[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] xen/arm: Convert runstate address during hypcall

To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Fri, 31 Jul 2020 16:06:03 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, nd <nd@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 31 Jul 2020 15:06:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Bertrand,

On 31/07/2020 14:09, Bertrand Marquis wrote:

On 31 Jul 2020, at 14:19, Jan Beulich <jbeulich@xxxxxxxx> wrote:

On 30.07.2020 22:50, Julien Grall wrote:

On 30/07/2020 11:24, Bertrand Marquis wrote:

At the moment on Arm, a Linux guest running with KTPI enabled will
cause the following error when a context switch happens in user mode:
(XEN) p2m.c:1890: d1v0: Failed to walk page-table va 0xffffff837ebe0cd0

The error is caused by the virtual address for the runstate area
registered by the guest only being accessible when the guest is running
in kernel space when KPTI is enabled.

To solve this issue, this patch is doing the translation from virtual
address to physical address during the hypercall and mapping the
required pages using vmap. This is removing the conversion from virtual
to physical address during the context switch which is solving the
problem with KPTI.


To echo what Jan said on the previous version, this is a change in a
stable ABI and therefore may break existing guest. FAOD, I agree in
principle with the idea. However, we want to explain why breaking the
ABI is the *only* viable solution.

 From my understanding, it is not possible to fix without an ABI
breakage because the hypervisor doesn't know when the guest will switch
back from userspace to kernel space.


And there's also no way to know on Arm, by e.g. enabling a suitable
intercept?

There is no easy way to do it. You might be able to route all EL0exceptions to EL2 using HCR_EL2.TGE, but this is basically disable EL1(kernel space). The amount of work required and the overhead is likelynot worth it.


An intercept would mean that Xen gets a notice whenever a guest is switching
from kernel mode to user mode.
There is nothing in this process which could be intercepted by Xen, appart from
maybe trapping all access to MMU registers which would be very complex and
slow.

I agree. Although, even if it wasn't slow, there is no guarantee thatany of those registers would be accessed during the switch.

You could implement a "dumb" KPTI by just removing the mappings from thepage-tables.


Cheers,

--
Julien Grall

References:
- [PATCH v3] xen/arm: Convert runstate address during hypcall
  - From: Bertrand Marquis
- Re: [PATCH v3] xen/arm: Convert runstate address during hypcall
  - From: Julien Grall
- Re: [PATCH v3] xen/arm: Convert runstate address during hypcall
  - From: Jan Beulich
- Re: [PATCH v3] xen/arm: Convert runstate address during hypcall
  - From: Bertrand Marquis

Prev by Date: Ping: [PATCH 3/5] x86/PV: drop a few misleading paging_mode_refcounts() checks
Next by Date: [ovmf test] 152315: all pass - PUSHED
Previous by thread: Re: [PATCH v3] xen/arm: Convert runstate address during hypcall
Next by thread: Re: [PATCH v3] xen/arm: Convert runstate address during hypcall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.