[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4/4] x86/pv: Expose RDTSCP to PV guests

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 20 Nov 2018 08:14:28 -0700
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Tue, 20 Nov 2018 15:14:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 20.11.18 at 12:29, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 20/11/2018 11:06, Jan Beulich wrote:
>>>>> On 15.11.18 at 22:47, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> The final remnanat of PVRDTSCP is that we would emulate RDTSCP even on
>>> hardware which lacked the instruction.  RDTSCP is available on almost all
>>> 64-bit x86 hardware.
>>>
>>> Remove this emulation, drop the TSC_MODE_PVRDTSCP constant, and allow RDTSCP
>>> in a PV guest's CPUID policy.
>> Why would we not want to emulate the insn when unavailable, when
>> it's generally useful to guests?
> 
> For exactly the same kind of safety reasons as for why we don't tolerate
> doing this in HVM guests in general.

But imo we should start doing so for certain features. In particular
I think we had agreed to try to support UMIP even on incapable
hardware. You had merely asked to postpone my patch to this
effect until more of the CPUID infrastructure was in place (which
afaict it still isn't).

> As it stands, it is an unnecessary attack surface, and if we were to
> re-introduce the functionality (not that I can see a valid reason to),
> it should use x86_emulate() rather than opencoding the logic.

How much larger is the attack surface of emulate_invalid_rdtscp()
compared to emulate_forced_invalid_op()?

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH 0/4] x86: Drop PVRDTSCP and fix MSR_TSC_AUX handling for guests
  - From: Andrew Cooper
- [Xen-devel] [PATCH 4/4] x86/pv: Expose RDTSCP to PV guests
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 4/4] x86/pv: Expose RDTSCP to PV guests
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 4/4] x86/pv: Expose RDTSCP to PV guests
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [qemu-mainline test] 130548: regressions - trouble: blocked/broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH 4/8] xen/arm: Add support for read-only foreign mappings
Previous by thread: Re: [Xen-devel] [PATCH 4/4] x86/pv: Expose RDTSCP to PV guests
Next by thread: [Xen-devel] [PATCH 3/4] x86/msr: Handle MSR_TSC_AUX consistently for PV and HVM guests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.