[PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[Jan Beulich]

[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]

Correct respective comments.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
owned pages at present. I've intentionally not added this to the text,
as I'm not sure we really mean to allow this. If we do, I think the
operation should also be allowed for MMIO pages not happening to have
an associated struct page_info.

--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
  * is useful to ensure that no mappings to the OS's own heap are accidentally
  * installed. (e.g., in Linux this could cause havoc as reference counts
  * aren't adjusted on the I/O-mapping code path).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
- * be specified by any calling domain.
+ * This only makes sense as HYPERVISOR_mmu_update()'s and
+ * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
+ * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
+ * otherwise it's only permitted if the caller is privileged.
  */
 #define DOMID_IO             xen_mk_uint(0x7FF1)
 
 /*
  * DOMID_XEN is used to allow privileged domains to map restricted parts of
  * Xen's heap space (e.g., the machine_to_phys table).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
- * the caller is privileged.
+ * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
+ * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
+ * only permitted if the caller is privileged.
  */
 #define DOMID_XEN            xen_mk_uint(0x7FF2)
 




[-- Attachment #2: public-no-MMUEXT_SET_FOREIGN.patch --]
[-- Type: text/plain, Size: 1762 bytes --]

public: there's no MMUEXT_SET_FOREIGNDOM

Correct respective comments.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
owned pages at present. I've intentionally not added this to the text,
as I'm not sure we really mean to allow this. If we do, I think the
operation should also be allowed for MMIO pages not happening to have
an associated struct page_info.

--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
  * is useful to ensure that no mappings to the OS's own heap are accidentally
  * installed. (e.g., in Linux this could cause havoc as reference counts
  * aren't adjusted on the I/O-mapping code path).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
- * be specified by any calling domain.
+ * This only makes sense as HYPERVISOR_mmu_update()'s and
+ * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
+ * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
+ * otherwise it's only permitted if the caller is privileged.
  */
 #define DOMID_IO             xen_mk_uint(0x7FF1)
 
 /*
  * DOMID_XEN is used to allow privileged domains to map restricted parts of
  * Xen's heap space (e.g., the machine_to_phys table).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
- * the caller is privileged.
+ * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
+ * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
+ * only permitted if the caller is privileged.
  */
 #define DOMID_XEN            xen_mk_uint(0x7FF2)
 

[-- Attachment #3: Type: text/plain, Size: 127 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[Andrew Cooper]

On 08/06/17 16:19, Jan Beulich wrote:
> Correct respective comments.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

> ---
> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
> owned pages at present. I've intentionally not added this to the text,
> as I'm not sure we really mean to allow this. If we do, I think the
> operation should also be allowed for MMIO pages not happening to have
> an associated struct page_info.

Nothing actually uses the clear/copy subops, as far as I can tell,
although they could actually be used for a minor performance
optimisation for HVM domain builder domains, to avoid HAP mutations. 
I'd agree with restricting them to RAM only.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[Jan Beulich]

>>> On 09.06.17 at 14:29, <andrew.cooper3@citrix.com> wrote:
> On 08/06/17 16:19, Jan Beulich wrote:
>> Correct respective comments.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
> 
>> ---
>> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
>> owned pages at present. I've intentionally not added this to the text,
>> as I'm not sure we really mean to allow this. If we do, I think the
>> operation should also be allowed for MMIO pages not happening to have
>> an associated struct page_info.
> 
> Nothing actually uses the clear/copy subops, as far as I can tell,

The 32-bit XenoLinux (at least our forward port) has been using
them for certain highmem accesses.

> although they could actually be used for a minor performance
> optimisation for HVM domain builder domains, to avoid HAP mutations. 
> I'd agree with restricting them to RAM only.

Okay.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[Julien Grall]

Hi Jan,

On 08/06/17 16:19, Jan Beulich wrote:
> Correct respective comments.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
> owned pages at present. I've intentionally not added this to the text,
> as I'm not sure we really mean to allow this. If we do, I think the
> operation should also be allowed for MMIO pages not happening to have
> an associated struct page_info.
>
> --- a/xen/include/public/xen.h
> +++ b/xen/include/public/xen.h
> @@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
>   * is useful to ensure that no mappings to the OS's own heap are accidentally
>   * installed. (e.g., in Linux this could cause havoc as reference counts
>   * aren't adjusted on the I/O-mapping code path).
> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
> - * be specified by any calling domain.
> + * This only makes sense as HYPERVISOR_mmu_update()'s and
> + * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
> + * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
> + * otherwise it's only permitted if the caller is privileged.
>   */
>  #define DOMID_IO             xen_mk_uint(0x7FF1)
>
>  /*
>   * DOMID_XEN is used to allow privileged domains to map restricted parts of
>   * Xen's heap space (e.g., the machine_to_phys table).
> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
> - * the caller is privileged.
> + * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
> + * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
> + * only permitted if the caller is privileged.

DOMID_XEN is used on ARM for mapping Xen buffer (e.g trace) using 
physmap hypercall with XENMAPSPACE_foreign_gmfn_foreign.


>   */
>  #define DOMID_XEN            xen_mk_uint(0x7FF2)

Cheers,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM

[Julien Grall]

On 09/06/17 14:20, Julien Grall wrote:
> Hi Jan,
>
> On 08/06/17 16:19, Jan Beulich wrote:
>> Correct respective comments.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> ---
>> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
>> owned pages at present. I've intentionally not added this to the text,
>> as I'm not sure we really mean to allow this. If we do, I think the
>> operation should also be allowed for MMIO pages not happening to have
>> an associated struct page_info.
>>
>> --- a/xen/include/public/xen.h
>> +++ b/xen/include/public/xen.h
>> @@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
>>   * is useful to ensure that no mappings to the OS's own heap are
>> accidentally
>>   * installed. (e.g., in Linux this could cause havoc as reference counts
>>   * aren't adjusted on the I/O-mapping code path).
>> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that
>> context can
>> - * be specified by any calling domain.
>> + * This only makes sense as HYPERVISOR_mmu_update()'s and
>> + * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom"
>> argument. For
>> + * HYPERVISOR_mmu_update() context it can be specified by any calling
>> domain,
>> + * otherwise it's only permitted if the caller is privileged.
>>   */
>>  #define DOMID_IO             xen_mk_uint(0x7FF1)
>>
>>  /*
>>   * DOMID_XEN is used to allow privileged domains to map restricted
>> parts of
>>   * Xen's heap space (e.g., the machine_to_phys table).
>> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only
>> permitted if
>> - * the caller is privileged.
>> + * This only makes sense as HYPERVISOR_mmu_update()'s,
>> HYPERVISOR_mmuext_op()'s,
>> + * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom"
>> argument, and is
>> + * only permitted if the caller is privileged.
>
> DOMID_XEN is used on ARM for mapping Xen buffer (e.g trace) using

s/is/will be/ as the series has not yet been merged (see [1]). But to 
clarify, xentrace is currently call xc_map_foreign_pages which will 
turned into a physmap hypercall for ARM and x86 HVM guests.

> physmap hypercall with XENMAPSPACE_foreign_gmfn_foreign.

Cheers,

[1] https://patchwork.kernel.org/patch/8604811/

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel