[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/shadow: depend on PV || HVM


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 16 Apr 2021 13:39:46 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CWT/WvE4NsIYkSJ0fpZlKaClUjGKSr0epflWnBbSMxY=; b=B9wTXBRM//Q9DlMLFL8GT13+szpQ/123rvljjwNs4HaCFGqKN7vwf7ici7w+4gnH8/teMLBfL69f3i9gWDZwyID56krImFq2xP8Mj/GnT9p5gHUJfMPDEQxAkpIoQVDxTVJMi7/ZZcUuCq4M+8OHFWIgI/mjboU2D0vh10jOoT6AbDPckZyAMUuur0n0UvIL6wIsCR7MK9QQnpJtbXQDIpO2pcIO+tIOAMqN5gp3Sq0Y/ycQe9O0hhEKw9iKS0MnsBVeeUmB8Qk5M3+eMnmP40xhaTXYUlnD/bxLEZihF5f5WdnTaC+DYD4vEW+YtIRUlmyPY6Iv+7wzavbrIt4G1A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VUXJACR7dDhOPU6YwLx1XPmzPw/kzix6eB61WmpYEM+ZO1CytNl3UAjCTHJ910ekvc+EnQSLCO8Kx3jMkJ1zpwBvf3zuyZIb1jk59WmggMF0edtx8VNcnFdYg4LGeF5l6/kT5Ai6Hn9KbG+x2k1SqdZiwPgK9NO2qLHJk5JDEKpKiPOl3Pl7yWb2utcezeqR+F4cM5xEyNHd3xGIZO71sDtVkZxkbr1lzDTQBgtOUundfSiMD3beGuFc5mmvc7umvyn+dR253F331WO6a+GH6AeQhCFmwe0sPxHTwSkoLbFlnWICxUuxKvgAhwT5BfXjjo+xCRHJoIoKefbeotdhxQ==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "Wei Liu" <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Fri, 16 Apr 2021 12:40:04 +0000
  • Ironport-hdrordr: A9a23:fdUJ+64G8x3CObArQwPXwE/XdLJzesId70hD6mlaTxtJfsuE0/ 20lPMA2hPuzBoXUncsmdePUZPwI0/035hz/IUXIPOeTBDr0VHYT71KwKnD53nbGyP4/vNAzq sIScNDIfD5EFQSt6fHySaiFdJI+ra62YSJocub8Ht3VwFtbMhbgztRLgqACEV5SE1nKPMCea a03cZMqzq+dXl/VK3SOlA/U/XevNqOrZr6YHc9dnsawTOThjCl4qOSKXil9yoZOgkg/Z4StU Xmsyi83KWstP2hoyWss1P73tBzop/A0dtYQOiBl8A5Iijl4zzDWLhc
  • Ironport-sdr: 2L8maLC4Q1IDxkfK0SCKD7zwimL29WwBM8hv1yvs/6e6z+IGFqaQQgIkXKPFOwJIeIR3KtuKu6 lYABoPYKHLwCLlsTSdryL01dN6pA5pEOKm4zWMjG5FjhPlnYbBX7H43scmbfycQFkqQ3l46Lj8 1DW6l74GHUF9gO7zpQUTQ9ZqDv/9I5OtKZanvhHfZ4xOm/lVFMMPguTO20Dl8nv+AZoYgPqTe5 GF5QPJH2+Y5sxp4UfXFtwY7immx+ESTfjUbXHjvHYRvthfLkr5GwBRyKF7tMT6j2WZu/6rkEms 4yM=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16/04/2021 13:32, Jan Beulich wrote:
> With the building of guest_?.o now depending on PV or HVM, without
> further #ifdef-ary shadow code won't link anymore when !PV && !HVM.
> Since this isn't a useful configuration anyway, exclude shadow code from
> being built in this case.
>
> Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when 
> !HVM")
> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -121,6 +121,7 @@ config XEN_SHSTK
>  config SHADOW_PAGING
>       bool "Shadow Paging"
>       default !PV_SHIM_EXCLUSIVE

Hang on - this is bug, and is what needs dropping.

PV Shim uses Shadow, in default configurations, for L1TF protections to
keep userspace out of the guest kernel.  Without it, the shim'd guest
will be crashed when it writes an L1TF-vulnerable PTE.

OSSTest ought to have blocked this as a regression, but I suspect its
not running the XTF PV guests in shim mode.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.