lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 8 Jul 2019 16:33:05 +0800
From:   Zhenzhong Duan <zhenzhong.duan@...cle.com>
To:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        linux-kernel@...r.kernel.org
Cc:     xen-devel@...ts.xenproject.org, jgross@...e.com,
        sstabellini@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de
Subject: Re: [PATCH v5 4/4] x86/xen: Add "nopv" support for HVM guest


On 2019/7/5 21:06, Boris Ostrovsky wrote:
> On 7/2/19 9:19 PM, Zhenzhong Duan wrote:
>> PVH guest needs PV extentions to work, so "nopv" parameter should be
>> ignored for PVH but not for HVM guest.
>>
>> If PVH guest boots up via the Xen-PVH boot entry, xen_pvh is set early,
>> we know it's PVH guest and ignore "nopv" parameter directly.
>>
>> If PVH guest boots up via the normal boot entry same as HVM guest, it's
>> hard to distinguish PVH and HVM guest at that time.
>>
>> To handle that case, add a new function xen_hvm_nopv_guest_late_init()
>> to detect PVH at a late time and panic itself if nopv enabled for a
>> PVH guest.
>>
>> Signed-off-by: Zhenzhong Duan<zhenzhong.duan@...cle.com>
>> Cc: Boris Ostrovsky<boris.ostrovsky@...cle.com>
>> Cc: Juergen Gross<jgross@...e.com>
>> Cc: Stefano Stabellini<sstabellini@...nel.org>
>> Cc: Thomas Gleixner<tglx@...utronix.de>
>> Cc: Ingo Molnar<mingo@...hat.com>
>> Cc: Borislav Petkov<bp@...en8.de>
>> ---
>>   arch/x86/xen/enlighten_hvm.c | 27 +++++++++++++++++++++++++++
>>   1 file changed, 27 insertions(+)
>>
>> diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
>> index 1756cf7..09a010a 100644
>> --- a/arch/x86/xen/enlighten_hvm.c
>> +++ b/arch/x86/xen/enlighten_hvm.c
>> @@ -231,11 +231,37 @@ bool __init xen_hvm_need_lapic(void)
>>   	return true;
>>   }
>>   
>> +static __init void xen_hvm_nopv_guest_late_init(void)
>> +{
>> +#ifdef CONFIG_XEN_PVH
>> +	if (x86_platform.legacy.rtc || !x86_platform.legacy.no_vga)
>> +		return;
>> +
>> +	/* PVH detected. */
>> +	xen_pvh = true;
>> +
>> +	panic("\"nopv\" and \"xen_nopv\" parameters are unsupported in PVH guest.");
>> +#endif
>> +}
> Can't all of this be done in xen_hvm_guest_late_init()? It has the same
> tests already and it seems to me you should be able to panic from there.

Indeed, I didn't realize this, thanks for pointing, I'll fix it.

Zhenzhong

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ