xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN
@ 2016-06-14 11:50 Julien Grall
  2016-06-15  1:43 ` Shannon Zhao
  2016-06-24 10:29 ` Julien Grall
  0 siblings, 2 replies; 4+ messages in thread
From: Julien Grall @ 2016-06-14 11:50 UTC (permalink / raw)
  To: xen-devel; +Cc: Julien Grall, sstabellini, wei.liu2, Shannon Zhao

The helper iomem_access_permitted expects MFNs in parameters and not
GNFs. Thankfully only the hardware domain can call this function and
it will always be with GFNS == MFNs for now.

Also, fix the printf to use the MFN range and not the GFN one.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Cc: Shannon Zhao <shannon.zhao@linaro.org>

---
    This patch is a good candidate to backport to Xen 4.7. Without
    it, the hardware domain can map any MMIO because the permission
    check is done on the GPFNs and not the MNFs.
---
 xen/arch/arm/p2m.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index 6a19c57..4c6547d 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d,
 {
     int res;
 
-    if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) )
+    if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) )
         return 0;
 
     res = map_mmio_regions(d, start_gfn, nr, mfn);
     if ( res < 0 )
     {
         printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n",
-               start_gfn, start_gfn + nr - 1, d->domain_id);
+               mfn, mfn + nr - 1, d->domain_id);
         return res;
     }
 
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN
  2016-06-14 11:50 [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN Julien Grall
@ 2016-06-15  1:43 ` Shannon Zhao
  2016-07-11 17:41   ` Stefano Stabellini
  2016-06-24 10:29 ` Julien Grall
  1 sibling, 1 reply; 4+ messages in thread
From: Shannon Zhao @ 2016-06-15  1:43 UTC (permalink / raw)
  To: Julien Grall, xen-devel; +Cc: sstabellini, wei.liu2, Shannon Zhao

Hi Julien,

On 2016/6/14 19:50, Julien Grall wrote:
> The helper iomem_access_permitted expects MFNs in parameters and not
> GNFs. Thankfully only the hardware domain can call this function and
> it will always be with GFNS == MFNs for now.
> 
> Also, fix the printf to use the MFN range and not the GFN one.
> 
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> Cc: Shannon Zhao <shannon.zhao@linaro.org>
> 
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>

> ---
>     This patch is a good candidate to backport to Xen 4.7. Without
>     it, the hardware domain can map any MMIO because the permission
>     check is done on the GPFNs and not the MNFs.
> ---
>  xen/arch/arm/p2m.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index 6a19c57..4c6547d 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d,
>  {
>      int res;
>  
> -    if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) )
> +    if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) )
>          return 0;
>  
>      res = map_mmio_regions(d, start_gfn, nr, mfn);
>      if ( res < 0 )
>      {
>          printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n",
> -               start_gfn, start_gfn + nr - 1, d->domain_id);
> +               mfn, mfn + nr - 1, d->domain_id);
>          return res;
>      }
>  
> 

-- 
Shannon


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN
  2016-06-14 11:50 [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN Julien Grall
  2016-06-15  1:43 ` Shannon Zhao
@ 2016-06-24 10:29 ` Julien Grall
  1 sibling, 0 replies; 4+ messages in thread
From: Julien Grall @ 2016-06-24 10:29 UTC (permalink / raw)
  To: xen-devel; +Cc: sstabellini, Shannon Zhao

Hi,

Ping?

Cheers,

On 14/06/16 12:50, Julien Grall wrote:
> The helper iomem_access_permitted expects MFNs in parameters and not
> GNFs. Thankfully only the hardware domain can call this function and
> it will always be with GFNS == MFNs for now.
>
> Also, fix the printf to use the MFN range and not the GFN one.
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> Cc: Shannon Zhao <shannon.zhao@linaro.org>
>
> ---
>      This patch is a good candidate to backport to Xen 4.7. Without
>      it, the hardware domain can map any MMIO because the permission
>      check is done on the GPFNs and not the MNFs.
> ---
>   xen/arch/arm/p2m.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index 6a19c57..4c6547d 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d,
>   {
>       int res;
>
> -    if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) )
> +    if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) )
>           return 0;
>
>       res = map_mmio_regions(d, start_gfn, nr, mfn);
>       if ( res < 0 )
>       {
>           printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n",
> -               start_gfn, start_gfn + nr - 1, d->domain_id);
> +               mfn, mfn + nr - 1, d->domain_id);
>           return res;
>       }
>
>

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN
  2016-06-15  1:43 ` Shannon Zhao
@ 2016-07-11 17:41   ` Stefano Stabellini
  0 siblings, 0 replies; 4+ messages in thread
From: Stefano Stabellini @ 2016-07-11 17:41 UTC (permalink / raw)
  To: Shannon Zhao; +Cc: Julien Grall, sstabellini, wei.liu2, Shannon Zhao, xen-devel

On Wed, 15 Jun 2016, Shannon Zhao wrote:
> Hi Julien,
> 
> On 2016/6/14 19:50, Julien Grall wrote:
> > The helper iomem_access_permitted expects MFNs in parameters and not
> > GNFs. Thankfully only the hardware domain can call this function and
> > it will always be with GFNS == MFNs for now.
> > 
> > Also, fix the printf to use the MFN range and not the GFN one.
> > 
> > Signed-off-by: Julien Grall <julien.grall@arm.com>
> > Cc: Shannon Zhao <shannon.zhao@linaro.org>
> > 
> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>

Shannon, thanks for your help reviewing this.

Acked-by: Stefano Stabellini <sstabellini@kernel.org>

I'll commit.

> > ---
> >     This patch is a good candidate to backport to Xen 4.7. Without
> >     it, the hardware domain can map any MMIO because the permission
> >     check is done on the GPFNs and not the MNFs.
> > ---
> >  xen/arch/arm/p2m.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> > index 6a19c57..4c6547d 100644
> > --- a/xen/arch/arm/p2m.c
> > +++ b/xen/arch/arm/p2m.c
> > @@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d,
> >  {
> >      int res;
> >  
> > -    if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) )
> > +    if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) )
> >          return 0;
> >  
> >      res = map_mmio_regions(d, start_gfn, nr, mfn);
> >      if ( res < 0 )
> >      {
> >          printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n",
> > -               start_gfn, start_gfn + nr - 1, d->domain_id);
> > +               mfn, mfn + nr - 1, d->domain_id);
> >          return res;
> >      }
> >  
> > 
> 
> -- 
> Shannon
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-11 17:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-14 11:50 [PATCH] xen/arm: map_dev_mmio_region: The iomem permission check should be done on MFN Julien Grall
2016-06-15  1:43 ` Shannon Zhao
2016-07-11 17:41   ` Stefano Stabellini
2016-06-24 10:29 ` Julien Grall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).