| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
 Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the paging mempool size
 
To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>From: Anthony PERARD <anthony.perard@xxxxxxxxxx>Date: Thu, 17 Nov 2022 14:10:02 +0000Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=noneCc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich	<JBeulich@xxxxxxxx>, Roger Pau Monné	<roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini	<sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk	<Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>,	Henry Wang <Henry.Wang@xxxxxxx>Delivery-date: Thu, 17 Nov 2022 14:10:25 +0000Ironport-data: A9a23:xUV/yKL52nx9KfIpFE+RJpUlxSXFcZb7ZxGr2PjKsXjdYENS0WRRy DEaDDvTMqrbYmejet4lPI7i8U0FvZ6Gx4BnSgFlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHv+kUrWs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPdwP9TlK6q4mlB5wVhPaojUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c53WVwW8 L8VMgsqTRDTp+Cm/YP8c+Bj05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGQpPE+ojx5nYz/7DLo3mvuogX/uNSVVsluPqYI84nTJzRw327/oWDbQUozWG5wJwxrJz o7A13zIAQAhO/yf8DaA6nT22NLUoyHVV41HQdVU8dY12QbOlwT/EiY+V0a/oPS/ol6zXZRYM UN80jE1saE4+UivT9/8dx61uniJulgbQdU4O9M97AaB26/F+TGzD2IPTiNCQNE+vcpwTjsvv nepktXzFHpQubuaYXuH8/GfqjbaESIYN3MYbCkICw4M+cD+oZobhwjKCN1kFcadntDzXD393 T2OhCw/nKkIy94G0b2h+lLKiC7qoYLGJiYXzAjKWmOu7itieZWoIYev7DDz8vJoPIufCF6bs xA5d9O2tb5US8vXzWrUHbtLTOrBC+u53CP0gQZSR5xi+i6W3F2jLaBS8AxPY35gPZNREdP2W 3P7tQRU7Z5VGXKla65rfo68Y/gXIbjc+cfNDa6NMIcXCnRlXErepXw1OxbMt4z4uBJ0+ZzTL 6t3ZipF4ZwyLa18hAS7SO4GuVPA7nBvnDiDLXwXIvnO7FZ/WJJ3Ye1bWLdtRrpjhE9hnOky2 4g3Cidy408DONASmwGOmWPTRHhTRZTBObj4qtZMasmIKRd8FWcqBpf5mO1/K9I/xPgKzLmXp BlRv3O0LnKk3BUrzi3TNBhehE7HB84j/RrXwwRxVbpX55TTSdn2t/pOH3fGVbIm6PZi3ZZJo wotIq297zUmYmqvxgnxmrGn/dA8K0n23lrUV8dnCRBmF6Ndq8Xy0oeMVmPSGOMmVEJbaeNWT 2Wc6z7mIronport-hdrordr: A9a23:DmDCm6FWL5ODQ/5UpLqE6MeALOsnbusQ8zAXP0AYc3Jom+ij5q STdZUgpHrJYVkqNU3I9ertBEDEewK6yXcX2/hyAV7BZmnbUQKTRekIh7cKgQeQeBEWntQts5 uIGJIeNDSfNzdHsfo=List-id: Xen developer discussion <xen-devel.lists.xenproject.org> 
 On Thu, Nov 17, 2022 at 01:08:01AM +0000, Andrew Cooper wrote:
> The existing XEN_DOMCTL_SHADOW_OP_{GET,SET}_ALLOCATION have problems:
> 
>  * All set_allocation() flavours have an overflow-before-widen bug when
>    calculating "sc->mb << (20 - PAGE_SHIFT)".
>  * All flavours have a granularity of 1M.  This was tolerable when the size of
>    the pool could only be set at the same granularity, but is broken now that
>    ARM has a 16-page stopgap allocation in use.
>  * All get_allocation() flavours round up, and in particular turn 0 into 1,
>    meaning the get op returns junk before a successful set op.
>  * The x86 flavours reject the hypercalls before the VM has vCPUs allocated,
>    despite the pool size being a domain property.
>  * Even the hypercall names are long-obsolete.
> 
> Implement a better interface, which can be first used to unit test the
> behaviour, and subsequently correct a broken implementation.  The old
> interface will be retired in due course.
> 
> The unit of bytes (as opposed pages) is a deliberate API/ABI improvement to
> more easily support multiple page granularities.
> 
> This is part of XSA-409 / CVE-2022-33747.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx>
Acked-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Thanks,
-- 
Anthony PERARD
 |