lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <291EDFCB1E9E224A99088639C4762022B5988E5529@LONPMAILBOX01.citrite.net>
Date:	Thu, 8 Dec 2011 09:51:25 +0000
From:	Paul Durrant <Paul.Durrant@...rix.com>
To:	"annie.li@...cle.com" <annie.li@...cle.com>,
	"xen-devel@...ts.xensource.com" <xen-devel@...ts.xensource.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"konrad.wilk@...cle.com" <konrad.wilk@...cle.com>,
	"jeremy@...p.org" <jeremy@...p.org>,
	Ian Campbell <Ian.Campbell@...rix.com>
CC:	"kurt.hackel@...cle.com" <kurt.hackel@...cle.com>
Subject: RE: [PATCH V2 2/2] xen/granttable: Support transitive grants

> -----Original Message-----
> From: annie.li@...cle.com [mailto:annie.li@...cle.com]
> Sent: 08 December 2011 09:38
> To: xen-devel@...ts.xensource.com; linux-kernel@...r.kernel.org;
> konrad.wilk@...cle.com; jeremy@...p.org; Paul Durrant; Ian Campbell
> Cc: kurt.hackel@...cle.com; annie.li@...cle.com
> Subject: [PATCH V2 2/2] xen/granttable: Support transitive grants
> 
> These allow a domain A which has been granted access on a page of
> domain B's memory to issue domain C with a copy-grant on the same
> page.  This is useful e.g. for forwarding packets between domains.
> 
> Signed-off-by: Annie Li <annie.li@...cle.com>
> ---
>  drivers/xen/grant-table.c |   73
> +++++++++++++++++++++++++++++++++++++++++++++
>  include/xen/grant_table.h |   12 +++++++
>  2 files changed, 85 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
> index 4a10e3f..db3e7c0 100644
> --- a/drivers/xen/grant-table.c
> +++ b/drivers/xen/grant-table.c
> @@ -130,6 +130,18 @@ struct gnttab_ops {
>  	 */
>  	void (*update_subpage_entry)(grant_ref_t, domid_t, unsigned
> long, int,
>  				     unsigned, unsigned);
> +	/*
> +	 * Redirect an available grant entry on domain A to another
> grant
> +	 * reference of domain B, then allow domain C to use grant
> reference
> +	 * of domain B transitively. First parameter is an available
> grant entry
> +	 * reference on domain A, second one is id of domain C which
> accesses
> +	 * grant entry transitively, third one is grant type and flag
> +	 * information, forth one is id of domain B whose grant entry
> is finally
> +	 * accessed transitively, last one is grant entry transitive
> reference
> +	 * of domain B.
> +	 */
> +	void (*update_trans_entry)(grant_ref_t, domid_t, int,
> domid_t,
> +				   grant_ref_t);
>  };
> 
>  static struct gnttab_ops *gnttab_interface; @@ -334,6 +346,66 @@
> bool gnttab_subpage_grants_available(void)
>  }
>  EXPORT_SYMBOL_GPL(gnttab_subpage_grants_available);
> 
> +void gnttab_update_trans_entry_v2(grant_ref_t ref, domid_t domid,
> +				  int flags, domid_t trans_domid,
> +				  grant_ref_t trans_gref)
> +{
> +	gnttab_shared.v2[ref].transitive.trans_domid = trans_domid;
> +	gnttab_shared.v2[ref].transitive.gref = trans_gref;
> +	gnttab_shared.v2[ref].hdr.domid = domid;
> +	wmb();
> +	gnttab_shared.v2[ref].hdr.flags =
> +				GTF_permit_access | GTF_transitive |
> flags; }
> +
> +int gnttab_grant_foreign_access_trans_ref(grant_ref_t ref, domid_t
> domid,
> +					  int flags, domid_t trans_domid,
> +					  grant_ref_t trans_gref)
> +{
> +	if (flags & (GTF_accept_transfer | GTF_reading |
> +		     GTF_writing | GTF_sub_page))
> +		return -EPERM;
> +
> +	if (gnttab_interface->update_trans_entry == NULL)
> +		return -ENOSYS;
> +
> +	gnttab_interface->update_trans_entry(ref, domid, flags,
> trans_domid,
> +					     trans_gref);
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_trans_ref);
> +
> +int gnttab_grant_foreign_access_trans(domid_t domid, int flags,
> +				      domid_t trans_domid,
> +				      grant_ref_t trans_gref)
> +{
> +	int ref;
> +
> +	if (flags & (GTF_accept_transfer | GTF_reading |
> +		     GTF_writing | GTF_sub_page))
> +		return -EPERM;
> +
> +	if (gnttab_interface->update_trans_entry == NULL)
> +		return -ENOSYS;
> +
> +	ref = get_free_entries(1);
> +	if (unlikely(ref < 0))
> +		return -ENOSPC;
> +
> +	gnttab_interface->update_trans_entry(ref, domid, flags,
> trans_domid,
> +					     trans_gref);
> +
> +	return ref;
> +}
> +EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_trans);
> +

I have the same opinion here as with the other patch. The non-ref variant should allocate and then call the ref variant.

> +bool gnttab_trans_grants_available(void)
> +{
> +	return gnttab_interface->update_trans_entry != NULL; }
> +EXPORT_SYMBOL_GPL(gnttab_trans_grants_available);
> +
>  static int gnttab_query_foreign_access_v1(grant_ref_t ref)  {
>  	return gnttab_shared.v1[ref].flags &
> (GTF_reading|GTF_writing); @@ -887,6 +959,7 @@ static struct
> gnttab_ops gnttab_v2_ops = {
>  	.end_foreign_transfer_ref	=
> gnttab_end_foreign_transfer_ref_v2,
>  	.query_foreign_access		=
> gnttab_query_foreign_access_v2,
>  	.update_subpage_entry		=
> gnttab_update_subpage_entry_v2,
> +	.update_trans_entry		= gnttab_update_trans_entry_v2,
>  };
> 
>  static void gnttab_request_version(void) diff --git
> a/include/xen/grant_table.h b/include/xen/grant_table.h index
> 2b492b9..f1e17b7 100644
> --- a/include/xen/grant_table.h
> +++ b/include/xen/grant_table.h
> @@ -65,6 +65,9 @@ int gnttab_grant_foreign_access(domid_t domid,
> unsigned long frame,  int
> gnttab_grant_foreign_access_subpage(domid_t domid, unsigned long
> frame,
>  					int flags, unsigned page_off,
>  					unsigned length);
> +int gnttab_grant_foreign_access_trans(domid_t domid, int flags,
> +				      domid_t trans_domid,
> +				      grant_ref_t trans_gref);
> 
>  /*
>   * Are sub-page grants available on this version of Xen?  Returns
> true if they @@ -73,6 +76,12 @@ int
> gnttab_grant_foreign_access_subpage(domid_t domid, unsigned long
> frame,  bool gnttab_subpage_grants_available(void);
> 
>  /*
> + * Are transitive grants available on this version of Xen?  Returns
> +true if they
> + * are, and false if they're not.
> + */
> +bool gnttab_trans_grants_available(void);
> +
> +/*
>   * End access through the given grant reference, iff the grant
> entry is no
>   * longer in use.  Return 1 if the grant entry was freed, 0 if it
> is still in
>   * use.
> @@ -121,6 +130,9 @@ int
> gnttab_grant_foreign_access_subpage_ref(grant_ref_t ref, domid_t
> domid,
>  					    unsigned long frame, int
> flags,
>  					    unsigned page_off,
>  					    unsigned length);
> +int gnttab_grant_foreign_access_trans_ref(grant_ref_t ref, domid_t
> domid,
> +					  int flags, domid_t trans_domid,
> +					  grant_ref_t trans_gref);
> 
>  void gnttab_grant_foreign_transfer_ref(grant_ref_t, domid_t domid,
>  				       unsigned long pfn);
> --
> 1.7.6.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ