[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SM
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI |
|
Date: |
Mon, 28 Nov 2016 12:51:25 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
On 28/11/2016 12:24, Igor Mammedov wrote:
> On Mon, 28 Nov 2016 10:41:42 +0100
> Paolo Bonzini <address@hidden> wrote:
>
>> On 25/11/2016 15:10, Igor Mammedov wrote:
>>> On Fri, 25 Nov 2016 03:55:29 -0500 (EST)
>>> Paolo Bonzini <address@hidden> wrote:
>>>>> if 0x30000 were covered by SMRR range, then OSPM wouldn't able to
>>>>> place its own code there and there wouldn't be any need in side interfaces
>>>>> to put and get CPU in/from some undefined by spec state (parked).
>>>>>
>>>>> But above would imply a large block allocated at 0x30000 to fit all
>>>>> possible CPUs+1, not sure if it's doable (maybe edk2 wouldn't have
>>>>> big issues with reserving large block in lowmem).
>>>>
>>>> If you mean that the default SMRR range would include 0x30000 for an
>>>> hotplugged
>>>> CPU, that would work but it is a significant departure from real hardware.
>>>> I'd rather avoid that.
>>>
>>> But that's guest side only solution to guest problem, that won't require
>>> any assistance from QEMU/KVM.
>>
>> No, I don't think it can be guest-only. The initial value of SMRRs is
>> undefined, and SMRRs are per processor. The newly-hotplugged CPU has no
>> SMRRs defined when it is started up.
>
> Does it matter?
> If 0x30000 is protected by SMRRs on exiting CPUs so OS can't tamper with it
> and SMI is injected on hotplug
> (i.e. hotplugged CPU arrives with SMI pin active, we can do this without
> inventing PV solution to park/unpark CPU).
If you mean placing TSEG at 0x30000 no, that won't work. You need much
more memory than that.
If you need placing SMRRs there because KVM doesn't need SMRRs to
overlap TSEG, there are problems:
0) KVM doesn't implement SMRRs yet anyway. :)
1) while it's true that we don't need SMRRs, on Haswell and newer
processors SMRRs also provide the range of physical addresses from which
you can execute from in SMM ("SMM Code Access Check"). We do not
implement that, but it's planned.
2) I would still not bet on not having other vulnerabilities hidden.
For example, can the OS try to have two hotplugs run the initial SMM in
parallel?
3) It's really ugly and only works for virt. I wouldn't even call the
alternative PV. This thing is not part of the hardware specs; as long
as ACPI can describe it, it's not PV, it's firmware.
Paolo
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, (continued)
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Igor Mammedov, 2016/11/25
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Igor Mammedov, 2016/11/24
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Paolo Bonzini, 2016/11/24
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Igor Mammedov, 2016/11/24
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Paolo Bonzini, 2016/11/25
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Igor Mammedov, 2016/11/25
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Paolo Bonzini, 2016/11/28
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI, Igor Mammedov, 2016/11/28
- Re: [Qemu-devel] [PATCH v3 for-2.9 0/3] q35: add negotiable broadcast SMI,
Paolo Bonzini <=