From: Stefano Stabellini <sstabellini@kernel.org>
To: Julien Grall <Julien.Grall@arm.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
nd <nd@arm.com>, Stefano Stabellini <sstabellini@kernel.org>,
Andrii Anisov <Andrii_Anisov@epam.com>,
"Oleksandr_Tyshchenko@epam.com" <Oleksandr_Tyshchenko@epam.com>
Subject: Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
Date: Thu, 13 Jun 2019 15:55:15 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.21.1906131554570.2072@sstabellini-ThinkPad-T480s> (raw)
In-Reply-To: <7aaa0b13-9960-7204-dcd1-78e08964fc5b@arm.com>
On Thu, 13 Jun 2019, Julien Grall wrote:
> Hi Stefano,
>
> On 13/06/2019 19:51, Stefano Stabellini wrote:
> > On Thu, 13 Jun 2019, Julien Grall wrote:
> >> On 6/12/19 11:33 PM, Stefano Stabellini wrote:
> >>> On Tue, 14 May 2019, Julien Grall wrote:
> > I think the basic principle is that with BUG_ON is "easy" for a guest to
> > be able to trigger it, potentially causing a DOS. Without the BUG_ON,
> > the guest is unlikely to be able to trigger a crash. However, if all the
> > calls happen during boot in regards to operations that have nothing to
> > do with guests behavior, then it is fine.
>
> Sadly, we don't seem to have used that approach on Arm so far. We have
> quite a few BUG_ON() that could be triggered by the guest. For instance,
> we used it to confirm that we interpreted correctly the spec... (see
> GUEST_BUG_ON). The rationale was that a DOS is better than data leak.
>
> I have a series to try to reduce such BUG_ON.
Good!
> >
> > I checked all the call sites and I agree that in this case they are all
> > done during boot only. So in this case it is OK to have the
> > panic/BUG_ON.
>
> Can I consider this as an acked-by/reviewed-by?
Yes
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-06-13 22:56 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 12:31 [PATCH MM-PART3 v2 00/12] xen/arm: Provide a generic function to update Xen PT Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-05-14 12:31 ` [PATCH MM-PART3 v2 01/12] xen/arm: lpae: Add a macro to generate offsets from an address Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 18:21 ` Stefano Stabellini
2019-06-11 18:27 ` Julien Grall
2019-05-14 12:31 ` [PATCH MM-PART3 v2 02/12] xen/arm: mm: Rename create_xen_entries() to xen_pt_update() Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 18:23 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 03/12] xen/arm: mm: Move out of xen_pt_update() the logic to update an entry Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 18:29 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 04/12] xen/arm: mm: Only increment mfn when valid in xen_pt_update Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 18:37 ` Stefano Stabellini
2019-06-11 19:56 ` [Xen-devel] Checking INVALID_MFN in mfn_add (WAS: Re: [PATCH MM-PART3 v2 04/12] xen/arm: mm: Only increment mfn when valid in xen_pt_update) Julien Grall
2019-06-11 20:24 ` Andrew Cooper
2019-06-12 12:47 ` Julien Grall
2019-06-12 15:57 ` Stefano Stabellini
2019-06-12 7:53 ` Jan Beulich
2019-05-14 12:31 ` [PATCH MM-PART3 v2 05/12] xen/arm: mm: Introduce _PAGE_PRESENT and _PAGE_POPULATE Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 22:35 ` Stefano Stabellini
2019-06-12 13:00 ` Julien Grall
2019-05-14 12:31 ` [PATCH MM-PART3 v2 06/12] xen/arm: mm: Sanity check any update of Xen page tables Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 0:10 ` Stefano Stabellini
2019-06-12 14:48 ` Julien Grall
2019-06-12 15:54 ` Stefano Stabellini
2019-06-12 15:58 ` Julien Grall
2019-05-14 12:31 ` [PATCH MM-PART3 v2 07/12] xen/arm: mm: Rework xen_pt_update_entry to avoid use xenmap_operation Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 22:22 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 08/12] xen/arm: mm: Remove enum xenmap_operation Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-11 22:38 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 09/12] xen/arm: mm: Use {, un}map_domain_page() to map/unmap Xen page-tables Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 22:25 ` Stefano Stabellini
2019-06-13 8:07 ` Julien Grall
2019-06-13 17:55 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 10/12] xen/arm: mm: Rework Xen page-tables walk during update Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 22:52 ` Stefano Stabellini
2019-06-13 8:20 ` Julien Grall
2019-06-13 17:59 ` Stefano Stabellini
2019-06-13 21:32 ` Julien Grall
2019-06-13 22:57 ` Stefano Stabellini
2019-05-14 12:31 ` [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap() Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 22:33 ` Stefano Stabellini
2019-06-13 8:31 ` Julien Grall
2019-06-13 18:51 ` Stefano Stabellini
2019-06-13 21:21 ` Julien Grall
2019-06-13 22:55 ` Stefano Stabellini [this message]
2019-05-14 12:31 ` [PATCH MM-PART3 v2 12/12] xen/arm: mm: Remove set_pte_flags_on_range() Julien Grall
2019-05-14 12:31 ` [Xen-devel] " Julien Grall
2019-06-12 22:41 ` Stefano Stabellini
2019-06-13 8:51 ` Julien Grall
2019-06-13 18:04 ` Stefano Stabellini
2019-06-13 21:22 ` Julien Grall
2019-05-29 17:23 ` [PATCH MM-PART3 v2 00/12] xen/arm: Provide a generic function to update Xen PT Julien Grall
2019-05-29 17:23 ` [Xen-devel] " Julien Grall
2019-06-10 10:08 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1906131554570.2072@sstabellini-ThinkPad-T480s \
--to=sstabellini@kernel.org \
--cc=Andrii_Anisov@epam.com \
--cc=Julien.Grall@arm.com \
--cc=Oleksandr_Tyshchenko@epam.com \
--cc=nd@arm.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).