[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
From: "Wu, Feng" <feng.wu@xxxxxxxxx>
Date: Thu, 8 May 2014 02:02:09 +0000
Accept-language: en-US
Cc: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "ian.campbell@xxxxxxxxxx" <ian.campbell@xxxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 08 May 2014 02:02:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHPadkZqoA2JyKB906eBoUrnwpyMZs0eI+AgAADmwCAAWzl8P//fv2AgACGdrA=
Thread-topic: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP


> -----Original Message-----
> From: Andrew Cooper [mailto:amc96@xxxxxxxxxxxxxxxx] On Behalf Of
> Andrew Cooper
> Sent: Thursday, May 08, 2014 9:58 AM
> To: Wu, Feng; Jan Beulich
> Cc: ian.campbell@xxxxxxxxxx; Dong, Eddie; Nakajima, Jun; Tian, Kevin;
> xen-devel@xxxxxxxxxxxxx
> Subject: Re: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by
> SMAP
> 
> On 08/05/2014 02:41, Wu, Feng wrote:
> >
> >> -----Original Message-----
> >> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx]
> >> Sent: Wednesday, May 07, 2014 7:54 PM
> >> To: Jan Beulich
> >> Cc: Wu, Feng; ian.campbell@xxxxxxxxxx; Dong, Eddie; Nakajima, Jun; Tian,
> >> Kevin; xen-devel@xxxxxxxxxxxxx
> >> Subject: Re: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself 
> >> by
> >> SMAP
> >>
> >> On 07/05/14 12:40, Jan Beulich wrote:
> >>>>>> On 07.05.14 at 11:44, <andrew.cooper3@xxxxxxxxxx> wrote:
> >>>> On 07/05/14 09:19, Feng Wu wrote:
> >>>>> @@ -673,6 +675,7 @@ ENTRY(nmi_crash)
> >>>>>          ud2
> >>>>>
> >>>>>  ENTRY(machine_check)
> >>>>> +        ASM_CLAC
> >>>> This is not needed.  the start of handle_ist_exception has a SAVE_ALL,
> >>>> which also covers the nmi entry point.
> >>>>
> >>>> On the subject of IST exceptions, perhaps the double fault explicitly
> >>>> wants a STAC to reduce the likelihood of taking a further fault while
> >>>> trying to dump state. ?
> >>> I agree. And perhaps along with do_double_fault(), fatal_trap()
> >>> should then also get a stac() added?
> >>>
> >>> Jan
> >>>
> >> With doubt_fault: being sole caller of do_double_fault(), editing the
> >> entry point in entry.S to "ASM_STAC; SAVE_ALL 0" is sufficient to avoid
> >> stac() in do_doube_fault() itself.
> > I think it's better to add "ASM_STAC" just before " call  do_double_fault".
> > Do you think this is okay, Andrew? Thanks!
> 
> I am not fussed where exactly the STAC goes in the entry point, but
> don't leave a CLAC in the SAVE_ALL.

Sure, thanks for the suggestion! I will pass 0 to SAVE_ALL. 
My point is that ASM_STAC should be deferred as much as possible.

> 
> ~Andrew

Thanks,
Feng

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH v6 00/10] x86: Enable Supervisor Mode Access Prevention (SMAP)
  - From: Feng Wu
- [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Feng Wu
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Wu, Feng
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Next by Date: Re: [Xen-devel] [PATCH v6 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
Previous by thread: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Next by thread: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.