On 10/17/2017 06:10 PM, George Dunlap wrote: > Allowing pagetables to point to other pagetables of the same level > (often called 'linear pagetables') has been included in Xen since its > inception; but recently it has been the source of a number of subtle > reference-counting bugs. > > It is not used by Linux or MiniOS; but it used used by NetBSD and > Novell Netware. There are significant numbers of people who are never > going to use the feature, along with significant numbers who need the > feature. > > Add a Kconfig option for the feature (default to 'y'). Also add a > command-line option to control whether PV linear pagetables are > allowed (default to 'true'). > > In order to make the code clean: > - Introduce LPT_ASSERT(), which only exists if CONFIG_PV_LINEAR_PT is defined > - Introduce zero_linear_entries() to set page->linear_pt_count to zero > (or do nothing, as appropriate) > > Reported-by: Jann Horn <ja...@google.com> > Signed-off-by: George Dunlap <george.dun...@citrix.com> > --- > Changes since XSA > - Add a Kconfig option > - Default to 'on' (rather than 'off'). > > Release justification: This was originally part of a security fix > embargoed until after the freeze date; it wasn't checked in with the > other security patches in order to allow a discussion about the > default. > > CC: Ian Jackson <ian.jack...@citrix.com> > CC: Wei Liu <wei.l...@citrix.com> > CC: Andrew Cooper <andrew.coop...@citrix.com> > CC: Jan Beulich <jbeul...@suse.com> > CC: Stefano Stabellini <sstabell...@kernel.org> > CC: Konrad Wilk <konrad.w...@oracle.com> > CC: Julien Grall <julien.gr...@arm.com> > --- > docs/misc/xen-command-line.markdown | 16 ++++++++++++++++ > xen/arch/Kconfig | 1 + > xen/arch/arm/mm.c | 1 + > xen/arch/x86/Kconfig | 21 ++++++++++++++++++++ > xen/arch/x86/mm.c | 38 > +++++++++++++++++++++++++++++++++---- > xen/include/asm-x86/mm.h | 5 +++++ > 6 files changed, 78 insertions(+), 4 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown > b/docs/misc/xen-command-line.markdown > index eb4995e68b..952368d3be 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -1422,6 +1422,22 @@ The following resources are available: > CDP, one COS will corespond two CBMs other than one with CAT, due to the > sum of CBMs is fixed, that means actual `cos_max` in use will > automatically > reduce to half when CDP is enabled. > + > +### pv-linear-pt > +> `= <boolean>` > + > +> Default: `false` > + > +Allow PV guests to have pagetable entries pointing to other pagetables > +of the same level (i.e., allowing L2 PTEs to point to other L2 pages). > +This technique is often called "linear pagetables", and is sometimes > +used to allow operating systems a simple way to consistently map the > +current process's pagetables into its own virtual address space. > + > +Linux and MiniOS don't use this technique. NetBSD and Novell Netware > +do; there may be other custom operating systems which do. If you're > +certain you don't plan on having PV guests which use this feature, > +turning it off can reduce the attack surface. > > ### rcu-idle-timer-period-ms > > `= <integer>` > diff --git a/xen/arch/Kconfig b/xen/arch/Kconfig > index cf0acb7e89..47287a4985 100644 > --- a/xen/arch/Kconfig > +++ b/xen/arch/Kconfig > @@ -6,3 +6,4 @@ config NR_CPUS > default "128" if ARM > ---help--- > Specifies the maximum number of physical CPUs which Xen will support. > + > diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c > index 3c328e2df5..199155fcd8 100644 > --- a/xen/arch/arm/mm.c > +++ b/xen/arch/arm/mm.c > @@ -42,6 +42,7 @@ > #include <xen/libfdt/libfdt.h> > #include <asm/setup.h> > > +
Gah -- sorry about the blank lines. Should have looked over the patch better first. I'll wait for feedback on the rest of the patch before I resend. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
