From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <Andrew.Cooper3@citrix.com>
Cc: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
"Roger Pau Monne" <roger.pau@citrix.com>, "Wei Liu" <wl@xen.org>,
"Tim (Xen.org)" <tim@xen.org>,
"George Dunlap" <George.Dunlap@citrix.com>,
"Demi Marie Obenour" <demi@invisiblethingslab.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v6 4/5] x86/mm: Reject invalid cacheability in PV guests by default
Date: Fri, 6 Jan 2023 08:11:35 +0100 [thread overview]
Message-ID: <0869534b-4481-d3d1-2afc-09560844d9d5@suse.com> (raw)
In-Reply-To: <c6223295-c4f9-8fa8-7635-80d48094190f@citrix.com>
On 05.01.2023 21:28, Andrew Cooper wrote:
> On 22/12/2022 10:31 pm, Demi Marie Obenour wrote:
>> diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
>> index 424b12cfb27d6ade2ec63eacb8afe5df82465451..0230a7bc17cbd4362a42ea64cea695f31f5e0f86 100644
>> --- a/docs/misc/xen-command-line.pandoc
>> +++ b/docs/misc/xen-command-line.pandoc
>> @@ -1417,6 +1417,17 @@ detection of systems known to misbehave upon accesses to that port.
>> ### idle_latency_factor (x86)
>> > `= <integer>`
>>
>> +### invalid-cacheability (x86)
>> +> `= allow | deny | trap`
>> +
>> +> Default: `deny` in release builds, otherwise `trap`
>> +
>> +Specify what happens when a PV guest tries to use one of the reserved entries in
>> +the PAT. `deny` causes the attempt to be rejected with -EINVAL, `allow` allows
>> +the attempt, and `trap` causes a general protection fault to be raised.
>> +Currently, the reserved entries are marked as uncacheable in Xen's PAT, but this
>> +will change if new memory types are added, so guests must not rely on it.
>> +
>
> This wants to be scoped under "pv", and not a top-level option. Current
> parsing is at the top of xen/arch/x86/pv/domain.c
>
> How about `pv={no-}oob-pat`, and parse it into the opt_pv_oob_pat boolean ?
>
> There really is no need to distinguish between deny and trap. IMO,
> injecting #GP unilaterally is fine (to a guest expecting the hypercall
> to succeed, -EINVAL vs #GP makes no difference, but #GP is far more
> useful to a human trying to debug issues here), but I could be talked
> into putting that behind a CONFIG_DEBUG if other feel strongly.
What is or is not useful to guests is guesswork. They might be "handling"
failure with BUG(), in which case they'd still see a backtrace. So to me,
as previously said, injecting #GP in the case here can only reasonably be
a debugging aid (and hence be dependent upon DEBUG).
Jan
next prev parent reply other threads:[~2023-01-06 7:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-22 22:31 [PATCH v6 0/5] Make PAT handling less brittle Demi Marie Obenour
2022-12-22 22:31 ` [PATCH v6 1/5] x86/mm: Avoid hard-coding PAT in get_page_from_l1e() Demi Marie Obenour
2022-12-22 22:31 ` [PATCH v6 2/5] x86: Remove MEMORY_NUM_TYPES and NO_HARDCODE_MEM_TYPE Demi Marie Obenour
2022-12-22 22:31 ` [PATCH v6 3/5] x86/mm: make code robust to future PAT changes Demi Marie Obenour
2023-01-05 14:01 ` Jan Beulich
2023-01-05 19:58 ` Andrew Cooper
2022-12-22 22:31 ` [PATCH v6 4/5] x86/mm: Reject invalid cacheability in PV guests by default Demi Marie Obenour
2023-01-05 14:30 ` Jan Beulich
2023-01-05 20:28 ` Andrew Cooper
2023-01-06 2:00 ` Demi Marie Obenour
2023-01-06 2:30 ` Marek Marczykowski-Górecki
2023-01-06 5:23 ` Demi Marie Obenour
2023-01-06 7:11 ` Jan Beulich [this message]
2022-12-22 22:31 ` [PATCH v6 5/5] x86: Use Linux's PAT Demi Marie Obenour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0869534b-4481-d3d1-2afc-09560844d9d5@suse.com \
--to=jbeulich@suse.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=George.Dunlap@citrix.com \
--cc=demi@invisiblethingslab.com \
--cc=marmarek@invisiblethingslab.com \
--cc=roger.pau@citrix.com \
--cc=tim@xen.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.