With the building of guest_?.o now depending on PV or HVM, without
further #ifdef-ary shadow code won't link anymore when !PV && !HVM.
Since this isn't a useful configuration anyway, exclude shadow code from
being built in this case.
Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM")
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -121,6 +121,7 @@ config XEN_SHSTK
config SHADOW_PAGING
bool "Shadow Paging"
default !PV_SHIM_EXCLUSIVE
+ depends on PV || HVM
---help---
Shadow paging is a software alternative to hardware paging support
On 16/04/2021 13:32, Jan Beulich wrote: > With the building of guest_?.o now depending on PV or HVM, without > further #ifdef-ary shadow code won't link anymore when !PV && !HVM. > Since this isn't a useful configuration anyway, exclude shadow code from > being built in this case. > > Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM") > Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> > Signed-off-by: Jan Beulich <jbeulich@suse.com> > > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -121,6 +121,7 @@ config XEN_SHSTK > config SHADOW_PAGING > bool "Shadow Paging" > default !PV_SHIM_EXCLUSIVE Hang on - this is bug, and is what needs dropping. PV Shim uses Shadow, in default configurations, for L1TF protections to keep userspace out of the guest kernel. Without it, the shim'd guest will be crashed when it writes an L1TF-vulnerable PTE. OSSTest ought to have blocked this as a regression, but I suspect its not running the XTF PV guests in shim mode. ~Andrew
On 16.04.2021 14:39, Andrew Cooper wrote: > On 16/04/2021 13:32, Jan Beulich wrote: >> With the building of guest_?.o now depending on PV or HVM, without >> further #ifdef-ary shadow code won't link anymore when !PV && !HVM. >> Since this isn't a useful configuration anyway, exclude shadow code from >> being built in this case. >> >> Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM") >> Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> >> --- a/xen/arch/x86/Kconfig >> +++ b/xen/arch/x86/Kconfig >> @@ -121,6 +121,7 @@ config XEN_SHSTK >> config SHADOW_PAGING >> bool "Shadow Paging" >> default !PV_SHIM_EXCLUSIVE > > Hang on - this is bug, and is what needs dropping. > > PV Shim uses Shadow, in default configurations, for L1TF protections to > keep userspace out of the guest kernel. Without it, the shim'd guest > will be crashed when it writes an L1TF-vulnerable PTE. > > OSSTest ought to have blocked this as a regression, but I suspect its > not running the XTF PV guests in shim mode. One thing at a time please - if there's an issue here, this wants addressing in a separate change (which then also may need backporting). Jan
© 2016 - 2024 Red Hat, Inc.