[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CRITICAL for 4.18] Re: [PATCH v5 00/10] runstate/time area registration by (guest) physical address
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Fri, 6 Oct 2023 10:00:35 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Btfp1SGMMSX5XPpBhmPAz3n7R3RWimmHl/FS17qxDsM=; b=KTOepUu2Jnl+Je/1jmFkrDoxfNIuKqoVx44dbyrPdrXgpR5p9D6JaE5Qi5uSEWsb0XUbCU/0figYkENSLP6u0tyaDwIiG8MuOGzcxTwp8z+D/hertRaPoyCv0k6AYV4f3cS5uD3PPTJ0EWb/6K+jqIDEV/Ng8dJSjgXkOPn9s88F31k7Yx5WuiZ3dSQXYFZKUJzgTOKoQqIcuDLcWFEpiB0tRIfShMxz9HKbHBwJ0WJtjt1ljP8tqzjOt/AIGnJWuRjDi4RqCRhvqF39ilRX1qAjZG5fA3KiW8NnjdYvKFVQB6OU1upqQPCVBlEVJzjxGSoP8AMTu+4nbEBKxQC2mQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HEaWrQ2zXruyk2g0731UM2cP9VE9eFKoTArcz9zrR8lsOkmEb2md6Oa4V2yyIOrzBoES5HM+N4vDhVNJqtFYiB7bLOaWsnms6JSLQaT4FiL1kbwckXziNpnPA0NWYuVenmb2ckgpM4hnVp5PrbZvZl4Wk41Q5jhTtVumSnoeWABQJ0zU0+8DRbc3/kiz5szjiuiTLgb6NOt2AU1a+HnuO6Tx9RCBXU5ZIZSlxkwLrts0VAc0k7xH2kKfdCjcFy7X0b2fR3cdNCmsI4VG+X38aeF/8X1ZLU2EXy9+2PV6y3aH4IBgJQTR4n84+FdtKZjp1BdSOY7B5Qny/Gbl7nVCUg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, henry.wang@xxxxxxx, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- Delivery-date: Fri, 06 Oct 2023 08:01:12 +0000
- Ironport-data: A9a23:Mr9SyKJHDm20wUfdFE+RIJQlxSXFcZb7ZxGr2PjKsXjdYENS1TBUz 2ceCG+OOamOYDHwfN5yPY/j9RgGuJ+DnYNlTQJlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAhk/nOHvylULKs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrYwP9TlK6q4mhB5gRjPaojUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c4tD2VS6 60jLgwCYxWujsya5euxR7Jz05FLwMnDZOvzu1lG5BSAVbMDfsqGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dqpTGLlWSd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iv227WVzH6hB+r+EpWa1PpqgAS11Fc5BTg0XEaLiuSjhXChDoc3x 0s8v3BGQbIJ3FymSJzxUgO1pFaAvwUAQJxAHusi8gaPx6HIpQGDCQAsTjNHcs1gq8YwShQjz FrPlNTsbRRzubicUlqB9bOZqzyjNCxTJmgHDQcGRwYY59jooKkokwnCCN1kFcadkdndCTz2h TeQo0AWhagXjMMN/7W2+xbAmT3EjoPSUgc/6wHTX2SkxgB0foioY8qv81ez0BpbBIOQT13Eu WdencGbtbgKFcvUzHXLR/gRFra04frDKCfbnVNkA5gm8XKq5mKneodTpjp5IS+FL/o5RNMgW 2eL0Ss52XOZFCfCgXNfC25pN/kX8A==
- Ironport-hdrordr: A9a23:ntvgJqrza5YwecLouX3usoUaV5tYLNV00zEX/kB9WHVpm5Oj5r mTdaUgpHnJYWgqKRYdcIi7Sd69qLbnhNRICYl4B8bcYOF/0FHYa72KnrGStQEIfBeOsNK1tJ 0QN5SWbeeafCBHZKnBkXqF+robsaS6GeWT9JPjJhRWPFhXgsNbnnVE4lT3KDwseOAuP/NQfv fzh7sj1l7QAgVsUimiPBY4tqr41qj2ffrdEEQ77nUcmXezZEaTmc7H+m+jr2Yjul10sMsf2F mAuTe8wpiK99ua53bnpgzuxqUTsuCk7uZqQPGtp6EuW1fRozftToVsUb+4sDo0ueGi70sBkd XHoRssVv4S15rkRBDpnfKh4Xiy7N7gg0WSjGOwsD/Gm4jUVTg6A81OicZwdQbY0VMpuJVG3K dCzwuixtpq5UerpkjAzumNcysvulu/oHIkn+JWpWdYS5EiZLhYqpFa1F9JEb8bdRiKwLwPIa 1LNoXx9fxWeVSVYzTypW902uGhWXw1A1OvXlUCgMqIyDJb9UoJ5nfw/PZvtUvoyahNHKWspt 60ZpiArYs+G/P+uJgNUtvoQqOMey3wqFz3QTriC2gO0sk8Si7wQtXMkfwIDdqRCdA1JEFbou WebLppjx9sR6unM7zH4HRqyGGdfIzvZ0W89impj6IJ+IEVs9LQQG6+oRYV4pmdivIYD83AUf O6OJZbGJbYXCXTMJcM1QzzUZtIJXMfSc0YvcshXU6Srs+jEPykigRKGMyjb4YFOQxUF1/CPg ==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Oct 05, 2023 at 07:58:50PM +0100, Andrew Cooper wrote:
> I see this series has been committed. But it's broken in a really
> fundamental way.
>
>
> This is a new extension with persistent side effects to an existing part
> of the guest ABI.
The only change in the ABI is the different return code for multiple
attempts to map the vcpu_info page, it used to be -EINVAL and it's
-EBUSY now, which seems more descriptive.
The added hypercalls are an extension of the ABI, not not a
modification of an existing part. Or maybe I'm not understanding the
complaint.
> Yet there doesn't appear to be any enumeration that the interface is
> available to begin with. Requiring the guest to probe subops, and
> having no way to disable it on a per-domain basis is unacceptable,
We have never mandated such disables to be part of the series adding
the new hypercalls, those have always been retro fitted in case of
need. Not saying we shouldn't do it, but it's not something we have
asked submitters to do.
> and
> has exploded on us more times than I care to count in security fixes
> alone, and that doesn't even cover the issues Amazon have reported over
> the years.
That's fine, I can add the enumeration. A CHANGELOG entry should also
be added.
>
> Henry: Blocker for 4.18. The absolutely bare minimum necessary to
> avoid reversion is some kind of positive enumeration that the two new
> hypercalls are available.
>
> Otherwise I will be #if 0'ing out the new hypercalls before this ABI
> mistake gets set in stone.
>
>
> If this were x86-only it would need to be a CPUID flag, but it will need
> to be something arch-agnostic in this case. The series should not have
> come without a proper per-domain control and toolstack integration, but
> everything else can be retrofitted in an emergency.
>
> And on a related note, where is the documentation describing this new
> feature? Some tests perhaps, or any single implementation of the guest
> side interface?
Not that I know, I was expecting Jan to post that once he gets back
from PTO.
I already noted somewhere that I wasn't able to test myself because I
couldn't find any Linux side patches to test the feature with, and I
didn't have time to write ones myself (was expecting Jan to have the
Linux side done already for testing reasons).
> This is engineering principles so basic that they do go without saying.
>
> ~Andrew
>
|
