* [PATCH RFC 0/2] Make hvm_fep available to non-debug builds
@ 2016-06-15 14:31 Wei Liu
2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu
2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu
0 siblings, 2 replies; 13+ messages in thread
From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw)
To: Xen-devel; +Cc: Wei Liu
Wei Liu (2):
xen/kernel: document 'C' in print_tainted
xen: make available hvm_fep to non-debug build as well
docs/misc/xen-command-line.markdown | 8 ++++++--
xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++---
xen/common/kernel.c | 7 +++++--
xen/include/asm-x86/hvm/hvm.h | 4 ----
xen/include/xen/lib.h | 1 +
5 files changed, 40 insertions(+), 11 deletions(-)
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted
2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu
@ 2016-06-15 14:31 ` Wei Liu
2016-06-15 14:53 ` Jan Beulich
2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu
1 sibling, 1 reply; 13+ messages in thread
From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw)
To: Xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Tim Deegan, Jan Beulich
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Tim Deegan <tim@xen.org>
Cc: Wei Liu <wei.liu2@citrix.com>
---
xen/common/kernel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index 1a6823a..dae7e35 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -174,6 +174,7 @@ int __init parse_bool(const char *s)
* 'S' - SMP with CPUs not designed for SMP.
* 'M' - Machine had a machine check experience.
* 'B' - System has hit bad_page.
+ * 'C' - Console output is synchronous.
*
* The string is overwritten by the next call to print_taint().
*/
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu
2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu
@ 2016-06-15 14:31 ` Wei Liu
2016-06-15 14:39 ` Doug Goldstein
2016-06-16 11:37 ` Jan Beulich
1 sibling, 2 replies; 13+ messages in thread
From: Wei Liu @ 2016-06-15 14:31 UTC (permalink / raw)
To: Xen-devel; +Cc: Andrew Cooper, Wei Liu, Jan Beulich
Originally hvm_fep was guarded by NDEBUG, which means it was only
available to debug builds.
However there is value to have it for non-debug builds as well. User can
use that to run tests in setup that replicates production setup.
Make it clear with a sync_console style warning that this option can't
be used in production setup. Update command line documentation
accordingly. Finally mark Xen as tainted when this option is enabled.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
---
docs/misc/xen-command-line.markdown | 8 ++++++--
xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++---
xen/common/kernel.c | 6 ++++--
xen/include/asm-x86/hvm/hvm.h | 4 ----
xen/include/xen/lib.h | 1 +
5 files changed, 39 insertions(+), 11 deletions(-)
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index fed732c..dc53e24 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only.
Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of
arbitrary instructions.
-This option is intended for development purposes, and is only available in
-debug builds of the hypervisor.
+This option is intended for development and testing purposes.
+
+*Warning*
+As this feature opens up the instruction emulator to HVM guest, don't
+use this in production system. No security support is provided when
+this flag is set.
### hvm\_port80
> `= <boolean>`
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 78db903..5bafaef 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -37,6 +37,7 @@
#include <xen/mem_access.h>
#include <xen/rangeset.h>
#include <xen/vm_event.h>
+#include <xen/delay.h>
#include <asm/shadow.h>
#include <asm/hap.h>
#include <asm/current.h>
@@ -95,11 +96,9 @@ unsigned long __section(".bss.page_aligned")
static bool_t __initdata opt_hap_enabled = 1;
boolean_param("hap", opt_hap_enabled);
-#ifndef opt_hvm_fep
/* Permit use of the Forced Emulation Prefix in HVM guests */
-bool_t opt_hvm_fep;
+bool_t __read_mostly opt_hvm_fep;
boolean_param("hvm_fep", opt_hvm_fep);
-#endif
/* Xen command-line option to enable altp2m */
static bool_t __initdata opt_altp2m_enabled = 0;
@@ -182,6 +181,32 @@ static int __init hvm_enable(void)
if ( !opt_altp2m_enabled )
hvm_funcs.altp2m_supported = 0;
+ if ( opt_hvm_fep )
+ {
+ unsigned i, j;
+
+ printk("**********************************************\n");
+ printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
+ printk("******* This option is *ONLY* intended to aid debugging "
+ "and testing of Xen\n");
+ printk("******* that HVM guest can enter instruction emulator "
+ "with UD instruction.\n");
+ printk("******* It has implication on the security of the system.\n");
+ printk("******* Please *DO NOT* use this in production.\n");
+ printk("**********************************************\n");
+ add_taint(TAINT_HVM_FEP);
+ for ( i = 0; i < 3; i++ )
+ {
+ printk("%d... ", 3-i);
+ for ( j = 0; j < 100; j++ )
+ {
+ process_pending_softirqs();
+ mdelay(10);
+ }
+ }
+ printk("\n");
+ }
+
/*
* Allow direct access to the PC debug ports 0x80 and 0xed (they are
* often used for I/O delays, but the vmexits simply slow things down).
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index dae7e35..5bf77aa 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -175,6 +175,7 @@ int __init parse_bool(const char *s)
* 'M' - Machine had a machine check experience.
* 'B' - System has hit bad_page.
* 'C' - Console output is synchronous.
+ * 'H' - HVM forced emulation prefix is permitted.
*
* The string is overwritten by the next call to print_taint().
*/
@@ -182,11 +183,12 @@ char *print_tainted(char *str)
{
if ( tainted )
{
- snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c",
+ snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c",
tainted & TAINT_UNSAFE_SMP ? 'S' : ' ',
tainted & TAINT_MACHINE_CHECK ? 'M' : ' ',
tainted & TAINT_BAD_PAGE ? 'B' : ' ',
- tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ');
+ tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ',
+ tainted & TAINT_HVM_FEP ? 'H' : ' ');
}
else
{
diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h
index f486ee9..217112d 100644
--- a/xen/include/asm-x86/hvm/hvm.h
+++ b/xen/include/asm-x86/hvm/hvm.h
@@ -27,12 +27,8 @@
#include <public/hvm/save.h>
#include <xen/mm.h>
-#ifndef NDEBUG
/* Permit use of the Forced Emulation Prefix in HVM guests */
extern bool_t opt_hvm_fep;
-#else
-#define opt_hvm_fep 0
-#endif
/* Interrupt acknowledgement sources. */
enum hvm_intsrc {
diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h
index 1c652bb..b1b0fb2 100644
--- a/xen/include/xen/lib.h
+++ b/xen/include/xen/lib.h
@@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c);
#define TAINT_BAD_PAGE (1<<2)
#define TAINT_SYNC_CONSOLE (1<<3)
#define TAINT_ERROR_INJECT (1<<4)
+#define TAINT_HVM_FEP (1<<5)
extern int tainted;
#define TAINT_STRING_MAX_LEN 20
extern char *print_tainted(char *str);
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu
@ 2016-06-15 14:39 ` Doug Goldstein
2016-06-15 14:47 ` Wei Liu
2016-06-16 11:37 ` Jan Beulich
1 sibling, 1 reply; 13+ messages in thread
From: Doug Goldstein @ 2016-06-15 14:39 UTC (permalink / raw)
To: Wei Liu, Xen-devel; +Cc: Andrew Cooper, Jan Beulich
[-- Attachment #1.1.1: Type: text/plain, Size: 6329 bytes --]
On 6/15/16 9:31 AM, Wei Liu wrote:
> Originally hvm_fep was guarded by NDEBUG, which means it was only
> available to debug builds.
>
> However there is value to have it for non-debug builds as well. User can
> use that to run tests in setup that replicates production setup.
>
> Make it clear with a sync_console style warning that this option can't
> be used in production setup. Update command line documentation
> accordingly. Finally mark Xen as tainted when this option is enabled.
>
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> ---
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Jan Beulich <jbeulich@suse.com>
> ---
> docs/misc/xen-command-line.markdown | 8 ++++++--
> xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++---
> xen/common/kernel.c | 6 ++++--
> xen/include/asm-x86/hvm/hvm.h | 4 ----
> xen/include/xen/lib.h | 1 +
> 5 files changed, 39 insertions(+), 11 deletions(-)
>
> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> index fed732c..dc53e24 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only.
> Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of
> arbitrary instructions.
>
> -This option is intended for development purposes, and is only available in
> -debug builds of the hypervisor.
> +This option is intended for development and testing purposes.
> +
> +*Warning*
> +As this feature opens up the instruction emulator to HVM guest, don't
> +use this in production system. No security support is provided when
> +this flag is set.
>
> ### hvm\_port80
> > `= <boolean>`
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index 78db903..5bafaef 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -37,6 +37,7 @@
> #include <xen/mem_access.h>
> #include <xen/rangeset.h>
> #include <xen/vm_event.h>
> +#include <xen/delay.h>
> #include <asm/shadow.h>
> #include <asm/hap.h>
> #include <asm/current.h>
> @@ -95,11 +96,9 @@ unsigned long __section(".bss.page_aligned")
> static bool_t __initdata opt_hap_enabled = 1;
> boolean_param("hap", opt_hap_enabled);
>
> -#ifndef opt_hvm_fep
> /* Permit use of the Forced Emulation Prefix in HVM guests */
> -bool_t opt_hvm_fep;
> +bool_t __read_mostly opt_hvm_fep;
> boolean_param("hvm_fep", opt_hvm_fep);
> -#endif
>
> /* Xen command-line option to enable altp2m */
> static bool_t __initdata opt_altp2m_enabled = 0;
> @@ -182,6 +181,32 @@ static int __init hvm_enable(void)
> if ( !opt_altp2m_enabled )
> hvm_funcs.altp2m_supported = 0;
>
> + if ( opt_hvm_fep )
> + {
> + unsigned i, j;
> +
> + printk("**********************************************\n");
> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
> + printk("******* This option is *ONLY* intended to aid debugging "
> + "and testing of Xen\n");
> + printk("******* that HVM guest can enter instruction emulator "
> + "with UD instruction.\n");
> + printk("******* It has implication on the security of the system.\n");
> + printk("******* Please *DO NOT* use this in production.\n");
> + printk("**********************************************\n");
> + add_taint(TAINT_HVM_FEP);
> + for ( i = 0; i < 3; i++ )
> + {
> + printk("%d... ", 3-i);
> + for ( j = 0; j < 100; j++ )
> + {
> + process_pending_softirqs();
> + mdelay(10);
> + }
> + }
> + printk("\n");
> + }
> +
> /*
> * Allow direct access to the PC debug ports 0x80 and 0xed (they are
> * often used for I/O delays, but the vmexits simply slow things down).
> diff --git a/xen/common/kernel.c b/xen/common/kernel.c
> index dae7e35..5bf77aa 100644
> --- a/xen/common/kernel.c
> +++ b/xen/common/kernel.c
> @@ -175,6 +175,7 @@ int __init parse_bool(const char *s)
> * 'M' - Machine had a machine check experience.
> * 'B' - System has hit bad_page.
> * 'C' - Console output is synchronous.
> + * 'H' - HVM forced emulation prefix is permitted.
> *
> * The string is overwritten by the next call to print_taint().
> */
> @@ -182,11 +183,12 @@ char *print_tainted(char *str)
> {
> if ( tainted )
> {
> - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c",
> + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c",
> tainted & TAINT_UNSAFE_SMP ? 'S' : ' ',
> tainted & TAINT_MACHINE_CHECK ? 'M' : ' ',
> tainted & TAINT_BAD_PAGE ? 'B' : ' ',
> - tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ');
> + tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ',
> + tainted & TAINT_HVM_FEP ? 'H' : ' ');
> }
> else
> {
> diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h
> index f486ee9..217112d 100644
> --- a/xen/include/asm-x86/hvm/hvm.h
> +++ b/xen/include/asm-x86/hvm/hvm.h
> @@ -27,12 +27,8 @@
> #include <public/hvm/save.h>
> #include <xen/mm.h>
>
> -#ifndef NDEBUG
> /* Permit use of the Forced Emulation Prefix in HVM guests */
> extern bool_t opt_hvm_fep;
> -#else
> -#define opt_hvm_fep 0
> -#endif
Please instead add this as a Kconfig option and you can default it to
enabled.
>
> /* Interrupt acknowledgement sources. */
> enum hvm_intsrc {
> diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h
> index 1c652bb..b1b0fb2 100644
> --- a/xen/include/xen/lib.h
> +++ b/xen/include/xen/lib.h
> @@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c);
> #define TAINT_BAD_PAGE (1<<2)
> #define TAINT_SYNC_CONSOLE (1<<3)
> #define TAINT_ERROR_INJECT (1<<4)
> +#define TAINT_HVM_FEP (1<<5)
> extern int tainted;
> #define TAINT_STRING_MAX_LEN 20
> extern char *print_tainted(char *str);
>
--
Doug Goldstein
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 14:39 ` Doug Goldstein
@ 2016-06-15 14:47 ` Wei Liu
2016-06-15 16:12 ` Doug Goldstein
0 siblings, 1 reply; 13+ messages in thread
From: Wei Liu @ 2016-06-15 14:47 UTC (permalink / raw)
To: Doug Goldstein; +Cc: Xen-devel, Wei Liu, Jan Beulich, Andrew Cooper
On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote:
> On 6/15/16 9:31 AM, Wei Liu wrote:
[...]
> > -#ifndef NDEBUG
> > /* Permit use of the Forced Emulation Prefix in HVM guests */
> > extern bool_t opt_hvm_fep;
> > -#else
> > -#define opt_hvm_fep 0
> > -#endif
>
> Please instead add this as a Kconfig option and you can default it to
> enabled.
>
Sure, it is reasonable that you want to compile this out.
But which section does it belong to? Architecture Features I guess?
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted
2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu
@ 2016-06-15 14:53 ` Jan Beulich
0 siblings, 0 replies; 13+ messages in thread
From: Jan Beulich @ 2016-06-15 14:53 UTC (permalink / raw)
To: Wei Liu
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson,
Tim Deegan, Xen-devel
>>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote:
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 14:47 ` Wei Liu
@ 2016-06-15 16:12 ` Doug Goldstein
2016-06-15 16:14 ` Wei Liu
0 siblings, 1 reply; 13+ messages in thread
From: Doug Goldstein @ 2016-06-15 16:12 UTC (permalink / raw)
To: Wei Liu; +Cc: Xen-devel, Jan Beulich, Andrew Cooper
[-- Attachment #1.1.1: Type: text/plain, Size: 707 bytes --]
On 6/15/16 9:47 AM, Wei Liu wrote:
> On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote:
>> On 6/15/16 9:31 AM, Wei Liu wrote:
> [...]
>>> -#ifndef NDEBUG
>>> /* Permit use of the Forced Emulation Prefix in HVM guests */
>>> extern bool_t opt_hvm_fep;
>>> -#else
>>> -#define opt_hvm_fep 0
>>> -#endif
>>
>> Please instead add this as a Kconfig option and you can default it to
>> enabled.
>>
>
> Sure, it is reasonable that you want to compile this out.
>
> But which section does it belong to? Architecture Features I guess?
>
> Wei.
>
That sounds reasonable to me. You can add it to arch/Kconfig if it makes
sense for both ARM and x86.
--
Doug Goldstein
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 16:12 ` Doug Goldstein
@ 2016-06-15 16:14 ` Wei Liu
0 siblings, 0 replies; 13+ messages in thread
From: Wei Liu @ 2016-06-15 16:14 UTC (permalink / raw)
To: Doug Goldstein; +Cc: Xen-devel, Wei Liu, Jan Beulich, Andrew Cooper
On Wed, Jun 15, 2016 at 11:12:08AM -0500, Doug Goldstein wrote:
> On 6/15/16 9:47 AM, Wei Liu wrote:
> > On Wed, Jun 15, 2016 at 09:39:24AM -0500, Doug Goldstein wrote:
> >> On 6/15/16 9:31 AM, Wei Liu wrote:
> > [...]
> >>> -#ifndef NDEBUG
> >>> /* Permit use of the Forced Emulation Prefix in HVM guests */
> >>> extern bool_t opt_hvm_fep;
> >>> -#else
> >>> -#define opt_hvm_fep 0
> >>> -#endif
> >>
> >> Please instead add this as a Kconfig option and you can default it to
> >> enabled.
> >>
> >
> > Sure, it is reasonable that you want to compile this out.
> >
> > But which section does it belong to? Architecture Features I guess?
> >
> > Wei.
> >
>
> That sounds reasonable to me. You can add it to arch/Kconfig if it makes
> sense for both ARM and x86.
>
I think it should be x86 only for now. ARM doesn't have instruction
emulator.
Wei.
> --
> Doug Goldstein
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu
2016-06-15 14:39 ` Doug Goldstein
@ 2016-06-16 11:37 ` Jan Beulich
2016-06-16 11:52 ` Wei Liu
1 sibling, 1 reply; 13+ messages in thread
From: Jan Beulich @ 2016-06-16 11:37 UTC (permalink / raw)
To: Wei Liu; +Cc: Andrew Cooper, Xen-devel
>>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote:
> @@ -182,6 +181,32 @@ static int __init hvm_enable(void)
> if ( !opt_altp2m_enabled )
> hvm_funcs.altp2m_supported = 0;
>
> + if ( opt_hvm_fep )
> + {
> + unsigned i, j;
unsigned int
> + printk("**********************************************\n");
> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
> + printk("******* This option is *ONLY* intended to aid debugging "
> + "and testing of Xen\n");
> + printk("******* that HVM guest can enter instruction emulator "
> + "with UD instruction.\n");
> + printk("******* It has implication on the security of the system.\n");
> + printk("******* Please *DO NOT* use this in production.\n");
> + printk("**********************************************\n");
> + add_taint(TAINT_HVM_FEP);
Should we perhaps taint the system only the first time a guest
makes use of this?
> + for ( i = 0; i < 3; i++ )
> + {
> + printk("%d... ", 3-i);
%u and spaces around - please.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-16 11:37 ` Jan Beulich
@ 2016-06-16 11:52 ` Wei Liu
2016-06-16 12:12 ` Andrew Cooper
2016-06-16 12:31 ` Jan Beulich
0 siblings, 2 replies; 13+ messages in thread
From: Wei Liu @ 2016-06-16 11:52 UTC (permalink / raw)
To: Jan Beulich; +Cc: Andrew Cooper, Wei Liu, Xen-devel
On Thu, Jun 16, 2016 at 05:37:03AM -0600, Jan Beulich wrote:
> >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote:
> > @@ -182,6 +181,32 @@ static int __init hvm_enable(void)
> > if ( !opt_altp2m_enabled )
> > hvm_funcs.altp2m_supported = 0;
> >
> > + if ( opt_hvm_fep )
> > + {
> > + unsigned i, j;
>
> unsigned int
>
Ack.
> > + printk("**********************************************\n");
> > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
> > + printk("******* This option is *ONLY* intended to aid debugging "
> > + "and testing of Xen\n");
> > + printk("******* that HVM guest can enter instruction emulator "
> > + "with UD instruction.\n");
> > + printk("******* It has implication on the security of the system.\n");
> > + printk("******* Please *DO NOT* use this in production.\n");
> > + printk("**********************************************\n");
> > + add_taint(TAINT_HVM_FEP);
>
> Should we perhaps taint the system only the first time a guest
> makes use of this?
>
Doesn't that add overhead to a potential hot path? Arguably it is only
setting a bit in a flag, but still...
> > + for ( i = 0; i < 3; i++ )
> > + {
> > + printk("%d... ", 3-i);
>
> %u and spaces around - please.
>
Ack.
Wei.
> Jan
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-16 11:52 ` Wei Liu
@ 2016-06-16 12:12 ` Andrew Cooper
2016-06-16 12:20 ` Wei Liu
2016-06-16 12:31 ` Jan Beulich
1 sibling, 1 reply; 13+ messages in thread
From: Andrew Cooper @ 2016-06-16 12:12 UTC (permalink / raw)
To: Wei Liu, Jan Beulich; +Cc: Xen-devel
On 16/06/16 12:52, Wei Liu wrote:
>
>>> + printk("**********************************************\n");
>>> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
I would say "available" rather than permitted in this case.
>>> + printk("******* This option is *ONLY* intended to aid debugging "
>>> + "and testing of Xen\n");
Despite the line length, I would keep this string on a single line. If
you want it a little shorter, you can drop "debugging and", leaving just
testing.
>>> + printk("******* that HVM guest can enter instruction emulator "
>>> + "with UD instruction.\n");
I think this like isn't necessary. Anyone who is unclear what FEP is
can look it up.
>>> + printk("******* It has implication on the security of the system.\n");
implications.
>>> + printk("******* Please *DO NOT* use this in production.\n");
>>> + printk("**********************************************\n");
>>> + add_taint(TAINT_HVM_FEP);
>> Should we perhaps taint the system only the first time a guest
>> makes use of this?
>>
> Doesn't that add overhead to a potential hot path? Arguably it is only
> setting a bit in a flag, but still...
FEP is not a fastpath at all. It would be fine to defer to
hvm_ud_intercept().
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-16 12:12 ` Andrew Cooper
@ 2016-06-16 12:20 ` Wei Liu
0 siblings, 0 replies; 13+ messages in thread
From: Wei Liu @ 2016-06-16 12:20 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Xen-devel, Wei Liu, Jan Beulich
On Thu, Jun 16, 2016 at 01:12:34PM +0100, Andrew Cooper wrote:
> On 16/06/16 12:52, Wei Liu wrote:
> >
> >>> + printk("**********************************************\n");
> >>> + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
>
> I would say "available" rather than permitted in this case.
>
> >>> + printk("******* This option is *ONLY* intended to aid debugging "
> >>> + "and testing of Xen\n");
>
> Despite the line length, I would keep this string on a single line. If
> you want it a little shorter, you can drop "debugging and", leaving just
> testing.
>
> >>> + printk("******* that HVM guest can enter instruction emulator "
> >>> + "with UD instruction.\n");
>
> I think this like isn't necessary. Anyone who is unclear what FEP is
> can look it up.
>
> >>> + printk("******* It has implication on the security of the system.\n");
>
> implications.
>
All fixed.
> >>> + printk("******* Please *DO NOT* use this in production.\n");
> >>> + printk("**********************************************\n");
> >>> + add_taint(TAINT_HVM_FEP);
> >> Should we perhaps taint the system only the first time a guest
> >> makes use of this?
> >>
> > Doesn't that add overhead to a potential hot path? Arguably it is only
> > setting a bit in a flag, but still...
>
> FEP is not a fastpath at all. It would be fine to defer to
> hvm_ud_intercept().
>
NP.
Wei.
> ~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well
2016-06-16 11:52 ` Wei Liu
2016-06-16 12:12 ` Andrew Cooper
@ 2016-06-16 12:31 ` Jan Beulich
1 sibling, 0 replies; 13+ messages in thread
From: Jan Beulich @ 2016-06-16 12:31 UTC (permalink / raw)
To: Wei Liu; +Cc: Andrew Cooper, Xen-devel
>>> On 16.06.16 at 13:52, <wei.liu2@citrix.com> wrote:
> On Thu, Jun 16, 2016 at 05:37:03AM -0600, Jan Beulich wrote:
>> >>> On 15.06.16 at 16:31, <wei.liu2@citrix.com> wrote:
>> > + printk("**********************************************\n");
>> > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n");
>> > + printk("******* This option is *ONLY* intended to aid debugging "
>> > + "and testing of Xen\n");
>> > + printk("******* that HVM guest can enter instruction emulator "
>> > + "with UD instruction.\n");
>> > + printk("******* It has implication on the security of the system.\n");
>> > + printk("******* Please *DO NOT* use this in production.\n");
>> > + printk("**********************************************\n");
>> > + add_taint(TAINT_HVM_FEP);
>>
>> Should we perhaps taint the system only the first time a guest
>> makes use of this?
>>
>
> Doesn't that add overhead to a potential hot path? Arguably it is only
> setting a bit in a flag, but still...
How can that be a hot path, if it's not even usable without the
option set?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-06-16 12:31 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-15 14:31 [PATCH RFC 0/2] Make hvm_fep available to non-debug builds Wei Liu
2016-06-15 14:31 ` [PATCH RFC 1/2] xen/kernel: document 'C' in print_tainted Wei Liu
2016-06-15 14:53 ` Jan Beulich
2016-06-15 14:31 ` [PATCH RFC 2/2] xen: make available hvm_fep to non-debug build as well Wei Liu
2016-06-15 14:39 ` Doug Goldstein
2016-06-15 14:47 ` Wei Liu
2016-06-15 16:12 ` Doug Goldstein
2016-06-15 16:14 ` Wei Liu
2016-06-16 11:37 ` Jan Beulich
2016-06-16 11:52 ` Wei Liu
2016-06-16 12:12 ` Andrew Cooper
2016-06-16 12:20 ` Wei Liu
2016-06-16 12:31 ` Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).