[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] x86/PV32: restore PAE-extended-CR3 logic
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Tue, 4 Apr 2023 12:12:09 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/mi0rYFQH7+37FCBieDUcO9QBZVqw+Q1snS907vw8ow=; b=Zb0v37uzNp7DOAMQZMyvsW487UneIi3yPTYxt5a+iTBJTS8Mm2rGny97khpbHvyxLXSkUJL/mLK/PJZzvrxt0Q9aKbMe4+06g1SzMxkksKjYyejbIhpWrnTcwnbuy9BsCechRyYBoOSMKbTMg6DQS2L6zU4yVfpGMBbkj1o8r2BICuYSLDJNCnwhxfdCGP8rKBtO4UGZfZaLi5VesyubFFhlkYphWNr7Z43ZlZgnJUtZVkxaqmFHRgvon4yo14px31yOtyLP8vtrF4bL8qIWhpG7FuoZH7JDsGdmsfZa60eqp3MM5tE9iPNNB7dKUWLVZrm5K8dTUYoypys/uEmOJQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZN0z6NogvqAaI2zwHlEDQacuH1AVq4OoYovgnv8nxAFCM4+ZosOa/2wzxJBtFILNsobh/QxpIzzgTbUfoqVjnIW6w7z4+8axSNPDPpAzwV+T2BWe3xW7Npsl+0bL7mCjr0jWnOLTGe4wXvBuKxzAtOonUnKBw06T2TnlavqIZjDtd4bVICQFcfyR8M6M89VEc5ZiDAju2dcXjoTiFg+UVID0uOe0r8qM75TiVetWqxd3C+DzgqMC3mtANKN5qx2Rq/plvufVLlhGnHr6XXNB8cauJHwqgqsJmpPlR19Au3umFEr55R0uXa3EmFIn6OjQZr8a5Q32NCNgXEJ4DeYIEA==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Tue, 04 Apr 2023 10:12:37 +0000
- Ironport-data: A9a23:Asrj+KvuNbpgxrEJ3IfbOPlfHufnVHBfMUV32f8akzHdYApBsoF/q tZmKWDQM/feYzb9eosgb4m19EMH6sXTn99nTlY+qSw2FSpH+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj6Fv0gnRkPaoQ5AOGyyFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwCT1SfBuFwLKP27u1QPB0nIN4b8jXBdZK0p1g5Wmx4fcOZ7nmGv2PyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osgP60aIO9lt+iHK25mm6Co W3L5SLhCwwyP92D0zuVtHmrg4cjmAuiANlMTeDgqaMCbFu7/3EpGgdPSFyA+8Kyt0mQQNQBO 3FT5X97xUQ13AnxJjXnZDW6qnOZuh8XW/JLDvY3rgqKz8L88wufQ2QJUDNFQNgnr9MtAywn0 EeTmNHkDiApt6eaIVqC8p+EoDX0PjIaRVLufgcBRAoBptXm/oc6i0uXSs45SfbsyNroBTv33 jaG6jAkgKkehtIK0KP9+k3bhzWrpd7CSQtdChjrY19JJzhRPOaND7FEI3CBhRqcBO51lmW8g UU=
- Ironport-hdrordr: A9a23:TQutO6xlArgAKiQ1wctdKrPw6L1zdoMgy1knxilNoHxuH/Bw9v re+cjzsCWftN9/Yh4dcLy7VpVoIkmsl6Kdg7NwAV7KZmCP1FdARLsI0WKI+UyCJ8SRzI9gPa cLSdkFNDXzZ2IK8PoTNmODYqodKNrsytHWuQ/HpU0dKT2D88tbnn9E4gDwKDwQeCB2QaAXOb C7/cR9qz+paR0sH7+G7ilsZZmkmzXT/qiWGCI7Ow==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Feb 15, 2023 at 03:54:11PM +0100, Jan Beulich wrote:
> While the PAE-extended-CR3 VM assist is a 32-bit only concept, it still
> applies to guests also when run on a 64-bit hypervisor: The "extended
> CR3" format has to be used there as well, to fit the address in the only
> 32-bit wide register there. As a result it was a mistake that the check
> was never enabled for that case, and was then mistakenly deleted in the
> course of removal of 32-bit-Xen code (218adf199e68 ["x86: We can assume
> CONFIG_PAGING_LEVELS==4"]).
>
> Similarly during Dom0 construction kernel awareness needs to be taken
> into account, and respective code was again mistakenly never enabled for
> 32-bit Dom0 when running on 64-bit Xen (and thus wrongly deleted by
> 5d1181a5ea5e ["xen: Remove x86_32 build target"]).
>
> At the same time restrict enabling of the assist for Dom0 to just the
> 32-bit case. Furthermore there's no need for an atomic update there.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> I was uncertain whether to add a check to the CR3 guest read path,
> raising e.g. #GP(0) when the value read wouldn't fit but also may not
> be converted to "extended" format (overflow is possible there in
> principle because of the control tools "slack" in promote_l3_table()).
>
> In that context I was puzzled to find no check on the CR3 guest write
> path even in 4.2: A guest (bogusly) setting the PCD or PWT bits (or any
> of the low reserved ones) could observe anomalous behavior rather than
> plain failure.
>
> As to a Fixes: tag - it's pretty unclear which of the many original
> 32-on-64 changes to blame. I don't think the two cited commits should
> be referenced there, as they didn't break anything that wasn't already
> broken.
>
> --- a/xen/arch/x86/mm.c
> +++ b/xen/arch/x86/mm.c
> @@ -1520,6 +1520,23 @@ static int promote_l3_table(struct page_
> unsigned int partial_flags = page->partial_flags;
> l3_pgentry_t l3e = l3e_empty();
>
> + /*
> + * PAE pgdirs above 4GB are unacceptable if a 32-bit guest does not
> + * understand the weird 'extended cr3' format for dealing with high-order
> + * address bits. We cut some slack for control tools (before vcpu0 is
> + * initialised).
Don't we then need some check in the vCPU init path to assure that the
cr3 is < 32bits if we allow those to initially be set?
Or will the initialization unconditionally overwrite any previous cr3
value?
Thanks, Roger.
|
