* [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
@ 2017-06-08 15:19 Jan Beulich
2017-06-09 12:29 ` Andrew Cooper
2017-06-09 13:20 ` Julien Grall
0 siblings, 2 replies; 5+ messages in thread
From: Jan Beulich @ 2017-06-08 15:19 UTC (permalink / raw)
To: xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan, Julien Grall
[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]
Correct respective comments.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
owned pages at present. I've intentionally not added this to the text,
as I'm not sure we really mean to allow this. If we do, I think the
operation should also be allowed for MMIO pages not happening to have
an associated struct page_info.
--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
* is useful to ensure that no mappings to the OS's own heap are accidentally
* installed. (e.g., in Linux this could cause havoc as reference counts
* aren't adjusted on the I/O-mapping code path).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
- * be specified by any calling domain.
+ * This only makes sense as HYPERVISOR_mmu_update()'s and
+ * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
+ * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
+ * otherwise it's only permitted if the caller is privileged.
*/
#define DOMID_IO xen_mk_uint(0x7FF1)
/*
* DOMID_XEN is used to allow privileged domains to map restricted parts of
* Xen's heap space (e.g., the machine_to_phys table).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
- * the caller is privileged.
+ * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
+ * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
+ * only permitted if the caller is privileged.
*/
#define DOMID_XEN xen_mk_uint(0x7FF2)
[-- Attachment #2: public-no-MMUEXT_SET_FOREIGN.patch --]
[-- Type: text/plain, Size: 1762 bytes --]
public: there's no MMUEXT_SET_FOREIGNDOM
Correct respective comments.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
owned pages at present. I've intentionally not added this to the text,
as I'm not sure we really mean to allow this. If we do, I think the
operation should also be allowed for MMIO pages not happening to have
an associated struct page_info.
--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
* is useful to ensure that no mappings to the OS's own heap are accidentally
* installed. (e.g., in Linux this could cause havoc as reference counts
* aren't adjusted on the I/O-mapping code path).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
- * be specified by any calling domain.
+ * This only makes sense as HYPERVISOR_mmu_update()'s and
+ * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
+ * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
+ * otherwise it's only permitted if the caller is privileged.
*/
#define DOMID_IO xen_mk_uint(0x7FF1)
/*
* DOMID_XEN is used to allow privileged domains to map restricted parts of
* Xen's heap space (e.g., the machine_to_phys table).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
- * the caller is privileged.
+ * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
+ * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
+ * only permitted if the caller is privileged.
*/
#define DOMID_XEN xen_mk_uint(0x7FF2)
[-- Attachment #3: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
2017-06-08 15:19 [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM Jan Beulich
@ 2017-06-09 12:29 ` Andrew Cooper
2017-06-09 12:50 ` Jan Beulich
2017-06-09 13:20 ` Julien Grall
1 sibling, 1 reply; 5+ messages in thread
From: Andrew Cooper @ 2017-06-09 12:29 UTC (permalink / raw)
To: Jan Beulich, xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Tim Deegan,
Ian Jackson, Julien Grall
On 08/06/17 16:19, Jan Beulich wrote:
> Correct respective comments.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
> owned pages at present. I've intentionally not added this to the text,
> as I'm not sure we really mean to allow this. If we do, I think the
> operation should also be allowed for MMIO pages not happening to have
> an associated struct page_info.
Nothing actually uses the clear/copy subops, as far as I can tell,
although they could actually be used for a minor performance
optimisation for HVM domain builder domains, to avoid HAP mutations.
I'd agree with restricting them to RAM only.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
2017-06-09 12:29 ` Andrew Cooper
@ 2017-06-09 12:50 ` Jan Beulich
0 siblings, 0 replies; 5+ messages in thread
From: Jan Beulich @ 2017-06-09 12:50 UTC (permalink / raw)
To: Andrew Cooper
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Tim Deegan,
IanJackson, Julien Grall, xen-devel
>>> On 09.06.17 at 14:29, <andrew.cooper3@citrix.com> wrote:
> On 08/06/17 16:19, Jan Beulich wrote:
>> Correct respective comments.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
>> ---
>> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
>> owned pages at present. I've intentionally not added this to the text,
>> as I'm not sure we really mean to allow this. If we do, I think the
>> operation should also be allowed for MMIO pages not happening to have
>> an associated struct page_info.
>
> Nothing actually uses the clear/copy subops, as far as I can tell,
The 32-bit XenoLinux (at least our forward port) has been using
them for certain highmem accesses.
> although they could actually be used for a minor performance
> optimisation for HVM domain builder domains, to avoid HAP mutations.
> I'd agree with restricting them to RAM only.
Okay.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
2017-06-08 15:19 [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM Jan Beulich
2017-06-09 12:29 ` Andrew Cooper
@ 2017-06-09 13:20 ` Julien Grall
2017-06-09 13:24 ` Julien Grall
1 sibling, 1 reply; 5+ messages in thread
From: Julien Grall @ 2017-06-09 13:20 UTC (permalink / raw)
To: Jan Beulich, xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan
Hi Jan,
On 08/06/17 16:19, Jan Beulich wrote:
> Correct respective comments.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
> owned pages at present. I've intentionally not added this to the text,
> as I'm not sure we really mean to allow this. If we do, I think the
> operation should also be allowed for MMIO pages not happening to have
> an associated struct page_info.
>
> --- a/xen/include/public/xen.h
> +++ b/xen/include/public/xen.h
> @@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
> * is useful to ensure that no mappings to the OS's own heap are accidentally
> * installed. (e.g., in Linux this could cause havoc as reference counts
> * aren't adjusted on the I/O-mapping code path).
> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can
> - * be specified by any calling domain.
> + * This only makes sense as HYPERVISOR_mmu_update()'s and
> + * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. For
> + * HYPERVISOR_mmu_update() context it can be specified by any calling domain,
> + * otherwise it's only permitted if the caller is privileged.
> */
> #define DOMID_IO xen_mk_uint(0x7FF1)
>
> /*
> * DOMID_XEN is used to allow privileged domains to map restricted parts of
> * Xen's heap space (e.g., the machine_to_phys table).
> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if
> - * the caller is privileged.
> + * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_op()'s,
> + * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, and is
> + * only permitted if the caller is privileged.
DOMID_XEN is used on ARM for mapping Xen buffer (e.g trace) using
physmap hypercall with XENMAPSPACE_foreign_gmfn_foreign.
> */
> #define DOMID_XEN xen_mk_uint(0x7FF2)
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
2017-06-09 13:20 ` Julien Grall
@ 2017-06-09 13:24 ` Julien Grall
0 siblings, 0 replies; 5+ messages in thread
From: Julien Grall @ 2017-06-09 13:24 UTC (permalink / raw)
To: Jan Beulich, xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan
On 09/06/17 14:20, Julien Grall wrote:
> Hi Jan,
>
> On 08/06/17 16:19, Jan Beulich wrote:
>> Correct respective comments.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> ---
>> MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
>> owned pages at present. I've intentionally not added this to the text,
>> as I'm not sure we really mean to allow this. If we do, I think the
>> operation should also be allowed for MMIO pages not happening to have
>> an associated struct page_info.
>>
>> --- a/xen/include/public/xen.h
>> +++ b/xen/include/public/xen.h
>> @@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
>> * is useful to ensure that no mappings to the OS's own heap are
>> accidentally
>> * installed. (e.g., in Linux this could cause havoc as reference counts
>> * aren't adjusted on the I/O-mapping code path).
>> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that
>> context can
>> - * be specified by any calling domain.
>> + * This only makes sense as HYPERVISOR_mmu_update()'s and
>> + * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom"
>> argument. For
>> + * HYPERVISOR_mmu_update() context it can be specified by any calling
>> domain,
>> + * otherwise it's only permitted if the caller is privileged.
>> */
>> #define DOMID_IO xen_mk_uint(0x7FF1)
>>
>> /*
>> * DOMID_XEN is used to allow privileged domains to map restricted
>> parts of
>> * Xen's heap space (e.g., the machine_to_phys table).
>> - * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only
>> permitted if
>> - * the caller is privileged.
>> + * This only makes sense as HYPERVISOR_mmu_update()'s,
>> HYPERVISOR_mmuext_op()'s,
>> + * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom"
>> argument, and is
>> + * only permitted if the caller is privileged.
>
> DOMID_XEN is used on ARM for mapping Xen buffer (e.g trace) using
s/is/will be/ as the series has not yet been merged (see [1]). But to
clarify, xentrace is currently call xc_map_foreign_pages which will
turned into a physmap hypercall for ARM and x86 HVM guests.
> physmap hypercall with XENMAPSPACE_foreign_gmfn_foreign.
Cheers,
[1] https://patchwork.kernel.org/patch/8604811/
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-06-09 13:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-08 15:19 [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM Jan Beulich
2017-06-09 12:29 ` Andrew Cooper
2017-06-09 12:50 ` Jan Beulich
2017-06-09 13:20 ` Julien Grall
2017-06-09 13:24 ` Julien Grall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).