> -----Original Message-----
> From: Wei Liu [mailto:wei.l...@citrix.com]
> Sent: 07 September 2017 12:02
> To: Paul Durrant <paul.durr...@citrix.com>
> Cc: xen-de...@lists.xenproject.org; Andrew Cooper
> <andrew.coop...@citrix.com>; Jan Beulich <jbeul...@suse.com>; Wei Liu
> <wei.l...@citrix.com>
> Subject: Re: [Xen-devel] [PATCH v4 01/12] x86/mm: allow a privileged PV
> domain to map guest mfns
>
> On Tue, Sep 05, 2017 at 12:37:05PM +0100, Paul Durrant wrote:
> > In the case where a PV domain is mapping guest resources then it needs
> make
> > the HYPERVISOR_mmu_update call using DOMID_SELF, rather than the
> guest
> > domid, so that the passed in gmfn values are correctly treated as mfns
> > rather than gfns present in the guest p2m.
> >
> > This patch removes a check which currently disallows mapping of a page
> when
> > the owner of the page tables matches the domain passed to
> > HYPERVISOR_mmu_update, but that domain is not the real owner of the
> page.
> > The check was introduced by patch d3c6a215ca9 ("x86: Clean up
> > get_page_from_l1e() to correctly distinguish between owner-of-pte and
> > owner-of-data-page in all cases") but it's not clear why it was needed.
> >
> > Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
> > ---
> > Cc: Jan Beulich <jbeul...@suse.com>
> > Cc: Andrew Cooper <andrew.coop...@citrix.com>
> > ---
> > xen/arch/x86/mm.c | 13 ++++++++-----
> > 1 file changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
> > index c94f1e5406..bd8aeac59e 100644
> > --- a/xen/arch/x86/mm.c
> > +++ b/xen/arch/x86/mm.c
> > @@ -1024,12 +1024,15 @@ get_page_from_l1e(
> > (real_pg_owner != dom_cow) ) )
> > {
> > /*
> > - * Let privileged domains transfer the right to map their target
> > - * domain's pages. This is used to allow stub-domain pvfb export to
> > - * dom0, until pvfb supports granted mappings. At that time this
> > - * minor hack can go away.
> > + * If the real page owner is not the domain specified in the
> > + * hypercall then establish that the specified domain has
> > + * mapping privilege over the page owner.
> > + * This is used to allow stub-domain pvfb export to dom0. It is
> > + * also used to allow a privileged PV domain to map mfns using
> > + * DOMID_SELF, which is needed for mapping guest resources such
> > + * grant table frames.
> > */
> > - if ( (real_pg_owner == NULL) || (pg_owner == l1e_owner) ||
> > + if ( (real_pg_owner == NULL) ||
>
> I still can't quite figure out if it is safe to remove the check.
>
> Looking at the rest of the series, you already have the foreign domid to
> hand when you call the get_resource hypercall. What is wrong with using
> that directly? Why do you need DOMID_SELF in the first place?
Because the page is not in the foreign domain's p2m... that's kind of the
entire point of the resource mapping API!
Paul
>
> > xsm_priv_mapping(XSM_TARGET, pg_owner, real_pg_owner) )
> > {
> > gdprintk(XENLOG_WARNING,
> > --
> > 2.11.0
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org
> > https://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
