WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] Make get_page_from_l1e refcount correctly onfor

To: Tim Deegan <Tim.Deegan@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Make get_page_from_l1e refcount correctly onforeign pagetables.
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Thu, 14 May 2009 10:57:46 +0100
Cc: Yunhong Jiang <yunhong.jiang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 14 May 2009 02:58:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20090514082238.GI12377@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcnUbTLqQDQENtenT9K/ZSOZGFCvUAADTt4a
Thread-topic: [Xen-devel] [PATCH] Make get_page_from_l1e refcount correctly onforeign pagetables.
User-agent: Microsoft-Entourage/12.17.0.090302
On 14/05/2009 09:22, "Tim Deegan" <Tim.Deegan@xxxxxxxxxx> wrote:

>> I have to admit that the change to mod_l1_entry() look suspicious to me -
>> as I understand it, the third parameter of get_page_from_l1e_for() represents
>> the target domain, and that's what FOREIGNDOM is to be used for.
> 
> Possibly.  IIUC get_page_from_l1e_for()'s first domain argument is the
> domain whose rights we are testing; so e.g. dom0 mapping domU memory
> uses FOREIGNDOM there to say "this should be domU's page".  The second
> argument (whose pagetables are these) has always implicitly been "mine",
> i.e. current->domain.  Again correct when dom0 maps domU's page.
> 
> In the case we're trying to fix, although current->domain is dom0 (who
> is making a shadow control hypercall) the pagetables belong to domU.

Yes, there can be three domains involved: the one making the hypercall, the
one who owns the PTE, and the one who owns the page being mapped into the
PTE. I think some of the confusion around get_page_from_l1e() is that the
domain argument is the page-owner not the PTE-owner. It would make sense for
it to be the latter, and then as far as possible do the
is-the-page-owner-valid checks hidden inside get_page_from_l1e(). The only
fly in the ointment there is that FOREIGNDOM should only be permitted from
mod_l1_entry(). Possibly that should be the only caller that directly
accesses a more complex interface to get_page_from_l1e() (where the extra
argument would be the page-owner, not the PTE-owner!).

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel