lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ecy5wqjm.ffs@tglx>
Date: Sun, 06 Apr 2025 12:08:29 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: Petr Vaněk <arkamar@...as.cz>,
 linux-kernel@...r.kernel.org
Cc: x86@...nel.org, xen-devel@...ts.xenproject.org, Petr Vaněk
 <arkamar@...as.cz>, stable@...r.kernel.org, Juergen Gross
 <jgross@...e.com>, Andrew Cooper <andrew.cooper3@...rix.com>
Subject: Re: [PATCH 1/1] x86/cpu/topology: Don't limit CPUs to 1 for Xen PV
 guests due to disabled APIC

On Sat, Apr 05 2025 at 20:16, Petr Vaněk wrote:

> Xen PV guests in DomU have APIC disabled by design, which causes
> topology_apply_cmdline_limits_early() to limit the number of possible
> CPUs to 1, regardless of the configured number of vCPUs.

PV guests have a APIC emulation and there is no code which actually
disables the APIC by design unconditionally. There is one way though,
which disables the APIC indirectly.

xen_arch_setup() disables ACPI, which in turn causes acpi_mps_check() to
return 1, which disables the APIC. This only happens when the kernel
configuration has:

     CONFIG_X86_MPPARSE=n
     CONFIG_ACPI=y

If you enable MPPARSE the problem goes away, no?

> +	/* 'maxcpus=0' 'nosmp' 'nolapic'
> +	 *
> +	 * The apic_is_disabled check is ignored for Xen PV domains because Xen
> +	 * disables ACPI in unprivileged PV DomU guests, which would otherwise limit
> +	 * CPUs to 1, even if multiple vCPUs were configured.

This is the wrong place as it invalidates the effect of 'nolapic' on the
kernel command line for XEN PV.

You actually explain in the comment that XEN disables ACPI, so why are
you slapping this xen check into this code instead of doing the obvious
and prevent acpi_mps_check() to cause havoc?

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ