[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/mm: PGC_page_table is used by shadow code only


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 29 Nov 2022 20:56:02 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LTmFTHcwAtvjl/r0aHSO93RhTAYtQeVD5U97Z2P3nWQ=; b=J+4KWH4PAExB6j6S+qGCdQca/ljHysF9UJhr33v2jDQXs1lOgGJY3Nzo6uzA+0amQ1q9xJ1BKCj0Mb9R2xpn9uHgJVnEw4keSwMoO5jDMSPvfv/dX75MRJ8vgF4iIdrfj3s0FkgOIEurC9/epw4VSntKSTqrM48iITNZaIgxkWyCo8Nq9KM7uxAzfPB6Ugna/SW4wP1QcdxwrCC77FhGg1Lsm7nyfnea8M+MN1Hi8UQSaQpXueExyWExunjyZ9Cv8ehMu2ZC92Gat+fMav8wQzeBc93imi9mAyMcrjP402Ugd2MpTfFUGuDLix/3l1flSeqMZbgYjySLljqJfNOIrQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YO0YKzovH4VXg7drbLVCnSXldlE6kAiXKqu1t014/Z1vs3wVX65Gx2/XEacSklryEeUhmOOLuJjB2rUd5Ms+RST8V9BNvDGH2K11vk9d6tmoZ8/N8Xnx1hekc4JuDnPRnFPkroDBeeYgHIeH4y5sleFa7D0MgdmG8GQuxLTvy2NRrf3yiTydDlNT0pxiIHf9IBxdUg9PsrsB6bTVkyRjTqeypCHoqKbAqp/8nu1NwF1Id9t4jVkNLL09Zi59hihN8gwAw3Zn8vsSZVOBg7b8OFV6d7M/MwTBgkE15PoTnlyibMn67y7cfEN1vuiuRzaHQwqTEWFjAap3QGN7BFTHVQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 29 Nov 2022 20:56:25 +0000
  • Ironport-data: A9a23:n/joIanJ94fVl6w8UUtxJUjo5gyjJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xIXXDzUaK2JNjHxftp1b9y/pEIHucfXyINhSgdlrS0xEiMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6U6icf3grHmeIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE4p7aqaVA8w5ARkP6kS5g6GyRH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 aEhJh40U0+vu6X13pT8c/g1jJ4jMMa+aevzulk4pd3YJdAPZMmaBo/stZpf1jp2gd1SF/HDY cZfcSBocBnLfxxIPBEQFY46m+CrwHL4dlW0qnrM/fZxvzeVkVw3iea8WDbWUoXiqcF9t0CUv G/ZuU/+BQkXLoe3wjuZ6HO8wOTImEsXXapCSO3kq6Yz2zV/wEQoWDIZRAGQusWIiw27X9ZCE 1UQ9BUx+P1aGEuDC4OVsweDiHyOswMYWtFQO/Yn8wzLwa3Riy6JC25BQjNfZdgOsM4tWSdsx lKPh8nuBzFkrPuSU3313qiQhSO/P24SN2BqWMMfZQ4M4t2mqodjiBvKF49nCPTs0IyzHizsy TeXqiR4n68UkcMAy6S8+xbAni6ooZ/KCAUy4207Q16Y0++wX6b9D6TA1LQRxaYowFqxJrVZg EU5pg==
  • Ironport-hdrordr: A9a23:1LaVzqN3v1VWGsBcT+n255DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8wr4WBkb6LO90DHpewKQyXcH2/hqAV7EZnirhILIFvAp0WKG+VHd8kLFh4lgPM tbEpSWTeeAdWSS7vyKrzVQcexQpuVvmZrA7Yix854ud3ASV0gK1XYaNu/vKDwTeOAwP+tdKH Pz3Kp6jgvlXU5SQtWwB3EDUeSGj9rXlKj+aRpDKw875BKIhTaI7qe/NxSDxB8RXx5G3L9nqA H+4k3Ez5Tml8v+5g7X1mfV4ZgTsNz9yuFbDMjJptkJJi7qggOIYp0kf7GZpjg6rMym9V5vut jRpBULOdh19hrqDy+IiCqo/zOl/Ccl6nfkx1Pdq2Dku9bFSDUzDNcErZ5FczPCgnBQ/+1U4e Zu5Sa0ppBXBRTPkGDW/N7TTSxnkUKyvD4LjfMTtXpCSoETAYUh77D3vXklVavoLhiKr7zPI9 MeSv00I8wmKG9yWkqp+lWHBubcBkjbUC32GXTq8fblrgS+1EoJs3fwgvZv3kvovahNNaWtrY 7/Q9tVvaALQckMYa1nAuAdBcOxF2zWWBrJdHmfOFL9Ccg8SjvwQrPMkcIIDduRCeo15Yp3nI 6EXEJTtGY0dU6rAcqS3IdT+hSIRGmmRzzixsxX+pA849THNfHWGDzGTEprn9qrov0ZDMGeU/ GvOIhOC/umKWf1A45G0wD3RpEXI3gDV88evMo9Rju104r2A5yvsvaefOfYJbLrHzphUmTjAm EbVDy2P8lE5lDDYA6NvPEQYQKZRqXSx+MCLEGBxZlj9GEkDPw9jiEFzVKk+8qMNTpO9qQrYU oWGsKUrp+G
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZBAKvvRJ2heCKJ0SiESCucWQuIK5WYfSA
  • Thread-topic: [PATCH] x86/mm: PGC_page_table is used by shadow code only

On 29/11/2022 14:55, Jan Beulich wrote:
> By defining the constant to zero when !SHADOW_PAGING we give compilers
> the chance to eliminate a little more dead code elsewhere in the tree.
> Plus, as a minor benefit, the general reference count can be one bit
> wider. (To simplify things, have PGC_page_table change places with
> PGC_extra.)
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Ahead of making this change, can we please rename it to something less
confusing, and fix it's comment which is wrong.

PGC_shadowed_pt is the best I can think of.

> ---
> tboot.c's update_pagetable_mac() is suspicious: It effectively is a
> no-op even prior to this change when !SHADOW_PAGING, which can't be
> quite right. If (guest) page tables are relevant to include in the
> verification, shouldn't this look for PGT_l<N>_page_table as well? How
> to deal with HAP guests there is entirely unclear.

Considering the caller, it MACs every domheap page for domains with
CDF_s3_integrity.

The tboot logical also blindly assumes that any non-idle domain has an
Intel IOMMU context with it.  This only doesn't (trivially) expose
because struct domain_iommu is embedded in struct domain (rather than
allocated separately), and reaching into the wrong part of the arch
union is only mitigated by the tboot logic not being invoked on
non-intel systems.  (Also the idle domain check is useless, given that
it's in a for_each_domain() loop).

It does look a little like the caller is wanting to MAC all Xen data
that describes the guest, but doing this unilaterally for all shadowed
guests seems wrong beside the per-domain s3_integrity setting.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.