From: Tamas K Lengyel <tamas@tklengyel.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Alexandru Isaila" <aisaila@bitdefender.com>,
"Petre Pircalabu" <ppircalabu@bitdefender.com>
Subject: Re: [PATCH RFC v2 3/3] x86/altp2m: p2m_altp2m_propagate_change() should honor present page order
Date: Thu, 6 Jan 2022 09:48:07 -0500 [thread overview]
Message-ID: <CABfawhmf4WSxRHaE-hJdt+g-WCHJjD0y8t2JcVDHHdcpMhtsmw@mail.gmail.com> (raw)
In-Reply-To: <35ed148d-c525-5fdb-ad83-d0a1c9432b11@suse.com>
> Hmm, I continue to be puzzled. Let's take the XSA-304 workaround as an
> example. Suppose an introspection agent has removed X from a 4k page
> in an altp2m of a guest. Suppose one of the vCPU-s of this guest runs
> on the host p2m. If this vCPU hits the (presumably) 2M or 1G mapping
> covering said 4k page for an insn fetch, the page will be shattered
> and the removed X in one (or more) of the altp2m-s will, afaict, be
> lost. This looks like a bug to me.
Yeap, that can happen if you are using large pages and allow execution
on the hosp2m. We explicitly disable large pages when we use altp2m's
though so it's not an issue for us. Someone implementing an
introspection solution where they keep large pages would have to
pre-shatter all the large pages in the hostp2m and only then apply the
altp2m changes. Or have a separate altp2m view that's used only for
execution and the hostp2m is never used. So the way things are can
certainly be worked with and it's not a show-stopper, it's just
convoluted and you can certainly have bugs if you do it wrong that
would be hard to figure out.
As I said, I don't see much upside in why the current propagation
mechanism is in place and we don't use it, so if someone wants to
switch it because of preference or because it's less error-prone, I
wouldn't object.
Tamas
next prev parent reply other threads:[~2022-01-06 14:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-04 9:47 [PATCH v2 0/3] x86/mm: address observations made while working on XSA-388 Jan Beulich
2022-01-04 9:48 ` [PATCH v2 1/3] x86/PoD: simplify / improve p2m_pod_cache_add() Jan Beulich
2022-01-27 15:04 ` Ping: " Jan Beulich
2022-02-24 13:02 ` Ping²: " Jan Beulich
2024-02-01 13:48 ` George Dunlap
2022-01-04 9:48 ` [PATCH v2 2/3] x86/altp2m: p2m_altp2m_get_or_propagate() should honor present page order Jan Beulich
2022-01-04 15:00 ` Tamas K Lengyel
2022-01-04 16:14 ` Jan Beulich
2022-01-04 17:30 ` Tamas K Lengyel
2022-01-04 9:49 ` [PATCH RFC v2 3/3] x86/altp2m: p2m_altp2m_propagate_change() " Jan Beulich
2022-01-04 17:48 ` Tamas K Lengyel
2022-01-05 8:59 ` Jan Beulich
2022-01-05 16:25 ` Tamas K Lengyel
2022-01-06 13:50 ` Jan Beulich
2022-01-06 14:48 ` Tamas K Lengyel [this message]
2022-01-06 14:54 ` Tamas K Lengyel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABfawhmf4WSxRHaE-hJdt+g-WCHJjD0y8t2JcVDHHdcpMhtsmw@mail.gmail.com \
--to=tamas@tklengyel.com \
--cc=JBeulich@suse.com \
--cc=aisaila@bitdefender.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ppircalabu@bitdefender.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.