Xen project Mailing List

Re: [RFC PATCH] xen/arm: Add emulation of Debug Data Transfer Registers

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Fri, 8 Dec 2023 09:03:43 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SPTzovDdluwKsIWWrxnQRvgGmk5L+tN9q7m3PFw0eIc=; b=heUO+x9VCn1rXTKMZ5WuH0/maaMeNeo7++lezYTM4kFj+nGbL+jW567rIGcpyxIZRIaYJHoY4M5O/+USrB4ZL7zF4QfaZmicKXmmfMk0cdaYStj97T38PO+oRGkFB6BEpTmopVOm007QMbogRLBky8JRf1zG7um6CgeE4MPeeGz61jZBPxibCPOvrnrXhXjGqNUD1x0Y3u2GGiStZE06cD0WxARmpkQZRHErwPrLKQmdeLzW+czMqnhFBfDirZKhTHYKJbG2uSQqS6dUL97GxBxnsfAJ6Pp9s93e37Fq0jW85k1TFjQbSlaXS60tqUfCQjQV6bMoVC9JITkU+J/CBw==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SPTzovDdluwKsIWWrxnQRvgGmk5L+tN9q7m3PFw0eIc=; b=QUzYOt9z90f5ckBvPUTnmBhKVMkN9AIJE16dXtRKQoenMyMaDN2MYKn03fcMK3U1wyTrqUR9BddjRh6PxAYqocki2ph5V3jgIjXVuos7N9VQp+mUSWhlkxWGD9sCT2gWxJBfj4tdM+qoiNfVhsZOgL7S7YoLB/HSaGGpFggeEA1cAnKV1qN1YIf3ISpgOsoVyEmWKk0Hk9Hw7aKew1BxrC4mKGpBJyNRLTkvwgxyaqpSuisVwHczAaE3+G9ZcJnTgCWq4JTyw+XbIqB5VoGoXJ8mcHWF7pLUK5jp+rI+HZeuYhS4oeMsxmC0S37kZh0NpTlrFWgi/mCjpRsACHLS8A==

Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=jtk1ZCsfWYCtAgBXberhqRQVCHoX8Xd3FzjbP1zTEJlhDZTU2+DkMqUQR30IazxFvSbZqTiEi5sdZhcB8ZfimvqhcTQim+hwcv4yzWN9fdGE0VSI6Fas75Yk24zdeHnqfzeLq3609G3YlLBneMRW7ib8VQSgBVwclbstQhJJLx2D8jbxNQwCMMyclIFk4F4H6qweF/y3ky/hkAoAxbNXFUgQphOxA1icHexFb0/EDgKecyCSJZai9y+PqfZCs3B3iLqk4iMnJV+EUTDoEjwnIAA5eDTDNQrEsDOB6CMYsdoJNXXDVRqxxKmmnhMINvP7jC0guiY4R0gysKgM54JEeQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aJAfzmNqDPwUKqp9uGaMrcIr4dX7oUyIrWSwbHC09xHLlkYcdWV4nFOP4TxsBjjAPOtuI5epceOuw5rVrr6NwEf30KYTN+XUkBIoIveviATMYf98yFc8pLgoJjzlbXVFMgbv9dFB3PDJmUlZhc6DjXoFVyd58Hy8bLCL0rL4yzsKCJoGXwObNcDqz6cxm9W9eK09MdLfNMCfmy9ZJGdFBv8tzLmUXtXRkzsk2PKifYVgJTQ8CeKntuIq57o1CR++regSz/vcu8iAXTH3siv21tYSfgEZqem3SmxYopKZb1NFbbdo9iL5pX17BtsWqvGTvqmzKL3Bz3GoI5VLt4YqVQ==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Julien Grall <julien@xxxxxxx>, Ayan Kumar Halder <ayankuma@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, "stefano.stabellini@xxxxxxx" <stefano.stabellini@xxxxxxx>, "Volodymyr_Babchuk@xxxxxxxx" <Volodymyr_Babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 08 Dec 2023 09:04:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHaJIdEbUtN3QkqgUmgAoK4VfjZW7CY8R0AgAAqKQCAAHNEgIAA4yoAgAAJTgCAAAgBgIAAA4YAgAAFeYCAAB5MgIAADfQAgACiKgCAArmeAIAAT08AgAC+b4A=

Thread-topic: [RFC PATCH] xen/arm: Add emulation of Debug Data Transfer Registers

Hi All, Sorry for coming back late on this thread. > On 7 Dec 2023, at 22:41, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote: > > On Thu, 7 Dec 2023, Julien Grall wrote: >> Hi Stefano, >> >> On 05/12/2023 23:21, Stefano Stabellini wrote: >>> On Tue, 5 Dec 2023, Julien Grall wrote: >>>> I agree that crashing a guest is bad, but is lying to the domain really >>>> better? The consequence here is not that bad and hopefully it would be >>>> fairly >>>> easy to find. But this is not always the case. So I definitely would place >>>> a >>>> half-backed emulation more severe than a guest crash. >>> >>> >>> I see where Julien is coming from, but I would go with option two: >>> "emulate DCC the same way as KVM". That's because I don't think we can >>> get away with crashing the guest in all cases. Although the issue came >>> up with a Linux guest, it could have been triggered by a proprietary >>> operating system that we cannot change, and I think Xen should support >>> running unmodified operating systems. >>> >>> If we go with a "half-backed emulation" solution, as Julien wrote, then >>> it is better to be more similar to other hypervisors, that's why I chose >>> option two instead of option three. >>> >>> But at the same time I recognize the validity of Julien's words and it >>> makes me wonder if we should have a KCONFIG option or command line >>> option to switch the Xen behavior. We could use it to gate all the >>> "half-backed emulation" we do for compatibility. Something like: >>> >>> config PARTIAL_EMULATION >>> bool "Partial Emulation" >>> ---help--- >>> Enables partial, not spec compliant, emulation of certain >>> register >>> interfaces (e.g DCC UART) for guest compatibility. If you disable >>> this option, Xen will crash the guest if the guest tries to access >>> interfaces not fully emulated or virtualized. >>> >>> If you enable this option, the guest might misbehave due to non-spec >>> compliant emulation done by Xen. >> >> As I wrote to Ayan on Matrix today, I am not in favor of the emulation. Yet, >> I >> am not going to oppose (as in Nack it) if the other maintainers agree with >> it. > > Thanks for being flexible > > >> The KConfig would be nice, the question is whether we want to (security) >> support such configuration? E.g. could this potentially introduce a security >> issue in the guest? > > The important question is whether it could introduce a security issue in > Xen. If we think it wouldn't increase the attack surface significantly > then I would security support it otherwise not. > > >> Regarding the emulation itself, I actually prefer 3 because at least the >> Linux drivers will be able to bail out rather than trying to use them. > > I don't have a strong opinion between 2 and 3 Here is my view on it: - providing a wrong emulation to please guests is not wrong as it might end up hidding something that will be hard to debug so on that point I agree with Julien. - choosing a solution which might just crash a guest without any other solution than recompiling or modifying xen is not something acceptable if we want Xen to thrive. So i would suggest the following solution: - have a Kconfig to surround this code so that "correct" guests can disable it. - have a command line option to activate this behavior and turn it off by default. One encountering the problem will have to explicitly set a command line parameter so cannot do this without knowing. - activate the Kconfig option by default and security support it as it is only active if a command line parameter is passed. The Kconfig parameter should be more generic so that this could apply to a bunch of registers we would emulate with RAZ/WI so I am happy with that proposal if we say that this must be activated through a command line option passed to Xen at boot. Regards Bertrand

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.