Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.10697
59f3366d-x86-PV-optional-linear-PT.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 59f3366d-x86-PV-optional-linear-PT.patch of Package xen.10697
# Commit 3285e75dea89afb0ef5b3ee39bd15194bd7cc110 # Date 2017-10-27 14:36:45 +0100 # Author George Dunlap <george.dunlap@citrix.com> # Committer George Dunlap <george.dunlap@citrix.com> x86/mm: Make PV linear pagetables optional Allowing pagetables to point to other pagetables of the same level (often called 'linear pagetables') has been included in Xen since its inception; but recently it has been the source of a number of subtle reference-counting bugs. It is not used by Linux or MiniOS; but it is used by NetBSD and Novell Netware. There are significant numbers of people who are never going to use the feature, along with significant numbers who need the feature. Add a Kconfig option for the feature (default to 'y'). Also add a command-line option to control whether PV linear pagetables are allowed (default to 'true'). NB that we leave linear_pt_count in the page struct. It's in a union, so its presence doesn't increase the size of the data struct. Changing the layout of the other elements based on configuration options is asking for trouble however; so we'll just leave it there and ASSERT that it's zero. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -854,6 +854,25 @@ This option can be specified more than o ### ple\_window > `= <integer>` + +### pv-linear-pt +> `= <boolean>` + +> Default: `true` + +Only available if Xen is compiled with CONFIG\_PV\_LINEAR\_PT support +enabled. + +Allow PV guests to have pagetable entries pointing to other pagetables +of the same level (i.e., allowing L2 PTEs to point to other L2 pages). +This technique is often called "linear pagetables", and is sometimes +used to allow operating systems a simple way to consistently map the +current process's pagetables into its own virtual address space. + +Linux and MiniOS don't use this technique. NetBSD and Novell Netware +do; there may be other custom operating systems which do. If you're +certain you don't plan on having PV guests which use this feature, +turning it off can reduce the attack surface. ### reboot > `= t[riple] | k[bd] | a[cpi] | p[ci] | e[fi] | n[o] [, [w]arm | [c]old]` --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -741,6 +741,9 @@ static void dec_linear_uses(struct page_ * frame if it is mapped by a different root table. This is sufficient and * also necessary to allow validation of a root table mapping itself. */ +static bool_t __read_mostly opt_pv_linear_pt = 1; +boolean_param("pv-linear-pt", opt_pv_linear_pt); + #define define_get_linear_pagetable(level) \ static int \ get_##level##_linear_pagetable( \ @@ -750,6 +753,12 @@ get_##level##_linear_pagetable( struct page_info *page; \ unsigned long pfn; \ \ + if ( !opt_pv_linear_pt ) \ + { \ + MEM_LOG("Attempt to create linear p.t. (feature disabled)\n"); \ + return 0; \ + } \ + \ if ( (level##e_get_flags(pde) & _PAGE_RW) ) \ { \ MEM_LOG("Attempt to create linear p.t. with write perms"); \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor