All of lore.kernel.org
 help / color / mirror / Atom feed
From: Demi Marie Obenour <demi@invisiblethingslab.com>
To: xen-devel@lists.xenproject.org
Cc: "Demi Marie Obenour" <demi@invisiblethingslab.com>,
	"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
	"Jan Beulich" <jbeulich@suse.com>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>, "Wei Liu" <wl@xen.org>,
	"Jun Nakajima" <jun.nakajima@intel.com>,
	"Kevin Tian" <kevin.tian@intel.com>,
	"George Dunlap" <george.dunlap@citrix.com>,
	"Tim Deegan" <tim@xen.org>
Subject: [PATCH v3 11/12] x86/mm: Reject invalid cacheability in PV guests by default
Date: Wed, 14 Dec 2022 18:12:01 -0500	[thread overview]
Message-ID: <bc146082e90b538be06eb89280617c7e9b966f0f.1671057808.git.demi@invisiblethingslab.com> (raw)
In-Reply-To: <cover.1671057808.git.demi@invisiblethingslab.com>

Setting cacheability flags that are not ones specified by Xen is a bug
in the guest.  By default, inject #GP into any guest that does this.
allow_invalid_cacheability can be used on the Xen command line to
disable this check.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
---
 xen/arch/x86/mm.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 7fb1a0f91910952640378f316a68096a08895b37..a199bb05031e0fb1ea4c25ef1d641afe71690d74 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -145,6 +145,8 @@
 
 #ifdef CONFIG_PV
 #include "pv/mm.h"
+bool allow_invalid_cacheability;
+boolean_param("allow_invalid_cacheability", allow_invalid_cacheability);
 #endif
 
 /* Override macros from asm/page.h to make them work with mfn_t */
@@ -1346,7 +1348,28 @@ static int promote_l1_table(struct page_info *page)
         }
         else
         {
-            switch ( ret = get_page_from_l1e(pl1e[i], d, d) )
+            l1_pgentry_t l1e = pl1e[i];
+
+            BUILD_BUG_ON(PAGE_CACHE_ATTRS > 0xffff);
+            if ( !allow_invalid_cacheability )
+            {
+                switch ( l1e.l1 & PAGE_CACHE_ATTRS )
+                {
+                case _PAGE_WB:
+                case _PAGE_UC:
+                case _PAGE_UCM:
+                case _PAGE_WC:
+                case _PAGE_WT:
+                case _PAGE_WP:
+                    break;
+                default:
+                    pv_inject_hw_exception(TRAP_gp_fault, 0);
+                    ret = -EINVAL;
+                    goto fail;
+                }
+            }
+
+            switch ( ret = get_page_from_l1e(l1e, d, d) )
             {
             default:
                 goto fail;
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab



  parent reply	other threads:[~2022-12-14 23:15 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-14 23:11 [PATCH v3 00/12] Make PAT handling less brittle Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 01/12] x86/mm: Avoid hard-coding PAT in get_page_from_l1e() Demi Marie Obenour
2022-12-15  8:46   ` Jan Beulich
2022-12-15 16:00     ` Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 02/12] p2m-pt: Avoid hard-coding Xen's PAT Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 03/12] efi: Avoid hard-coding the various PAT constants Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 04/12] x86: Add memory type constants Demi Marie Obenour
2022-12-15  8:49   ` Jan Beulich
2022-12-15 17:17     ` Andrew Cooper
2022-12-15 18:07       ` Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 05/12] x86: Replace PAT_* with X86_MT_* Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 06/12] x86: Replace MTRR_* constants with X86_MT_* constants Demi Marie Obenour
2022-12-15 16:19   ` Jan Beulich
2022-12-14 23:11 ` [PATCH v3 07/12] x86: Replace EPT_EMT_* constants with X86_MT_* Demi Marie Obenour
2022-12-14 23:11 ` [PATCH v3 08/12] x86: Remove MEMORY_NUM_TYPES and NO_HARDCODE_MEM_TYPE Demi Marie Obenour
2022-12-15 16:24   ` Jan Beulich
2022-12-14 23:11 ` [PATCH v3 09/12] x86: Derive XEN_MSR_PAT from its individual entries Demi Marie Obenour
2022-12-15 17:04   ` Jan Beulich
2022-12-14 23:12 ` [PATCH v3 10/12] x86/mm: make code robust to future PAT changes Demi Marie Obenour
2022-12-14 23:12 ` Demi Marie Obenour [this message]
2022-12-14 23:12 ` [PATCH v3 12/12] x86: Use Linux's PAT Demi Marie Obenour

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bc146082e90b538be06eb89280617c7e9b966f0f.1671057808.git.demi@invisiblethingslab.com \
    --to=demi@invisiblethingslab.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=kevin.tian@intel.com \
    --cc=marmarek@invisiblethingslab.com \
    --cc=roger.pau@citrix.com \
    --cc=tim@xen.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.