[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86: Add Kconfig option to require NX bit support


  • To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 2 Jun 2023 17:14:30 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XFPv7WypZgzmAoGOLgUcRrLawxkZpdT90vj6FHjtCV4=; b=jQsoiSSlxwqdEtttBrn4cDKFXUsFWhN1Nn4N0kg1lSmlgDvX7Se9c6sSi5Lv5pgL963puLHarfMreH54u7KlmtOGxP+bWCdQ6yT7ll17b6Q7QXqYb4BVO93CdI5O2ECsSRUQtNNWIAutDyIaJxv0ck7WQ3etEefg1flFYTdXP3biEdi1Jz3/E24zUYF0kwEAg8x5Uu3sQmmJZCUaj5BCzj+qA8CFm8JLnnyF1pcYbEG3v4Qq787Y/FgQR0+OpD05y9ZXAmpyr3uwH/j0ND3RZhXhBwQxAc0IgVts1yPPTmrOHXGgL9ePXZZE3riERCOzXZAXFnu2+SVuKq5dnBtpFA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PlrsZBIM6ktYE84Fp+SHOznwZqdJFAyEUdqv6BSC7/0RXDCIblFwPm4tTaZLWXCLN217/9Qx2U5wj8zAx6GPzFLSntJy5dtI4Y/h5NzJi1bhlIe0d2Ggf91JVBmTV5Km0ZY2d2UNueiRBL5Z8yg/Z8FqLwPUmTlgDZWOIj3RuxY2sbI7MRdF9/JwzJc7HPeQ/+GDw9kxoB+KI2WDQjJ/4R08nokOw3Y1I3SdeRRkcidPOOtSPRRRrzr+d8S2zdT/RiVpZXCzpFSqKP81VkmNxNIpQMONVlv3XAjXBJ7uKL7S91cGntRD+urnGIJwb+sfgriVlXWLtTHrX6XQoiiSgg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 02 Jun 2023 16:14:55 +0000
  • Ironport-data: A9a23:ODsXcqx7xD9tCyOhXL56t+f3xyrEfRIJ4+MujC+fZmUNrF6WrkVUn DdJDT2Faf2MazPwet4kat+ypkgPu5XUnNQ3TAJrpCAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw/zF8EsHUMja4mtC5QRgPaoT5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KXxg8 aYxKB0TVBSkndOswryRaapxmdt2eaEHPKtH0p1h5RfwKK9+BLrlHODN79Ie2yosjMdTG/qYf 9AedTdkcBXHZVtIJ0sTD5U92uyvgxETcRUB8A7T+fVxvDCVlVQtuFTuGIO9ltiibMNZhEuH4 EnB+Hz0GEoyP92D0zuVtHmrg4cjmAuiAdtIS+DkqK8CbFu7xnwBIzc0UHyArODgjkqecvFSE WIKw397xUQ13AnxJjXnZDWxpHOGtxgQQd0WDeQ+7AyPzYLf5wGECi4PSTspQMwrsoo6SCIn0 neNnsj1Hnp/vbuNU3Wf+7yI6zSoNkA9L2UPeCsFRgst+MT4rcc4iRenZslnOL64iJvyAz6Y/ tyRhC03hrFWh8hU0ay+pAjDm2j1/sSPSRMp7ALKWG7j9hl+eIOue42v7x7c8OpEK4GaCFKGu RDohvSj0QzHNrnV/ATlfQnHNOjBCyqtWNEEvWNSIg==
  • Ironport-hdrordr: A9a23:u9NfY6lmzwlfBgJJHSWMIq4lt63pDfN+iWdD5ihNYBxZY6Wkfp +V9sjzhCWetN9OYhkdcIi7Sc69qADnhPhICOgqTMGftWzd1VdAQ7sSiLcKrwePJ8SczJ8V6U 4DSdkbNDSYNzEX4voSizPZLz9U+qjkzEnev5a8854Cd2BXQpAlyz08JheQE0VwSgUDL4E+Do Cg6s1OoCflUWgLb+ygb0N1FNTrlpnurtbLcBQGDxko5E2lljWz8oP3FBCew1M3Ty5P+7E/6m LI+jaJrJlL8svLhyM05VWjoKi+q+GRhOerMfb8xvT9ZA+cyzpAL74RIoFq9ApF2N1Hrmxa2O Uk6i1QRfhb+jffeHq4rgDq3BSl2DEy62X6wVvdmnf7p9flLQhKfvapqLgpAScx0XBQzu1Uwe ZOxSaUppBXBRTPkGD04MXJTQhjkg6xrWA5meAegnRDWc9GAYUh2rA37QdQCtMNDSj64IcoHK 1nC9zd/u9fdRefY2rCtmdizdSwVjA4HwuAQEIFpsuJugIm6ExR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVUQsoffctGdZc8aNryDnaITQPHMWqUL1iiHqkDN3XBo4Wy+rkv5O2xPJwO1oY7n5 7MFFNU3FRCB37GGImLxtlG4xrNSGKyUXDoxs1C5592tbvmWrLxPGmGREo1m8Wtys9vf/Ezm8 zDSa6+L8WTU1cGQ7w5pDEWc6MiVkUjbA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02/06/2023 5:08 pm, Alejandro Vallejo wrote:
> On Fri, Jun 02, 2023 at 03:22:20PM +0100, Andrew Cooper wrote:
>> Linux deals with this in verify_cpu() (early asm) along with a FMS check
>> protecting the access to MSR_MISC_ENABLE, rather than using rdmsr_safe()
>> and catching the #GP.
> On a related note, we don't use rdmsr_safe() either. We just hope it exists
> on any Intel CPU. It fortunately does on any Intel CPU we care about
> because it was introduced shortly before Pentium 4 (Netburst), so we're
> fine since we mandate long mode.

Oh, good point.  Yeah, that's fine, but only try reading it in the case
that we've found LM, not NX, and GenuineIntel.

There are old versions of Xen which don't emulate the MSR at all, and
the only reason Xen does emulate it in all guests is for a
CPUID-faulting corner case.  The same assumptions are unlikely to hold
for other virtualised cases.

Failing with a clear "NX not available" is strictly preferable to triple
faulting.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.