[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported

  • To: Jan Beulich <jbeulich@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 6 May 2021 15:32:25 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5FNwnAB3vIXhH5Kj/Dmqd51S5dHgDYQhMWt3N+k9sfo=; b=ICESqaqrTEkTLsLLnrTYV6ofxkXrshz1TdoOeLHKa5WXVtERpE4VE/FtcVdewyd3RHgGF8aquQ3WyBU/H2/dybLOTbEpd8dMX8wOhmufQt4CiZIFf1wyXJujSsaghB1m2A5PLVkTG5yGQAOyY5fXLtrNucPawCeSBZtrt2Y0OScQRE8A2qeSW99FLziIAsztGUBJ3zHLxwghJJ+pg8RuR0ObpjMfXwcs8CU6Bg1ZojMyRF5w+G8gv+Km4OB7AyEXlLzP2z8/S0SZ03zA9zqbCEvySqTDcbD2s9YyTs5PYAMxDUnJPKxWffnIRykS9pKAW8ESLU8JkJyXAKCy4f2Hfw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Or7wzHy4xluRofA06Z838MGWy9jwkt88BAjNb7GZvICJWgJ8WqM2H8SD462koImB1pdVsD8WEOPIDHtJYzJaFsyt45AfMQfGxuNkK41yMIPMIJTw0HrUdW0KVysOI28Zqk3yZNBJORlWMidPcvQVY16vPh3Gr/L+BrOIpJedDj/9wzdQ2ebgHkMW66OPoO3RIa9svBjF7KQU66O7rr7Wl/3lkMKNcZ7lpijpA6GfhvVMfqwDJ1brlaQGyPmi7p3nHTU1YUw11dfomt3/2X8TVa2N/yRAuvITA+Svtj3+4mdY1S9IiBSb1nNsLzn6GHKzo/xfGbzZfok9Bdn63sDWCA==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Thu, 06 May 2021 14:32:43 +0000
  • Ironport-hdrordr: A9a23:bbd0yqP+BrhcGcBcT//155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjztSWVtN4QMEtQ/exoS5PwP080kqQFnrX5XI3SIDUO3VHIEGgM1/qY/9SNIVyZygcZ79 YcT0EcMqyDMbEZt7eD3ODQKb9Jq7PrgcPY55ar854ud3AMV0gJ1XYLNu/xKDwOeOApP+tdKH PR3Ls8m9L2Ek5nHvhTS0N1EdQqyLbw5dPbSC9DIyRixBiFjDuu5rK/OQOfxA0iXzRGxqpn2X TZkiTij5/T8c2T+1v57Sv+/p5WkNzuxp9oH8qXkPUYLT3ql0KBeJlhYbufpzo4ydvfq2rCqO O85yvIAv4DrE84JgqO0F3QMkjboXYTAkbZuBqlaSCJm72heNpSYPAx8L6wcXPimgcdVZ9Hof p2N8/wjeseMfr6plWK2zH/bWAhqqOFmwtUrQcttQ0XbWI/Us4ckWVNxjIbLH8/dBiKo7zPR9 Meff00oswmKm+nUw==
  • Ironport-sdr: zJO1A1rdFC/aAU1yWCBTnNnbjTqoGuCBWMcgXPRQ9rV5KDY5/IbUz/TcmLuU5QqjwmIz3ETBpJ jYmS2/XLOV4bOz7ExKz5R1KezeetTsT6/BR/w4UvvN7w89d6fi/2jWAQuErmrNB419mqqj0y8h JeTPezdV+nOF4VtW8AW5zny8cAFiRyVVuYOEy02XAR4hSkBg1jQsHHAkJU5RdIJuZsUo7X/0zj UdokDf6s/wE/iZfihB66GbLEKQSGSqrPOSCrPFq/cIGjsi41RfGSIp0lVaEougiuTc83Af0bOp w/M=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 06/05/2021 14:09, Jan Beulich wrote:
> On 06.05.2021 14:47, George Dunlap wrote:
>> --- a/xen/arch/x86/Kconfig
>> +++ b/xen/arch/x86/Kconfig
>> @@ -55,7 +55,7 @@ config PV
>>  config PV32
>>      bool "Support for 32bit PV guests"
>>      depends on PV
>> -    default y
>> +    default PV_SHIM
>>      select COMPAT
>>      ---help---
>>        The 32bit PV ABI uses Ring1, an area of the x86 architecture which
>> @@ -67,7 +67,10 @@ config PV32
>>        reduction, or performance reasons.  Backwards compatibility can be
>>        provided via the PV Shim mechanism.
>>  
>> -      If unsure, say Y.
>> +      Note that outside of PV Shim, 32-bit PV guests are not security
>> +      supported anymore.
>> +
>> +      If unsure, use the default setting.
> Alongside this I wonder whether we should also default opt_pv32 to false
> then, unless running in shim mode.

No - that's just rude to users.

Anyone whose enabled CONFIG_PV32 may potentially want to run such guests.

Its easy to avoid issues here by not running 32bit bit guests, or not
running untrusted guests, but forcing everyone to reboot a second time
to specify pv=32 to unbreak their environment is downright unhelpful.


Perhaps tangentially, xl/libxl needs some remedial work as a followup,
because:

Executing 'xl create -p tests/example/test-pv32pae-example.cfg'
Parsing config from tests/example/test-pv32pae-example.cfg
xc: error: panic: xg_dom_boot.c:121: xc_dom_boot_mem_init: can't
allocate low memory for domain: Out of memory
libxl: error: libxl_dom.c:586:libxl__build_dom: xc_dom_boot_mem_init
failed: Operation not supported
libxl: error: libxl_create.c:1572:domcreate_rebuild_done: Domain
3:cannot (re-)build domain: -3
libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain
3:Non-existant domain
libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain
3:Unable to destroy guest
libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain
3:Destruction of domain failed

is what the user gets back when Xen has correctly reported that it isn't
pv32-capable, and rejects the switch_compat() hypercall.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.