From: "Jan Beulich" <JBeulich@suse.com>
To: Ed White <edmund.h.white@intel.com>
Cc: Tim Deegan <tim@xen.org>, Ravi Sahita <ravi.sahita@intel.com>,
Wei Liu <wei.liu2@citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
xen-devel@lists.xen.org, tlengyel@novetta.com,
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v2 10/12] x86/altp2m: define and implement alternate p2m HVMOP types.
Date: Wed, 24 Jun 2015 15:53:50 +0100 [thread overview]
Message-ID: <558AE09E0200007800089021@mail.emea.novell.com> (raw)
In-Reply-To: <1434999372-3688-11-git-send-email-edmund.h.white@intel.com>
>>> On 22.06.15 at 20:56, <edmund.h.white@intel.com> wrote:
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -6424,6 +6424,222 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
> break;
> }
>
> + case HVMOP_altp2m_get_domain_state:
> + {
> + struct xen_hvm_altp2m_domain_state a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() )
> + goto param_fail9;
> +
> + a.state = altp2mhvm_active(d);
> + rc = copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
__copy_to_guest()
> +
> + param_fail9:
Can you please avoid introducing further numbered "param_fail"
labels? In the case here I think you could easily get away without
any label.
> + case HVMOP_altp2m_destroy_p2m:
> + {
> + struct xen_hvm_altp2m_view a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail12;
> +
> + if ( p2m_destroy_altp2m_by_id(d, a.view) )
> + rc = 0;
This function should have its own return code, which should be
assigned to rc (avoiding all sorts of failures to be reported as
-EINVAL).
> + case HVMOP_altp2m_switch_p2m:
> + {
> + struct xen_hvm_altp2m_view a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail13;
> +
> + if ( p2m_switch_domain_altp2m_by_id(d, a.view) )
> + rc = 0;
Same here.
> + case HVMOP_altp2m_set_mem_access:
> + {
> + struct xen_hvm_altp2m_set_mem_access a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail14;
> +
> + if ( p2m_set_altp2m_mem_access(d, a.view, a.pfn, a.hvmmem_access) )
> + rc = 0;
And here.
> + case HVMOP_altp2m_change_pfn:
> + {
> + struct xen_hvm_altp2m_change_pfn a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail15;
> +
> + if ( p2m_change_altp2m_pfn(d, a.view, a.old_pfn, a.new_pfn) )
> + rc = 0;
And again.
> --- a/xen/include/public/hvm/hvm_op.h
> +++ b/xen/include/public/hvm/hvm_op.h
> @@ -389,6 +389,75 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_evtchn_upcall_vector_t);
>
> #endif /* defined(__i386__) || defined(__x86_64__) */
>
> +/* Set/get the altp2m state for a domain */
All of the below is being added outside any __XEN__/__XEN_TOOLS__
section, yet as Andrew noted you don't whitelist the ops for guest
access. This needs to be consistent.
> +#define HVMOP_altp2m_set_domain_state 24
> +#define HVMOP_altp2m_get_domain_state 25
> +struct xen_hvm_altp2m_domain_state {
> + /* Domain to be updated or queried */
> + domid_t domid;
> + /* IN or OUT variable on/off */
> + uint8_t state;
> +};
And if any of these are to be guest accessible, padding fields should
be made explicit, checked to be zero on input, and cleared to zero on
output if not copying back anyway what the guest has provided.
Jan
next prev parent reply other threads:[~2015-06-24 14:53 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-22 18:56 [PATCH v2 00/12] Alternate p2m: support multiple copies of host p2m Ed White
2015-06-22 18:56 ` [PATCH v2 01/12] VMX: VMFUNC and #VE definitions and detection Ed White
2015-06-24 8:45 ` Andrew Cooper
2015-06-22 18:56 ` [PATCH v2 02/12] VMX: implement suppress #VE Ed White
2015-06-24 9:35 ` Andrew Cooper
2015-06-29 14:20 ` George Dunlap
2015-06-29 14:31 ` Andrew Cooper
2015-06-29 15:03 ` George Dunlap
2015-06-29 16:21 ` Sahita, Ravi
2015-06-29 16:21 ` Ed White
2015-06-22 18:56 ` [PATCH v2 03/12] x86/HVM: Hardware alternate p2m support detection Ed White
2015-06-24 9:44 ` Andrew Cooper
2015-06-24 10:07 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 04/12] x86/altp2m: basic data structures and support routines Ed White
2015-06-24 10:06 ` Andrew Cooper
2015-06-24 10:23 ` Jan Beulich
2015-06-24 17:20 ` Ed White
2015-06-24 10:29 ` Andrew Cooper
2015-06-24 11:14 ` Andrew Cooper
2015-06-26 21:17 ` Ed White
2015-06-27 19:25 ` Ed White
2015-06-29 13:00 ` Andrew Cooper
2015-06-29 16:23 ` Ed White
2015-06-24 14:44 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 05/12] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-06-24 11:59 ` Andrew Cooper
2015-06-24 17:31 ` Ed White
2015-06-24 17:40 ` Andrew Cooper
2015-06-22 18:56 ` [PATCH v2 06/12] VMX: add VMFUNC leaf 0 (EPTP switching) to emulator Ed White
2015-06-24 12:47 ` Andrew Cooper
2015-06-24 20:29 ` Ed White
2015-06-25 8:26 ` Jan Beulich
2015-06-24 14:26 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 07/12] x86/altp2m: add control of suppress_ve Ed White
2015-06-24 13:05 ` Andrew Cooper
2015-06-24 14:38 ` Jan Beulich
2015-06-24 17:53 ` Ed White
2015-06-25 8:12 ` Jan Beulich
2015-06-25 16:36 ` Ed White
2015-06-26 6:04 ` Jan Beulich
2015-06-26 16:27 ` Ed White
2015-07-06 17:12 ` George Dunlap
2015-07-06 17:35 ` Ed White
2015-07-06 18:29 ` George Dunlap
2015-07-06 18:43 ` Ed White
2015-07-07 10:10 ` George Dunlap
2015-07-07 16:24 ` Ed White
2015-07-07 17:33 ` George Dunlap
2015-07-07 17:38 ` Sahita, Ravi
2015-07-08 7:24 ` Jan Beulich
2015-07-08 10:12 ` Tim Deegan
2015-07-08 12:51 ` George Dunlap
2015-07-08 7:23 ` Jan Beulich
2015-07-07 8:04 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 08/12] x86/altp2m: alternate p2m memory events Ed White
2015-06-24 13:09 ` Andrew Cooper
2015-06-24 16:01 ` Lengyel, Tamas
2015-06-24 18:02 ` Ed White
2015-06-22 18:56 ` [PATCH v2 09/12] x86/altp2m: add remaining support routines Ed White
2015-06-23 18:15 ` Lengyel, Tamas
2015-06-23 18:52 ` Ed White
2015-06-23 19:35 ` Lengyel, Tamas
2015-06-24 13:46 ` Andrew Cooper
2015-06-24 17:47 ` Ed White
2015-06-24 18:19 ` Andrew Cooper
2015-06-26 16:30 ` Ed White
2015-06-29 13:03 ` Andrew Cooper
2015-06-29 16:24 ` Ed White
2015-06-24 16:15 ` Lengyel, Tamas
2015-06-24 18:06 ` Ed White
2015-06-25 8:52 ` Ian Campbell
2015-06-25 16:27 ` Ed White
2015-06-25 12:44 ` Lengyel, Tamas
2015-06-25 13:40 ` Razvan Cojocaru
2015-06-25 16:48 ` Ed White
2015-06-25 17:39 ` Sahita, Ravi
2015-06-25 18:22 ` Razvan Cojocaru
2015-06-25 18:23 ` Lengyel, Tamas
2015-06-25 20:46 ` Ed White
2015-06-25 22:45 ` Lengyel, Tamas
2015-06-25 23:10 ` Ed White
2015-06-25 2:44 ` Lengyel, Tamas
2015-06-25 16:31 ` Ed White
2015-06-25 17:42 ` Lengyel, Tamas
2015-06-25 20:27 ` Ed White
2015-06-25 21:33 ` Lengyel, Tamas
2015-06-22 18:56 ` [PATCH v2 10/12] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-06-24 13:58 ` Andrew Cooper
2015-06-24 14:53 ` Jan Beulich [this message]
2015-06-22 18:56 ` [PATCH v2 11/12] x86/altp2m: Add altp2mhvm HVM domain parameter Ed White
2015-06-24 14:06 ` Andrew Cooper
2015-06-24 14:59 ` Jan Beulich
2015-06-24 17:57 ` Ed White
2015-06-24 18:08 ` Andrew Cooper
2015-06-25 8:34 ` Jan Beulich
2015-06-25 8:33 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 12/12] x86/altp2m: XSM hooks for altp2m HVM ops Ed White
2015-06-26 19:24 ` Daniel De Graaf
2015-06-26 19:35 ` Ed White
2015-06-29 17:52 ` Daniel De Graaf
2015-06-29 17:55 ` Sahita, Ravi
2015-06-23 21:27 ` [PATCH v2 00/12] Alternate p2m: support multiple copies of host p2m Lengyel, Tamas
2015-06-23 22:25 ` Ed White
2015-06-24 5:39 ` Razvan Cojocaru
2015-06-24 13:32 ` Lengyel, Tamas
2015-06-24 13:37 ` Razvan Cojocaru
2015-06-24 16:43 ` Ed White
2015-06-24 21:34 ` Lengyel, Tamas
2015-06-24 22:02 ` Ed White
2015-06-24 22:45 ` Lengyel, Tamas
2015-06-24 22:55 ` Ed White
2015-06-25 9:00 ` Andrew Cooper
2015-06-25 16:38 ` Ed White
2015-06-25 17:29 ` Lengyel, Tamas
2015-06-25 20:34 ` Ed White
2015-06-24 14:10 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=558AE09E0200007800089021@mail.emea.novell.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=edmund.h.white@intel.com \
--cc=ian.jackson@eu.citrix.com \
--cc=ravi.sahita@intel.com \
--cc=tim@xen.org \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).