* [PATCH RFC 0/2] Make hvm_fep available to non-debug builds @ 2016-06-15 14:31 Wei Liu 2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu 2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu 0 siblings, 2 replies; 13+ messages in thread From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw) To: Xen-devel; +Cc: Wei Liu Wei Liu (2): xen/kernel: document 'C' in print_tainted xen: make available hvm_fep to non-debug build as well docs/misc/xen-command-line.markdown | 8 ++++++-- xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++--- xen/common/kernel.c | 7 +++++-- xen/include/asm-x86/hvm/hvm.h | 4 ---- xen/include/xen/lib.h | 1 + 5 files changed, 40 insertions(+), 11 deletions(-) -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted 2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu @ 2016-06-15 14:31 ` Wei Liu 2016-06-15 14:53 ` Jan Beulich 2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu 1 sibling, 1 reply; 13+ messages in thread From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw) To: Xen-devel Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, Jan Beulich Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: George Dunlap <George.Dunlap@eu.citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Tim Deegan <tim@xen.org> Cc: Wei Liu <wei.liu2@citrix.com> --- xen/common/kernel.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 1a6823a..dae7e35 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -174,6 +174,7 @@ int __init parse_bool(const char *s) * 'S' - SMP with CPUs not designed for SMP. * 'M' - Machine had a machine check experience. * 'B' - System has hit bad_page. + * 'C' - Console output is synchronous. * * The string is overwritten by the next call to print_taint(). */ -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted 2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu @ 2016-06-15 14:53 ` Jan Beulich 0 siblings, 0 replies; 13+ messages in thread From: Jan Beulich @ 2016-06-15 14:53 UTC (permalink / raw) To: Wei Liu Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson, Tim Deegan, Xen-devel >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote: > Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu 2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu @ 2016-06-15 14:31 ` Wei Liu 2016-06-15 14:39 ` Doug Goldstein 2016-06-16 11:37 ` Jan Beulich 1 sibling, 2 replies; 13+ messages in thread From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw) To: Xen-devel; +Cc: Andrew Cooper, Wei Liu, Jan Beulich Originally hvm_fep was guarded by NDEBUG, which means it was only available to debug builds. However there is value to have it for non-debug builds as well. User can use that to run tests in setup that replicates production setup. Make it clear with a sync_console style warning that this option can't be used in production setup. Update command line documentation accordingly. Finally mark Xen as tainted when this option is enabled. Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Jan Beulich <jbeulich@suse.com> --- docs/misc/xen-command-line.markdown | 8 ++++++-- xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++--- xen/common/kernel.c | 6 ++++-- xen/include/asm-x86/hvm/hvm.h | 4 ---- xen/include/xen/lib.h | 1 + 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index fed732c..dc53e24 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only. Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of arbitrary instructions. -This option is intended for development purposes, and is only available in -debug builds of the hypervisor. +This option is intended for development and testing purposes. + +*Warning* +As this feature opens up the instruction emulator to HVM guest, don't +use this in production system. No security support is provided when +this flag is set. ### hvm\_port80 > `= <boolean>` diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 78db903..5bafaef 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -37,6 +37,7 @@ #include <xen/mem_access.h> #include <xen/rangeset.h> #include <xen/vm_event.h> +#include <xen/delay.h> #include <asm/shadow.h> #include <asm/hap.h> #include <asm/current.h> @@ -95,11 +96,9 @@ unsigned long __section(".bss.page_aligned") static bool_t __initdata opt_hap_enabled = 1; boolean_param("hap", opt_hap_enabled); -#ifndef opt_hvm_fep /* Permit use of the Forced Emulation Prefix in HVM guests */ -bool_t opt_hvm_fep; +bool_t __read_mostly opt_hvm_fep; boolean_param("hvm_fep", opt_hvm_fep); -#endif /* Xen command-line option to enable altp2m */ static bool_t __initdata opt_altp2m_enabled = 0; @@ -182,6 +181,32 @@ static int __init hvm_enable(void) if ( !opt_altp2m_enabled ) hvm_funcs.altp2m_supported = 0; + if ( opt_hvm_fep ) + { + unsigned i, j; + + printk("**********************************************\n"); + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); + printk("******* This option is *ONLY* intended to aid debugging " + "and testing of Xen\n"); + printk("******* that HVM guest can enter instruction emulator " + "with UD instruction.\n"); + printk("******* It has implication on the security of the system.\n"); + printk("******* Please *DO NOT* use this in production.\n"); + printk("**********************************************\n"); + add_taint(TAINT_HVM_FEP); + for ( i = 0; i < 3; i++ ) + { + printk("%d... ", 3-i); + for ( j = 0; j < 100; j++ ) + { + process_pending_softirqs(); + mdelay(10); + } + } + printk("\n"); + } + /* * Allow direct access to the PC debug ports 0x80 and 0xed (they are * often used for I/O delays, but the vmexits simply slow things down). diff --git a/xen/common/kernel.c b/xen/common/kernel.c index dae7e35..5bf77aa 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -175,6 +175,7 @@ int __init parse_bool(const char *s) * 'M' - Machine had a machine check experience. * 'B' - System has hit bad_page. * 'C' - Console output is synchronous. + * 'H' - HVM forced emulation prefix is permitted. * * The string is overwritten by the next call to print_taint(). */ @@ -182,11 +183,12 @@ char *print_tainted(char *str) { if ( tainted ) { - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c", + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c", tainted & TAINT_UNSAFE_SMP ? 'S' : ' ', tainted & TAINT_MACHINE_CHECK ? 'M' : ' ', tainted & TAINT_BAD_PAGE ? 'B' : ' ', - tainted & TAINT_SYNC_CONSOLE ? 'C' : ' '); + tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ', + tainted & TAINT_HVM_FEP ? 'H' : ' '); } else { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index f486ee9..217112d 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -27,12 +27,8 @@ #include <public/hvm/save.h> #include <xen/mm.h> -#ifndef NDEBUG /* Permit use of the Forced Emulation Prefix in HVM guests */ extern bool_t opt_hvm_fep; -#else -#define opt_hvm_fep 0 -#endif /* Interrupt acknowledgement sources. */ enum hvm_intsrc { diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1c652bb..b1b0fb2 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c); #define TAINT_BAD_PAGE (1<<2) #define TAINT_SYNC_CONSOLE (1<<3) #define TAINT_ERROR_INJECT (1<<4) +#define TAINT_HVM_FEP (1<<5) extern int tainted; #define TAINT_STRING_MAX_LEN 20 extern char *print_tainted(char *str); -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu @ 2016-06-15 14:39 ` Doug Goldstein 2016-06-15 14:47 ` Wei Liu 2016-06-16 11:37 ` Jan Beulich 1 sibling, 1 reply; 13+ messages in thread From: Doug Goldstein @ 2016-06-15 14:39 UTC (permalink / raw) To: Wei Liu, Xen-devel; +Cc: Andrew Cooper, Jan Beulich [-- Attachment #1.1.1: Type: text/plain, Size: 6329 bytes --] On 6/15/16 9:31 AM, Wei Liu wrote: > Originally hvm_fep was guarded by NDEBUG, which means it was only > available to debug builds. > > However there is value to have it for non-debug builds as well. User can > use that to run tests in setup that replicates production setup. > > Make it clear with a sync_console style warning that this option can't > be used in production setup. Update command line documentation > accordingly. Finally mark Xen as tainted when this option is enabled. > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> > --- > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > Cc: Jan Beulich <jbeulich@suse.com> > --- > docs/misc/xen-command-line.markdown | 8 ++++++-- > xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++--- > xen/common/kernel.c | 6 ++++-- > xen/include/asm-x86/hvm/hvm.h | 4 ---- > xen/include/xen/lib.h | 1 + > 5 files changed, 39 insertions(+), 11 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > index fed732c..dc53e24 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only. > Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of > arbitrary instructions. > > -This option is intended for development purposes, and is only available in > -debug builds of the hypervisor. > +This option is intended for development and testing purposes. > + > +*Warning* > +As this feature opens up the instruction emulator to HVM guest, don't > +use this in production system. No security support is provided when > +this flag is set. > > ### hvm\_port80 > > `= <boolean>` > diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c > index 78db903..5bafaef 100644 > --- a/xen/arch/x86/hvm/hvm.c > +++ b/xen/arch/x86/hvm/hvm.c > @@ -37,6 +37,7 @@ > #include <xen/mem_access.h> > #include <xen/rangeset.h> > #include <xen/vm_event.h> > +#include <xen/delay.h> > #include <asm/shadow.h> > #include <asm/hap.h> > #include <asm/current.h> > @@ -95,11 +96,9 @@ unsigned long __section(".bss.page_aligned") > static bool_t __initdata opt_hap_enabled = 1; > boolean_param("hap", opt_hap_enabled); > > -#ifndef opt_hvm_fep > /* Permit use of the Forced Emulation Prefix in HVM guests */ > -bool_t opt_hvm_fep; > +bool_t __read_mostly opt_hvm_fep; > boolean_param("hvm_fep", opt_hvm_fep); > -#endif > > /* Xen command-line option to enable altp2m */ > static bool_t __initdata opt_altp2m_enabled = 0; > @@ -182,6 +181,32 @@ static int __init hvm_enable(void) > if ( !opt_altp2m_enabled ) > hvm_funcs.altp2m_supported = 0; > > + if ( opt_hvm_fep ) > + { > + unsigned i, j; > + > + printk("**********************************************\n"); > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); > + printk("******* This option is *ONLY* intended to aid debugging " > + "and testing of Xen\n"); > + printk("******* that HVM guest can enter instruction emulator " > + "with UD instruction.\n"); > + printk("******* It has implication on the security of the system.\n"); > + printk("******* Please *DO NOT* use this in production.\n"); > + printk("**********************************************\n"); > + add_taint(TAINT_HVM_FEP); > + for ( i = 0; i < 3; i++ ) > + { > + printk("%d... ", 3-i); > + for ( j = 0; j < 100; j++ ) > + { > + process_pending_softirqs(); > + mdelay(10); > + } > + } > + printk("\n"); > + } > + > /* > * Allow direct access to the PC debug ports 0x80 and 0xed (they are > * often used for I/O delays, but the vmexits simply slow things down). > diff --git a/xen/common/kernel.c b/xen/common/kernel.c > index dae7e35..5bf77aa 100644 > --- a/xen/common/kernel.c > +++ b/xen/common/kernel.c > @@ -175,6 +175,7 @@ int __init parse_bool(const char *s) > * 'M' - Machine had a machine check experience. > * 'B' - System has hit bad_page. > * 'C' - Console output is synchronous. > + * 'H' - HVM forced emulation prefix is permitted. > * > * The string is overwritten by the next call to print_taint(). > */ > @@ -182,11 +183,12 @@ char *print_tainted(char *str) > { > if ( tainted ) > { > - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c", > + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c", > tainted & TAINT_UNSAFE_SMP ? 'S' : ' ', > tainted & TAINT_MACHINE_CHECK ? 'M' : ' ', > tainted & TAINT_BAD_PAGE ? 'B' : ' ', > - tainted & TAINT_SYNC_CONSOLE ? 'C' : ' '); > + tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ', > + tainted & TAINT_HVM_FEP ? 'H' : ' '); > } > else > { > diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h > index f486ee9..217112d 100644 > --- a/xen/include/asm-x86/hvm/hvm.h > +++ b/xen/include/asm-x86/hvm/hvm.h > @@ -27,12 +27,8 @@ > #include <public/hvm/save.h> > #include <xen/mm.h> > > -#ifndef NDEBUG > /* Permit use of the Forced Emulation Prefix in HVM guests */ > extern bool_t opt_hvm_fep; > -#else > -#define opt_hvm_fep 0 > -#endif Please instead add this as a Kconfig option and you can default it to enabled. > > /* Interrupt acknowledgement sources. */ > enum hvm_intsrc { > diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h > index 1c652bb..b1b0fb2 100644 > --- a/xen/include/xen/lib.h > +++ b/xen/include/xen/lib.h > @@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c); > #define TAINT_BAD_PAGE (1<<2) > #define TAINT_SYNC_CONSOLE (1<<3) > #define TAINT_ERROR_INJECT (1<<4) > +#define TAINT_HVM_FEP (1<<5) > extern int tainted; > #define TAINT_STRING_MAX_LEN 20 > extern char *print_tainted(char *str); > -- Doug Goldstein [-- Attachment #1.2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 959 bytes --] [-- Attachment #2: Type: text/plain, Size: 126 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 14:39 ` Doug Goldstein @ 2016-06-15 14:47 ` Wei Liu 2016-06-15 16:12 ` Doug Goldstein 0 siblings, 1 reply; 13+ messages in thread From: Wei Liu @ 2016-06-15 14:47 UTC (permalink / raw) To: Doug Goldstein; +Cc: Xen-devel, Wei Liu, Jan Beulich, Andrew Cooper On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote: > On 6/15/16 9:31 AM, Wei Liu wrote: [...] > > -#ifndef NDEBUG > > /* Permit use of the Forced Emulation Prefix in HVM guests */ > > extern bool_t opt_hvm_fep; > > -#else > > -#define opt_hvm_fep 0 > > -#endif > > Please instead add this as a Kconfig option and you can default it to > enabled. > Sure, it is reasonable that you want to compile this out. But which section does it belong to? Architecture Features I guess? Wei. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 14:47 ` Wei Liu @ 2016-06-15 16:12 ` Doug Goldstein 2016-06-15 16:14 ` Wei Liu 0 siblings, 1 reply; 13+ messages in thread From: Doug Goldstein @ 2016-06-15 16:12 UTC (permalink / raw) To: Wei Liu; +Cc: Xen-devel, Jan Beulich, Andrew Cooper [-- Attachment #1.1.1: Type: text/plain, Size: 707 bytes --] On 6/15/16 9:47 AM, Wei Liu wrote: > On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote: >> On 6/15/16 9:31 AM, Wei Liu wrote: > [...] >>> -#ifndef NDEBUG >>> /* Permit use of the Forced Emulation Prefix in HVM guests */ >>> extern bool_t opt_hvm_fep; >>> -#else >>> -#define opt_hvm_fep 0 >>> -#endif >> >> Please instead add this as a Kconfig option and you can default it to >> enabled. >> > > Sure, it is reasonable that you want to compile this out. > > But which section does it belong to? Architecture Features I guess? > > Wei. > That sounds reasonable to me. You can add it to arch/Kconfig if it makes sense for both ARM and x86. -- Doug Goldstein [-- Attachment #1.2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 959 bytes --] [-- Attachment #2: Type: text/plain, Size: 126 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 16:12 ` Doug Goldstein @ 2016-06-15 16:14 ` Wei Liu 0 siblings, 0 replies; 13+ messages in thread From: Wei Liu @ 2016-06-15 16:14 UTC (permalink / raw) To: Doug Goldstein; +Cc: Xen-devel, Wei Liu, Jan Beulich, Andrew Cooper On Wed, Jun 15, 2016 at 11:12:08AM -0500, Doug Goldstein wrote: > On 6/15/16 9:47 AM, Wei Liu wrote: > > On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote: > >> On 6/15/16 9:31 AM, Wei Liu wrote: > > [...] > >>> -#ifndef NDEBUG > >>> /* Permit use of the Forced Emulation Prefix in HVM guests */ > >>> extern bool_t opt_hvm_fep; > >>> -#else > >>> -#define opt_hvm_fep 0 > >>> -#endif > >> > >> Please instead add this as a Kconfig option and you can default it to > >> enabled. > >> > > > > Sure, it is reasonable that you want to compile this out. > > > > But which section does it belong to? Architecture Features I guess? > > > > Wei. > > > > That sounds reasonable to me. You can add it to arch/Kconfig if it makes > sense for both ARM and x86. > I think it should be x86 only for now. ARM doesn't have instruction emulator. Wei. > -- > Doug Goldstein > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu 2016-06-15 14:39 ` Doug Goldstein @ 2016-06-16 11:37 ` Jan Beulich 2016-06-16 11:52 ` Wei Liu 1 sibling, 1 reply; 13+ messages in thread From: Jan Beulich @ 2016-06-16 11:37 UTC (permalink / raw) To: Wei Liu; +Cc: Andrew Cooper, Xen-devel >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote: > @@ -182,6 +181,32 @@ static int __init hvm_enable(void) > if ( !opt_altp2m_enabled ) > hvm_funcs.altp2m_supported = 0; > > + if ( opt_hvm_fep ) > + { > + unsigned i, j; unsigned int > + printk("**********************************************\n"); > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); > + printk("******* This option is *ONLY* intended to aid debugging " > + "and testing of Xen\n"); > + printk("******* that HVM guest can enter instruction emulator " > + "with UD instruction.\n"); > + printk("******* It has implication on the security of the system.\n"); > + printk("******* Please *DO NOT* use this in production.\n"); > + printk("**********************************************\n"); > + add_taint(TAINT_HVM_FEP); Should we perhaps taint the system only the first time a guest makes use of this? > + for ( i = 0; i < 3; i++ ) > + { > + printk("%d... ", 3-i); %u and spaces around - please. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-16 11:37 ` Jan Beulich @ 2016-06-16 11:52 ` Wei Liu 2016-06-16 12:12 ` Andrew Cooper 2016-06-16 12:31 ` Jan Beulich 0 siblings, 2 replies; 13+ messages in thread From: Wei Liu @ 2016-06-16 11:52 UTC (permalink / raw) To: Jan Beulich; +Cc: Andrew Cooper, Wei Liu, Xen-devel On Thu, Jun 16, 2016 at 05:37:03AM -0600, Jan Beulich wrote: > >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote: > > @@ -182,6 +181,32 @@ static int __init hvm_enable(void) > > if ( !opt_altp2m_enabled ) > > hvm_funcs.altp2m_supported = 0; > > > > + if ( opt_hvm_fep ) > > + { > > + unsigned i, j; > > unsigned int > Ack. > > + printk("**********************************************\n"); > > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); > > + printk("******* This option is *ONLY* intended to aid debugging " > > + "and testing of Xen\n"); > > + printk("******* that HVM guest can enter instruction emulator " > > + "with UD instruction.\n"); > > + printk("******* It has implication on the security of the system.\n"); > > + printk("******* Please *DO NOT* use this in production.\n"); > > + printk("**********************************************\n"); > > + add_taint(TAINT_HVM_FEP); > > Should we perhaps taint the system only the first time a guest > makes use of this? > Doesn't that add overhead to a potential hot path? Arguably it is only setting a bit in a flag, but still... > > + for ( i = 0; i < 3; i++ ) > > + { > > + printk("%d... ", 3-i); > > %u and spaces around - please. > Ack. Wei. > Jan > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-16 11:52 ` Wei Liu @ 2016-06-16 12:12 ` Andrew Cooper 2016-06-16 12:20 ` Wei Liu 2016-06-16 12:31 ` Jan Beulich 1 sibling, 1 reply; 13+ messages in thread From: Andrew Cooper @ 2016-06-16 12:12 UTC (permalink / raw) To: Wei Liu, Jan Beulich; +Cc: Xen-devel On 16/06/16 12:52, Wei Liu wrote: > >>> + printk("**********************************************\n"); >>> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); I would say "available" rather than permitted in this case. >>> + printk("******* This option is *ONLY* intended to aid debugging " >>> + "and testing of Xen\n"); Despite the line length, I would keep this string on a single line. If you want it a little shorter, you can drop "debugging and", leaving just testing. >>> + printk("******* that HVM guest can enter instruction emulator " >>> + "with UD instruction.\n"); I think this like isn't necessary. Anyone who is unclear what FEP is can look it up. >>> + printk("******* It has implication on the security of the system.\n"); implications. >>> + printk("******* Please *DO NOT* use this in production.\n"); >>> + printk("**********************************************\n"); >>> + add_taint(TAINT_HVM_FEP); >> Should we perhaps taint the system only the first time a guest >> makes use of this? >> > Doesn't that add overhead to a potential hot path? Arguably it is only > setting a bit in a flag, but still... FEP is not a fastpath at all. It would be fine to defer to hvm_ud_intercept(). ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-16 12:12 ` Andrew Cooper @ 2016-06-16 12:20 ` Wei Liu 0 siblings, 0 replies; 13+ messages in thread From: Wei Liu @ 2016-06-16 12:20 UTC (permalink / raw) To: Andrew Cooper; +Cc: Xen-devel, Wei Liu, Jan Beulich On Thu, Jun 16, 2016 at 01:12:34PM +0100, Andrew Cooper wrote: > On 16/06/16 12:52, Wei Liu wrote: > > > >>> + printk("**********************************************\n"); > >>> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); > > I would say "available" rather than permitted in this case. > > >>> + printk("******* This option is *ONLY* intended to aid debugging " > >>> + "and testing of Xen\n"); > > Despite the line length, I would keep this string on a single line. If > you want it a little shorter, you can drop "debugging and", leaving just > testing. > > >>> + printk("******* that HVM guest can enter instruction emulator " > >>> + "with UD instruction.\n"); > > I think this like isn't necessary. Anyone who is unclear what FEP is > can look it up. > > >>> + printk("******* It has implication on the security of the system.\n"); > > implications. > All fixed. > >>> + printk("******* Please *DO NOT* use this in production.\n"); > >>> + printk("**********************************************\n"); > >>> + add_taint(TAINT_HVM_FEP); > >> Should we perhaps taint the system only the first time a guest > >> makes use of this? > >> > > Doesn't that add overhead to a potential hot path? Arguably it is only > > setting a bit in a flag, but still... > > FEP is not a fastpath at all. It would be fine to defer to > hvm_ud_intercept(). > NP. Wei. > ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well 2016-06-16 11:52 ` Wei Liu 2016-06-16 12:12 ` Andrew Cooper @ 2016-06-16 12:31 ` Jan Beulich 1 sibling, 0 replies; 13+ messages in thread From: Jan Beulich @ 2016-06-16 12:31 UTC (permalink / raw) To: Wei Liu; +Cc: Andrew Cooper, Xen-devel >>> On 16.06.16 at 13:52, <wei.liu2@citrix.com> wrote: > On Thu, Jun 16, 2016 at 05:37:03AM -0600, Jan Beulich wrote: >> >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote: >> > + printk("**********************************************\n"); >> > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); >> > + printk("******* This option is *ONLY* intended to aid debugging " >> > + "and testing of Xen\n"); >> > + printk("******* that HVM guest can enter instruction emulator " >> > + "with UD instruction.\n"); >> > + printk("******* It has implication on the security of the system.\n"); >> > + printk("******* Please *DO NOT* use this in production.\n"); >> > + printk("**********************************************\n"); >> > + add_taint(TAINT_HVM_FEP); >> >> Should we perhaps taint the system only the first time a guest >> makes use of this? >> > > Doesn't that add overhead to a potential hot path? Arguably it is only > setting a bit in a flag, but still... How can that be a hot path, if it's not even usable without the option set? Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-06-16 12:31 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu 2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu 2016-06-15 14:53 ` Jan Beulich 2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu 2016-06-15 14:39 ` Doug Goldstein 2016-06-15 14:47 ` Wei Liu 2016-06-15 16:12 ` Doug Goldstein 2016-06-15 16:14 ` Wei Liu 2016-06-16 11:37 ` Jan Beulich 2016-06-16 11:52 ` Wei Liu 2016-06-16 12:12 ` Andrew Cooper 2016-06-16 12:20 ` Wei Liu 2016-06-16 12:31 ` Jan Beulich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).