Re: [PATCH][4.15] x86: mirror compat argument translation area for 32-bit PV

["Roger Pau Monné" <roger.pau@citrix.com>]

On Mon, Feb 22, 2021 at 03:20:24PM +0100, Jan Beulich wrote:
> On 22.02.2021 15:13, Roger Pau Monné wrote:
> > On Mon, Feb 22, 2021 at 12:35:21PM +0100, Roger Pau Monné wrote:
> >> On Mon, Feb 22, 2021 at 11:27:07AM +0100, Jan Beulich wrote:
> >>> Now that we guard the entire Xen VA space against speculative abuse
> >>> through hypervisor accesses to guest memory, the argument translation
> >>> area's VA also needs to live outside this range, at least for 32-bit PV
> >>> guests. To avoid extra is_hvm_*() conditionals, use the alternative VA
> >>> uniformly.
> >>
> >> Since you are double mapping the per-domain virtual area, won't it
> >> make more sense to map it just once outside of the Xen virtual space
> >> area? (so it's always using PML4_ADDR(511))
> > 
> > Right, that's not possible for PV 64bit domains because it's guest
> > owned linear address space in that case.
> > 
> > It seems like paravirt_ctxt_switch_to will modify the root_pgt to set
> > the PERDOMAIN_VIRT_START entry, does the same need to be done for
> > PERDOMAIN2_VIRT_START?
> 
> I don't think so, no. Argument translation doesn't happen when
> the restricted page tables are in use, and all other uses of
> the per-domain area continue to use the "normal" VA.

Oh, OK, thanks for the clarification. AFAICT the PERDOMAIN2_VIRT_START
slot won't get populated on the restricted page tables, and hence will
always trigger a page fault if access is attempted with those tables
loaded.

> > I would also consider giving the slot a more meaningful name, as
> > PERDOMAIN2_VIRT_START makes it seem like a new per-domain scratch
> > space, when it's just a different mapping of the existing physical
> > memory.
> > 
> > Maybe PERDOMAIN_MIRROR_VIRT_START? Or PERDOMAIN_XLAT_VIRT_START?
> 
> XLAT would be too specific - while we use it for xlat only, it's
> still all of the mappings that appear at the alternate addresses.

Well, given that such mappings won't be available when running 64bit
PV guests I still think it's unlikely to be used for anything that's
not XLAT specific, as it won't work for 64bit PV guests otherwise.

> I did consider using MIRROR, but it got too long for my taste.
> Now that I think about it maybe PERDOMAIN_ALT_VIRT_START would do?

Indeed, I would prefer that rather than PERDOMAIN2_VIRT_START if you
still consider XLAT to be too specific.

Thanks, Roger.