From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54BA2C433ED for ; Fri, 7 May 2021 11:05:52 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EFD2F61458 for ; Fri, 7 May 2021 11:05:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EFD2F61458 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123953.233902 (Exim 4.92) (envelope-from ) id 1leyIU-000230-Si; Fri, 07 May 2021 11:05:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123953.233902; Fri, 07 May 2021 11:05:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leyIU-00022t-Pb; Fri, 07 May 2021 11:05:30 +0000 Received: by outflank-mailman (input) for mailman id 123953; Fri, 07 May 2021 11:05:29 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leyIT-00022U-0m for xen-devel@lists.xenproject.org; Fri, 07 May 2021 11:05:29 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id e9e669a8-3455-434f-8d5e-3bfbaa0c222d; Fri, 07 May 2021 11:05:28 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 3AEECB12E; Fri, 7 May 2021 11:05:27 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e9e669a8-3455-434f-8d5e-3bfbaa0c222d X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1620385527; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vAWwMOVydF5C6C3DO/eQffg1CVqJ31VXlO2j7bmLIZU=; b=aGV+bFRiL8P7XGPNKS1XIlBkONvbsQqDl3Gg23QJd1KLUX7FqAiEnamYUTvXDIDPNP6Ulv Xw/Z0m/SUhh9d5itnef5AhdU7ztw8Wx9ISp+rb609rVjrqKAsyP0FCkfFHFtuXFihu5ssT V0wTQxE8XYMuWN+xmrsSnuWLWtyMr+A= Subject: Re: [PATCH v2] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported To: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= Cc: xen-devel@lists.xenproject.org, Jann Horn , George Dunlap References: <20210506124752.65844-1-george.dunlap@citrix.com> From: Jan Beulich Message-ID: <0a61c24d-4bd3-c6af-7297-7a3b7bcd90b8@suse.com> Date: Fri, 7 May 2021 13:05:28 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 07.05.2021 12:26, Roger Pau Monné wrote: > On Thu, May 06, 2021 at 01:47:52PM +0100, George Dunlap wrote: >> --- a/xen/arch/x86/Kconfig >> +++ b/xen/arch/x86/Kconfig >> @@ -55,7 +55,7 @@ config PV >> config PV32 >> bool "Support for 32bit PV guests" >> depends on PV >> - default y >> + default PV_SHIM >> select COMPAT >> ---help--- >> The 32bit PV ABI uses Ring1, an area of the x86 architecture which >> @@ -67,7 +67,10 @@ config PV32 >> reduction, or performance reasons. Backwards compatibility can be >> provided via the PV Shim mechanism. >> >> - If unsure, say Y. >> + Note that outside of PV Shim, 32-bit PV guests are not security >> + supported anymore. >> + >> + If unsure, use the default setting. > > While not opposed to this, I wonder whether we should give people some > time to adapt. We have in the past not blocked vulnerable > configurations by default (ie: the smt stuff for example). > > It might be less disruptive for users to start by printing a warning > message at boot (either on the serial for dom0 or in the toolstack for > domU) and switch the default Kconfig slightly later? But by changing the default we don't disrupt anyone or anything. Or are you suggesting people really caring about Xen build it with the default config without even looking? > Note I don't have any specific interest in 32bit PV, so I'm not going > to argue strongly against this if everyone else is fine with it. > > I also wonder whether xl shouldn't try to boot PV 32bit guests by > default using the shim now if the hypervisor has been built without > CONFIG_PV32, or at least print a message so users know how to deal > with the fallout. I, too, have been considering to suggest this. Iirc Andrew did already point out that the error messages resulting from xl aren't really helpful to understand what the problem is (iirc he said they claim an out-of-memory situation). Jan