Xen project Mailing List

Re: [PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01]

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 26 Oct 2023 17:19:40 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fm+lt247TAkjhZdcsL8NUZu9MMe7/loC4g5DpjV2U+M=; b=KunevcwQYT5XFeMyI2n6fOCHGqfgLrnV21t9kiy9MVjlLHFdc7mQWANVFShc53hdMnScUmW+VwfDIsJNzpBwoZQGYIlT75rO3rnSuVCZlBxc+KscBvU6sDCVyEB5Qm8A/opa47RyaHBPy2cKd896lrGuZkvwQ1Nx6BSlLNjTCXtatRio9gtV6u8vDkAIZm3mjyzuz3/yw6KqoSQ7TXLRMN6gzaiWj0OAAMaJP84F9l0/RFfEIQPREGODq7D7mq4UzLgBLGK5rMrYdlJe7p8DC7Rjv4f/mvh/T4rVX1ifS7eUB8SqX2QR24haVe+5Js0n1hVNFZIwPdOCFdgMvOOqhQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dyxCgcvAaoPPxC2OGQHef376oU+d1h4jcplHP83I2tXalPWzKCbgeEXLh9ie2iHxYdxh6e4ISXye5mmb+qdXvlPEyI4pHEcmVgnZvmNYdzsJCg5x64kYtKQ25+gtwtnj9Qk+Zj//IMmkO3ewNR9xP8EFCAAdjoz8PotR7YspbRjBOddP/hlsHMpAPgp45SW3hLHuJVihaHaOof6rPti1Rk4hUDgF5A+nn+1gRoY5SkRxNEcRRcmQud0IlfzKZM9Wqn/0VyJyRwVTBAOalOK6oeBqcjvwpWwTiePSN0IyGmxpWi6DBCjIHKXzoMi+OHiJpmk1nUuxoD9TTvLOhR6j0A==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 26 Oct 2023 15:20:17 +0000

Ironport-data: A9a23:40qACauJD3WazZlf5NeKDD2XBufnVHdfMUV32f8akzHdYApBsoF/q tZmKW/Tb6vcY2rzKotyOt/l8h4AuMSDx4BmHFZo+S09Qn4T+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVaicfHg3HFc4IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4rKq41v0gnRkPaoQ5QeEySFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwCz8AbR+YwN+P67ebTqpzotU/c+LgBdZK0p1g5Wmx4fcOZ7nmGv2PwOACmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osjf60aIO9lt+iHK25mm6Co W3L5SLhCwwyP92D0zuVtHmrg4cjmAuiAtxNSOXkqKcCbFu7yl4ZUUwLcV2CgqPhkGO7SYxvI nw+5X97xUQ13AnxJjXnZDW6qnOZuh8XW/JLDvY3rgqKz8L88wufQ2QJUDNFQNgnr9MtAywn0 EeTmNHkDiApt6eaIVqC8p+EoDX0PjIaRVLufgcBRAoBptz8+oc6i0uXSs45SfbsyNroBTv33 jaG6jAkgKkehtIK0KP9+k3bhzWrpd7CSQtdChjrY19JJzhRPOaND7FEI3CAsp6s8K7xooG9g UU5

Ironport-hdrordr: A9a23:8t/8YqyfHyKZTm9J2nlqKrPwJ71zdoMgy1knxilNoH1uHPBw8v rFoB1173DJYVoqKRMdcPq7Sc29qArnhPtICOoqXItKPjOLhILAFugL0WKF+V3d8kbFh41gPM lbHpSWWOeaMWRH

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Oct 26, 2023 at 05:07:18PM +0200, Jan Beulich wrote: > On 26.10.2023 15:24, Roger Pau Monné wrote: > > On Thu, Oct 26, 2023 at 11:03:42AM +0200, Jan Beulich wrote: > >> On 26.10.2023 10:34, Roger Pau Monné wrote: > >>> On Thu, May 11, 2023 at 02:06:46PM +0200, Jan Beulich wrote: > >>>> ... in order to also deny Dom0 access through the alias ports. Without > >>>> this it is only giving the impression of denying access to both PICs. > >>>> Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal > >>>> operation later on. > >>>> > >>>> Like for CMOS/RTC a fundamental assumption of the probing is that reads > >>>> from the probed alias port won't have side effects in case it does not > >>>> alias the respective PIC's one. > >>> > >>> I'm slightly concerned about this probing. > >>> > >>> Also I'm unsure we can fully isolate the hardware domain like this. > >>> Preventing access to the non-aliased ports is IMO helpful for domains > >>> to realize the PIT is not available, but in any case such accesses > >>> shouldn't happen in the first place, as dom0 must be modified to run > >>> in such mode. > >> > >> That's true for PV Dom0, but not necessarily for PVH. Plus by denying > >> access to the aliases we also guard against bugs in Dom0, if some > >> component thinks there's something else at those ports (as they > >> indeed were used for other purposes by various vendors). > > > > I think it would be safe to add a command line option to disable the > > probing, as we would at least like to avoid it in pvshim mode. Maybe > > ut would be interesting to make it a Kconfig option so that exclusive > > pvshim Kconfig can avoid all this? > > > > Otherwise it will just make booting the pvshim slower. > > I've taken note to introduce such an option (not sure yet whether just > cmdline or also Kconfig). Still > - Shouldn't we already be bypassing related init logic in shim mode? Not sure what we bypass in pvshim mode, would be good to double check. > - A Kconfig option interfacing with PV_SHIM_EXCLUSIVE will collide with > my patch inverting that option's sense (and renaming it), so it would > be nice to have that sorted/accepted first (see > https://lists.xen.org/archives/html/xen-devel/2023-03/msg00040.html). It being Andrew the one that made the request, I would like to get his opinion on it. UNCONSTRAINED does seem a bit weird. Maybe the issue is that PV_SHIM_EXCLUSIVE shouldn't have been a Kconfig option in the first place, and instead a specific Kconfig config file? Maybe it's not possible to achieve the same using just a Kconfig config file. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.