[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2][4.15?] x86/shadow: suppress "fast fault path" optimization when running virtualized
- To: Ian Jackson <iwj@xxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Fri, 5 Mar 2021 16:47:06 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KtuSCxMsLt2tLA7f7eJArRAh9WaD27gFXiZjNLKjPH4=; b=oFCTAVH23bD+qrhij+ctcYQUymPHLAZIMiFsOAML8OFK2JG5PA4dFPaNU/x4fgykLTJSuCiUhNFBNF0JuAvBXFEfX3ScGxq0EDNW1lHe/7LdLUSZBRDHRHUFd6nJY73qnYP8UwQrub7DIzzAI/TO+UQe7EGR/+EWf5hRSlrqbyICfiauWTueDtbeqNNC4uvXPubyKB1f2T6LSf1QSZgGd9JflM3/xb4UysuPPulsatL+kQwIg5bsNVyBFN9O9BTdCJzZcnpDQv+8uy1DmsozvLBjSLicT2MtmnR3IOlDKQyFoXDlemu2ZVfUE9s2nb4H3W7doVaiRPpGwBxB6N1asQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=be+sUobR5F4g568HT7FcPuCnBco8umhAXzS5mHPc6cw9i7A5ijz9i6WngmBtMHFi7p0TvlmTpipYv4axbAvxXW4UEBNYC8GALyxq/U7ZNjodI3ZUjupwY3CmEYcsmlSFz08z1B229aZVw2dfPtLq7zj4GgX5Z8OeHA0cPUEb/9K6XBjUkDnxe+tOK14Y57uhWPiIdD/uvU+Q4jhe8q4H9wPFt1Md703ink6yq83rnmP3V0V5XX3zOAX3mPMarhmjV8rk7mcEKOrdqz2+gKLswsPnsyEDTtEjn/qyx+uoyVyj/jo1esZAFpU7Z7XNWsqBSuduFLflKIxuOSBymmPavw==
- Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Fri, 05 Mar 2021 16:47:22 +0000
- Ironport-sdr: VDqlEBfzRcO5ta8GCEO/cjTgjNjkcgdtEzjVlvsYfgK1i0uW0xs4mvpNY3AVgZ83I+/RTjy8+1 G2B3N8L3SjNc/Wz8mFpj8r2FOFWoylKWz4OsulMfhIPRAc60rbgQv2/bpifDu77za2z5YbUuP5 cSXOHYEOxPTAylbl5C4/VwqKdcWoXW7vrYY46HaRsWvX9NK3JRSGMXvIyQE6fl2l9GFMvPD5jQ eXHUoGlOsoZjxe0ScQ1Ft9AGbh5d7cRF+D6PU/+eJHh9yi+//LQC7RxGxwv8jE+SV+3DjyA4wV Ud8=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 05/03/2021 16:40, Ian Jackson wrote:
> Andrew Cooper writes ("Re: [PATCH 1/2][4.15?] x86/shadow: suppress "fast
> fault path" optimization when running virtualized"):
>> This wants backporting to stable releases, so I would recommend for 4.15
>> even at this point.
> Can someone explain to me the implications of not taking these patch,
> and the risks of taking them ?
>
> AFIACT the implications of not taking 1/ are that we would misbehave
> in a security relevant way, sometimes, when we are running under
> another hypervisor ?
Correct. Specifically if you've got a migration pool containing an
IceLake server and something older.
> And the implications of not taking 2/ is a performance problem ?
Correct (I believe).
> As to the risks, 1/ looks obviously correct even to me.
I agree, although Tim has the deciding maintainer vote.
> 2/ seems complex. What would go wrong if there were a misplaced ) or
> confused bit-twiddling or something ?
The bit twiddling can be independency checked by disassembling the binary.
However, I have some concerns with the patch as-is, in relation to L1TF
/ XSA-273.
~Andrew
|
