lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Jul 2019 14:04:59 -0400
From:   Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:     Zhenzhong Duan <zhenzhong.duan@...cle.com>,
        linux-kernel@...r.kernel.org
Cc:     xen-devel@...ts.xenproject.org, jgross@...e.com,
        sstabellini@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de
Subject: Re: [PATCH v4 4/5] x86/xen: Add 'nopv' support for HVM guest

On 7/1/19 1:19 AM, Zhenzhong Duan wrote:
> PVH guest needs PV extentions to work, so 'nopv' parameter should be
> ignored for PVH but not for HVM guest.
>
> If PVH guest boots up via the Xen-PVH boot entry, xen_pvh is set early,
> we know it's PVH guest and ignore 'nopv' parameter directly.
>
> If PVH guest boots up via the normal boot entry same as HVM guest, it's
> hard to distinguish PVH and HVM guest at that time.
>
> To handle that case, add a new function xen_hvm_nopv_guest_late_init()
> to detect PVH at a late time and panic itself if 'nopv' enabled for a
> PVH guest.
>
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@...cle.com>
> Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
> Cc: Juergen Gross <jgross@...e.com>
> Cc: Stefano Stabellini <sstabellini@...nel.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: Borislav Petkov <bp@...en8.de>
> ---
>  arch/x86/xen/enlighten_hvm.c | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
>
> diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
> index 7fcb4ea..340dff8 100644
> --- a/arch/x86/xen/enlighten_hvm.c
> +++ b/arch/x86/xen/enlighten_hvm.c
> @@ -25,6 +25,7 @@
>  #include "mmu.h"
>  #include "smp.h"
>  
> +extern bool nopv;


I'd put this in arch/x86/include/asm/hypervisor.h


>  static unsigned long shared_info_pfn;
>  
>  void xen_hvm_init_shared_info(void)
> @@ -221,11 +222,36 @@ bool __init xen_hvm_need_lapic(void)
>  	return true;
>  }
>  
> +static __init void xen_hvm_nopv_guest_late_init(void)
> +{
> +#ifdef CONFIG_XEN_PVH
> +	if (x86_platform.legacy.rtc || !x86_platform.legacy.no_vga)
> +		return;
> +
> +	/* PVH detected. */
> +	xen_pvh = true;
> +
> +	panic("nopv parameter isn't supported in PVH guest.");
> +#endif
> +}
> +
> +
>  static uint32_t __init xen_platform_hvm(void)
>  {
>  	if (xen_pv_domain())
>  		return 0;
>  
> +	if (xen_pvh_domain() && nopv) {
> +		/* Guest booting via the Xen-PVH boot entry goes here */
> +		pr_info("nopv parameter is ignored in PVH guest\n");



                        nopv = false;

just in case nopv is used somewhere else later?


-boris

> +	} else if (nopv) {
> +		/*
> +		 * Guest booting via normal boot entry (like via grub2) goes
> +		 * here.
> +		 */
> +		x86_init.hyper.guest_late_init = xen_hvm_nopv_guest_late_init;
> +		return 0;
> +	}
>  	return xen_cpuid_base();
>  }
>  
> @@ -258,4 +284,5 @@ static __init void xen_hvm_guest_late_init(void)
>  	.init.init_mem_mapping	= xen_hvm_init_mem_mapping,
>  	.init.guest_late_init	= xen_hvm_guest_late_init,
>  	.runtime.pin_vcpu       = xen_pin_vcpu,
> +	.ignore_nopv            = true,
>  };

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ