[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/4] xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m mempool hypercalls

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 16 Nov 2022 09:30:27 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=axfFSnyJbvDY2gZir/ghgWEVvgbEK5iHpnHlwOsHUo8=; b=fhuemvKauGQTCnEkCQ5kF6NKHrBRE8EabVppS+K2t9eGyLB6CH/ef1sN8nSzyJOaIt9WMKQOzWoOQoyNdiHnWC4hWgQCOSGAc+FqGYInEB1nGKIuBmqJb0VDeQ8/CR6JbwtKXqDONkX1lUJIFz1hH5jfZBxz9c+taWv0rJCVX+XtWcS6WacghSN5l0CvMmy/FSHegQmXoFIaSYrTqHqfUn+RszP8FsAA9XTbVCptlJXpE3wxKvx30tpHjKA8boLnRgHYmPTgizRa+cLZSbf1AbSDJRtpdvw84Dj6xhuaztU2n95TtJLaBx/4U74YjyEr2gwQn5iy+9nZ2FVI7hQ4Mw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OxXVvesUrhHZptnZprLajL28HGnNUSIHVODaPS9ofiHLEzYb4VPcZpY8tXvihxnc6LOwXntTmumc6JJgDtJy3cpeHXTH8Ha9FJNADS7q0x0wON0R9erL2JVjdDbwX9ILZOsSZkCxpeMYyI+DNPzb33VXiuvk6fh1pPPDeyRFyzqvgJ46CxnYYh9jKvdth2RUzhhywlY3F7WxIRaVfmSDdZtwbmEqNKHjoCjQJBOOVOYW4Ba/EgcGXW5exgc9JOw+nNRgXyLCI4g5o454PDr38kMEgd87qNyKEgqDS5C1LIB4tdiLjFWf7acRLoXzWqKP0A+hqmBSy3kW45z3ZK9Ctg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Xen Security Team <security@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Delivery-date: Wed, 16 Nov 2022 08:30:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.11.2022 03:00, Stefano Stabellini wrote:
> On Wed, 16 Nov 2022, Andrew Cooper wrote:
>> On 16/11/2022 01:37, Stefano Stabellini wrote:
>>> On Wed, 26 Oct 2022, Andrew Cooper wrote:
>>>> This reverts most of commit cf2a68d2ffbc3ce95e01449d46180bddb10d24a0, and 
>>>> bits
>>>> of cbea5a1149ca7fd4b7cdbfa3ec2e4f109b601ff7.
>>>>
>>>> First of all, with ARM borrowing x86's implementation, the logic to set the
>>>> pool size should have been common, not duplicated.  Introduce
>>>> libxl__domain_set_p2m_pool_size() as a shared implementation, and use it 
>>>> from
>>>> the ARM and x86 paths.  It is left as an exercise to the reader to judge 
>>>> how
>>>> libxl/xl can reasonably function without the ability to query the pool 
>>>> size...
>>>>
>>>> Remove ARM's p2m_domctl() infrastructure now the functioanlity has been
>>>> replaced with a working and unit tested interface.
>>>>
>>>> This is part of XSA-409 / CVE-2022-33747.
>>> Genuine question: I can see this patch removes the implementation of
>>> XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION on ARM. It also switches libxl (both
>>> ARM and x86) to the new hypercall.
>>>
>>> Why keep the old hypercall (XEN_DOMCTL_shadow_op and
>>> XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION) implementation on x86 (not on ARM)?
>>>
>>> Is that because it was only recently implemented? And not actually
>>> present in any past Xen release?
>>>
>>> If so, please add a note about this in the commit message. Also, if that
>>> is the case, I think this patch series should go in 4.17. If it is too
>>> late to get it in before the release, then we should backport it to 4.17
>>> as soon as possible. That's because ideally we want to keep the
>>> hypercall interface changes down to a minimum.
>>
>> On ARM, the hypercall has existed for a little over 4 weeks, and isn't
>> in any released version of Xen (yet).
>>
>> On x86, the hypercall has existed for more than a decade, and has known
>> out-of-tree users.  It needs to be deprecated properly, which in this
>> case means "phased out in the 4.18 cycle once known callers have been
>> adapted to the new hypercall".
> 
> Understoon. Then I am in favor of getting all 4 patches in 4.17, either
> before the release or via backports.

Removing something from the domctl interface generally requires bumping
the interface version, so some extra care may need applying if such an
interface change was to be backported to any stable branch.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.