Hi Hongyan,
On 30/04/2020 21:44, Hongyan Xia wrote:
From: Hongyan Xia <hongy...@amazon.com>
Also add a helper function to retrieve it. Change arch_mfn_in_direct_map
to check this option before returning.
This is added as a boot command line option, not a Kconfig. We do not
produce different builds for EC2 so this is not introduced as a
compile-time configuration.
Signed-off-by: Hongyan Xia <hongy...@amazon.com>
---
docs/misc/xen-command-line.pandoc | 12 ++++++++++++
xen/arch/x86/mm.c | 3 +++
xen/arch/x86/setup.c | 2 ++
xen/include/asm-arm/mm.h | 5 +++++
xen/include/asm-x86/mm.h | 17 ++++++++++++++++-
5 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/docs/misc/xen-command-line.pandoc
b/docs/misc/xen-command-line.pandoc
index ee12b0f53f..7027e3a15c 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -652,6 +652,18 @@ Specify the size of the console debug trace buffer. By
specifying `cpu:`
additionally a trace buffer of the specified size is allocated per cpu.
The debug trace feature is only enabled in debugging builds of Xen.
+### directmap (x86)
+> `= <boolean>`
+
+> Default: `true`
+
+Enable or disable the direct map region in Xen.
+
+By default, Xen creates the direct map region which maps physical memory
+in that region. Setting this to no will remove the direct map, blocking
+exploits that leak secrets via speculative memory access in the direct
+map.
+
### dma_bits
> `= <integer>`
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index b3530d2763..64da997764 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -162,6 +162,9 @@ l1_pgentry_t __section(".bss.page_aligned")
__aligned(PAGE_SIZE)
l1_pgentry_t __section(".bss.page_aligned") __aligned(PAGE_SIZE)
l1_fixmap_x[L1_PAGETABLE_ENTRIES];
+bool __read_mostly opt_directmap = true;
+boolean_param("directmap", opt_directmap);
+
paddr_t __read_mostly mem_hotplug;
/* Frame table size in pages. */
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index faca8c9758..60fc4038be 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1282,6 +1282,8 @@ void __init noreturn __start_xen(unsigned long mbi_p)
if ( highmem_start )
xenheap_max_mfn(PFN_DOWN(highmem_start - 1));
+ printk("Booting with directmap %s\n", arch_has_directmap() ? "on" : "off");
+
/*
* Walk every RAM region and map it in its entirety (on x86/64, at least)
* and notify it to the boot allocator.
diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h
index 7df91280bc..e6fd934113 100644
--- a/xen/include/asm-arm/mm.h
+++ b/xen/include/asm-arm/mm.h
@@ -366,6 +366,11 @@ int arch_acquire_resource(struct domain *d, unsigned int
type, unsigned int id,
return -EOPNOTSUPP;
}
+static inline bool arch_has_directmap(void)
+{
+ return true;
arm32 doesn't have a directmap, so this needs to be false for arm32 and
true for arm64.
I would also like the implementation of the helper close to
arch_mfn_in_directmap() in asm-arm/arm*/mm.h.
Cheers,
--
Julien Grall
