[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 09/10] x86/mm: Reject invalid cacheability in PV guests by default

  • To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 22 Dec 2022 10:48:02 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J2Dnmj2ede293bKV9+YmA9k6BsZjsAX014k6k4a6u0A=; b=O8GYxMBWhkZjM9EFIwAM/NIzTHUj/lGCzHemAvLIcu9qOjMn9Ur5dWRph0qmlSb36nUFzT9dWDzXUeKS1PZww0Ms0rIYy9lAZNcSLaY8hQiGRDqaN1HEG7QFpq9GnNktPn+M/ObYJKO4Vgfihd/6zsIygAuyZhOzdVmFhfYfxD9BgOHQjdo2TG3AvxirE0ylChtjeFneZo4ERBvVTwjbV28GaXfSLjofId5ma3o0KkYSTx5O1NlTvJ/XehnyjRGbcvbG8vr+fnNagXTG8sffN4+No8l9Ii5UOWVrDwvia9e7PZQxoOXlMTmLabsgUi1UHqDgHvC9w6HhGXUC8YwH0Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QzR6vkq/IXCtQhuFKYg4uzUyQtwyAbW3JUHFdf/BILj63sy01qePoEGsH7raNsguEt0KhOeNqtT9qxrmZr/hVlcBuAF/wOPPybgD8epXsnODzt/spyNpPsdnruGt6GU/dcAUgij21CoiHIAMS4ARRx72HBsJoB2hzaqXyWRfNh3vuqZzFVslyy2whiiuAWWJ5BTYg1215ADREzzUKLVqRNEKXdzMmBaBwgQVwZqQpeY0/9c3nK5XCk9v3eZ9p6vZbBUqb7jb1N0ECtJztdVXbym1ZRFdFJQrFOH2tHG7VYetgI4ABNrdF/enpSHCl+2Ofp+0f7AzrnnklAWMFMQuHw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 22 Dec 2022 09:48:17 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 20.12.2022 02:07, Demi Marie Obenour wrote:
> --- a/xen/arch/x86/mm.c
> +++ b/xen/arch/x86/mm.c
> @@ -145,6 +145,8 @@
>  
>  #ifdef CONFIG_PV
>  #include "pv/mm.h"
> +bool allow_invalid_cacheability;

static and __ro_after_init please (the former not the least with Misra
in mind).

> +boolean_param("allow_invalid_cacheability", allow_invalid_cacheability);
>  #endif

Any new command line option will need to come with an entry in
docs/misc/xen-command-line.pandoc. Furthermore we're trying to avoid
underscores in command line option names, when dashes serve the
purpose quite fine.

Also please add a blank line at least between #include and your
addition. Personally I would find it more natural if such a single-use
control was defined next to the place it is used, i.e. 

> @@ -1343,7 +1345,33 @@ static int promote_l1_table(struct page_info *page)
>          }
>          else
>          {

... here.

> -            switch ( ret = get_page_from_l1e(pl1e[i], d, d) )
> +            l1_pgentry_t l1e = pl1e[i];
> +
> +            if ( !allow_invalid_cacheability )
> +            {
> +                switch ( l1e.l1 & PAGE_CACHE_ATTRS )
> +                {
> +                case _PAGE_WB:
> +                case _PAGE_UC:
> +                case _PAGE_UCM:
> +                case _PAGE_WC:
> +                case _PAGE_WT:
> +                case _PAGE_WP:
> +                    break;
> +                default:

Nit (style): Blank line please between non-fall-through case blocks.

> +                    /*
> +                     * If we get here, a PV guest tried to use one of the
> +                     * reserved values in Xen's PAT.  This indicates a bug in
> +                     * the guest, so inject #GP to cause the guest to log a
> +                     * stack trace.
> +                     */

And likely make it die. Which, yes, ...

> +                    pv_inject_hw_exception(TRAP_gp_fault, 0);
> +                    ret = -EINVAL;

... also may or may not be the result of returning failure here (if the
guest "checks" for errors by using a BUG()-like construct), but that's
then more of its own fault than not coping with a non-architectural #GP.

Also wasn't there talk of having this behavior in debug hypervisors
only? Without that restriction I'm yet less happy with the change ...

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.