Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/mm: Make PV linear pagetables optional

From: George Dunlap <george.dunlap@xxxxxxxxxx>

Date: Tue, 17 Oct 2017 18:12:21 +0100

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>

Delivery-date: Tue, 17 Oct 2017 17:13:08 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 10/17/2017 06:10 PM, George Dunlap wrote: > Allowing pagetables to point to other pagetables of the same level > (often called 'linear pagetables') has been included in Xen since its > inception; but recently it has been the source of a number of subtle > reference-counting bugs. > > It is not used by Linux or MiniOS; but it used used by NetBSD and > Novell Netware. There are significant numbers of people who are never > going to use the feature, along with significant numbers who need the > feature. > > Add a Kconfig option for the feature (default to 'y'). Also add a > command-line option to control whether PV linear pagetables are > allowed (default to 'true'). > > In order to make the code clean: > - Introduce LPT_ASSERT(), which only exists if CONFIG_PV_LINEAR_PT is defined > - Introduce zero_linear_entries() to set page->linear_pt_count to zero > (or do nothing, as appropriate) > > Reported-by: Jann Horn <jannh@xxxxxxxxxx> > Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> > --- > Changes since XSA > - Add a Kconfig option > - Default to 'on' (rather than 'off'). > > Release justification: This was originally part of a security fix > embargoed until after the freeze date; it wasn't checked in with the > other security patches in order to allow a discussion about the > default. > > CC: Ian Jackson <ian.jackson@xxxxxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > CC: Jan Beulich <jbeulich@xxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx> > CC: Julien Grall <julien.grall@xxxxxxx> > --- > docs/misc/xen-command-line.markdown | 16 ++++++++++++++++ > xen/arch/Kconfig | 1 + > xen/arch/arm/mm.c | 1 + > xen/arch/x86/Kconfig | 21 ++++++++++++++++++++ > xen/arch/x86/mm.c | 38 > +++++++++++++++++++++++++++++++++---- > xen/include/asm-x86/mm.h | 5 +++++ > 6 files changed, 78 insertions(+), 4 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown > b/docs/misc/xen-command-line.markdown > index eb4995e68b..952368d3be 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -1422,6 +1422,22 @@ The following resources are available: > CDP, one COS will corespond two CBMs other than one with CAT, due to the > sum of CBMs is fixed, that means actual `cos_max` in use will > automatically > reduce to half when CDP is enabled. > + > +### pv-linear-pt > +> `= <boolean>` > + > +> Default: `false` > + > +Allow PV guests to have pagetable entries pointing to other pagetables > +of the same level (i.e., allowing L2 PTEs to point to other L2 pages). > +This technique is often called "linear pagetables", and is sometimes > +used to allow operating systems a simple way to consistently map the > +current process's pagetables into its own virtual address space. > + > +Linux and MiniOS don't use this technique. NetBSD and Novell Netware > +do; there may be other custom operating systems which do. If you're > +certain you don't plan on having PV guests which use this feature, > +turning it off can reduce the attack surface. > > ### rcu-idle-timer-period-ms > > `= <integer>` > diff --git a/xen/arch/Kconfig b/xen/arch/Kconfig > index cf0acb7e89..47287a4985 100644 > --- a/xen/arch/Kconfig > +++ b/xen/arch/Kconfig > @@ -6,3 +6,4 @@ config NR_CPUS > default "128" if ARM > ---help--- > Specifies the maximum number of physical CPUs which Xen will support. > + > diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c > index 3c328e2df5..199155fcd8 100644 > --- a/xen/arch/arm/mm.c > +++ b/xen/arch/arm/mm.c > @@ -42,6 +42,7 @@ > #include <xen/libfdt/libfdt.h> > #include <asm/setup.h> > > + Gah -- sorry about the blank lines. Should have looked over the patch better first. I'll wait for feedback on the rest of the patch before I resend. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.