[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Mon, 4 Nov 2019 16:31:45 +0100
Cc: Juergen Gross <jgross@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 04 Nov 2019 15:31:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04.11.2019 16:22, Andrew Cooper wrote:
> On 04/11/2019 15:03, Jan Beulich wrote:
>> On 04.11.2019 15:59, Andrew Cooper wrote:
>>> On 04/11/2019 13:25, Jan Beulich wrote:
>>>> On 01.11.2019 21:25, Andrew Cooper wrote:
>>>>> --- a/xen/arch/x86/cpu/intel.c
>>>>> +++ b/xen/arch/x86/cpu/intel.c
>>>>> @@ -270,6 +270,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
>>>>>   if (disable) {
>>>>>           wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable & ~disable);
>>>>>           bootsym(trampoline_misc_enable_off) |= disable;
>>>>> +         bootsym(trampoline_efer) |= EFER_NX;
>>>>>   }
>>>> I'm fine with all other changes here, just this one concerns me:
>>>> Before your change we latch a value into trampoline_misc_enable_off
>>>> just to be used for subsequent IA32_MISC_ENABLE writes we do. This
>>>> means that, on a hypervisor (like Xen itself) simply discarding
>>>> guest writes to the MSR (which is "fine" with the described usage
>>>> of ours up to now), with your change we'd now end up trying to set
>>>> EFER.NX when the feature may not actually be enabled in
>>>> IA32_MISC_ENABLE. Wouldn't such an EFER write be liable to #GP(0)?
>>>> I.e. don't we need to read back the MSR value here, and verify
>>>> we actually managed to clear the bit before actually OR-ing in
>>>> EFER_NX?
>>> If this is a problem in practice, execution won't continue beyond the
>>> next if() condition just out of context, which set EFER.NX on the BSP
>>> with an unguarded WRMSR.
>> And how is this any good? This kind of crash is exactly what I'm
>> asking to avoid.
> 
> What is the point of working around a theoretical edge case of broken
> nesting under Xen which demonstrably doesn't exist in practice?

Well, so far nothing was said about this not being an actual problem.
I simply don't know whether hardware would refuse such an EFER write.
If it does, it would be appropriate for hypervisors to also refuse
it. I.e. if we don't do so right now, correcting the behavior would
trip the code here.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH for-4.13 0/3] Fix PV shim ballooning problems
  - From: Andrew Cooper
- [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH 2/3] x86/boot: Cache cpu_has_hypervisor very early on boot
Next by Date: Re: [Xen-devel] [BUG] Invalid guest state in Xen master, dom0 linux-5.3.6, domU windows 10
Previous by thread: Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
Next by thread: Re: [Xen-devel] [PATCH 1/3] x86/boot: Remove cached CPUID data from the trampoline
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.