[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 12/12] SUPPORT.md: write down restriction of 32-bit tool stacks
- To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Fri, 25 Jun 2021 20:45:56 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BSNxHExedVhCZK4HiV9874ynzIwZDWceReo04kMqWPg=; b=lPco/B9WwbzuQTLcdgNrGJtJGTBsnWxUhubeUbMQAOxzyKnJDdoHFZ2WwsKF7nIiqPq9DBkyEZ0uKxo+EytGgGalt3m2HQfQNr0a/eTvtMqBMOkAFyD/7d07JgcI3tqpoo+fFGK5rDjDr+EtnRKN0jpTuNFp/ejVZ2J8NmvOrxgFJ0NVk+6bktJZe1F5fuDUFZlCUVXGOdPOqD8ruR5SbrcWv3ppGsVE8oxMAvcZ6o5TdANzTFnUbBwQcy1Wx3Vi6mMcnMCVULrfdPzHbJW8oVPrJylgI2edj5U5WfuIyIKtqXXMYNL6zo/EDhO0tfQasfOpOZVsu90M2i+MQpWGCA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F9jMG6TQkiAivg3RsHAI5M8bcWM3adZtDQX556dMiog8VyqzqozvgWnwSmPnToU6C6CseX375qCketkP78gb8oeRvT2nF/LDXeMJBVfERukc5SKQZ76ZUIFvdizFM5fWnY/4d7KZAPt19JGy2tYqV6USEs2V/CJ9rDwQJMohgCMNU1zLtzpnv2n1TF3watRK8Grb8fniQzoVsENfApqxEbVyvOgJ+CjQj6RRKk4VZ99uQLHTEp6uqzACu78UAD9WVVkeay9Zy5SlH6/6B20bYcQEA5lQTpRG8WYzNGb5JTk9K/efLH5c97n/ROs7Eu7DySlDwi9O8ibCC52XitHo/w==
- Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Fri, 25 Jun 2021 19:46:34 +0000
- Ironport-hdrordr: A9a23:SoEy6qmy7ORh252OlFc0rY1HKp7pDfLo3DAbv31ZSRFFG/Fw9/ rCoB17726QtN91YhsdcL+7V5VoLUmzyXcX2/hyAV7BZmnbUQKTRekP0WKL+Vbd8kbFh41gPM lbEpSXCLfLfCJHZcSR2njELz73quP3jJxBho3lvghQpRkBUdAF0+/gYDzranGfQmN9dP0EPa vZ3OVrjRy6d08aa8yqb0N1JNQq97Xw5fTbiQdtPW9f1DWz
- Ironport-sdr: W7ryesnrZ1mT1NU/MBQPMVkjvyPqNeADJhCd5EeJD37rj1dbSNwn7ttmbLBLsKdp+EPLHfGkkf UdwEKMu2dN2r1k5ICbV2jbo7gYZ2jYgJU9QYNiMBAc+4QFbNL+Hbdxva/HkBTHh47ivCSqYTRQ Uhdw0KuraUYsH2lIRlRrj2FLKh0Enx10EhlTZcwi6QBU4jyyqA8TcaU4gldRfsGmdJ6ZhLiBgs ttwL6n7prkAcrbEz3n8fLdKwMyON4n2SrrmaZDO1ZE/zmCJKzzH1u/eJETDiP+XqqTX6Xv5oxw ij8=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 25/06/2021 14:24, Jan Beulich wrote:
> Let's try to avoid giving the impression that 32-bit tool stacks are as
> capable as 64-bit ones.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> --- a/SUPPORT.md
> +++ b/SUPPORT.md
> @@ -131,6 +131,11 @@ ARM only has one guest type at the momen
>
> ## Toolstack
>
> +While 32-bit builds of the tool stack are generally supported, restrictions
> +apply in particular when running on top of a 64-bit hypervisor.
Actually, this isn't true, and in a way which helps us right now.
PV32 isn't security supported, and neither ARM nor x86 support dom0
bitness != Xen bitness. On x86, it doesn't remotely work because of the
pointer size mismatch, and while this was bodged in a horrifying way in
the ARM ABI, I doubt anyone is in a hurry to turn that into a supported
configuration.
That said, it is my intent with the ABIv2 changes for a 32bit toolstack,
under 64bit guest kernel, under 64bit or 128bit Xen (yes - RISCV-128 is
already a thing being discussed) to function.
> For example,
> +very large guests aren't supported in this case.
The wording here wants to be careful, because under certain readings,
you've just dropped security support for 32bit toolstacks.
What we actually mean is "a toolstack with bitness < Xen is not expected
to be able to manage very large domains correctly, and don't pester us
with bugs when it doesn't work because we won't fix them".
Whereas we will fix security issues which only happen to manifest in
32bit builds of the toolstack.
> This includes guests giving
> +the appearance of being large, by altering their own memory layouts.
I'd drop sentence. Its an internal detail of a corner case which we're
expecting to remove in the future, and "the guest kernel can DoS itself"
isn't interesting.
~Andrew
|