[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v9 08/11] x86/entry: Clobber the Return Stack Buffer/Return Address Stack on entry to Xen

>>> On 19.01.18 at 17:10, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 19/01/18 15:02, Jan Beulich wrote:
>>>>> On 19.01.18 at 15:24, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 19/01/18 12:47, Jan Beulich wrote:
>>>>>>> On 18.01.18 at 16:46, <andrew.cooper3@xxxxxxxxxx> wrote:
>>>>> @@ -265,6 +265,10 @@ On hardware supporting IBRS, the `ibrs=` option can 
>>>>> be 
>>>>> used to force or
>>>>>  prevent Xen using the feature itself.  If Xen is not using IBRS itself,
>>>>>  functionality is still set up so IBRS can be virtualised for guests.
>>>>>  
>>>>> +The `rsb_vmexit=` and `rsb_native=` options can be used to fine tune 
>>>>> when the
>>>>> +RSB gets overwritten.  There are individual controls for an entry from 
>>>>> HVM
>>>>> +context, and an entry from a native (PV or Xen) context.
>>>> Would you mind adding a sentence or two to the description making
>>>> clear what use this fine grained control is? I can't really figure why I
>>>> might need to be concerned about one of the two cases, but not the
>>>> other.
>>> I though I'd covered that in the commit message, but I'm not sure this
>>> is a suitable place to discuss the details.  PV and HVM guests have
>>> different reasoning for why we need to overwrite the RSB.
>>>
>>> In the past, there used to be a default interaction of rsb_native and
>>> SMEP, but that proved to be insufficient and rsb_native is now
>>> unconditionally enabled.  In principle however, it should fall within
>>> CONFIG_PV.
>> Thanks for the explanation, but I'm afraid I'm none the wiser as
>> to why the two separate options are needed (or even just wanted).
> 
> If you never run 32bit PV guests, and don't use Introspection on HVM VMs
> larger than 7 vcpus, then you are believed safe to turn rsb_native off.

Where does that funny 7 come from.

> Also, based on feedback we're seeing from the field, an "I trust my PV
> guest mode" looks like it will go a long way.  When dom0 is the only PV
> guest (which is very common, and increasingly so these days), then we
> can drop rsb_native and IBRS_CLEAR, giving us zero overhead for
> exception/interrupt handling.

Okay, makes sense, thanks. Would be nice if you could add some of
this to the description.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.