[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Runstate hypercall and Linux KPTI issues


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 24 Sep 2020 17:25:43 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=grBOV67/ipMOXdHc8m9cn1h+uYH5p5dqyoMYqB2FwX4=; b=nauJPDNn0pT9qCir0Kd/lXvSXrQUMOz1Xo/Vwmf6Z5MlK8Dm+MPQjrAr1KCi3lrdrzYSFUD6DYbsyJs3NjBdJmLrPPRHY9/OE/ABMASKIcN+8LAyXXl4bjUwn4jUbe8B6wYjt9mPSQ7Vddg1u/8OAcgB/VKDbd6/dtULI8n3DJivtJJzOgxudJwGDt7Omm1pDvM+O6zFxnvOQg7oC/m8NEQS0hseCyeyX1Tot+VuqbZfue+i888sf2Ncnoh3dcuCrASf5zspZAtef7w7CoZrkULWwYATzKSiCCFPMBUgtbbBEYqbhSnMWFqY9RCvwnG7p2ylBgXlre8SX9SfJERD7w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NvQzvYdH3AFKGvi+DixA3HTmNHkzQ9KXq0zhshN4lRKL5YBqyFpDmM6x15y/3YEcc82xwamzHtc0LqN+GPqK0MB1hvVAs1Xl37xeRUDvOsk5Z3CynIy0bPUNkytnsBITSLcCLFSfxKnR11IK/xq6nFfnmXfZ7AQduFpTHyDahjV59rSHgrLzdD50EPoXcM/JzlpqcVzilZW+1WoI/rFNKTGzcOFAsUHbA46vExZ+2YT5pxEXTmG77M//4ZWb4kz6gq+7wn6CU3FvM3Id2agLqy9ljN8uL9UxjgmzeewL1SPyTBWn0dcY4cYsvXaRN/OtzoZ10RNNqmUVRPuOBsgZ9g==
  • Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <stefanos@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, "jgross@xxxxxxxx" <jgross@xxxxxxxx>
  • Delivery-date: Thu, 24 Sep 2020 17:25:54 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHWh3jMy0NFQnBtL0aR33AwNuevPKlh5ViAgAABPYCAAAI3gIAArnsAgBWJPAA=
  • Thread-topic: Runstate hypercall and Linux KPTI issues

Hi,

Sorry for the delay.

> On 11 Sep 2020, at 01:33, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
>
> On Thu, 10 Sep 2020, Jan Beulich wrote:
>>>>> - should we backport the support for this hypercall in older kernel 
>>>>> releases ?
>>>>
>>>> It's a bug fix to KPTI, and as such ought to be at least eligible for
>>>> considering doing so?
>>>
>>> That will mean also backport in Linux. What should be the scope ?
>>
>> All longterm and stable trees which are affected, as I think is usual.
>
> From a Linux perspective, we should fix this as soon as possible: we
> should backport a patch to make the usage of the runstate hypercall
> conditional on KPTI being disabled on ARM.
>
> Then, when available in Xen, we should backport the usage of the new
> hypercall with a check to detect if it is available -- do not assume it
> is available, users might not update Xen, but might update Linux.
>
> We have to do this in two stages for a couple of reasons. It is best not
> to wait for Xen-side changes to fix Linux any longer. And also, a Linux
> fix is best implemented independently anyway: Linux should benefit from
> the Xen improvements when available but not rely on their presence to
> work.

I fully agree with that and this should solve the short term issue.

In the long term the new hypercall seems to be the only solution but
it is not a small change and I will not have time to work on this in the
near future.

Cheers
Bertrand




IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.