| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <de44d94c-f018-ad77-8083-f5acc8ef7507@suse.com>
Date: Thu, 22 Apr 2021 17:49:19 +0200
From: Juergen Gross <jgross@...e.com>
To: Jan Beulich <jbeulich@...e.com>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org, x86@...nel.org,
xen-devel@...ts.xenproject.org
Subject: Re: [PATCH 0/3] xen: remove some checks for always present Xen
features
On 22.04.21 17:42, Jan Beulich wrote:
> On 22.04.2021 17:28, Juergen Gross wrote:
>> On 22.04.21 17:23, Jan Beulich wrote:
>>> On 22.04.2021 17:17, Juergen Gross wrote:
>>>> On 22.04.21 17:16, Jan Beulich wrote:
>>>>> On 22.04.2021 17:10, Juergen Gross wrote:
>>>>>> Some features of Xen can be assumed to be always present, so add a
>>>>>> central check to verify this being true and remove the other checks.
>>>>>>
>>>>>> Juergen Gross (3):
>>>>>> xen: check required Xen features
>>>>>> xen: assume XENFEAT_mmu_pt_update_preserve_ad being set for pv guests
>>>>>> xen: assume XENFEAT_gnttab_map_avail_bits being set for pv guests
>>>>>
>>>>> I wonder whether it's a good idea to infer feature presence from
>>>>> version numbers. If (at some point in the past) you had inferred
>>>>> gnttab v2 being available by version, this would have been broken
>>>>> by its availability becoming controllable by a command line option
>>>>> in Xen.
>>>>
>>>> I'm testing the feature to be really present when booting and issue a
>>>> message if it is not there.
>>>
>>> And how does this help if the feature really isn't there yet other code
>>> assumes it is?
>>
>> Did you look at the features I'm testing?
>
> I did, yes.
>
>> Those are really just low
>> level additions I can't imagine will ever be removed again.
>
> I don't expect them to be removed. But I don't think the people having
> contributed gnttab v2 expected any such for it, either.
There is a major difference here.
gnttab v2 was replacing an existing functionality by a more scalable,
but more complex solution.
The features I'm assuming to be present are basically repairing issues
which have been present due to omissions in the initial implementation.
Especially the XENFEAT_gnttab_map_avail_bits causes a racy workaround in
the kernel when not present. The race is only avoided in case the user
code is well-behaved. It is dom0 user code, yes, but nevertheless such
issues are never nice.
Juergen
Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3092 bytes)
Download attachment "OpenPGP_signature" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists