[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/mm: PGC_page_table is used by shadow code only

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 29 Nov 2022 21:10:31 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PlGqb52dA8lZLkSPjJBw29aiaLI8MDFflDevWPQuSpo=; b=CfzaWEp9+XCiPQcm51X3mitR+kPoTz+yVl7DF7+Ikr1/Qj+xoifkj0kkBe4vPq3pOQu3vWlkAz7noVOshiQyVpbLH8APbwB/kPyIZKYpEKIzOUp2+RVL3pGpWNsHlzDuHW/eUQODL4wme1UE5XSQYj6LyutW/Vq5wkZvJzqjNmooiBpShqRbhzcjMeEWleRLGU/Im2uIranI6mPdUhV/zo9Bj32zLg73OZ2KnJnxHjjbELqbIz0dcI7veGzpOiOyHOClrD7VCrZbJ7Dn/as6EtdTKXkLZu/Ro45chmG4HdJBFdzByIlPg4Z/dSdf+PYN9vVNp58Vo5sUmLXYibmxPw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RoK9spwmSKWtFboYe2TWf9LbE1KCZlwTcAt0rN8KNVVKzRMHjnXc3samdFuwEfDaIaEhUXCk2hoCJPaxZOfXHVOhhR8Y9DV707loWF8L1En3Q7bHHUT1bxy1+zegGliybZlvnwqMVyZ8dDQX8TVp7eJ2wljCNtMfnCC2vNdyVh5WS2VcsXm6JzDvzFsXI89W8c8gDLH0aiIUBot8G+IAqVnB/0vv04Zvs0tjE4XNExdjI8NhWk882qQpquWkazS12gJK3e/sySX7H5WDpa/rCytKXmSKc5+mx0NaCeRWedfr7VvZb8opHHGM4wNzQPoZyYDVG0Wuy0IckBwBddD9Qg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 29 Nov 2022 21:10:48 +0000
  • Ironport-data: A9a23:L0ulRKlEEMSAQsIfoKZZnsDo5gysJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xIeWzqBO6mNMWCheo1+Ptjj/B8PvpaDy4VrSVE5rS00QyMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6U6icf3grHmeIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE4p7aqaVA8w5ARkP6kS5g6GyRH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 eMgNTUzXz7TvuGvmZObEtd9vvYqLOC+aevzulk4pd3YJdAPZMmaBo/stZpf1jp2gd1SF/HDY cZfcSBocBnLfxxIPBEQFY46m+CrwHL4dlW0qnrM/fZxvzeVkVw3iea8WDbWUoXiqcF9t0CUv G/ZuU/+BQkXLoe3wjuZ6HO8wOTImEsXXapCSe3gq6E22zV/wEQsNAczCF67/sCH1Fe5ROMEK VQsoiwh+P1aGEuDC4OVsweDiHyOswMYWtFQO/Yn8wzLwa3Riy6JC25BQjNfZdgOsM4tWSdsx lKPh8nuBzFkrPuSU3313qiQhSO/P24SN2BqWMMfZQ4M4t2mqodjiBvKF49nCPTs0IyzHizsy TeXqiR4n68UkcMAy6S8+xbAni6ooZ/KCAUy4207Q16Y0++wX6b9D6TA1LQRxawaRGpFZjFtZ EQ5pvU=
  • Ironport-hdrordr: A9a23:AVzafauVEwopO5lH+2TX9cTM7skCXoAji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJh5o6H6BEGBKUmslqKceeEqTPqftXrdyRGVxeZZnMffKlzbamfDH4tmuZ uIHJIOb+EYYWIasS++2njBLz9C+qjJzEnLv5a5854Fd2gDBM9dBkVCe3+m+yZNNWt77O8CZf 6hD7181l+dkBosDviTNz0gZazuttfLnJXpbVovAAMm0hCHiXeF+aP3CB+R2zYZSndqza05+W bIvgTl7uH72svLiyP05iv21dB7idHhwtxMCIiljdUUECzljkKFdZlsQLqLuREyuaWK5EwxmN fBjh88N4BY6m/XfEuyvRzxsjOQngoG2jvH8xu1kHHjqcv2SHYREMxan79UdRPf9g4JoMx8+L gj5RPbi7NnSTf72Ajt7dnBUB9n0mCup2A5rOIVh3tDFaMDdb5qq5AF9k89KuZDIMu60vFjLA BdNrCa2B9kSyLdU5kfhBg3/DWYZAV2Iv5BeDlbhiXa6UkMoJkz9Tpk+CVWpAZ9yHt6cegF2w 2MCNUXqFkFJPVmEp5VFaMPR9C6BXfKRg+JOGWOIU7/HKVCIH7VrYXriY9Frd1CVaZ4u6faoq 6xJm9wpCo3YQbjGMeO1JpE/lTER3i8Ry3kzoVb64JisrPxSbL3OWnbIWpe2PeIsrEaGInWSv yzMJVZD7vqKnbvA59A20n7V4NJIXcTXcUJspIwWk6IoMjMNor239arOMr7Nf7oC3IpS2n/Cn wMUHz6I9hB9FmiXjvijB3YSxrWCzjCFFJLYd3nFsQoufsw39d3w3koYHyCl7G2ACwHtLAqd0 1jJ76imr+npACNjBT101k=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZBAKvvRJ2heCKJ0SiESCucWQuIK5WYfSAgAAEDYA=
  • Thread-topic: [PATCH] x86/mm: PGC_page_table is used by shadow code only
On 29/11/2022 20:56, Andrew Cooper wrote:
> On 29/11/2022 14:55, Jan Beulich wrote:
>> By defining the constant to zero when !SHADOW_PAGING we give compilers
>> the chance to eliminate a little more dead code elsewhere in the tree.
>> Plus, as a minor benefit, the general reference count can be one bit
>> wider. (To simplify things, have PGC_page_table change places with
>> PGC_extra.)
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> Ahead of making this change, can we please rename it to something less
> confusing, and fix it's comment which is wrong.
>
> PGC_shadowed_pt is the best I can think of.
>
>> ---
>> tboot.c's update_pagetable_mac() is suspicious: It effectively is a
>> no-op even prior to this change when !SHADOW_PAGING, which can't be
>> quite right. If (guest) page tables are relevant to include in the
>> verification, shouldn't this look for PGT_l<N>_page_table as well? How
>> to deal with HAP guests there is entirely unclear.
> Considering the caller, it MACs every domheap page for domains with
> CDF_s3_integrity.
>
> The tboot logical also blindly assumes that any non-idle domain has an
> Intel IOMMU context with it.  This only doesn't (trivially) expose
> because struct domain_iommu is embedded in struct domain (rather than
> allocated separately), and reaching into the wrong part of the arch
> union is only mitigated by the tboot logic not being invoked on
> non-intel systems.  (Also the idle domain check is useless, given that
> it's in a for_each_domain() loop).

Wow I really failed at typing here.  "The tboot logic", and "doesn't
(trivially) explode".

~Andrew

>
> It does look a little like the caller is wanting to MAC all Xen data
> that describes the guest, but doing this unilaterally for all shadowed
> guests seems wrong beside the per-domain s3_integrity setting.
>
> ~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.