[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/cet: Support cet=<bool> on the command line

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 29 Apr 2022 10:32:08 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mlbk9ut8eUH5gWtSNYWolKdxyBzeQNPSWCWCG7iRPEk=; b=J73Gd/JJkHWa92Bupb+C3giLKd4a65gIUoGDByqYKfDsQ3kQSEprao4Sp6drEQJ2LKns/5vqnG997vc5h4YekoSpSUFh9pmfGuvR9Dm+glmJRlVD52Ime4sCoBlkuappILh8DXOUduBdeUWXsL1Vrj54qLgcL2uHia1y4uIVMv2uN9YAqHz5pbCS2Q0Nc2dPq4BXN916+S79HsrXZyD/5E9RByT3/zKFcZKlOQ21ozV/o3LnwXZQoLHcuqd2lwFNtLrmAqh/qeC/XAceSurzAsb5rGutzeAszM/5c0qgjBNWZRp3Llg8iLuZEFaG6jvRM6PKY4doi0tmGHdRMK1tog==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5+KsQqvCInDP88FVkkf1gOxeFt8oMq55Qo3oqEwdosT2ccm9YijNMyWoUkrOnmSe9oNibPsTVXqaC/3Jujdg2VspAa4P2NoAh5KeCYZ8XEq2fLvjQattyyTVOiOEdazrTiRzgWzY+7xAseEXMoBmGfYBkRUmA+aO4Ec7OkgHHGbpajzmRfY7sAA9OZFt+kTRlPOJ68Wm18EqavKXapxf6Mzs0QM4J1tO1kp9S8wDzJdXekW0WYOKpPytj7ZxkQWl17g//gUEAbCi/meXx/TdpmLoA0TaGvzL/Y2gZtAokiPuXpMYCeQ14Ji8OxCsYWgR8lL/q6GayAqEqzLj6mZmg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 29 Apr 2022 08:32:21 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 29.04.2022 10:10, Roger Pau Monné wrote:
> On Thu, Apr 28, 2022 at 12:13:31PM +0200, Jan Beulich wrote:
>> On 28.04.2022 10:52, Andrew Cooper wrote:
>>> @@ -283,6 +283,8 @@ CET is incompatible with 32bit PV guests.  If any CET 
>>> sub-options are active,
>>>  they will override the `pv=32` boolean to `false`.  Backwards compatibility
>>>  can be maintained with the pv-shim mechanism.
>>>  
>>> +*   An unqualified boolean is shorthand for setting all suboptions at once.
>>
>> You're the native speaker, but I wonder whether there an "a" missing
>> before "shorthand".
>>
>>> --- a/xen/arch/x86/setup.c
>>> +++ b/xen/arch/x86/setup.c
>>> @@ -117,7 +117,20 @@ static int __init cf_check parse_cet(const char *s)
>>>          if ( !ss )
>>>              ss = strchr(s, '\0');
>>>  
>>> -        if ( (val = parse_boolean("shstk", s, ss)) >= 0 )
>>> +        if ( (val = parse_bool(s, ss)) >= 0 )
>>> +        {
>>> +#ifdef CONFIG_XEN_SHSTK
>>> +            opt_xen_shstk = val;
>>> +#else
>>> +            no_config_param("XEN_SHSTK", "cet", s, ss);
>>> +#endif
>>> +#ifdef CONFIG_XEN_IBT
>>> +            opt_xen_ibt = val;
>>> +#else
>>> +            no_config_param("XEN_IBT", "cet", s, ss);
>>> +#endif
>>
>> There shouldn't be two invocations of no_config_param() here; imo if
>> either CONFIG_* is defined, use of the option shouldn't produce any
>> warning at all.
> 
> Hm, I think we would want to warn if someone sets cet=1 but some of
> the options have not been built in?  Or else a not very conscious
> administrator might believe that all CET options are enabled when some
> might not be present in the build.  This would also assume that all
> options are positive.

But the positive options aren't really the interesting ones here, as
things are enabled by default anyway. I would expect "cet=0" to be
silent unless neither CONFIG_* is enabled in the build - it simply
means "disable whatever CET support there is".

I can agree that "cet=1" may indeed be useful to warn, though, but I
wonder whether the logic here then wouldn't become unduly complicated.

> IMO the current approach doesn't seem bad to me, I think it's always
> better to error on the side of printing too verbose information rather
> than omitting it, specially when it's related to user input on the
> command line and security sensitive options.

While fundamentally I agree, too verbose output can also raise
unnecessary questions or induce unnecessary investigations.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.