From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C864EC433DF for ; Fri, 29 May 2020 09:50:26 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 92B3320776 for ; Fri, 29 May 2020 09:50:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=xen.org header.i=@xen.org header.b="CdoVjT0Z" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 92B3320776 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jebeH-0003aA-O0; Fri, 29 May 2020 09:49:57 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jebeF-0003a5-VC for xen-devel@lists.xenproject.org; Fri, 29 May 2020 09:49:56 +0000 X-Inumbo-ID: c0163aa2-a191-11ea-9dbe-bc764e2007e4 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id c0163aa2-a191-11ea-9dbe-bc764e2007e4; Fri, 29 May 2020 09:49:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:Mime-Version:Content-Type: References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gOmCYfViT/gnMVzEfQOK08rkdIYmB9uvCDe9hw0Yw5Y=; b=CdoVjT0Z8XSHGVcO/KWT3rhrip AtQSdn2RcYzae1lcl8ig2HRWcrOfzx1hLHmKGhxAlbi4NCANThJppbAbCjDYtjP4mP3JVZQ872d0I /9xkvKKRz1Lp32/bL5so75g+W3RVw8t/sLrBrMRmb2XRbQDahG3oQn/VUAqHHG4HpJVo=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jebeC-00005E-NV; Fri, 29 May 2020 09:49:52 +0000 Received: from 54-240-197-228.amazon.com ([54.240.197.228] helo=u1bbd043a57dd5a.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jebeC-0001Jo-C7; Fri, 29 May 2020 09:49:52 +0000 Message-ID: Subject: Re: [RFC PATCH 1/1] xen: Use a global mapping for runstate From: Hongyan Xia To: Bertrand Marquis , Julien Grall Date: Fri, 29 May 2020 10:49:49 +0100 In-Reply-To: <3B88C76B-6972-4A66-AFDC-0B5C27FBA740@arm.com> References: <03e7cd740922bfbaa479f22d81d9de06f718a305.1590675919.git.bertrand.marquis@arm.com> <3B88C76B-6972-4A66-AFDC-0B5C27FBA740@arm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Wei Liu , "paul@xen.org" , Andrew Cooper , Ian Jackson , George Dunlap , Jan Beulich , xen-devel , nd , Volodymyr Babchuk , Roger Pau =?ISO-8859-1?Q?Monn=E9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" On Fri, 2020-05-29 at 08:13 +0000, Bertrand Marquis wrote: > Hi Julien, > > > On 28 May 2020, at 19:54, Julien Grall wrote: > > > > Hi Bertrand, > > > > Thank you for the patch. > > > > On 28/05/2020 16:25, Bertrand Marquis wrote: > > > At the moment on Arm, a Linux guest running with KTPI enabled > > > will > > > cause the following error when a context switch happens in user > > > mode: > > > (XEN) p2m.c:1890: d1v0: Failed to walk page-table va > > > 0xffffff837ebe0cd0 > > > This patch is modifying runstate handling to map the area given > > > by the > > > guest inside Xen during the hypercall. > > > This is removing the guest virtual to physical conversion during > > > context > > > switches which removes the bug > > > > It would be good to spell out that a virtual address is not stable. > > So relying on it is wrong. > > > > > and improve performance by preventing to > > > walk page tables during context switches. > > > > With Secret free hypervisor in mind, I would like to suggest to > > map/unmap the runstate during context switch. > > > > The cost should be minimal when there is a direct map (i.e on Arm64 > > and x86) and still provide better performance on Arm32. > > Even with a minimal cost this is still adding some non real-time > behaviour to the context switch. > But definitely from the security point of view as we have to map a > page from the guest, we could have accessible in Xen some data that > should not be there. > There is a trade here where: > - xen can protect by map/unmapping > - a guest which wants to secure his data should either not use it or > make sure there is nothing else in the page > > That sounds like a thread local storage kind of problematic where we > want data from xen to be accessible fast from the guest and easy to > be modified from xen. Can't we just map it into the per-domain region, so that the mapping and unmapping of runstate is baked into the per-domain region switch itself during context switch? Anyway, I am glad to help with secret-free bits if required, although my knowledge on the Xen Arm side is limited. Hongyan