From nobody Thu Apr 18 04:26:47 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1572550186; cv=none; d=zoho.com; s=zohoarc; b=bGElQD50cAfPBZdS1BYeLdbfTLXQE+7WTyehcD7bDmLeek92qxUrUzfLkO0TP9Puegn6G1tVkUS7CrcGzGEz0bwo73Byotws8v6omVZTE4EU7jyAoaAghzu4IAAmMpGGJnKnQqQCiubMA95PbBYG2STWAxlc9O4U6hTUuWbWrr4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572550186; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=pFQ1Eqtl8NMnTgW5PA+TQZZArBduSU8oyE+H5DNLSlg=; b=HdLhfE5aZ2Dx5HI74POPPPwnv5vrt8F9aOUy3sK1jwqCaEfv9DMNIvs7+Wu1HtL0sdn1dHI4pivUW9bWyC2S10hV3MAhIBYlkVH/iKc+I626N0inV7udDFtVkZ8HAMv8FJkDoA7i6nuF6zyP2z+1oKIxUBgIZLt5uv1IZct1/2g= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1572550186765665.579317859765; Thu, 31 Oct 2019 12:29:46 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iQG7H-000605-MH; Thu, 31 Oct 2019 19:28:19 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iQG7G-000600-N2 for xen-devel@lists.xenproject.org; Thu, 31 Oct 2019 19:28:18 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 911f12b4-fc14-11e9-9550-12813bfff9fa; Thu, 31 Oct 2019 19:28:08 +0000 (UTC) X-Inumbo-ID: 911f12b4-fc14-11e9-9550-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1572550089; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=g7AL6eaa4+jwIYMqoXC1EMij+wWjdqQoaGZru9DUOqo=; b=AFJYCdAMP55w5m7XmU/bJ159VFirXcoLDH057ZU3gAmjvZvWj2DO4Lq6 HM0x3/aWzH3hmTI+cH0ERQVa7/huv+0Ic/dniE+J9LotWxbxMro/OwQAb 0AzdpwBssueXdNj4xQvYkLQPHjZm3jg1HyGLDvyxoQelb57KlLbOry9qf M=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: YAaaMEdRtQilREK4w659nIFM2hUrpDl4Il2Moi7uT3X1PRdceCun6Mi8XN9qW4krx0xLY4YGiy ohELXaInWKD/rDJQWDJp4qoG5OmBHIVvsualvWyAyLfA2xFywvVWe7vQFbH4Tc7BInvdOH+vG2 DGdMyWtHSolrrVaVOH0ILN7D0T67YZFk46SdAlpKpI6EHH4e5w4lQCCkM6/zly4y8gRhPDLuTg ICq4KM1FWUaqcMF20iePMqi25l2cL5+hz1mRWhi/IfFA/N59Rq9rOUOHfZvm9NWjxfalRQMcB0 Gno= X-SBRS: 2.7 X-MesageID: 7801668 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.68,252,1569297600"; d="scan'208";a="7801668" From: Andrew Cooper To: Xen-devel Date: Thu, 31 Oct 2019 19:28:04 +0000 Message-ID: <20191031192804.19928-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] xen/vcpu: Sanitise VCPUOP_initialise call hierachy X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Julien Grall , Wei Liu , Andrew Cooper , Jan Beulich , Volodymyr Babchuk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) This code is especially tangled. VCPUOP_initialise calls into arch_initialise_vcpu() which calls back into default_initialise_vcpu() which is common code. This path is actually dead code on ARM, because VCPUOP_initialise is filter= ed out by do_arm_vcpu_op(). The only valid way to start a secondary CPU on ARM is via the PSCI interfac= e. The same could in principle be said about INIT-SIPI-SIPI for x86 HVM, if HVM guests hadn't already interited a paravirt way of starting CPUs. Either way, it is quite likely that no future architectures implemented in = Xen are going to want to use a PV interface, as some standardised (v)CPU bringup mechanism will already exist. Arrange the code in do_vcpu_op() to allow arch_initialise_vcpu() to be optional. Opt in for x86, and opt out for ARM. Deleting ARM's arch_initialise_vcpu() allows for default_initialise_vcpu() = to be folded into its (now) sole x86 caller, which reduces the compiled code volume in all builds. No functional change. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Stefano Stabellini CC: Julien Grall CC: Volodymyr Babchuk CC: Juergen Gross This is XSA-296 followup, hence why it is only posted now. Seeing as we are fairly early in 4.13, I'd request that it be considered, but it won't be the end of the world if it gets delayed for 4.14. --- xen/arch/arm/domain.c | 5 ----- xen/arch/x86/domain.c | 22 ++++++++++++++++++++-- xen/common/domain.c | 26 ++------------------------ xen/include/asm-x86/domain.h | 3 +++ xen/include/xen/domain.h | 3 --- 5 files changed, 25 insertions(+), 34 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 5380fbb081..ea0ebf282f 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -913,11 +913,6 @@ int arch_set_info_guest( return 0; } =20 -int arch_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) -{ - return default_initialise_vcpu(v, arg); -} - int arch_vcpu_reset(struct vcpu *v) { vcpu_end_shutdown_deferral(v); diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index f1dd86e12e..cfc1b851b9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1235,11 +1235,11 @@ int arch_set_info_guest( =20 int arch_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) { + struct domain *d =3D v->domain; int rc; =20 if ( is_hvm_vcpu(v) ) { - struct domain *d =3D v->domain; struct vcpu_hvm_context ctxt; =20 if ( copy_from_guest(&ctxt, arg, 1) ) @@ -1250,7 +1250,25 @@ int arch_initialise_vcpu(struct vcpu *v, XEN_GUEST_H= ANDLE_PARAM(void) arg) domain_unlock(d); } else - rc =3D default_initialise_vcpu(v, arg); + { + struct vcpu_guest_context *ctxt =3D alloc_vcpu_guest_context(); + + if ( !ctxt ) + return -ENOMEM; + + if ( copy_from_guest(ctxt, arg, 1) ) + { + rc =3D -EFAULT; + goto free_context; + } + + domain_lock(d); + rc =3D v->is_initialised ? -EEXIST : arch_set_info_guest(v, ctxt); + domain_unlock(d); + + free_context: + free_vcpu_guest_context(ctxt); + } =20 return rc; } diff --git a/xen/common/domain.c b/xen/common/domain.c index 611116c7fc..9659560514 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1382,30 +1382,6 @@ void unmap_vcpu_info(struct vcpu *v) put_page_and_type(mfn_to_page(mfn)); } =20 -int default_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) a= rg) -{ - struct vcpu_guest_context *ctxt; - struct domain *d =3D v->domain; - int rc; - - if ( (ctxt =3D alloc_vcpu_guest_context()) =3D=3D NULL ) - return -ENOMEM; - - if ( copy_from_guest(ctxt, arg, 1) ) - { - free_vcpu_guest_context(ctxt); - return -EFAULT; - } - - domain_lock(d); - rc =3D v->is_initialised ? -EEXIST : arch_set_info_guest(v, ctxt); - domain_unlock(d); - - free_vcpu_guest_context(ctxt); - - return rc; -} - long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void)= arg) { struct domain *d =3D current->domain; @@ -1417,6 +1393,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUE= ST_HANDLE_PARAM(void) arg) =20 switch ( cmd ) { +#ifdef arch_initialise_vcpu case VCPUOP_initialise: if ( v->vcpu_info =3D=3D &dummy_vcpu_info ) return -EINVAL; @@ -1427,6 +1404,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUE= ST_HANDLE_PARAM(void) arg) cmd, vcpuid, arg); =20 break; +#endif /* arch_initialise_vcpu */ =20 case VCPUOP_up: #ifdef CONFIG_X86 diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 212303f371..52d9659647 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -650,6 +650,9 @@ void arch_vcpu_regs_init(struct vcpu *v); struct vcpu_hvm_context; int arch_set_info_hvm_guest(struct vcpu *v, const struct vcpu_hvm_context = *ctx); =20 +#define arch_initialise_vcpu arch_initialise_vcpu +int arch_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); + #ifdef CONFIG_PV void pv_inject_event(const struct x86_event *event); #else diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 769302057b..807a790648 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -78,9 +78,6 @@ void arch_p2m_set_access_required(struct domain *d, bool = access_required); int arch_set_info_guest(struct vcpu *, vcpu_guest_context_u); void arch_get_info_guest(struct vcpu *, vcpu_guest_context_u); =20 -int arch_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -int default_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) a= rg); - int domain_relinquish_resources(struct domain *d); =20 void dump_pageframe_info(struct domain *d); --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel