When commit
3f8f1228 "x86/mm: add HYPERVISOR_memory_op to acquire guest
resources" introduced the concept of directly mapping some guest resources,
it was envisaged that the memory for some resources associated with a guest
may not actually be assigned to that guest, specifically the IOREQ server
resource introduces in commit
6e387461 "x86/hvm/ioreq: add a new mappable
resource type...". Such resources were dubbed "caller owned" and resulted
in the owned resources" and acquiring them resulted in the
XENMEM_rsrc_acq_caller_owned flag being passed back to the caller of the
memory op.
Unfortunately the implementation led to XSA-276, which was mitigated
by commit
f6b6ae78 "x86/hvm/ioreq: fix page referencing" and then a related
memory accounting problem was worked around by commit
e862e6ce
"x86/hvm/ioreq: use ref-counted target-assigned shared pages". This latter
commit removed the only instance of a "caller owned" resource, but the
flag was left in header and checked in one place in the core code.
This patch removes that now redundant check and removes the definition of
XENMEM_rsrc_acq_caller_owned from the public header. Also, since this was
the only flag defined for the XENMEM_acquire_resource memory op, it removes
the 'flags' field of struct xen_mem_acquire_resource and replaces it with
an equivalently sized 'pad' field.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
int arch_acquire_resource(struct domain *d, unsigned int type,
unsigned int id, unsigned long frame,
- unsigned int nr_frames, xen_pfn_t mfn_list[],
- unsigned int *flags)
+ unsigned int nr_frames, xen_pfn_t mfn_list[])
{
int rc;
compat_frame_list,
cmp.mar.nr_frames) )
return -EFAULT;
-
- if ( __copy_field_to_guest(
- guest_handle_cast(compat,
- compat_mem_acquire_resource_t),
- &cmp.mar, flags) )
- return -EFAULT;
}
break;
if ( copy_from_guest(&xmar, arg, 1) )
return -EFAULT;
- if ( xmar.flags != 0 )
+ if ( xmar.pad != 0 )
return -EINVAL;
if ( guest_handle_is_null(xmar.frame_list) )
default:
rc = arch_acquire_resource(d, xmar.type, xmar.id, xmar.frame,
- xmar.nr_frames, mfn_list, &xmar.flags);
+ xmar.nr_frames, mfn_list);
break;
}
/*
* FIXME: Until foreign pages inserted into the P2M are properly
* reference counted, it is unsafe to allow mapping of
- * non-caller-owned resource pages unless the caller is
- * the hardware domain.
+ * resource pages unless the caller is the hardware domain.
*/
- if ( !(xmar.flags & XENMEM_rsrc_acq_caller_owned) &&
- !is_hardware_domain(currd) )
+ if ( !is_hardware_domain(currd) )
return -EACCES;
if ( copy_from_guest(gfn_list, xmar.frame_list, xmar.nr_frames) )
}
}
- if ( xmar.flags != 0 &&
- __copy_field_to_guest(arg, &xmar, flags) )
- rc = -EFAULT;
-
out:
rcu_unlock_domain(d);
static inline
int arch_acquire_resource(struct domain *d, unsigned int type, unsigned int id,
unsigned long frame, unsigned int nr_frames,
- xen_pfn_t mfn_list[], unsigned int *flags)
+ xen_pfn_t mfn_list[])
{
return -EOPNOTSUPP;
}
int arch_acquire_resource(struct domain *d, unsigned int type,
unsigned int id, unsigned long frame,
- unsigned int nr_frames, xen_pfn_t mfn_list[],
- unsigned int *flags);
+ unsigned int nr_frames, xen_pfn_t mfn_list[]);
#endif /* __ASM_X86_MM_H__ */
* maximum value supported by the implementation on return.
*/
uint32_t nr_frames;
- /*
- * OUT - Must be zero on entry. On return this may contain a bitwise
- * OR of the following values.
- */
- uint32_t flags;
-
- /* The resource pages have been assigned to the calling domain */
-#define _XENMEM_rsrc_acq_caller_owned 0
-#define XENMEM_rsrc_acq_caller_owned (1u << _XENMEM_rsrc_acq_caller_owned)
-
+ uint32_t pad;
/*
* IN - the index of the initial frame to be mapped. This parameter
* is ignored if nr_frames is 0.
projects / people / iwj / xen.git / commitdiff