On 27.03.2025 10:00, Roger Pau Monné wrote: > On Tue, Mar 25, 2025 at 08:17:04AM +0100, Jan Beulich wrote: >> Handling of both grants and foreign pages was different between the two >> paths. >> >> While permitting access to grants would be desirable, doing so would >> require more involved handling; undo that for the time being. In >> particular the page reference obtained would prevent the owning domain >> from changing e.g. the page's type (after the grantee has released the >> last reference of the grant). Instead perhaps another reference on the >> grant would need obtaining. Which in turn would require determining >> which grant that was. >> >> Foreign pages in any event need permitting on both paths. > > I've been wondering about this, and AFAICT the PV equivalent of this > function (the tail of get_page_from_gfn()) is much more limited in > that it just allows access to domain owned RAM or MMIO that has a > backing page (I expect mostly for the low 1MB?). > > However for HVM domains we allow to take references to foreign mapped > pages and taking references to MMIO pages is not permitted. > > Should the tail of get_page_from_gfn() also be adjusted to make use of > the newly introduced get_page_from_mfn_and_type(), thus unifying the > logic for both PV and HVM?
There's no (proper) use of P2M types in PV, so I don't think using this function is viable for PV. In particular we'd never observe p2m_foreign in PV, if I'm not mistaken. > Could possibly be done in a separate change, I'm just trying to > understand why we have this seemingly different handling for PV vs > HVM. The difference is because access to foreign pages was hacked in to work for PVH in a much different (and imo yet more hacky) way than it was made work far longer ago for PV. The crucial part of that is in get_page_from_l1e(), so get_page_from_gfn() isn't that relevant there (I think). Jan
