Xen project Mailing List

RE: [PATCH 3/4] xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m mempool hypercalls

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Wed, 16 Nov 2022 02:39:14 +0000

Accept-language: zh-CN, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8PQtvfzn0B9EKD8B/cX14eepmMdB3LqMutpgoBx21Q8=; b=AMb/P0dgKfg4kyV/KwKX/yfdEYuylYfHyaHliwxdORVpO8Ic9rnVo8Z9LEJBguOOjjk6R3a6cAdAUsw5ef4n6KiOOxGP/FeRSPHitjljBKCXXYjCKqUusYZPRiLWu6NG9py+5dTAaASaVeDX/b7obBiRlxt77V+1LUVopkwT9L4OuQLAFnSOQDPzfVIpscAo2lzZJ1QBp2orA3C/btUo8XV7A04fOOvu57wYnHXr2aVnlrw8GeVXCK5AoNzw29sRaXVQvqe8K4rz6HWJ5Eqg9Z6XTW+qCcmci/qtfydC8MgFq7W+BorIrfklDAX54cvKEM2QlMWbW3knnMIbAlwasQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G558g/PsINp/YcXbFlu91LBe9QMekH+yUWZPScFeNqQzC51qaG0E6354f+ri7fQ6kLCJJtRyWVyWvwQ6vZmnMiKdUrIs36mLyUWyzs56KIqQdePhQumqqcN6kWscR9qOtGlTu1IjXWzGaaDJzCvgXqyL/bR9ULlGan50bGinnZoHEvAbkt3d7t5YmK274NjUNia1lLCvvmb8Zot+fo/fpWAANR6ftPxZt9icEwjmqRJnNjeXyQNTQQtLgBbmsDPVUmaV43iGs0uGAYXfhwHTK+90jt3AOpHBzvxlro2MpzFXVw9IiTN/zr81BITcebKB24QmCSD8Gl3e+DWEEF+OkQ==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Xen Security Team <security@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>

Delivery-date: Wed, 16 Nov 2022 02:39:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHY6SSq6cLZ8k5bLkuflpP51dz+Ha5A5cGAgAAC9ICAAANygIAACOig

Thread-topic: [PATCH 3/4] xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m mempool hypercalls

Hi Andrew and Stefano, Thanks for pushing things forward! > -----Original Message----- > From: Stefano Stabellini <sstabellini@xxxxxxxxxx> > Subject: Re: [PATCH 3/4] xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; > use p2m mempool hypercalls > > On Wed, 16 Nov 2022, Andrew Cooper wrote: > > On 16/11/2022 01:37, Stefano Stabellini wrote: > > > On Wed, 26 Oct 2022, Andrew Cooper wrote: > > >> This reverts most of commit > cf2a68d2ffbc3ce95e01449d46180bddb10d24a0, and bits > > >> of cbea5a1149ca7fd4b7cdbfa3ec2e4f109b601ff7. > > >> > > >> First of all, with ARM borrowing x86's implementation, the logic to set > the > > >> pool size should have been common, not duplicated. Introduce > > >> libxl__domain_set_p2m_pool_size() as a shared implementation, and > use it from > > >> the ARM and x86 paths. It is left as an exercise to the reader to judge > how > > >> libxl/xl can reasonably function without the ability to query the pool > size... > > >> > > >> Remove ARM's p2m_domctl() infrastructure now the functioanlity has > been > > >> replaced with a working and unit tested interface. > > >> > > >> This is part of XSA-409 / CVE-2022-33747. > > > Genuine question: I can see this patch removes the implementation of > > > XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION on ARM. It also switches > libxl (both > > > ARM and x86) to the new hypercall. > > > > > > Why keep the old hypercall (XEN_DOMCTL_shadow_op and > > > XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION) implementation on x86 > (not on ARM)? > > > > > > Is that because it was only recently implemented? And not actually > > > present in any past Xen release? > > > > > > If so, please add a note about this in the commit message. Also, if that > > > is the case, I think this patch series should go in 4.17. If it is too > > > late to get it in before the release, then we should backport it to 4.17 > > > as soon as possible. That's because ideally we want to keep the > > > hypercall interface changes down to a minimum. > > > > On ARM, the hypercall has existed for a little over 4 weeks, and isn't > > in any released version of Xen (yet). > > > > On x86, the hypercall has existed for more than a decade, and has known > > out-of-tree users. It needs to be deprecated properly, which in this > > case means "phased out in the 4.18 cycle once known callers have been > > adapted to the new hypercall". > > Understoon. Then I am in favor of getting all 4 patches in 4.17, either > before the release or via backports. Sorry - today it took me a little bit longer to get the office, so hopefully I still jumped into discussion on time. About this series, I don't have strong objection to taking all 4 patches, so if this series can have proper review/agreements by this weekend, feel free to add my release-ack for the patches. However, if we cannot sort out all 4 patches, I think at least patch #4 should go into 4.17 (with a commit message adjustment). The patch #4 already has proper tags from Arm maintainer and me. Kind regards, Henry

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.