[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD

To: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Fri, 17 Jan 2020 12:10:55 +0100
Cc: sstabellini@xxxxxxxxxx, julien@xxxxxxx, wl@xxxxxxx, konrad.wilk@xxxxxxxxxx, George.Dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, roger.pau@xxxxxxxxxx
Delivery-date: Fri, 17 Jan 2020 11:11:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.01.2020 17:00, Igor Druzhinin wrote:
> Due to AMD and Hygon being unable to selectively trap CR4 bit modifications
> running 32-bit PV guest inside PV shim comes with significant performance
> hit. Moreover, for SMEP in particular every time CR4.SMEP changes on context
> switch to/from 32-bit PV guest, it gets trapped by L0 Xen which then
> tries to perform global TLB invalidation for PV shim domain. This usually
> results in eventual hang of a PV shim with at least several vCPUs.
> 
> Since the overall security risk is generally lower for shim Xen as it being
> there more of a defense-in-depth mechanism, choose to disable SMEP/SMAP in
> it by default on AMD and Hygon unless a user chose otherwise.
> 
> Signed-off-by: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with two minor adjustments (two instances each):

> --- a/docs/misc/xen-command-line.pandoc
> +++ b/docs/misc/xen-command-line.pandoc
> @@ -1936,19 +1936,25 @@ is 1MB.
>  ### smap (x86)
>  > `= <boolean> | hvm`
>  
> -> Default: `true`
> +> Default: `true` unless running in pv-shim mode on AMD or Hygon hardware
>  
>  Flag to enable Supervisor Mode Access Prevention
>  Use `smap=hvm` to allow SMAP use by HVM guests only.
>  
> +In PV shim mode on AMD or Hygon hardware due to significant perfomance impact

Missing 'r' in performance.

> @@ -1616,6 +1616,14 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>  
>      set_in_cr4(X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT);
>  
> +    /* Do not enable SMEP/SMAP in PV shim on AMD and Hygon by default */
> +    if ( opt_smep == -1 )
> +        opt_smep = !pv_shim || !(boot_cpu_data.x86_vendor &
> +                                (X86_VENDOR_AMD | X86_VENDOR_HYGON));

One space missing on this line to cover for the still open parenthesis
from the previous one.

Both can be easily taken care of while committing.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH] x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD
  - From: Igor Druzhinin

Prev by Date: [Xen-devel] [XEN PATCH v2 11/12] xen/build: introduce ccflags-y and CFLAGS_$@
Next by Date: Re: [Xen-devel] [PATCH v4 00/18] VM forking
Previous by thread: Re: [Xen-devel] [PATCH] x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD
Next by thread: Re: [Xen-devel] [PATCH] x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.