From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v2] x86/vmx: Add command line option to enable EPT without PAT Date: Thu, 17 Apr 2014 00:04:33 +0100 Message-ID: <534F0C81.9040309@citrix.com> References: <1397688737-30131-1-git-send-email-aravindp@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WaYsp-0005On-WC for xen-devel@lists.xenproject.org; Wed, 16 Apr 2014 23:04:48 +0000 In-Reply-To: <1397688737-30131-1-git-send-email-aravindp@cisco.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Aravindh Puthiyaparambil , xen-devel@lists.xenproject.org Cc: Kevin Tian , Eddie Dong , Jun Nakajima List-Id: xen-devel@lists.xenproject.org On 16/04/2014 23:52, Aravindh Puthiyaparambil wrote: > The fix for XSA-60 disables EPT if PAT is not available. This patch > adds a command line option called "ept_without_pat", that allows EPT to > be enabled even when PAT is not present. This is to enable Xen to run as > a nested guest with EPT on hypervisors that have nested EPT but not > nested PAT. > > Signed-off-by: Aravindh Puthiyaparambil > Cc: Jun Nakajima > Cc: Eddie Dong > Cc: Kevin Tian Reviewed-by: Andrew Cooper > > --- > Changes from version 1: > 1. Fix and update documentation with suggestion from Andrew Cooper. > 2. Remove redundant assignment. > > docs/misc/xen-command-line.markdown | 14 ++++++++++++++ > xen/arch/x86/hvm/vmx/vmx.c | 5 ++++- > 2 files changed, 18 insertions(+), 1 deletion(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > index 87de2dc..138fee9 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -523,6 +523,20 @@ Either force retrieval of monitor EDID information via VESA DDC, or > disable it (edid=no). This option should not normally be required > except for debugging purposes. > > +### ept\_without\_pat (Intel) > +> `= ` > + > +> Default: `false` > + > +Allow EPT to be enabled when PAT is not present. > + > +*Warning:* > +Due to CVE-2013-2212, PAT is by default required as a prerequisite for > +using EPT. If you are not using PCI Passthrough, or trust the guest > +administrator who would be using passthrough, then the PAT requirement > +can be relaxed. This option is useful for nested virtualisation cases > +where the outer hypervisor does not expose PAT functionality to Xen. > + > ### extra\_guest\_irqs > > `= [][,]` > > diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c > index 180cf6c..fee81c9 100644 > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@ -58,6 +58,9 @@ > #include > #include > > +static bool_t __initdata opt_ept_without_pat; > +boolean_param("ept_without_pat", opt_ept_without_pat); > + > enum handler_return { HNDL_done, HNDL_unhandled, HNDL_exception_raised }; > > static void vmx_ctxt_switch_from(struct vcpu *v); > @@ -1724,7 +1727,7 @@ const struct hvm_function_table * __init start_vmx(void) > * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole > * (refer to http://xenbits.xen.org/xsa/advisory-60.html). > */ > - if ( cpu_has_vmx_ept && cpu_has_vmx_pat ) > + if ( cpu_has_vmx_ept && (cpu_has_vmx_pat || opt_ept_without_pat) ) > { > vmx_function_table.hap_supported = 1; >