Xen project Mailing List

Re: [Xen-devel] [PATCH] common/gnttab: Introduce command line feature controls

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

From: Juergen Gross <jgross@xxxxxxxx>

Date: Thu, 24 Aug 2017 17:01:39 +0200

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>

Delivery-date: Thu, 24 Aug 2017 15:01:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 24/08/17 16:50, Andrew Cooper wrote: > This patch was originally a workaround for XSA-226. Since then, transitive > grants are believed to be functioning properly, and the defaults have changed > appropriately. > > However, for those people who chose to use the workaround (especially from an > attack surface mitigation point of view), retain the ability for the host > administrator to choose. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > CC: Jan Beulich <JBeulich@xxxxxxxx> > CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> > CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Tim Deegan <tim@xxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > --- > docs/misc/xen-command-line.markdown | 13 +++++++++++ > xen/common/grant_table.c | 44 > +++++++++++++++++++++++++++++++++++-- > 2 files changed, 55 insertions(+), 2 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown > b/docs/misc/xen-command-line.markdown > index 4002eab..78c7b51 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -868,6 +868,19 @@ Controls EPT related features. > > Specify which console gdbstub should use. See **console**. > > +### gnttab > +> `= List of [ max_ver:<integer>, transitive ]` > + > +> Default: `gnttab=max_ver:2,transitive` > + > +Control various aspects of the grant table behaviour available to guests. > + > +* `max_ver` Select the maximum grant table version to offer to guests. Valid > +version are 1 and 2. > +* `transitive` Permit or disallow the use of transitive grants. Note that > the > +use of grant table v2 without transitive grants is an ABI breakage from the > +guests point of view. So shouldn't there be a way for the guest to query the support of transient grants? > + > ### gnttab\_max\_frames > > `= <integer>` > > diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c > index 36895aa..f9c313d 100644 > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -50,6 +50,42 @@ integer_param("gnttab_max_nr_frames", max_nr_grant_frames); > unsigned int __read_mostly max_grant_frames; > integer_param("gnttab_max_frames", max_grant_frames); > > +static unsigned int __read_mostly opt_gnttab_max_version = 2; > +static bool __read_mostly opt_transitive_grants = true; > + > +static void __init parse_gnttab(char *s) Do you mind using: static int __init parse_gnttab(const char *s) in order to comply with my runtime parameter series? Juergen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.