All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Jan Beulich" <jbeulich@suse.com>,
	"George Dunlap" <george.dunlap@citrix.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Cc: <xen-devel@lists.xenproject.org>,
	Ian Jackson <iwj@xenproject.org>,
	Anthony PERARD <anthony.perard@citrix.com>
Subject: Re: [PATCH v2] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported
Date: Thu, 6 May 2021 15:32:25 +0100	[thread overview]
Message-ID: <5b4c9bce-9335-b5f7-0c90-e47ae264d896@citrix.com> (raw)
In-Reply-To: <acd695c1-dc04-4606-5212-5fd993e355b1@suse.com>

On 06/05/2021 14:09, Jan Beulich wrote:
> On 06.05.2021 14:47, George Dunlap wrote:
>> --- a/xen/arch/x86/Kconfig
>> +++ b/xen/arch/x86/Kconfig
>> @@ -55,7 +55,7 @@ config PV
>>  config PV32
>>  	bool "Support for 32bit PV guests"
>>  	depends on PV
>> -	default y
>> +	default PV_SHIM
>>  	select COMPAT
>>  	---help---
>>  	  The 32bit PV ABI uses Ring1, an area of the x86 architecture which
>> @@ -67,7 +67,10 @@ config PV32
>>  	  reduction, or performance reasons.  Backwards compatibility can be
>>  	  provided via the PV Shim mechanism.
>>  
>> -	  If unsure, say Y.
>> +	  Note that outside of PV Shim, 32-bit PV guests are not security
>> +	  supported anymore.
>> +
>> +	  If unsure, use the default setting.
> Alongside this I wonder whether we should also default opt_pv32 to false
> then, unless running in shim mode.

No - that's just rude to users.

Anyone whose enabled CONFIG_PV32 may potentially want to run such guests.

Its easy to avoid issues here by not running 32bit bit guests, or not
running untrusted guests, but forcing everyone to reboot a second time
to specify pv=32 to unbreak their environment is downright unhelpful.


Perhaps tangentially, xl/libxl needs some remedial work as a followup,
because:

Executing 'xl create -p tests/example/test-pv32pae-example.cfg'
Parsing config from tests/example/test-pv32pae-example.cfg
xc: error: panic: xg_dom_boot.c:121: xc_dom_boot_mem_init: can't
allocate low memory for domain: Out of memory
libxl: error: libxl_dom.c:586:libxl__build_dom: xc_dom_boot_mem_init
failed: Operation not supported
libxl: error: libxl_create.c:1572:domcreate_rebuild_done: Domain
3:cannot (re-)build domain: -3
libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain
3:Non-existant domain
libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain
3:Unable to destroy guest
libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain
3:Destruction of domain failed

is what the user gets back when Xen has correctly reported that it isn't
pv32-capable, and rejects the switch_compat() hypercall.

~Andrew



  reply	other threads:[~2021-05-06 14:32 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-06 12:47 [PATCH v2] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported George Dunlap
2021-05-06 13:09 ` Jan Beulich
2021-05-06 14:32   ` Andrew Cooper [this message]
2021-05-07 10:26 ` Roger Pau Monné
2021-05-07 11:05   ` Jan Beulich
2021-06-04 13:14 ` George Dunlap
2021-06-07  9:18 ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5b4c9bce-9335-b5f7-0c90-e47ae264d896@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=anthony.perard@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=iwj@xenproject.org \
    --cc=jbeulich@suse.com \
    --cc=roger.pau@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.