[xen staging-4.15] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported

[patchbot@xxxxxxx]

commit 77069ea825c883c4be98386367fbf466abd99128
Author:     George Dunlap <george.dunlap@xxxxxxxxxx>
AuthorDate: Thu Jul 15 09:16:02 2021 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 15 09:16:02 2021 +0200

    SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported
    
    The support status of 32-bit guests doesn't seem particularly useful.
    
    With it changed to fully unsupported outside of PV-shim, adjust the PV32
    Kconfig default accordingly.
    
    Reported-by: Jann Horn <jannh@xxxxxxxxxx>
    Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    
    tools/libs/guest: fix save and restore of pv domains after 32-bit de-support
    
    After 32-bit PV-guests have been security de-supported when not running
    under PV-shim, the hypervisor will no longer be configured to support
    those domains per default when not being built as PV-shim.
    
    Unfortunately libxenguest will fail saving or restoring a PV domain
    due to this restriction, as it is trying to get the compat MFN list
    even for 64 bit guests.
    
    Fix that by obtaining the compat MFN list only for 32-bit PV guests.
    
    Fixes: 1a0f2fe2297d122a08fe ("SUPPORT.md: Un-shimmed 32-bit PV guests are 
no longer supported")
    Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 1a0f2fe2297d122a08fee2b26de5de995fdeca13
    master date: 2021-06-04 17:24:05 +0100
    master commit: d21121685fac829c988e432407fb0e4ef9b19331
    master date: 2021-06-07 15:43:35 +0100
---
 SUPPORT.md                             |  9 +--------
 tools/libs/guest/xg_sr_common.h        |  2 +-
 tools/libs/guest/xg_sr_common_x86_pv.c | 13 ++++++++-----
 xen/arch/x86/Kconfig                   |  7 +++++--
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/SUPPORT.md b/SUPPORT.md
index 9024d8a056..0fb262f81f 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -86,14 +86,7 @@ No hardware requirements
 
     Status, x86_64: Supported
     Status, x86_32, shim: Supported
-    Status, x86_32, without shim: Supported, with caveats
-
-Due to architectural limitations,
-32-bit PV guests must be assumed to be able to read arbitrary host memory
-using speculative execution attacks.
-Advisories will continue to be issued
-for new vulnerabilities related to un-shimmed 32-bit PV guests
-enabling denial-of-service attacks or privilege escalation attacks.
+    Status, x86_32, without shim: Supported, not security supported
 
 ### x86/HVM
 
diff --git a/tools/libs/guest/xg_sr_common.h b/tools/libs/guest/xg_sr_common.h
index cc3ad1c394..e2994e18ac 100644
--- a/tools/libs/guest/xg_sr_common.h
+++ b/tools/libs/guest/xg_sr_common.h
@@ -325,7 +325,7 @@ struct xc_sr_context
                 xen_pfn_t max_mfn;
                 /* Read-only machine to phys map */
                 xen_pfn_t *m2p;
-                /* first mfn of the compat m2p (Only needed for 32bit PV 
guests) */
+                /* first mfn of the compat m2p (Only set for 32bit PV guests) 
*/
                 xen_pfn_t compat_m2p_mfn0;
                 /* Number of m2p frames mapped */
                 unsigned long nr_m2p_frames;
diff --git a/tools/libs/guest/xg_sr_common_x86_pv.c 
b/tools/libs/guest/xg_sr_common_x86_pv.c
index cd33406aab..c0acf00f90 100644
--- a/tools/libs/guest/xg_sr_common_x86_pv.c
+++ b/tools/libs/guest/xg_sr_common_x86_pv.c
@@ -149,12 +149,13 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
 
     ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks;
 
+    if ( ctx->x86.pv.levels == 3 )
+    {
 #ifdef __i386__
-    /* 32 bit toolstacks automatically get the compat m2p */
-    ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
+        /* 32 bit toolstacks automatically get the compat m2p */
+        ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
 #else
-    /* 64 bit toolstacks need to ask Xen specially for it */
-    {
+        /* 64 bit toolstacks need to ask Xen specially for it */
         struct xen_machphys_mfn_list xmml = {
             .max_extents = 1,
             .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
@@ -168,8 +169,10 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
             rc = -1;
             goto err;
         }
-    }
 #endif
+    }
+    else
+        ctx->x86.pv.compat_m2p_mfn0 = INVALID_MFN;
 
     /* All Done */
     rc = 0;
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index f79e6634db..27cb793165 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -56,7 +56,7 @@ config PV
 config PV32
        bool "Support for 32bit PV guests"
        depends on PV
-       default y
+       default PV_SHIM
        ---help---
          The 32bit PV ABI uses Ring1, an area of the x86 architecture which
          was deprecated and mostly removed in the AMD64 spec.  As a result,
@@ -67,7 +67,10 @@ config PV32
          reduction, or performance reasons.  Backwards compatibility can be
          provided via the PV Shim mechanism.
 
-         If unsure, say Y.
+         Note that outside of PV Shim, 32-bit PV guests are not security
+         supported anymore.
+
+         If unsure, use the default setting.
 
 config PV_LINEAR_PT
        bool "Support for PV linear pagetables"
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.15