[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.12] x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD
commit 58d3a681b8f279d1801db6468d8b151bd2fd3518 Author: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx> AuthorDate: Thu Mar 5 11:16:11 2020 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Mar 5 11:16:11 2020 +0100 x86/sm{e, a}p: do not enable SMEP/SMAP in PV shim by default on AMD Due to AMD and Hygon being unable to selectively trap CR4 bit modifications running 32-bit PV guest inside PV shim comes with significant performance hit. Moreover, for SMEP in particular every time CR4.SMEP changes on context switch to/from 32-bit PV guest, it gets trapped by L0 Xen which then tries to perform global TLB invalidation for PV shim domain. This usually results in eventual hang of a PV shim with at least several vCPUs. Since the overall security risk is generally lower for shim Xen as it being there more of a defense-in-depth mechanism, choose to disable SMEP/SMAP in it by default on AMD and Hygon unless a user chose otherwise. Signed-off-by: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: b05ec9263e56ef0784da766e829cfe08569d1d88 master date: 2020-01-17 16:18:20 +0100 --- docs/misc/xen-command-line.pandoc | 10 ++++++++-- xen/arch/x86/setup.c | 18 ++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 519851c278..3561d88b59 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1854,19 +1854,25 @@ is 1MB. ### smap (x86) > `= <boolean> | hvm` -> Default: `true` +> Default: `true` unless running in pv-shim mode on AMD hardware Flag to enable Supervisor Mode Access Prevention Use `smap=hvm` to allow SMAP use by HVM guests only. +In PV shim mode on AMD hardware due to significant performance impact in some +cases and generally lower security risk the option defaults to false. + ### smep (x86) > `= <boolean> | hvm` -> Default: `true` +> Default: `true` unless running in pv-shim mode on AMD hardware Flag to enable Supervisor Mode Execution Protection Use `smep=hvm` to allow SMEP use by HVM guests only. +In PV shim mode on AMD hardware due to significant performance impact in some +cases and generally lower security risk the option defaults to false. + ### smt (x86) > `= <boolean>` diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 5ab53e3d85..ec6500b867 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -107,9 +107,9 @@ struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; unsigned long __read_mostly mmu_cr4_features = XEN_MINIMAL_CR4; -/* smep: Enable/disable Supervisor Mode Execution Protection (default on). */ -#define SMEP_HVM_ONLY (-1) -static s8 __initdata opt_smep = 1; +/* smep: Enable/disable Supervisor Mode Execution Protection */ +#define SMEP_HVM_ONLY (-2) +static s8 __initdata opt_smep = -1; /* * Initial domain place holder. Needs to be global so it can be created in @@ -144,9 +144,9 @@ static int __init parse_smep_param(const char *s) } custom_param("smep", parse_smep_param); -/* smap: Enable/disable Supervisor Mode Access Prevention (default on). */ -#define SMAP_HVM_ONLY (-1) -static s8 __initdata opt_smap = 1; +/* smap: Enable/disable Supervisor Mode Access Prevention */ +#define SMAP_HVM_ONLY (-2) +static s8 __initdata opt_smap = -1; static int __init parse_smap_param(const char *s) { @@ -1600,6 +1600,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) set_in_cr4(X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT); + /* Do not enable SMEP/SMAP in PV shim on AMD by default */ + if ( opt_smep == -1 ) + opt_smep = !pv_shim || boot_cpu_data.x86_vendor != X86_VENDOR_AMD; + if ( opt_smap == -1 ) + opt_smap = !pv_shim || boot_cpu_data.x86_vendor != X86_VENDOR_AMD; + if ( !opt_smep ) setup_clear_cpu_cap(X86_FEATURE_SMEP); if ( cpu_has_smep && opt_smep != SMEP_HVM_ONLY ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |