lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 Jul 2019 09:06:53 -0400
From:   Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:     Zhenzhong Duan <zhenzhong.duan@...cle.com>,
        linux-kernel@...r.kernel.org
Cc:     xen-devel@...ts.xenproject.org, jgross@...e.com,
        sstabellini@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de
Subject: Re: [PATCH v5 4/4] x86/xen: Add "nopv" support for HVM guest

On 7/2/19 9:19 PM, Zhenzhong Duan wrote:
> PVH guest needs PV extentions to work, so "nopv" parameter should be
> ignored for PVH but not for HVM guest.
>
> If PVH guest boots up via the Xen-PVH boot entry, xen_pvh is set early,
> we know it's PVH guest and ignore "nopv" parameter directly.
>
> If PVH guest boots up via the normal boot entry same as HVM guest, it's
> hard to distinguish PVH and HVM guest at that time.
>
> To handle that case, add a new function xen_hvm_nopv_guest_late_init()
> to detect PVH at a late time and panic itself if nopv enabled for a
> PVH guest.
>
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@...cle.com>
> Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
> Cc: Juergen Gross <jgross@...e.com>
> Cc: Stefano Stabellini <sstabellini@...nel.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: Borislav Petkov <bp@...en8.de>
> ---
>  arch/x86/xen/enlighten_hvm.c | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
>
> diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
> index 1756cf7..09a010a 100644
> --- a/arch/x86/xen/enlighten_hvm.c
> +++ b/arch/x86/xen/enlighten_hvm.c
> @@ -231,11 +231,37 @@ bool __init xen_hvm_need_lapic(void)
>  	return true;
>  }
>  
> +static __init void xen_hvm_nopv_guest_late_init(void)
> +{
> +#ifdef CONFIG_XEN_PVH
> +	if (x86_platform.legacy.rtc || !x86_platform.legacy.no_vga)
> +		return;
> +
> +	/* PVH detected. */
> +	xen_pvh = true;
> +
> +	panic("\"nopv\" and \"xen_nopv\" parameters are unsupported in PVH guest.");
> +#endif
> +}

Can't all of this be done in xen_hvm_guest_late_init()? It has the same
tests already and it seems to me you should be able to panic from there.


-boris


> +
> +
>  static uint32_t __init xen_platform_hvm(void)
>  {
>  	if (xen_pv_domain())
>  		return 0;
>  
> +	if (xen_pvh_domain() && nopv) {
> +		/* Guest booting via the Xen-PVH boot entry goes here */
> +		pr_info("\"nopv\" parameter is ignored in PVH guest\n");
> +		nopv = false;
> +	} else if (nopv) {
> +		/*
> +		 * Guest booting via normal boot entry (like via grub2) goes
> +		 * here.
> +		 */
> +		x86_init.hyper.guest_late_init = xen_hvm_nopv_guest_late_init;
> +		return 0;
> +	}
>  	return xen_cpuid_base();
>  }
>  
> @@ -268,4 +294,5 @@ static __init void xen_hvm_guest_late_init(void)
>  	.init.init_mem_mapping	= xen_hvm_init_mem_mapping,
>  	.init.guest_late_init	= xen_hvm_guest_late_init,
>  	.runtime.pin_vcpu       = xen_pin_vcpu,
> +	.ignore_nopv            = true,
>  };

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ