lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d5dd94c2-070e-b3ff-57cf-92893b3cca7b@citrix.com>
Date:   Wed, 4 Sep 2019 12:36:02 +0100
From:   Igor Druzhinin <igor.druzhinin@...rix.com>
To:     Jan Beulich <jbeulich@...e.com>,
        Andrew Cooper <andrew.cooper3@...rix.com>
CC:     <xen-devel@...ts.xenproject.org>, <linux-kernel@...r.kernel.org>,
        <boris.ostrovsky@...cle.com>, Juergen Gross <jgross@...e.com>
Subject: Re: [PATCH] xen/pci: try to reserve MCFG areas earlier

On 04/09/2019 10:08, Jan Beulich wrote:
> On 04.09.2019 02:20, Igor Druzhinin wrote:
>> If MCFG area is not reserved in E820, Xen by default will defer its usage
>> until Dom0 registers it explicitly after ACPI parser recognizes it as
>> a reserved resource in DSDT. Having it reserved in E820 is not
>> mandatory according to "PCI Firmware Specification, rev 3.2" (par. 4.1.2)
>> and firmware is free to keep a hole E820 in that place. Xen doesn't know
>> what exactly is inside this hole since it lacks full ACPI view of the
>> platform therefore it's potentially harmful to access MCFG region
>> without additional checks as some machines are known to provide
>> inconsistent information on the size of the region.
> 
> Irrespective of this being a good change, I've had another thought
> while reading this paragraph, for a hypervisor side control: Linux
> has a "memopt=" command line option allowing fine grained control
> over the E820 map. We could have something similar to allow
> inserting an E820_RESERVED region into a hole (it would be the
> responsibility of the admin to guarantee no other conflicts, i.e.
> it should generally be used only if e.g. the MCFG is indeed known
> to live at the specified place, and being properly represented in
> the ACPI tables). Thoughts?

What other use cases can you think of in case we'd have this option?
>From the top of my head, it might be providing a memmap for a second Xen
after doing kexec from Xen to Xen.

What benefits do you think it might have over just accepting a hole
using "mcfg=relaxed" option from admin perspective?

Igor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ