On 11.11.2023 02:23, Stefano Stabellini wrote:
> On Mon, 6 Nov 2023, Nicola Vetrini wrote:
> There's also this functionally equivalent alternative, with or without
> the zeros, which
> doesn't incur in the risk of mistakenly attempting to initialize the
> same element twice,
>
On 10.11.2023 23:13, Andrew Cooper wrote:
> On 09/11/2023 11:59 pm, Stefano Stabellini wrote:
>> On Thu, 9 Nov 2023, Jan Beulich wrote:
>>> On 08.11.2023 15:37, Andrew Cooper wrote:
These 3 Kconfig docs were imported from Linux erroneously. They are
GPL-2.0-only in Linux, but have no
On 10.11.23 18:40, Julien Grall wrote:
Hi,
On 10/11/2023 11:34, Juergen Gross wrote:
Get the own domid via creation of a temporary event channel. There is
no "official" way to read the own domid in PV guests, so use the event
channel interface to get it:
- allocate an unbound event channel
On 10.11.2023 18:38, Julien Grall wrote:
> Hi Jan,
>
> On 10/11/2023 12:44, Jan Beulich wrote:
>> On 10.11.2023 13:23, Roger Pau Monné wrote:
>>> On Fri, Nov 10, 2023 at 12:34:32PM +0100, Juergen Gross wrote:
Get the own domid via creation of a temporary event channel. There is
no
Hi Xen Development Team,
I am reporting a potential bug in the nested SVM implementation of the
Xen hypervisor, observed under specific conditions in a DomU HVM
guest.
L1 on the DomU HVM guest sets a bit in CR4 of the VMCB12 save area
that is not part of hvm_cr4_guest_valid_bits and performs a
On 10.11.2023 17:54, Federico Serafini wrote:
> On 10/11/23 13:41, Jan Beulich wrote:
>> On 10.11.2023 12:23, Federico Serafini wrote:
>>> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
>>> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
>>> @@ -214,6 +214,15 @@ definition is
On 16.10.23 08:28, Juergen Gross wrote:
As a followup to the XSA-441 patch this series is doing a minor bug fix
and some cleanups of events_base.c (with some minor effects outside of
it).
Juergen Gross (7):
xen/events: fix delayed eoi list handling
xen/events: remove unused functions
Hello Xen experts, I am trying to set dom0_max_vcpus to a number that is
larger than the number of pcpus. For example, I have a 4-CPU machine but I
want applications in dom0 to have an illusion that they are running on a
64-cpu machine. However, it seems that dom0 will always recognize the
number
From: Madhavan T. Venkataraman
Implement a hypervisor function, kvm_protect_memory() that calls the
KVM_HC_PROTECT_MEMORY hypercall to request the KVM hypervisor to
set specified permissions on a list of guest pages.
Using the protect_memory() function, set proper EPT permissions for all
guest
From: Madhavan T. Venkataraman
When permissions are changed on an existing mapping, update the
permissions counters.
Cc: Borislav Petkov
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Ingo Molnar
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Mickaël Salaün
Cc: Paolo Bonzini
Cc: Sean
From: Madhavan T. Venkataraman
X86 uses a function called __text_poke() to modify executable code. This
patching function is used by many features such as KProbes and FTrace.
Update the permissions counters for the text page so that write
permissions can be temporarily established in the EPT to
From: Madhavan T. Venkataraman
When a page gets mapped, create permissions counters for it and
initialize them based on the specified permissions.
When a page gets unmapped, update the counters appropriately.
Cc: Borislav Petkov
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Ingo Molnar
Cc: Kees
From: Madhavan T. Venkataraman
Define a permissions counters structure that contains a counter for
read, write and execute. Each mapped guest page will be allocated a
permissions counters structure.
During kernel boot, walk the kernel address space, locate all the
mappings, create permissions
From: Madhavan T. Venkataraman
Add a new KVM_HC_PROTECT_MEMORY hypercall that enables a guest to set
EPT permissions for guest pages.
Until now, all of the guest pages (except Page Tracked pages) are given
RWX permissions in the EPT. In Heki, we want to restrict the permissions
to what is
This adds a new CONFIG_HEKI_TEST option to run tests at boot. Because we
use some symbols not exported to modules (e.g., kernel_set_to_readonly)
this could not work as modules.
To run these tests, we need to boot the kernel with the heki_test=N boot
argument with N selecting a specific test:
1.
flight 183738 linux-linus real [real]
http://logs.test-lab.xenproject.org/osstest/logs/183738/
Failures :-/ but no regressions.
Tests which did not succeed, but are not blocking:
test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 183736
test-amd64-amd64-xl-qemuu-win7-amd64
From: Madhavan T. Venkataraman
The Heki feature needs to do the following:
- Find kernel mappings.
- Determine the permissions associated with each mapping.
- Determine the collective permissions for a guest physical page across
all of its mappings.
This way, a guest physical page can
From: Madhavan T. Venkataraman
This feature can be used by a consumer to associate any arbitrary
pointer with a physical page. The feature implements a page table format
that mirrors the hardware page table. A leaf entry in the table points
to consumer data for that page.
The page table format
Define memory attributes that can be associated with guest physical
pages in KVM. To begin with, define permissions as memory attributes
(READ, WRITE and EXECUTE), and the IMMUTABLE property. In the future,
other attributes could be defined.
Use the memory attribute feature to implement the
To make it useful for other use cases such as Heki, remove the private
memory optimizations.
I guess we could try to infer the applied attributes to get back these
optimizations when it makes sense, but let's keep this simple for now.
Main changes:
- Replace slots_lock with slots_arch_lock to
This changes add support for VMX_FEATURE_MODE_BASED_EPT_EXEC (named
ept_mode_based_exec in /proc/cpuinfo and MBEC elsewhere), which enables
to separate EPT execution bits for supervisor vs. user. It transforms
the semantic of VMX_EPT_EXECUTABLE_MASK from a global execution to a
kernel execution,
From: Madhavan T. Venkataraman
Hypervisor Enforced Kernel Integrity (Heki) is a feature that will use
the hypervisor to enhance guest virtual machine security.
Implement minimal code to introduce Heki:
- Define the config variables.
- Define a kernel command line parameter "heki" to turn the
This enables to check if an attribute is tied to any memory page in a
range. This will be useful in a folling commit to check for
KVM_MEMORY_ATTRIBUTE_HEKI_IMMUTABLE.
Cc: Chao Peng
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Sean Christopherson
Cc: Yu Zhang
Signed-off-by: Mickaël Salaün
Add an interface for user space to be notified about guests' Heki policy
and related violations.
Extend the KVM_ENABLE_CAP IOCTL with KVM_CAP_HEKI_CONFIGURE and
KVM_CAP_HEKI_DENIAL. Each one takes a bitmask as first argument that can
contains KVM_HEKI_EXIT_REASON_CR0 and KVM_HEKI_EXIT_REASON_CR4.
Enable to only update a subset of attributes.
This is needed to be able to use the XArray for different use cases and
make sure they don't interfere (see a following commit).
Cc: Chao Peng
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Sean Christopherson
Cc: Yu Zhang
Signed-off-by: Mickaël
This function is needed for kvm_mmu_page_fault() to create synthetic
page faults.
Code originally written by Mihai Donțu and Nicușor Cîțu:
https://lore.kernel.org/r/20211006173113.26445-18-ala...@bitdefender.com
Renamed fault_gla() to fault_gva() and use the new
EPT_VIOLATION_GVA_IS_VALID.
Cc:
This enables guests to lock their CR0 and CR4 registers with a subset of
X86_CR0_WP, X86_CR4_SMEP, X86_CR4_SMAP, X86_CR4_UMIP, X86_CR4_FSGSBASE
and X86_CR4_CET flags.
The new KVM_HC_LOCK_CR_UPDATE hypercall takes three arguments. The
first is to identify the control register, the second is a bit
The hypervisor needs to provide some functions to support Heki. These
form the Heki-Hypervisor API.
Define a heki_hypervisor structure to house the API functions. A
hypervisor that supports Heki must instantiate a heki_hypervisor
structure and pass it to the Heki common code. This allows the
Hi,
This patch series is a proof-of-concept that implements new KVM features
(guest memory attributes, MBEC support, CR pinning) and defines a new
API to protect guest VMs. You can find related resources, including the
related commits here: https://github.com/heki-linux
We'll talk about this work
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> This patch adds basic virtio-pci support for xen_arm machine.
Why only xen_arm? Couldn't this be a fairly generic device which can be
instantiated on x86 too, both for real and emulated Xen guests? And
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> The PV backend running in other than Dom0 domain (non toolstack domain)
> is not allowed to destroy frontend/backend directories. The more,
> it does not need to do that at all, this is purely
On Sat, 2023-11-11 at 11:01 +, David Woodhouse wrote:
>
> > --- a/hw/xen/xen-operations.c
> > +++ b/hw/xen/xen-operations.c
> > @@ -300,6 +300,18 @@ static bool libxenstore_create(struct qemu_xs_handle
> > *h, xs_transaction_t t,
> > return false;
> > }
> >
> > + if (owner
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> Instead of forcing the owner to domid 0, use XS_PRESERVE_OWNER to save
> the previous owner of the directory.
>
You're missing the words "... if it already exists" from that sentence.
If the directory
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
Add option to preserve owner when creating an entry in Xen Store. This
may be needed in cases when Qemu is working as device model in a
domain that is Domain-0, e.g. in driver domain.
"owner" parameter for qemu_xen_xs_create() function can have
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
From: Oleksandr Tyshchenko
Both state (XenbusStateClosed) and online (0) are expected by
toolstack/xl devd to completely destroy the device. But "offline"
is never being set by the backend resulting in timeout during
domain destruction, garbage in
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
From: Oleksandr Tyshchenko
The PV backend running in other than Dom0 domain (non toolstack domain)
is not allowed to write frontend nodes. The more, the backend does not
need to do that at all, this is purely toolstack/xl devd business.
I do not
Pipeline #1069435466 has passed!
Project: xen ( https://gitlab.com/xen-project/xen )
Branch: staging ( https://gitlab.com/xen-project/xen/-/commits/staging )
Commit: bede1c7e (
https://gitlab.com/xen-project/xen/-/commit/bede1c7e3b790b63f1ff3ea3ee4e476b012fdf2c
)
Commit Message:
flight 183737 xen-unstable real [real]
http://logs.test-lab.xenproject.org/osstest/logs/183737/
Failures :-/ but no regressions.
Tests which did not succeed, but are not blocking:
test-armhf-armhf-libvirt 16 saverestore-support-checkfail like 183726
test-armhf-armhf-libvirt-qcow2 15
flight 183736 linux-linus real [real]
http://logs.test-lab.xenproject.org/osstest/logs/183736/
Failures :-/ but no regressions.
Tests which did not succeed, but are not blocking:
test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 183731
test-amd64-amd64-xl-qemuu-win7-amd64
39 matches
Mail list logo
