|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v8 2/7] x86: Clear AC bit in RFLAGS to protect Xen itself by SMAP
On 09/05/14 06:34, Feng Wu wrote:
> Clear AC bit in RFLAGS at the beginning of exception, interrupt, hypercall,
> so Xen itself can be protected by SMAP mechanism. This patch also sets AC
> bit at the beginning of double_fault and fatal_trap() to reduce the likelihood
> of taking a further fault while trying to dump state.
>
> Signed-off-by: Feng Wu <feng.wu@xxxxxxxxx>
Much nicer with MSR_SYSCALL_MASK!
> ---
> xen/arch/x86/acpi/suspend.c | 5 +----
> xen/arch/x86/boot/x86_64.S | 2 +-
> xen/arch/x86/traps.c | 3 +++
> xen/arch/x86/x86_64/compat/entry.S | 1 +
> xen/arch/x86/x86_64/entry.S | 13 ++++++++-----
> xen/arch/x86/x86_64/traps.c | 5 +----
> xen/include/asm-x86/asm_defns.h | 7 ++++++-
> xen/include/asm-x86/processor.h | 4 ++++
> 8 files changed, 25 insertions(+), 15 deletions(-)
>
> diff --git a/xen/arch/x86/acpi/suspend.c b/xen/arch/x86/acpi/suspend.c
> index a373e9a..1d8344c 100644
> --- a/xen/arch/x86/acpi/suspend.c
> +++ b/xen/arch/x86/acpi/suspend.c
> @@ -56,10 +56,7 @@ void restore_rest_processor_state(void)
> wrmsrl(MSR_LSTAR, saved_lstar);
> wrmsrl(MSR_CSTAR, saved_cstar);
> wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS);
> - wrmsr(MSR_SYSCALL_MASK,
> - X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT|
> - X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_TF,
> - 0U);
> + wrmsr(MSR_SYSCALL_MASK, XEN_SYSCALL_MASK, 0U);
>
> wrfsbase(saved_fs_base);
> wrgsbase(saved_gs_base);
> diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S
> index 22645d6..67dfef9 100644
> --- a/xen/arch/x86/boot/x86_64.S
> +++ b/xen/arch/x86/boot/x86_64.S
> @@ -60,7 +60,7 @@ start_bsp:
>
> /* This is the default interrupt handler. */
> ignore_int:
> - SAVE_ALL
> + SAVE_ALL CLAC
> movq %cr2,%rsi
> leaq int_msg(%rip),%rdi
> xorl %eax,%eax
> diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
> index 5d27581..ac68a85 100644
> --- a/xen/arch/x86/traps.c
> +++ b/xen/arch/x86/traps.c
> @@ -401,6 +401,9 @@ void fatal_trap(int trapnr, struct cpu_user_regs *regs)
> {
> static DEFINE_PER_CPU(char, depth);
>
> + /* Set AC to reduce chance of further SMAP faults */
> + stac();
> +
> /*
> * In some cases, we can end up in a vicious cycle of fatal_trap()s
> * within fatal_trap()s. We give the problem a couple of iterations to
> diff --git a/xen/arch/x86/x86_64/compat/entry.S
> b/xen/arch/x86/x86_64/compat/entry.S
> index 32b3bcc..ac594c9 100644
> --- a/xen/arch/x86/x86_64/compat/entry.S
> +++ b/xen/arch/x86/x86_64/compat/entry.S
> @@ -13,6 +13,7 @@
> #include <irq_vectors.h>
>
> ENTRY(compat_hypercall)
> + ASM_CLAC
> pushq $0
> SAVE_VOLATILE type=TRAP_syscall compat=1
>
> diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
> index 1c81852..50b1058 100644
> --- a/xen/arch/x86/x86_64/entry.S
> +++ b/xen/arch/x86/x86_64/entry.S
> @@ -273,6 +273,7 @@ ENTRY(sysenter_entry)
> pushq $0
> pushfq
> GLOBAL(sysenter_eflags_saved)
> + ASM_CLAC
> pushq $3 /* ring 3 null cs */
> pushq $0 /* null rip */
> pushq $0
> @@ -309,6 +310,7 @@ UNLIKELY_END(sysenter_gpf)
> jmp .Lbounce_exception
>
> ENTRY(int80_direct_trap)
> + ASM_CLAC
> pushq $0
> SAVE_VOLATILE 0x80
>
> @@ -466,7 +468,7 @@ ENTRY(dom_crash_sync_extable)
> jmp asm_domain_crash_synchronous /* Does not return */
>
> ENTRY(common_interrupt)
> - SAVE_ALL
> + SAVE_ALL CLAC
> movq %rsp,%rdi
> callq do_IRQ
> jmp ret_from_intr
> @@ -485,7 +487,7 @@ ENTRY(page_fault)
> movl $TRAP_page_fault,4(%rsp)
> /* No special register assumptions. */
> GLOBAL(handle_exception)
> - SAVE_ALL
> + SAVE_ALL CLAC
> handle_exception_saved:
> testb $X86_EFLAGS_IF>>8,UREGS_eflags+1(%rsp)
> jz exception_with_ints_disabled
> @@ -614,7 +616,8 @@ ENTRY(spurious_interrupt_bug)
>
> ENTRY(double_fault)
> movl $TRAP_double_fault,4(%rsp)
> - SAVE_ALL
> + /* Set AC to reduce chance of further SMAP faults */
> + SAVE_ALL STAC
> movq %rsp,%rdi
> call do_double_fault
> ud2
> @@ -631,7 +634,7 @@ ENTRY(nmi)
> pushq $0
> movl $TRAP_nmi,4(%rsp)
> handle_ist_exception:
> - SAVE_ALL
> + SAVE_ALL CLAC
> testb $3,UREGS_cs(%rsp)
> jz 1f
> /* Interrupted guest context. Copy the context to stack bottom. */
> @@ -667,7 +670,7 @@ handle_ist_exception:
> ENTRY(nmi_crash)
> pushq $0
> movl $TRAP_nmi,4(%rsp)
> - SAVE_ALL
> + SAVE_ALL CLAC
This is also a terminal error path. STAC instead please.
~Andrew
> movq %rsp,%rdi
> callq do_nmi_crash /* Does not return */
> ud2
> diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c
> index 90072c1..3a48478 100644
> --- a/xen/arch/x86/x86_64/traps.c
> +++ b/xen/arch/x86/x86_64/traps.c
> @@ -436,10 +436,7 @@ void __devinit subarch_percpu_traps_init(void)
>
> /* Common SYSCALL parameters. */
> wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS);
> - wrmsr(MSR_SYSCALL_MASK,
> - X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT|
> - X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_TF,
> - 0U);
> + wrmsr(MSR_SYSCALL_MASK, XEN_SYSCALL_MASK, 0U);
> }
>
> void init_int80_direct_trap(struct vcpu *v)
> diff --git a/xen/include/asm-x86/asm_defns.h b/xen/include/asm-x86/asm_defns.h
> index b75905a..db5d8f6 100644
> --- a/xen/include/asm-x86/asm_defns.h
> +++ b/xen/include/asm-x86/asm_defns.h
> @@ -190,7 +190,12 @@ static inline void stac(void)
> #endif
>
> #ifdef __ASSEMBLY__
> -.macro SAVE_ALL
> +.macro SAVE_ALL op=0
> +.if \op == CLAC
> + ASM_CLAC
> +.elseif \op == STAC
> + ASM_STAC
> +.endif
> addq $-(UREGS_error_code-UREGS_r15), %rsp
> cld
> movq %rdi,UREGS_rdi(%rsp)
> diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h
> index 604f5b3..35b2433 100644
> --- a/xen/include/asm-x86/processor.h
> +++ b/xen/include/asm-x86/processor.h
> @@ -141,6 +141,10 @@
> #define PFEC_page_paged (1U<<5)
> #define PFEC_page_shared (1U<<6)
>
> +#define XEN_SYSCALL_MASK (X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF| \
> + X86_EFLAGS_NT|X86_EFLAGS_DF|X86_EFLAGS_IF| \
> + X86_EFLAGS_TF)
> +
> #ifndef __ASSEMBLY__
>
> struct domain;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |