[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.15] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported
commit 77069ea825c883c4be98386367fbf466abd99128 Author: George Dunlap <george.dunlap@xxxxxxxxxx> AuthorDate: Thu Jul 15 09:16:02 2021 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Jul 15 09:16:02 2021 +0200 SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported The support status of 32-bit guests doesn't seem particularly useful. With it changed to fully unsupported outside of PV-shim, adjust the PV32 Kconfig default accordingly. Reported-by: Jann Horn <jannh@xxxxxxxxxx> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> tools/libs/guest: fix save and restore of pv domains after 32-bit de-support After 32-bit PV-guests have been security de-supported when not running under PV-shim, the hypervisor will no longer be configured to support those domains per default when not being built as PV-shim. Unfortunately libxenguest will fail saving or restoring a PV domain due to this restriction, as it is trying to get the compat MFN list even for 64 bit guests. Fix that by obtaining the compat MFN list only for 32-bit PV guests. Fixes: 1a0f2fe2297d122a08fe ("SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported") Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> master commit: 1a0f2fe2297d122a08fee2b26de5de995fdeca13 master date: 2021-06-04 17:24:05 +0100 master commit: d21121685fac829c988e432407fb0e4ef9b19331 master date: 2021-06-07 15:43:35 +0100 --- SUPPORT.md | 9 +-------- tools/libs/guest/xg_sr_common.h | 2 +- tools/libs/guest/xg_sr_common_x86_pv.c | 13 ++++++++----- xen/arch/x86/Kconfig | 7 +++++-- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/SUPPORT.md b/SUPPORT.md index 9024d8a056..0fb262f81f 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -86,14 +86,7 @@ No hardware requirements Status, x86_64: Supported Status, x86_32, shim: Supported - Status, x86_32, without shim: Supported, with caveats - -Due to architectural limitations, -32-bit PV guests must be assumed to be able to read arbitrary host memory -using speculative execution attacks. -Advisories will continue to be issued -for new vulnerabilities related to un-shimmed 32-bit PV guests -enabling denial-of-service attacks or privilege escalation attacks. + Status, x86_32, without shim: Supported, not security supported ### x86/HVM diff --git a/tools/libs/guest/xg_sr_common.h b/tools/libs/guest/xg_sr_common.h index cc3ad1c394..e2994e18ac 100644 --- a/tools/libs/guest/xg_sr_common.h +++ b/tools/libs/guest/xg_sr_common.h @@ -325,7 +325,7 @@ struct xc_sr_context xen_pfn_t max_mfn; /* Read-only machine to phys map */ xen_pfn_t *m2p; - /* first mfn of the compat m2p (Only needed for 32bit PV guests) */ + /* first mfn of the compat m2p (Only set for 32bit PV guests) */ xen_pfn_t compat_m2p_mfn0; /* Number of m2p frames mapped */ unsigned long nr_m2p_frames; diff --git a/tools/libs/guest/xg_sr_common_x86_pv.c b/tools/libs/guest/xg_sr_common_x86_pv.c index cd33406aab..c0acf00f90 100644 --- a/tools/libs/guest/xg_sr_common_x86_pv.c +++ b/tools/libs/guest/xg_sr_common_x86_pv.c @@ -149,12 +149,13 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx) ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks; + if ( ctx->x86.pv.levels == 3 ) + { #ifdef __i386__ - /* 32 bit toolstacks automatically get the compat m2p */ - ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn; + /* 32 bit toolstacks automatically get the compat m2p */ + ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn; #else - /* 64 bit toolstacks need to ask Xen specially for it */ - { + /* 64 bit toolstacks need to ask Xen specially for it */ struct xen_machphys_mfn_list xmml = { .max_extents = 1, .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 }, @@ -168,8 +169,10 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx) rc = -1; goto err; } - } #endif + } + else + ctx->x86.pv.compat_m2p_mfn0 = INVALID_MFN; /* All Done */ rc = 0; diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index f79e6634db..27cb793165 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -56,7 +56,7 @@ config PV config PV32 bool "Support for 32bit PV guests" depends on PV - default y + default PV_SHIM ---help--- The 32bit PV ABI uses Ring1, an area of the x86 architecture which was deprecated and mostly removed in the AMD64 spec. As a result, @@ -67,7 +67,10 @@ config PV32 reduction, or performance reasons. Backwards compatibility can be provided via the PV Shim mechanism. - If unsure, say Y. + Note that outside of PV Shim, 32-bit PV guests are not security + supported anymore. + + If unsure, use the default setting. config PV_LINEAR_PT bool "Support for PV linear pagetables" -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |