All of lore.kernel.org
 help / color / mirror / Atom feed
From: Wei Liu <wei.liu2@citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Sergey Dyasli" <sergey.dyasli@citrix.com>,
	"Wei Liu" <wei.liu2@citrix.com>,
	"Ian Jackson" <Ian.Jackson@eu.citrix.com>,
	Xen-devel <xen-devel@lists.xen.org>,
	"Jan Beulich" <JBeulich@suse.com>,
	"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH 13/13] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
Date: Wed, 4 Jul 2018 11:18:18 +0100	[thread overview]
Message-ID: <20180704101818.vgpfinsmjjgrsg2v@citrix.com> (raw)
In-Reply-To: <1530651326-5320-14-git-send-email-andrew.cooper3@citrix.com>

On Tue, Jul 03, 2018 at 09:55:26PM +0100, Andrew Cooper wrote:
> From: Sergey Dyasli <sergey.dyasli@citrix.com>
> 
> This hypercall allows the toolstack to present one combined CPUID and MSR
> policy for a domain, which can be audited in one go by Xen, which is necessary
> for correctness of the auditing.
> 
> A stub x86_policies_are_compatible() function is introduced, although at
> present it will always fail the hypercall.
> 
> The hypercall ABI allows for update of individual CPUID or MSR entries, so
> begins by duplicating the existing policy (for which a helper is introduced),
> merging the toolstack data, then checking compatibility of the result.
> 
> The system PV/HVM max policy is used for the compatiblity check.
> 
> Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: Wei Liu <wei.liu2@citrix.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Sergey Dyasli <sergey.dyasli@citrix.com>
> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> 
> One awkard corner case is re-deserialising of the vcpu msrs.  The correct fix
> would be to allocate a buffer, copy the MSRs list, then deserialise from that,
> but trips the bounds checks in the copy_from_guest() helpers.  The compat XLAT
> are would work, but would require that we allocate it even for 64bit PV
> guests.

I'm not sure I follow this. The issue isn't obvious from looking at the
code.

> ---
> +    /* Merge the (now audited) vCPU MSRs into every other msr_vcpu_policy. */
> +    for ( ; v; v = v->next_in_list )
> +    {
> +        /* XXX - Figure out how to avoid a TOCTOU race here.  XLAT area? */

What is the TOCTOU race here? 

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  parent reply	other threads:[~2018-07-04 10:18 UTC|newest]

Thread overview: 67+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-03 20:55 [PATCH 00/13] x86: CPUID and MSR policy marshalling support Andrew Cooper
2018-07-03 20:55 ` [PATCH 01/13] libx86: Introduce libx86/cpuid.h Andrew Cooper
2018-07-04  6:54   ` Wei Liu
2018-07-04  8:21   ` Jan Beulich
2018-07-04 12:03     ` Andrew Cooper
2018-07-04 13:57       ` Jan Beulich
2018-07-06  1:35         ` Doug Goldstein
2018-07-06  8:07           ` Jan Beulich
2018-07-03 20:55 ` [PATCH 02/13] libx86: generate cpuid-autogen.h in the libx86 include dir Andrew Cooper
2018-07-04  7:03   ` Wei Liu
2018-07-04  8:33   ` Jan Beulich
2018-07-03 20:55 ` [PATCH 03/13] libx86: Share struct cpuid_policy with userspace Andrew Cooper
2018-07-04  7:08   ` Wei Liu
2018-07-04  8:36   ` Jan Beulich
2018-07-03 20:55 ` [PATCH 04/13] libx86: introduce a libx86 shared library Andrew Cooper
2018-07-04  7:20   ` Wei Liu
2018-07-04  8:42   ` Jan Beulich
2018-07-04 15:48     ` Andrew Cooper
2018-07-03 20:55 ` [PATCH 05/13] libx86: Introduce libx86/msr.h and share msr_{domain, vcpu}_policy with userspace Andrew Cooper
2018-07-04  7:21   ` Wei Liu
2018-07-04  8:43   ` Jan Beulich
2018-07-03 20:55 ` [PATCH 06/13] libx86: Introduce a helper to serialise a cpuid_policy object Andrew Cooper
2018-07-04  8:42   ` Wei Liu
2018-07-04  8:51     ` Jan Beulich
2018-07-04 16:23       ` Andrew Cooper
2018-07-05  8:09         ` Wei Liu
2018-07-05  8:40         ` Jan Beulich
2018-07-05 13:39           ` Andrew Cooper
2018-07-05 14:05             ` Jan Beulich
2018-07-04  9:01   ` Jan Beulich
2018-07-04 16:46     ` Andrew Cooper
2018-07-05  8:11       ` Wei Liu
2018-07-05 10:21         ` Andrew Cooper
2018-07-05  8:46       ` Jan Beulich
2018-07-05 13:34         ` Andrew Cooper
2018-07-03 20:55 ` [PATCH 07/13] libx86: Introduce a helper to serialise msr_{domain, vcpu}_policy objects Andrew Cooper
2018-07-04  9:16   ` Jan Beulich
2018-07-04 16:56     ` Andrew Cooper
2018-07-05  8:49       ` Jan Beulich
2018-07-03 20:55 ` [PATCH 08/13] x86: Collect policies together into groups Andrew Cooper
2018-07-04  9:22   ` Jan Beulich
2018-07-04 17:15     ` Andrew Cooper
2018-07-05  8:54       ` Jan Beulich
2018-07-03 20:55 ` [PATCH 09/13] x86/sysctl: Implement XEN_SYSCTL_get_cpumsr_policy Andrew Cooper
2018-07-04  9:43   ` Jan Beulich
2018-07-04 17:57     ` Andrew Cooper
2018-07-05  9:08       ` Jan Beulich
2018-07-05 14:08         ` Andrew Cooper
2018-07-05 14:45           ` Jan Beulich
2018-07-03 20:55 ` [PATCH 10/13] x86/domctl: Implement XEN_DOMCTL_get_cpumsr_policy Andrew Cooper
2018-07-04  9:48   ` Jan Beulich
2018-07-05 14:23   ` Sergey Dyasli
2018-07-03 20:55 ` [PATCH 11/13] libx86: Introduce a helper to deserialise a cpuid_policy object Andrew Cooper
2018-07-04  9:49   ` Jan Beulich
2018-07-03 20:55 ` [PATCH 12/13] libx86: introduce a helper to deserialize MSR policies Andrew Cooper
2018-07-03 20:55 ` [PATCH 13/13] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2018-07-04 10:16   ` Jan Beulich
2018-07-04 18:47     ` Andrew Cooper
2018-07-05  9:28       ` Jan Beulich
2018-07-05 17:55         ` Andrew Cooper
2018-07-06  7:51           ` Jan Beulich
2018-07-06 10:02             ` Andrew Cooper
2018-07-04 10:18   ` Wei Liu [this message]
2018-07-04 10:33     ` Andrew Cooper
2018-07-04  8:17 ` [PATCH 00/13] x86: CPUID and MSR policy marshalling support Jan Beulich
2018-07-04 10:40   ` Andrew Cooper
2018-07-04 10:44     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180704101818.vgpfinsmjjgrsg2v@citrix.com \
    --to=wei.liu2@citrix.com \
    --cc=Ian.Jackson@eu.citrix.com \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=roger.pau@citrix.com \
    --cc=sergey.dyasli@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.