in the sve initializer
- Drop sve.first_error check.
---
tools/libxc/include/xenctrl.h | 4 ++
tools/libxc/xc_altp2m.c | 33 +++++++++++++++
xen/arch/x86/hvm/hvm.c | 20 +++++++++
xen/arch/x86/mm/p2m.c | 75 +++++++++++++++++++++++++--------
xen/include/public/hvm/hvm_op.h | 13 ++++++
xen/include/xen/mem_access.h | 3 ++
6 files changed, 130 insertions(+), 18 deletions(-)
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index 75f191ae3a..cc4eb1e3d3 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -1923,6 +1923,10 @@ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid,
uint16_t view_id);
int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn, bool sve);
+int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
+ uint16_t view_id, xen_pfn_t first_gfn,
+ xen_pfn_t last_gfn, bool sve,
+ xen_pfn_t *error_gfn, int32_t *error_code);
int xc_altp2m_get_suppress_ve(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn, bool *sve);
int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c
index 09dad0355e..46fb725806 100644
--- a/tools/libxc/xc_altp2m.c
+++ b/tools/libxc/xc_altp2m.c
@@ -234,6 +234,39 @@ int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
return rc;
}
+int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
+ uint16_t view_id, xen_pfn_t first_gfn,
+ xen_pfn_t last_gfn, bool sve,
+ xen_pfn_t *error_gfn, int32_t *error_code)
+{
+ int rc;
+ DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg);
+
+ arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg));
+ if ( arg == NULL )
+ return -1;
+
+ arg->version = HVMOP_ALTP2M_INTERFACE_VERSION;
+ arg->cmd = HVMOP_altp2m_set_suppress_ve_multi;
+ arg->domain = domid;
+ arg->u.suppress_ve_multi.view = view_id;
+ arg->u.suppress_ve_multi.first_gfn = first_gfn;
+ arg->u.suppress_ve_multi.last_gfn = last_gfn;
+ arg->u.suppress_ve_multi.suppress_ve = sve;
+
+ rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m,
+ HYPERCALL_BUFFER_AS_ARG(arg));
+
+ if ( arg->u.suppress_ve_multi.first_error )
+ {
+ *error_gfn = arg->u.suppress_ve_multi.first_error_gfn;
+ *error_code = arg->u.suppress_ve_multi.first_error;
+ }
+
+ xc_hypercall_buffer_free(handle, arg);
+ return rc;
+}
+
int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
uint16_t view_id, xen_pfn_t gfn,
xenmem_access_t access)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 4723f5d09c..4d79b4934e 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4520,6 +4520,7 @@ static int do_altp2m_op(
case HVMOP_altp2m_destroy_p2m:
case HVMOP_altp2m_switch_p2m:
case HVMOP_altp2m_set_suppress_ve:
+ case HVMOP_altp2m_set_suppress_ve_multi:
case HVMOP_altp2m_get_suppress_ve:
case HVMOP_altp2m_set_mem_access:
case HVMOP_altp2m_set_mem_access_multi:
@@ -4678,6 +4679,25 @@ static int do_altp2m_op(
}
break;
+ case HVMOP_altp2m_set_suppress_ve_multi:
+ {
+ uint64_t max_phys_addr = (1UL << d->arch.cpuid->extd.maxphysaddr) - 1;
+
+ a.u.suppress_ve_multi.last_gfn = min(a.u.suppress_ve_multi.last_gfn,
+ max_phys_addr);
+
+ if ( a.u.suppress_ve_multi.pad1 ||
+ a.u.suppress_ve_multi.first_gfn > a.u.suppress_ve_multi.last_gfn )
+ rc = -EINVAL;
+ else
+ {
+ rc = p2m_set_suppress_ve_multi(d, &a.u.suppress_ve_multi);
+ if ( (!rc || rc == -ERESTART) && __copy_to_guest(arg, &a, 1) )
+ rc = -EFAULT;
+ }
+ break;
+ }
+
case HVMOP_altp2m_get_suppress_ve:
if ( a.u.suppress_ve.pad1 || a.u.suppress_ve.pad2 )
rc = -EINVAL;
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 00b24342fc..3a2929c365 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -3026,44 +3026,83 @@ out:
*/
int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
unsigned int altp2m_idx)
+{
+ int rc;
+ struct xen_hvm_altp2m_suppress_ve_multi sve = {
+ altp2m_idx, suppress_ve, 0, 0, gfn_x(gfn), gfn_x(gfn), 0
+ };
+
+ if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) )
+ rc = sve.first_error;
+
+ return rc;
+}
+
+/*
+ * Set/clear the #VE suppress bit for multiple pages. Only available on VMX.
+ */
+int p2m_set_suppress_ve_multi(struct domain *d,
+ struct xen_hvm_altp2m_suppress_ve_multi *sve)
{
struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
struct p2m_domain *ap2m = NULL;
- struct p2m_domain *p2m;
- mfn_t mfn;
- p2m_access_t a;
- p2m_type_t t;
- int rc;
+ struct p2m_domain *p2m = host_p2m;
+ uint64_t start = sve->first_gfn;
+ int rc = 0;
- if ( altp2m_idx > 0 )
+ if ( sve->view > 0 )
{
- if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
- d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
+ if ( sve->view >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
+ d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_EPTP)] ==
mfn_x(INVALID_MFN) )
return -EINVAL;
- p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
+ p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, sve->view);
}
- else
- p2m = host_p2m;
- gfn_lock(host_p2m, gfn, 0);
+ p2m_lock(host_p2m);
if ( ap2m )
p2m_lock(ap2m);
- rc = altp2m_get_effective_entry(p2m, gfn, &mfn, &t, &a, AP2MGET_query);
+ while ( sve->last_gfn >= start )
+ {
+ p2m_access_t a;
+ p2m_type_t t;
+ mfn_t mfn;
+ int err = 0;
- if ( rc )
- goto out;
+ if ( (err = altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a,
+ AP2MGET_query)) &&
+ !sve->first_error )
+ {
+ sve->first_error_gfn = start; /* Save the gfn of the first error */
+ sve->first_error = err; /* Save the first error code */
+ }
- rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve);
+ if ( !err && (err = p2m->set_entry(p2m, _gfn(start), mfn,
+ PAGE_ORDER_4K, t, a,
+ sve->suppress_ve)) &&
+ !sve->first_error )
+ {
+ sve->first_error_gfn = start; /* Save the gfn of the first error */
+ sve->first_error = err; /* Save the first error code */
+ }
+
+ /* Check for continuation if it's not the last iteration. */
+ if ( sve->last_gfn >= ++start && hypercall_preempt_check() )
+ {
+ rc = -ERESTART;
+ break;
+ }
+ }
+
+ sve->first_gfn = start;
-out:
if ( ap2m )
p2m_unlock(ap2m);
- gfn_unlock(host_p2m, gfn, 0);
+ p2m_unlock(host_p2m);
return rc;
}
diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
index 353f8034d9..d344606864 100644
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -46,6 +46,16 @@ struct xen_hvm_altp2m_suppress_ve {
uint64_t gfn;
};
+struct xen_hvm_altp2m_suppress_ve_multi {
+ uint16_t view;
+ uint8_t suppress_ve; /* Boolean type. */
+ uint8_t pad1;
+ int32_t first_error; /* Should be set to 0. */
+ uint64_t first_gfn; /* Value may be updated. */
+ uint64_t last_gfn;
+ uint64_t first_error_gfn; /* Gfn of the first error. */
+};
+
#if __XEN_INTERFACE_VERSION__ < 0x00040900
/* Set the logical level of one of a domain's PCI INTx wires. */
@@ -339,6 +349,8 @@ struct xen_hvm_altp2m_op {
#define HVMOP_altp2m_vcpu_disable_notify 13
/* Get the active vcpu p2m index */
#define HVMOP_altp2m_get_p2m_idx 14
+/* Set the "Supress #VE" bit for a range of pages */
+#define HVMOP_altp2m_set_suppress_ve_multi 15
domid_t domain;
uint16_t pad1;
uint32_t pad2;
@@ -353,6 +365,7 @@ struct xen_hvm_altp2m_op {
struct xen_hvm_altp2m_change_gfn change_gfn;
struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi;
struct xen_hvm_altp2m_suppress_ve suppress_ve;
+ struct xen_hvm_altp2m_suppress_ve_multi suppress_ve_multi;
struct xen_hvm_altp2m_vcpu_disable_notify disable_notify;
struct xen_hvm_altp2m_get_vcpu_p2m_idx get_vcpu_p2m_idx;
uint8_t pad[64];
diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
index e4d24502e0..00e594a0ad 100644
--- a/xen/include/xen/mem_access.h
+++ b/xen/include/xen/mem_access.h
@@ -75,6 +75,9 @@ long p2m_set_mem_access_multi(struct domain *d,
int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
unsigned int altp2m_idx);
+int p2m_set_suppress_ve_multi(struct domain *d,
+ struct xen_hvm_altp2m_suppress_ve_multi *suppress_ve);
+
int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
unsigned int altp2m_idx);
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
@ 2020-01-17 13:31 ` Alexandru Stefan ISAILA
2020-01-21 13:01 ` Petre Ovidiu PIRCALABU
2020-01-23 12:37 ` George Dunlap
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
` (4 subsequent siblings)
6 siblings, 2 replies; 19+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-17 13:31 UTC (permalink / raw)
To: xen-devel
Cc: Kevin Tian, Jun Nakajima, Wei Liu, George Dunlap, Andrew Cooper,
Jan Beulich, Alexandru Stefan ISAILA, Roger Pau Monné
No functional changes.
Requested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jun Nakajima <jun.nakajima@intel.com>
CC: Kevin Tian <kevin.tian@intel.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
---
xen/arch/x86/mm/p2m-ept.c | 6 ------
xen/arch/x86/mm/p2m.c | 6 ++++++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index b078a9a59e..05a5526e08 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1357,13 +1357,7 @@ void p2m_init_altp2m_ept(struct domain *d, unsigned int i)
struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
struct ept_data *ept;
- p2m->default_access = hostp2m->default_access;
- p2m->domain = hostp2m->domain;
-
- p2m->global_logdirty = hostp2m->global_logdirty;
p2m->ept.ad = hostp2m->ept.ad;
- p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
- p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
ept = &p2m->ept;
ept->mfn = pagetable_get_pfn(p2m_get_pagetable(p2m));
d->arch.altp2m_eptp[array_index_nospec(i, MAX_EPTP)] = ept->eptp;
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 3a2929c365..696946697a 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2562,6 +2562,12 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
goto out;
}
+ p2m->default_access = hostp2m->default_access;
+ p2m->domain = hostp2m->domain;
+ p2m->global_logdirty = hostp2m->global_logdirty;
+ p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
+ p2m->max_mapped_pfn = p2m->max_remapped_gfn = 0;
+
p2m_init_altp2m_ept(d, idx);
out:
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
@ 2020-01-17 13:31 ` Alexandru Stefan ISAILA
2020-01-17 17:01 ` Tamas K Lengyel
` (2 more replies)
2020-01-17 16:13 ` [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
` (3 subsequent siblings)
6 siblings, 3 replies; 19+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-17 13:31 UTC (permalink / raw)
To: xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Jan Beulich,
Alexandru Stefan ISAILA, Roger Pau Monné
At this moment the default_access param from xc_altp2m_create_view is
not used.
This patch assigns default_access to p2m->default_access at the time of
initializing a new altp2m view.
Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: "Roger Pau Monné" <roger.pau@citrix.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Julien Grall <julien@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
CC: Tamas K Lengyel <tamas@tklengyel.com>
CC: Petre Pircalabu <ppircalabu@bitdefender.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
---
Changes since V6:
- Remove the NULL check for p2m in xenmem_access_to_p2m_access()
- Use hostp2m for default access in p2m_init_next_altp2m()
- Remove the artifact line from p2m_init_next_altp2m().
---
xen/arch/x86/hvm/hvm.c | 3 ++-
xen/arch/x86/mm/mem_access.c | 6 +++---
xen/arch/x86/mm/p2m.c | 20 +++++++++++++++-----
xen/include/asm-x86/p2m.h | 3 ++-
xen/include/public/hvm/hvm_op.h | 2 --
xen/include/xen/mem_access.h | 4 ++++
6 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 4d79b4934e..b96fafed65 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4654,7 +4654,8 @@ static int do_altp2m_op(
}
case HVMOP_altp2m_create_p2m:
- if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view)) )
+ if ( !(rc = p2m_init_next_altp2m(d, &a.u.view.view,
+ a.u.view.hvmmem_default_access)) )
rc = __copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
break;
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index 31ff826393..d16540a9aa 100644
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -314,9 +314,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m,
return rc;
}
-static bool xenmem_access_to_p2m_access(struct p2m_domain *p2m,
- xenmem_access_t xaccess,
- p2m_access_t *paccess)
+bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
+ xenmem_access_t xaccess,
+ p2m_access_t *paccess)
{
static const p2m_access_t memaccess[] = {
#define ACCESS(ac) [XENMEM_access_##ac] = p2m_access_##ac
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 696946697a..4599a0bc24 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -25,6 +25,7 @@
#include <xen/guest_access.h> /* copy_from_guest() */
#include <xen/iommu.h>
+#include <xen/mem_access.h>
#include <xen/vm_event.h>
#include <xen/event.h>
#include <public/vm_event.h>
@@ -2536,7 +2537,8 @@ void p2m_flush_altp2m(struct domain *d)
altp2m_list_unlock(d);
}
-static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
+static int p2m_activate_altp2m(struct domain *d, unsigned int idx,
+ p2m_access_t hvmmem_default_access)
{
struct p2m_domain *hostp2m, *p2m;
int rc;
@@ -2562,7 +2564,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
goto out;
}
- p2m->default_access = hostp2m->default_access;
+ p2m->default_access = hvmmem_default_access;
p2m->domain = hostp2m->domain;
p2m->global_logdirty = hostp2m->global_logdirty;
p2m->min_remapped_gfn = gfn_x(INVALID_GFN);
@@ -2579,6 +2581,7 @@ static int p2m_activate_altp2m(struct domain *d, unsigned int idx)
int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
{
int rc = -EINVAL;
+ struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
if ( idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) )
return rc;
@@ -2587,16 +2590,23 @@ int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx)
if ( d->arch.altp2m_eptp[array_index_nospec(idx, MAX_EPTP)] ==
mfn_x(INVALID_MFN) )
- rc = p2m_activate_altp2m(d, idx);
+ rc = p2m_activate_altp2m(d, idx, hostp2m->default_access);
altp2m_list_unlock(d);
return rc;
}
-int p2m_init_next_altp2m(struct domain *d, uint16_t *idx)
+int p2m_init_next_altp2m(struct domain *d, uint16_t *idx,
+ xenmem_access_t hvmmem_default_access)
{
int rc = -EINVAL;
unsigned int i;
+ p2m_access_t a;
+ struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
+
+ if ( hvmmem_default_access > XENMEM_access_default ||
+ !xenmem_access_to_p2m_access(hostp2m, hvmmem_default_access, &a) )
+ return rc;
altp2m_list_lock(d);
@@ -2605,7 +2615,7 @@ int p2m_init_next_altp2m(struct domain *d, uint16_t *idx)
if ( d->arch.altp2m_eptp[i] != mfn_x(INVALID_MFN) )
continue;
- rc = p2m_activate_altp2m(d, i);
+ rc = p2m_activate_altp2m(d, i, a);
if ( !rc )
*idx = i;
diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 94285db1b4..ac2d2787f4 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -884,7 +884,8 @@ bool p2m_altp2m_get_or_propagate(struct p2m_domain *ap2m, unsigned long gfn_l,
int p2m_init_altp2m_by_id(struct domain *d, unsigned int idx);
/* Find an available alternate p2m and make it valid */
-int p2m_init_next_altp2m(struct domain *d, uint16_t *idx);
+int p2m_init_next_altp2m(struct domain *d, uint16_t *idx,
+ xenmem_access_t hvmmem_default_access);
/* Make a specific alternate p2m invalid */
int p2m_destroy_altp2m_by_id(struct domain *d, unsigned int idx);
diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
index d344606864..610e020a62 100644
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -251,8 +251,6 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_vcpu_disable_notify_t);
struct xen_hvm_altp2m_view {
/* IN/OUT variable */
uint16_t view;
- /* Create view only: default access type
- * NOTE: currently ignored */
uint16_t hvmmem_default_access; /* xenmem_access_t */
};
typedef struct xen_hvm_altp2m_view xen_hvm_altp2m_view_t;
diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
index 00e594a0ad..5d53fb8ce4 100644
--- a/xen/include/xen/mem_access.h
+++ b/xen/include/xen/mem_access.h
@@ -58,6 +58,10 @@ typedef enum {
/* NOTE: Assumed to be only 4 bits right now on x86. */
} p2m_access_t;
+bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
+ xenmem_access_t xaccess,
+ p2m_access_t *paccess);
+
/*
* Set access type for a region of gfns.
* If gfn == INVALID_GFN, sets the default access type.
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
@ 2020-01-17 14:33 ` Jan Beulich
2020-01-21 12:57 ` Petre Ovidiu PIRCALABU
` (2 subsequent siblings)
3 siblings, 0 replies; 19+ messages in thread
From: Jan Beulich @ 2020-01-17 14:33 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Wei Liu, Razvan COJOCARU, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, xen-devel,
Roger Pau Monné
On 17.01.2020 14:31, Alexandru Stefan ISAILA wrote:
> By default the sve bits are not set.
> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
> to set a range of sve bits.
> The core function, p2m_set_suppress_ve_multi(), does not break in case
> of a error and it is doing a best effort for setting the bits in the
> given range. A check for continuation is made in order to have
> preemption on large ranges.
> The gfn of the first error is stored in
> xen_hvm_altp2m_suppress_ve_multi.first_error_gfn and the error code is
> stored in xen_hvm_altp2m_suppress_ve_multi.first_error.
> If no error occurred the values will be 0.
I'm sorry for being nitpicky here, but this still isn't fully in
line with ...
> --- a/xen/include/public/hvm/hvm_op.h
> +++ b/xen/include/public/hvm/hvm_op.h
> @@ -46,6 +46,16 @@ struct xen_hvm_altp2m_suppress_ve {
> uint64_t gfn;
> };
>
> +struct xen_hvm_altp2m_suppress_ve_multi {
> + uint16_t view;
> + uint8_t suppress_ve; /* Boolean type. */
> + uint8_t pad1;
> + int32_t first_error; /* Should be set to 0. */
> + uint64_t first_gfn; /* Value may be updated. */
> + uint64_t last_gfn;
> + uint64_t first_error_gfn; /* Gfn of the first error. */
> +};
... this: There's nothing said here about zeroing first_error_gfn
(and FAOD there doesn't need to be), and even first_error correctly
says only "should". Hence the values will be non-zero when there
was no error only if the caller had set them to zero. Anyway, this
alone surely is no reason for a v9, so take it just as a benign
(for the moment) remark.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
` (2 preceding siblings ...)
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
@ 2020-01-17 16:13 ` Jan Beulich
2020-01-21 12:53 ` Petre Ovidiu PIRCALABU
` (2 subsequent siblings)
6 siblings, 0 replies; 19+ messages in thread
From: Jan Beulich @ 2020-01-17 16:13 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jun Nakajima,
xen-devel, Roger Pau Monné
On 17.01.2020 14:31, Alexandru Stefan ISAILA wrote:
> This patch aims to sanitize indexes, potentially guest provided
> values, for altp2m_eptp[] and altp2m_p2m[] arrays.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
@ 2020-01-17 17:01 ` Tamas K Lengyel
2020-01-21 12:54 ` Petre Ovidiu PIRCALABU
2020-01-23 14:21 ` George Dunlap
2 siblings, 0 replies; 19+ messages in thread
From: Tamas K Lengyel @ 2020-01-17 17:01 UTC (permalink / raw)
To: Alexandru Stefan ISAILA
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Jan Beulich, xen-devel,
Roger Pau Monné
On Fri, Jan 17, 2020 at 6:31 AM Alexandru Stefan ISAILA
<aisaila@bitdefender.com> wrote:
>
> At this moment the default_access param from xc_altp2m_create_view is
> not used.
>
> This patch assigns default_access to p2m->default_access at the time of
> initializing a new altp2m view.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Jan Beulich <jbeulich@suse.com>
For the mem_access bits:
Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
` (3 preceding siblings ...)
2020-01-17 16:13 ` [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
@ 2020-01-21 12:53 ` Petre Ovidiu PIRCALABU
2020-01-23 12:24 ` George Dunlap
2020-01-23 18:45 ` Andrew Cooper
6 siblings, 0 replies; 19+ messages in thread
From: Petre Ovidiu PIRCALABU @ 2020-01-21 12:53 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Jun Nakajima, Kevin Tian, Tamas K Lengyel, Razvan COJOCARU,
Wei Liu, George Dunlap, Andrew Cooper, Roger Pau Monné
On Fri, 2020-01-17 at 15:31 +0200, Alexandru Stefan ISAILA wrote:
> This patch aims to sanitize indexes, potentially guest provided
> values, for altp2m_eptp[] and altp2m_p2m[] arrays.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
>
Reviewed-by: Petre Pircalabu <ppircalabu@bitdefender.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
2020-01-17 17:01 ` Tamas K Lengyel
@ 2020-01-21 12:54 ` Petre Ovidiu PIRCALABU
2020-01-23 14:21 ` George Dunlap
2 siblings, 0 replies; 19+ messages in thread
From: Petre Ovidiu PIRCALABU @ 2020-01-21 12:54 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Stefano Stabellini, Julien Grall, Razvan COJOCARU, Wei Liu,
Konrad Rzeszutek Wilk, George Dunlap, Andrew Cooper, Ian Jackson,
Tamas K Lengyel, Roger Pau Monné
On Fri, 2020-01-17 at 15:31 +0200, Alexandru Stefan ISAILA wrote:
> At this moment the default_access param from xc_altp2m_create_view is
> not used.
>
> This patch assigns default_access to p2m->default_access at the time
> of
> initializing a new altp2m view.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Jan Beulich <jbeulich@suse.com>
>
Reviewed-by: Petre Pircalabu <ppircalabu@bitdefender.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-17 14:33 ` Jan Beulich
@ 2020-01-21 12:57 ` Petre Ovidiu PIRCALABU
2020-01-21 15:09 ` Alexandru Stefan ISAILA
2020-01-23 12:35 ` George Dunlap
3 siblings, 0 replies; 19+ messages in thread
From: Petre Ovidiu PIRCALABU @ 2020-01-21 12:57 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Stefano Stabellini, Julien Grall, Razvan COJOCARU, Wei Liu,
Konrad Rzeszutek Wilk, George Dunlap, Andrew Cooper, Ian Jackson,
Tamas K Lengyel, Roger Pau Monné
On Fri, 2020-01-17 at 15:31 +0200, Alexandru Stefan ISAILA wrote:
> By default the sve bits are not set.
> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
> to set a range of sve bits.
> The core function, p2m_set_suppress_ve_multi(), does not break in
> case
> of a error and it is doing a best effort for setting the bits in the
> given range. A check for continuation is made in order to have
> preemption on large ranges.
> The gfn of the first error is stored in
> xen_hvm_altp2m_suppress_ve_multi.first_error_gfn and the error code
> is
> stored in xen_hvm_altp2m_suppress_ve_multi.first_error.
> If no error occurred the values will be 0.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
>
Reviewed-by: Petre Pircalabu <ppircalabu@bitdefender.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
@ 2020-01-21 13:01 ` Petre Ovidiu PIRCALABU
2020-01-23 12:37 ` George Dunlap
1 sibling, 0 replies; 19+ messages in thread
From: Petre Ovidiu PIRCALABU @ 2020-01-21 13:01 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Kevin Tian, Jun Nakajima, Wei Liu, George Dunlap, Andrew Cooper,
Roger Pau Monné
On Fri, 2020-01-17 at 13:31 +0000, Alexandru Stefan ISAILA wrote:
> No functional changes.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
>
Reviewed-by: Petre Pircalabu <ppircalabu@bitdefender.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-17 14:33 ` Jan Beulich
2020-01-21 12:57 ` Petre Ovidiu PIRCALABU
@ 2020-01-21 15:09 ` Alexandru Stefan ISAILA
2020-01-21 17:30 ` George Dunlap
2020-01-23 12:35 ` George Dunlap
3 siblings, 1 reply; 19+ messages in thread
From: Alexandru Stefan ISAILA @ 2020-01-21 15:09 UTC (permalink / raw)
To: xen-devel, George Dunlap
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, Andrew Cooper,
Ian Jackson, Tamas K Lengyel, Roger Pau Monné
Hi George,
This is a kind reminder, when you have the time, can you take a look at
this series?
Regards,
Alex
On 17.01.2020 15:31, Alexandru Stefan ISAILA wrote:
> By default the sve bits are not set.
> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
> to set a range of sve bits.
> The core function, p2m_set_suppress_ve_multi(), does not break in case
> of a error and it is doing a best effort for setting the bits in the
> given range. A check for continuation is made in order to have
> preemption on large ranges.
> The gfn of the first error is stored in
> xen_hvm_altp2m_suppress_ve_multi.first_error_gfn and the error code is
> stored in xen_hvm_altp2m_suppress_ve_multi.first_error.
> If no error occurred the values will be 0.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
>
> ---
> CC: Ian Jackson <ian.jackson@eu.citrix.com>
> CC: Wei Liu <wl@xen.org>
> CC: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: George Dunlap <George.Dunlap@eu.citrix.com>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Julien Grall <julien@xen.org>
> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: "Roger Pau Monné" <roger.pau@citrix.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>
> CC: Razvan Cojocaru <rcojocaru@bitdefender.com>
> CC: Tamas K Lengyel <tamas@tklengyel.com>
> CC: Petre Pircalabu <ppircalabu@bitdefender.com>
> ---
> Changes since V7:
> - Fix commit message
> - Move all in values in the sve initializer
> - Drop sve.first_error check.
> ---
> tools/libxc/include/xenctrl.h | 4 ++
> tools/libxc/xc_altp2m.c | 33 +++++++++++++++
> xen/arch/x86/hvm/hvm.c | 20 +++++++++
> xen/arch/x86/mm/p2m.c | 75 +++++++++++++++++++++++++--------
> xen/include/public/hvm/hvm_op.h | 13 ++++++
> xen/include/xen/mem_access.h | 3 ++
> 6 files changed, 130 insertions(+), 18 deletions(-)
>
> diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
> index 75f191ae3a..cc4eb1e3d3 100644
> --- a/tools/libxc/include/xenctrl.h
> +++ b/tools/libxc/include/xenctrl.h
> @@ -1923,6 +1923,10 @@ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid,
> uint16_t view_id);
> int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
> uint16_t view_id, xen_pfn_t gfn, bool sve);
> +int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
> + uint16_t view_id, xen_pfn_t first_gfn,
> + xen_pfn_t last_gfn, bool sve,
> + xen_pfn_t *error_gfn, int32_t *error_code);
> int xc_altp2m_get_suppress_ve(xc_interface *handle, uint32_t domid,
> uint16_t view_id, xen_pfn_t gfn, bool *sve);
> int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
> diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c
> index 09dad0355e..46fb725806 100644
> --- a/tools/libxc/xc_altp2m.c
> +++ b/tools/libxc/xc_altp2m.c
> @@ -234,6 +234,39 @@ int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid,
> return rc;
> }
>
> +int xc_altp2m_set_supress_ve_multi(xc_interface *handle, uint32_t domid,
> + uint16_t view_id, xen_pfn_t first_gfn,
> + xen_pfn_t last_gfn, bool sve,
> + xen_pfn_t *error_gfn, int32_t *error_code)
> +{
> + int rc;
> + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg);
> +
> + arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg));
> + if ( arg == NULL )
> + return -1;
> +
> + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION;
> + arg->cmd = HVMOP_altp2m_set_suppress_ve_multi;
> + arg->domain = domid;
> + arg->u.suppress_ve_multi.view = view_id;
> + arg->u.suppress_ve_multi.first_gfn = first_gfn;
> + arg->u.suppress_ve_multi.last_gfn = last_gfn;
> + arg->u.suppress_ve_multi.suppress_ve = sve;
> +
> + rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m,
> + HYPERCALL_BUFFER_AS_ARG(arg));
> +
> + if ( arg->u.suppress_ve_multi.first_error )
> + {
> + *error_gfn = arg->u.suppress_ve_multi.first_error_gfn;
> + *error_code = arg->u.suppress_ve_multi.first_error;
> + }
> +
> + xc_hypercall_buffer_free(handle, arg);
> + return rc;
> +}
> +
> int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid,
> uint16_t view_id, xen_pfn_t gfn,
> xenmem_access_t access)
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index 4723f5d09c..4d79b4934e 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -4520,6 +4520,7 @@ static int do_altp2m_op(
> case HVMOP_altp2m_destroy_p2m:
> case HVMOP_altp2m_switch_p2m:
> case HVMOP_altp2m_set_suppress_ve:
> + case HVMOP_altp2m_set_suppress_ve_multi:
> case HVMOP_altp2m_get_suppress_ve:
> case HVMOP_altp2m_set_mem_access:
> case HVMOP_altp2m_set_mem_access_multi:
> @@ -4678,6 +4679,25 @@ static int do_altp2m_op(
> }
> break;
>
> + case HVMOP_altp2m_set_suppress_ve_multi:
> + {
> + uint64_t max_phys_addr = (1UL << d->arch.cpuid->extd.maxphysaddr) - 1;
> +
> + a.u.suppress_ve_multi.last_gfn = min(a.u.suppress_ve_multi.last_gfn,
> + max_phys_addr);
> +
> + if ( a.u.suppress_ve_multi.pad1 ||
> + a.u.suppress_ve_multi.first_gfn > a.u.suppress_ve_multi.last_gfn )
> + rc = -EINVAL;
> + else
> + {
> + rc = p2m_set_suppress_ve_multi(d, &a.u.suppress_ve_multi);
> + if ( (!rc || rc == -ERESTART) && __copy_to_guest(arg, &a, 1) )
> + rc = -EFAULT;
> + }
> + break;
> + }
> +
> case HVMOP_altp2m_get_suppress_ve:
> if ( a.u.suppress_ve.pad1 || a.u.suppress_ve.pad2 )
> rc = -EINVAL;
> diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
> index 00b24342fc..3a2929c365 100644
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -3026,44 +3026,83 @@ out:
> */
> int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
> unsigned int altp2m_idx)
> +{
> + int rc;
> + struct xen_hvm_altp2m_suppress_ve_multi sve = {
> + altp2m_idx, suppress_ve, 0, 0, gfn_x(gfn), gfn_x(gfn), 0
> + };
> +
> + if ( !(rc = p2m_set_suppress_ve_multi(d, &sve)) )
> + rc = sve.first_error;
> +
> + return rc;
> +}
> +
> +/*
> + * Set/clear the #VE suppress bit for multiple pages. Only available on VMX.
> + */
> +int p2m_set_suppress_ve_multi(struct domain *d,
> + struct xen_hvm_altp2m_suppress_ve_multi *sve)
> {
> struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
> struct p2m_domain *ap2m = NULL;
> - struct p2m_domain *p2m;
> - mfn_t mfn;
> - p2m_access_t a;
> - p2m_type_t t;
> - int rc;
> + struct p2m_domain *p2m = host_p2m;
> + uint64_t start = sve->first_gfn;
> + int rc = 0;
>
> - if ( altp2m_idx > 0 )
> + if ( sve->view > 0 )
> {
> - if ( altp2m_idx >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
> - d->arch.altp2m_eptp[array_index_nospec(altp2m_idx, MAX_EPTP)] ==
> + if ( sve->view >= min(ARRAY_SIZE(d->arch.altp2m_p2m), MAX_EPTP) ||
> + d->arch.altp2m_eptp[array_index_nospec(sve->view, MAX_EPTP)] ==
> mfn_x(INVALID_MFN) )
> return -EINVAL;
>
> - p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, altp2m_idx);
> + p2m = ap2m = array_access_nospec(d->arch.altp2m_p2m, sve->view);
> }
> - else
> - p2m = host_p2m;
>
> - gfn_lock(host_p2m, gfn, 0);
> + p2m_lock(host_p2m);
>
> if ( ap2m )
> p2m_lock(ap2m);
>
> - rc = altp2m_get_effective_entry(p2m, gfn, &mfn, &t, &a, AP2MGET_query);
> + while ( sve->last_gfn >= start )
> + {
> + p2m_access_t a;
> + p2m_type_t t;
> + mfn_t mfn;
> + int err = 0;
>
> - if ( rc )
> - goto out;
> + if ( (err = altp2m_get_effective_entry(p2m, _gfn(start), &mfn, &t, &a,
> + AP2MGET_query)) &&
> + !sve->first_error )
> + {
> + sve->first_error_gfn = start; /* Save the gfn of the first error */
> + sve->first_error = err; /* Save the first error code */
> + }
>
> - rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve);
> + if ( !err && (err = p2m->set_entry(p2m, _gfn(start), mfn,
> + PAGE_ORDER_4K, t, a,
> + sve->suppress_ve)) &&
> + !sve->first_error )
> + {
> + sve->first_error_gfn = start; /* Save the gfn of the first error */
> + sve->first_error = err; /* Save the first error code */
> + }
> +
> + /* Check for continuation if it's not the last iteration. */
> + if ( sve->last_gfn >= ++start && hypercall_preempt_check() )
> + {
> + rc = -ERESTART;
> + break;
> + }
> + }
> +
> + sve->first_gfn = start;
>
> -out:
> if ( ap2m )
> p2m_unlock(ap2m);
>
> - gfn_unlock(host_p2m, gfn, 0);
> + p2m_unlock(host_p2m);
>
> return rc;
> }
> diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
> index 353f8034d9..d344606864 100644
> --- a/xen/include/public/hvm/hvm_op.h
> +++ b/xen/include/public/hvm/hvm_op.h
> @@ -46,6 +46,16 @@ struct xen_hvm_altp2m_suppress_ve {
> uint64_t gfn;
> };
>
> +struct xen_hvm_altp2m_suppress_ve_multi {
> + uint16_t view;
> + uint8_t suppress_ve; /* Boolean type. */
> + uint8_t pad1;
> + int32_t first_error; /* Should be set to 0. */
> + uint64_t first_gfn; /* Value may be updated. */
> + uint64_t last_gfn;
> + uint64_t first_error_gfn; /* Gfn of the first error. */
> +};
> +
> #if __XEN_INTERFACE_VERSION__ < 0x00040900
>
> /* Set the logical level of one of a domain's PCI INTx wires. */
> @@ -339,6 +349,8 @@ struct xen_hvm_altp2m_op {
> #define HVMOP_altp2m_vcpu_disable_notify 13
> /* Get the active vcpu p2m index */
> #define HVMOP_altp2m_get_p2m_idx 14
> +/* Set the "Supress #VE" bit for a range of pages */
> +#define HVMOP_altp2m_set_suppress_ve_multi 15
> domid_t domain;
> uint16_t pad1;
> uint32_t pad2;
> @@ -353,6 +365,7 @@ struct xen_hvm_altp2m_op {
> struct xen_hvm_altp2m_change_gfn change_gfn;
> struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi;
> struct xen_hvm_altp2m_suppress_ve suppress_ve;
> + struct xen_hvm_altp2m_suppress_ve_multi suppress_ve_multi;
> struct xen_hvm_altp2m_vcpu_disable_notify disable_notify;
> struct xen_hvm_altp2m_get_vcpu_p2m_idx get_vcpu_p2m_idx;
> uint8_t pad[64];
> diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
> index e4d24502e0..00e594a0ad 100644
> --- a/xen/include/xen/mem_access.h
> +++ b/xen/include/xen/mem_access.h
> @@ -75,6 +75,9 @@ long p2m_set_mem_access_multi(struct domain *d,
> int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve,
> unsigned int altp2m_idx);
>
> +int p2m_set_suppress_ve_multi(struct domain *d,
> + struct xen_hvm_altp2m_suppress_ve_multi *suppress_ve);
> +
> int p2m_get_suppress_ve(struct domain *d, gfn_t gfn, bool *suppress_ve,
> unsigned int altp2m_idx);
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-21 15:09 ` Alexandru Stefan ISAILA
@ 2020-01-21 17:30 ` George Dunlap
0 siblings, 0 replies; 19+ messages in thread
From: George Dunlap @ 2020-01-21 17:30 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel, George Dunlap
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, Andrew Cooper,
Ian Jackson, Tamas K Lengyel, Roger Pau Monné
On 1/21/20 3:09 PM, Alexandru Stefan ISAILA wrote:
> Hi George,
>
> This is a kind reminder, when you have the time, can you take a look at
> this series?
It's on the top of my list of things to review. :-) I should be able to
get to it Thursday.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
` (4 preceding siblings ...)
2020-01-21 12:53 ` Petre Ovidiu PIRCALABU
@ 2020-01-23 12:24 ` George Dunlap
2020-01-23 18:45 ` Andrew Cooper
6 siblings, 0 replies; 19+ messages in thread
From: George Dunlap @ 2020-01-23 12:24 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel, Wei Liu,
Razvan COJOCARU, George Dunlap, Andrew Cooper, Jun Nakajima,
Roger Pau Monné
On 1/17/20 1:31 PM, Alexandru Stefan ISAILA wrote:
> This patch aims to sanitize indexes, potentially guest provided
> values, for altp2m_eptp[] and altp2m_p2m[] arrays.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
` (2 preceding siblings ...)
2020-01-21 15:09 ` Alexandru Stefan ISAILA
@ 2020-01-23 12:35 ` George Dunlap
3 siblings, 0 replies; 19+ messages in thread
From: George Dunlap @ 2020-01-23 12:35 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Roger Pau Monné
On 1/17/20 1:31 PM, Alexandru Stefan ISAILA wrote:
> By default the sve bits are not set.
> This patch adds a new hypercall, xc_altp2m_set_supress_ve_multi(),
> to set a range of sve bits.
> The core function, p2m_set_suppress_ve_multi(), does not break in case
> of a error and it is doing a best effort for setting the bits in the
> given range. A check for continuation is made in order to have
> preemption on large ranges.
> The gfn of the first error is stored in
> xen_hvm_altp2m_suppress_ve_multi.first_error_gfn and the error code is
> stored in xen_hvm_altp2m_suppress_ve_multi.first_error.
> If no error occurred the values will be 0.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
2020-01-21 13:01 ` Petre Ovidiu PIRCALABU
@ 2020-01-23 12:37 ` George Dunlap
1 sibling, 0 replies; 19+ messages in thread
From: George Dunlap @ 2020-01-23 12:37 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Kevin Tian, Jun Nakajima, Wei Liu, George Dunlap, Andrew Cooper,
Roger Pau Monné
On 1/17/20 1:31 PM, Alexandru Stefan ISAILA wrote:
> No functional changes.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
2020-01-17 17:01 ` Tamas K Lengyel
2020-01-21 12:54 ` Petre Ovidiu PIRCALABU
@ 2020-01-23 14:21 ` George Dunlap
2 siblings, 0 replies; 19+ messages in thread
From: George Dunlap @ 2020-01-23 14:21 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Petre Ovidiu PIRCALABU, Stefano Stabellini, Julien Grall,
Razvan COJOCARU, Wei Liu, Konrad Rzeszutek Wilk, George Dunlap,
Andrew Cooper, Ian Jackson, Tamas K Lengyel, Roger Pau Monné
On 1/17/20 1:31 PM, Alexandru Stefan ISAILA wrote:
> At this moment the default_access param from xc_altp2m_create_view is
> not used.
>
> This patch assigns default_access to p2m->default_access at the time of
> initializing a new altp2m view.
>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
` (5 preceding siblings ...)
2020-01-23 12:24 ` George Dunlap
@ 2020-01-23 18:45 ` Andrew Cooper
2020-01-23 18:57 ` Tamas K Lengyel
6 siblings, 1 reply; 19+ messages in thread
From: Andrew Cooper @ 2020-01-23 18:45 UTC (permalink / raw)
To: Alexandru Stefan ISAILA, xen-devel
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Tamas K Lengyel,
Razvan COJOCARU, Wei Liu, George Dunlap, Jun Nakajima,
Roger Pau Monné
On 17/01/2020 13:31, Alexandru Stefan ISAILA wrote:
> This patch aims to sanitize indexes, potentially guest provided
> values, for altp2m_eptp[] and altp2m_p2m[] arrays.
>
> Requested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Something in this series broke the ARM build. Sorry, but I don't have
any further time to investigate.
gcc -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -Wno-unused-but-set-variable
-Wno-unused-local-typedefs -O1 -fno-omit-frame-pointer -nostdinc
-fno-builtin -fno-common -Werror -Wredundant-decls -Wno-pointer-arith
-Wvla -pipe -D__XEN__ -include
/builds/xen-project/xen/xen/include/xen/config.h
'-D__OBJECT_FILE__="asm-offsets.s"' -Wa,--strip-local-absolute -g -MMD
-MF ./.asm-offsets.s.d -mcpu=generic -mgeneral-regs-only
-I/builds/xen-project/xen/xen/include -fno-stack-protector
-fno-exceptions -Wnested-externs -DGCC_HAS_VISIBILITY_ATTRIBUTE -S -o
asm-offsets.s arm64/asm-offsets.c
In file included from /builds/xen-project/xen/xen/include/asm/p2m.h:7,
from /builds/xen-project/xen/xen/include/asm/domain.h:7,
from /builds/xen-project/xen/xen/include/xen/domain.h:8,
from /builds/xen-project/xen/xen/include/xen/sched.h:11,
from arm64/asm-offsets.c:9:
/builds/xen-project/xen/xen/include/xen/mem_access.h:61:47: error:
'struct p2m_domain' declared inside parameter list will not be visible
outside of this definition or declaration [-Werror]
bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
^~~~~~~~~~
/builds/xen-project/xen/xen/include/xen/mem_access.h:83:38: error:
'struct xen_hvm_altp2m_suppress_ve_multi' declared inside parameter list
will not be visible outside of this definition or declaration [-Werror]
struct xen_hvm_altp2m_suppress_ve_multi
*suppress_ve);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[3]: *** [Makefile:124: asm-offsets.s] Error 1
make[3]: Leaving directory '/builds/xen-project/xen/xen/arch/arm'
make[2]: *** [Makefile:146: /builds/xen-project/xen/xen/xen] Error 2
make[2]: Leaving directory '/builds/xen-project/xen/xen'
make[1]: *** [Makefile:50: install] Error 2
make[1]: Leaving directory '/builds/xen-project/xen/xen'
make: *** [Makefile:130: install-xen] Error 2
make: *** Waiting for unfinished jobs....
Full logs: https://gitlab.com/xen-project/xen/-/jobs/412893448
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values
2020-01-23 18:45 ` Andrew Cooper
@ 2020-01-23 18:57 ` Tamas K Lengyel
0 siblings, 0 replies; 19+ messages in thread
From: Tamas K Lengyel @ 2020-01-23 18:57 UTC (permalink / raw)
To: Andrew Cooper
Cc: Petre Ovidiu PIRCALABU, Kevin Tian, Wei Liu, Razvan COJOCARU,
George Dunlap, Jun Nakajima, Alexandru Stefan ISAILA, xen-devel,
Roger Pau Monné
On Thu, Jan 23, 2020 at 11:45 AM Andrew Cooper
<andrew.cooper3@citrix.com> wrote:
>
> On 17/01/2020 13:31, Alexandru Stefan ISAILA wrote:
> > This patch aims to sanitize indexes, potentially guest provided
> > values, for altp2m_eptp[] and altp2m_p2m[] arrays.
> >
> > Requested-by: Jan Beulich <jbeulich@suse.com>
> > Signed-off-by: Alexandru Isaila <aisaila@bitdefender.com>
> > Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
>
> Something in this series broke the ARM build. Sorry, but I don't have
> any further time to investigate.
>
> gcc -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes
> -Wdeclaration-after-statement -Wno-unused-but-set-variable
> -Wno-unused-local-typedefs -O1 -fno-omit-frame-pointer -nostdinc
> -fno-builtin -fno-common -Werror -Wredundant-decls -Wno-pointer-arith
> -Wvla -pipe -D__XEN__ -include
> /builds/xen-project/xen/xen/include/xen/config.h
> '-D__OBJECT_FILE__="asm-offsets.s"' -Wa,--strip-local-absolute -g -MMD
> -MF ./.asm-offsets.s.d -mcpu=generic -mgeneral-regs-only
> -I/builds/xen-project/xen/xen/include -fno-stack-protector
> -fno-exceptions -Wnested-externs -DGCC_HAS_VISIBILITY_ATTRIBUTE -S -o
> asm-offsets.s arm64/asm-offsets.c
> In file included from /builds/xen-project/xen/xen/include/asm/p2m.h:7,
> from /builds/xen-project/xen/xen/include/asm/domain.h:7,
> from /builds/xen-project/xen/xen/include/xen/domain.h:8,
> from /builds/xen-project/xen/xen/include/xen/sched.h:11,
> from arm64/asm-offsets.c:9:
> /builds/xen-project/xen/xen/include/xen/mem_access.h:61:47: error:
> 'struct p2m_domain' declared inside parameter list will not be visible
> outside of this definition or declaration [-Werror]
> bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
> ^~~~~~~~~~
> /builds/xen-project/xen/xen/include/xen/mem_access.h:83:38: error:
> 'struct xen_hvm_altp2m_suppress_ve_multi' declared inside parameter list
Looks like we need an explicit include for asm/p2m.h and
public/hvm/hvm_op.h in the mem_access.h header (both of which end up
being included prior to mem_access.h on an x86 build). Although from
the looks of it wrapping the _ve functions in #ifdef CONFIG_X86 ..
#endif would be even better.
Tamas
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2020-01-23 18:58 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-17 13:31 [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Alexandru Stefan ISAILA
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 2/4] x86/altp2m: Add hypercall to set a range of sve bits Alexandru Stefan ISAILA
2020-01-17 14:33 ` Jan Beulich
2020-01-21 12:57 ` Petre Ovidiu PIRCALABU
2020-01-21 15:09 ` Alexandru Stefan ISAILA
2020-01-21 17:30 ` George Dunlap
2020-01-23 12:35 ` George Dunlap
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 3/4] x86/mm: Pull vendor-independent altp2m code out of p2m-ept.c and into p2m.c Alexandru Stefan ISAILA
2020-01-21 13:01 ` Petre Ovidiu PIRCALABU
2020-01-23 12:37 ` George Dunlap
2020-01-17 13:31 ` [Xen-devel] [PATCH V8 4/4] x86/mm: Make use of the default access param from xc_altp2m_create_view Alexandru Stefan ISAILA
2020-01-17 17:01 ` Tamas K Lengyel
2020-01-21 12:54 ` Petre Ovidiu PIRCALABU
2020-01-23 14:21 ` George Dunlap
2020-01-17 16:13 ` [Xen-devel] [PATCH V8 1/4] x86/mm: Add array_index_nospec to guest provided index values Jan Beulich
2020-01-21 12:53 ` Petre Ovidiu PIRCALABU
2020-01-23 12:24 ` George Dunlap
2020-01-23 18:45 ` Andrew Cooper
2020-01-23 18:57 ` Tamas K Lengyel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).