[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen as nested guest and XSA60 fix


  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Aravindh Puthiyaparambil (aravindp)" <aravindp@xxxxxxxxx>
  • Date: Wed, 16 Apr 2014 02:36:28 +0000
  • Accept-language: en-US
  • Delivery-date: Wed, 16 Apr 2014 02:37:18 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: Ac9ZGKYeNlJaYTBDS4SnGjoh2iBkpw==
  • Thread-topic: Xen as nested guest and XSA60 fix

I am running Xen unstable as a nested guest under VMware Workstation 10 and ESX 5.5. Both hypervisors have support for nested EPT but do not support nested VMX PAT. The fix for XSA60 disables EPT when VMX PAT is not present. This causes HAP to be turned off. To help developers continue to use this configuration for testing, I was wondering if the patch below will be acceptable. Or is there any other way around for this?

 

Thanks,

Aravindh

 

---

X86/vmx: Add command line option to allow EPT when PAT is not present

 

Add a command line option called xsa60_override that allows EPT to be enabled when PAT is not present. This helps in the case of running nested Xen with HAP, when the underlying hypervisor has nested EPT but not nested VMX PAT feature.

 

Signed-off-by: Aravindh Puthiyaparambil <aravindp@xxxxxxxxx>

 

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c

index 77ce167..3c241a8 100644

--- a/xen/arch/x86/hvm/vmx/vmx.c

+++ b/xen/arch/x86/hvm/vmx/vmx.c

@@ -58,6 +58,9 @@

#include <asm/hvm/nestedhvm.h>

#include <asm/event.h>

+static bool_t __initdata opt_xsa60_override = 0;

+boolean_param("xsa60_override", opt_xsa60_override);

+

enum handler_return { HNDL_done, HNDL_unhandled, HNDL_exception_raised };

 static void vmx_ctxt_switch_from(struct vcpu *v);

@@ -1724,7 +1727,7 @@ const struct hvm_function_table * __init start_vmx(void)

      * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole

      * (refer to http://xenbits.xen.org/xsa/advisory-60.html).

      */

-    if ( cpu_has_vmx_ept && cpu_has_vmx_pat )

+    if ( cpu_has_vmx_ept && (cpu_has_vmx_pat || opt_xsa60_override) )

     {

         vmx_function_table.hap_supported = 1;

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.