1. Patchew
  2. Xen
  3. View series

[PATCH] x86/shadow: depend on PV || HVM

Jan Beulich posted 1 patch 3 years ago
Test gitlab-ci failed
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/eee69a8e-36d5-b9eb-d8f1-1a7e1c3dfdc0@suse.com
[PATCH] x86/shadow: depend on PV || HVM
Posted by Jan Beulich 3 years ago 
With the building of guest_?.o now depending on PV or HVM, without
further #ifdef-ary shadow code won't link anymore when !PV && !HVM.
Since this isn't a useful configuration anyway, exclude shadow code from
being built in this case.

Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM")
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -121,6 +121,7 @@ config XEN_SHSTK
 config SHADOW_PAGING
 	bool "Shadow Paging"
 	default !PV_SHIM_EXCLUSIVE
+	depends on PV || HVM
 	---help---
 
           Shadow paging is a software alternative to hardware paging support
Re: [PATCH] x86/shadow: depend on PV || HVM
Posted by Andrew Cooper 3 years ago 
On 16/04/2021 13:32, Jan Beulich wrote:
> With the building of guest_?.o now depending on PV or HVM, without
> further #ifdef-ary shadow code won't link anymore when !PV && !HVM.
> Since this isn't a useful configuration anyway, exclude shadow code from
> being built in this case.
>
> Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM")
> Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -121,6 +121,7 @@ config XEN_SHSTK
>  config SHADOW_PAGING
>  	bool "Shadow Paging"
>  	default !PV_SHIM_EXCLUSIVE

Hang on - this is bug, and is what needs dropping.

PV Shim uses Shadow, in default configurations, for L1TF protections to
keep userspace out of the guest kernel.  Without it, the shim'd guest
will be crashed when it writes an L1TF-vulnerable PTE.

OSSTest ought to have blocked this as a regression, but I suspect its
not running the XTF PV guests in shim mode.

~Andrew
Re: [PATCH] x86/shadow: depend on PV || HVM
Posted by Jan Beulich 3 years ago 
On 16.04.2021 14:39, Andrew Cooper wrote:
> On 16/04/2021 13:32, Jan Beulich wrote:
>> With the building of guest_?.o now depending on PV or HVM, without
>> further #ifdef-ary shadow code won't link anymore when !PV && !HVM.
>> Since this isn't a useful configuration anyway, exclude shadow code from
>> being built in this case.
>>
>> Fixes: aff8bf94ce65 ("x86/shadow: only 4-level guest code needs building when !HVM")
>> Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>
>> --- a/xen/arch/x86/Kconfig
>> +++ b/xen/arch/x86/Kconfig
>> @@ -121,6 +121,7 @@ config XEN_SHSTK
>>  config SHADOW_PAGING
>>  	bool "Shadow Paging"
>>  	default !PV_SHIM_EXCLUSIVE
> 
> Hang on - this is bug, and is what needs dropping.
> 
> PV Shim uses Shadow, in default configurations, for L1TF protections to
> keep userspace out of the guest kernel.  Without it, the shim'd guest
> will be crashed when it writes an L1TF-vulnerable PTE.
> 
> OSSTest ought to have blocked this as a regression, but I suspect its
> not running the XTF PV guests in shim mode.

One thing at a time please - if there's an issue here, this wants
addressing in a separate change (which then also may need
backporting).

Jan

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.