From: Julien Grall <julien@xen.org>
To: Hongyan Xia <hx242@xen.org>, xen-devel@lists.xenproject.org
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
"Wei Liu" <wl@xen.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Ian Jackson" <ian.jackson@eu.citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH 11/16] x86: add a boot option to enable and disable the direct map
Date: Fri, 1 May 2020 09:43:37 +0100 [thread overview]
Message-ID: <91d65dd4-ef38-9d42-c4ac-275831acdb61@xen.org> (raw)
In-Reply-To: <7360b59e8fd39796fee56430a437b20c948d08c2.1588278317.git.hongyxia@amazon.com>
Hi Hongyan,
On 30/04/2020 21:44, Hongyan Xia wrote:
> From: Hongyan Xia <hongyxia@amazon.com>
>
> Also add a helper function to retrieve it. Change arch_mfn_in_direct_map
> to check this option before returning.
>
> This is added as a boot command line option, not a Kconfig. We do not
> produce different builds for EC2 so this is not introduced as a
> compile-time configuration.
>
> Signed-off-by: Hongyan Xia <hongyxia@amazon.com>
> ---
> docs/misc/xen-command-line.pandoc | 12 ++++++++++++
> xen/arch/x86/mm.c | 3 +++
> xen/arch/x86/setup.c | 2 ++
> xen/include/asm-arm/mm.h | 5 +++++
> xen/include/asm-x86/mm.h | 17 ++++++++++++++++-
> 5 files changed, 38 insertions(+), 1 deletion(-)
>
> diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
> index ee12b0f53f..7027e3a15c 100644
> --- a/docs/misc/xen-command-line.pandoc
> +++ b/docs/misc/xen-command-line.pandoc
> @@ -652,6 +652,18 @@ Specify the size of the console debug trace buffer. By specifying `cpu:`
> additionally a trace buffer of the specified size is allocated per cpu.
> The debug trace feature is only enabled in debugging builds of Xen.
>
> +### directmap (x86)
> +> `= <boolean>`
> +
> +> Default: `true`
> +
> +Enable or disable the direct map region in Xen.
> +
> +By default, Xen creates the direct map region which maps physical memory
> +in that region. Setting this to no will remove the direct map, blocking
> +exploits that leak secrets via speculative memory access in the direct
> +map.
> +
> ### dma_bits
> > `= <integer>`
>
> diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
> index b3530d2763..64da997764 100644
> --- a/xen/arch/x86/mm.c
> +++ b/xen/arch/x86/mm.c
> @@ -162,6 +162,9 @@ l1_pgentry_t __section(".bss.page_aligned") __aligned(PAGE_SIZE)
> l1_pgentry_t __section(".bss.page_aligned") __aligned(PAGE_SIZE)
> l1_fixmap_x[L1_PAGETABLE_ENTRIES];
>
> +bool __read_mostly opt_directmap = true;
> +boolean_param("directmap", opt_directmap);
> +
> paddr_t __read_mostly mem_hotplug;
>
> /* Frame table size in pages. */
> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
> index faca8c9758..60fc4038be 100644
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -1282,6 +1282,8 @@ void __init noreturn __start_xen(unsigned long mbi_p)
> if ( highmem_start )
> xenheap_max_mfn(PFN_DOWN(highmem_start - 1));
>
> + printk("Booting with directmap %s\n", arch_has_directmap() ? "on" : "off");
> +
> /*
> * Walk every RAM region and map it in its entirety (on x86/64, at least)
> * and notify it to the boot allocator.
> diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h
> index 7df91280bc..e6fd934113 100644
> --- a/xen/include/asm-arm/mm.h
> +++ b/xen/include/asm-arm/mm.h
> @@ -366,6 +366,11 @@ int arch_acquire_resource(struct domain *d, unsigned int type, unsigned int id,
> return -EOPNOTSUPP;
> }
>
> +static inline bool arch_has_directmap(void)
> +{
> + return true;
arm32 doesn't have a directmap, so this needs to be false for arm32 and
true for arm64.
I would also like the implementation of the helper close to
arch_mfn_in_directmap() in asm-arm/arm*/mm.h.
Cheers,
--
Julien Grall
next prev parent reply other threads:[~2020-05-01 8:43 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 20:44 [PATCH 00/16] Remove the direct map Hongyan Xia
2020-04-30 20:44 ` [PATCH 01/16] x86/setup: move vm_init() before acpi calls Hongyan Xia
2020-04-30 20:44 ` [PATCH 02/16] acpi: vmap pages in acpi_os_alloc_memory Hongyan Xia
2020-05-01 12:02 ` Wei Liu
2020-05-01 12:46 ` Hongyan Xia
2020-05-01 21:35 ` Julien Grall
2020-05-04 8:27 ` Hongyan Xia
2020-04-30 20:44 ` [PATCH 03/16] x86/numa: vmap the pages for memnodemap Hongyan Xia
2020-04-30 20:44 ` [PATCH 04/16] x86/srat: vmap the pages for acpi_slit Hongyan Xia
2020-11-30 10:16 ` Jan Beulich
2020-11-30 18:11 ` Hongyan Xia
2020-12-01 7:37 ` Jan Beulich
2020-04-30 20:44 ` [PATCH 05/16] x86: map/unmap pages in restore_all_guests Hongyan Xia
2020-04-30 20:44 ` [PATCH 06/16] x86/pv: domheap pages should be mapped while relocating initrd Hongyan Xia
2020-04-30 20:44 ` [PATCH 07/16] x86/pv: rewrite how building PV dom0 handles domheap mappings Hongyan Xia
2020-04-30 20:44 ` [PATCH 08/16] x86: add Persistent Map (PMAP) infrastructure Hongyan Xia
2020-04-30 20:44 ` [PATCH 09/16] x86: lift mapcache variable to the arch level Hongyan Xia
2020-04-30 20:44 ` [PATCH 10/16] x86/mapcache: initialise the mapcache for the idle domain Hongyan Xia
2020-04-30 20:44 ` [PATCH 11/16] x86: add a boot option to enable and disable the direct map Hongyan Xia
2020-05-01 8:43 ` Julien Grall [this message]
2020-05-01 12:11 ` Wei Liu
2020-05-01 12:59 ` Hongyan Xia
2020-05-01 13:11 ` Wei Liu
2020-05-01 15:59 ` Julien Grall
2020-04-30 20:44 ` [PATCH 12/16] x86/domain_page: remove the fast paths when mfn is not in the directmap Hongyan Xia
2020-04-30 20:44 ` [PATCH 13/16] xen/page_alloc: add a path for xenheap when there is no direct map Hongyan Xia
2020-05-01 8:50 ` Julien Grall
2021-04-22 12:31 ` Jan Beulich
2021-04-28 11:04 ` Hongyan Xia
2021-04-28 11:51 ` Jan Beulich
2021-04-28 13:22 ` Hongyan Xia
2021-04-28 13:55 ` Jan Beulich
2020-04-30 20:44 ` [PATCH 14/16] x86/setup: leave early boot slightly earlier Hongyan Xia
2020-04-30 20:44 ` [PATCH 15/16] x86/setup: vmap heap nodes when they are outside the direct map Hongyan Xia
2020-04-30 20:44 ` [PATCH 16/16] x86/setup: do not create valid mappings when directmap=no Hongyan Xia
2020-05-01 12:07 ` [PATCH 00/16] Remove the direct map Wei Liu
2020-05-01 13:53 ` Hongyan Xia
2020-06-02 9:08 ` Wei Liu
2021-04-28 10:14 ` Hongyan Xia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91d65dd4-ef38-9d42-c4ac-275831acdb61@xen.org \
--to=julien@xen.org \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=hx242@xen.org \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.