[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Petr Beneš <w1benny@xxxxxxxxx>
Date: Wed, 29 May 2024 21:20:04 +0200
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 29 May 2024 19:20:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, May 27, 2024 at 8:19 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
>
> This is suspicious: You compare against one value but log another. This
> isn't EPT-specific, so shouldn't use MAX_EPTP.

Sorry, I copy-pasted a snippet and didn't edit it correctly. Of
course, it should have been:

if ( config->nr_altp2m > MAX_NR_ALTP2M )
{
    dprintk(XENLOG_INFO, "nr_altp2m must be <= %lu\n", MAX_NR_ALTP2M);
    return -EINVAL;
}

> > ... should I be consistent and also replace these accesses with
> > altp2m_get_eptp/altp2m_get_p2m (which will internally use
> > array_index_nospec), or should I leave them as they are?
>
> Perhaps leave them as they are, unless you can technically justify the
> adjustment.

If we can avoid speculative execution, why just not do it? The
performance overhead array_index_nospec is negligible compared to the
whole VMEXIT handling. It will also serve as future-proofing, since
nobody will be confused whether they should directly access the array,
but instead use the accessor function.

Currently, the idea seems to be that array_index_nospec() is used when
the index is user-controlled, and not used when the index is under
xen's control (i.e. in loops). But I found at least 2 instances where
the index _is_ user controlled and the nospec access is not used -
further proving my previous point.

That being said, if there are no protests, I would replace all array
index accesses with the newly introduced accessor functions, which
will unconditionally use array_index_nospec().

P.

References:
- [PATCH for-4.19? v4 0/6] x86: Make MAX_ALTP2M configurable
  - From: Petr Beneš
- [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable
  - From: Petr Beneš
- Re: [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable
  - From: Jan Beulich
- Re: [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable
  - From: Petr Beneš
- Re: [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable
  - From: Jan Beulich

Prev by Date: Re: [PATCH v2 04/13] xen/page_alloc: Coerce min(flsl(), foo) expressions to being unsigned
Next by Date: Re: [PATCH v2 01/13] ppc/boot: Run constructors on boot
Previous by thread: Re: [PATCH for-4.19? v4 4/6] x86: Make the maximum number of altp2m views configurable
Next by thread: [PATCH for-4.19? v4 6/6] tools/ocaml: Add altp2m_count parameter
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.