[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 1/3] x86/ldt: Make modify_ldt synchronous

To: Andy Lutomirski <luto@xxxxxxxxxx>
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Fri, 24 Jul 2015 08:37:10 +0200
Cc: "security@xxxxxxxxxx" <security@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Steven Rostedt <rostedt@xxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>, stable@xxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Sasha Levin <sasha.levin@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Delivery-date: Fri, 24 Jul 2015 06:37:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Jul 22, 2015 at 12:23:46PM -0700, Andy Lutomirski wrote:
> modify_ldt has questionable locking and does not synchronize
> threads.  Improve it: redesign the locking and synchronize all
> threads' LDTs using an IPI on all modifications.
> 
> This will dramatically slow down modify_ldt in multithreaded
> programs, but there shouldn't be any multithreaded programs that
> care about modify_ldt's performance in the first place.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>

...

> +struct ldt_struct {
> +     /*
> +      * Xen requires page-aligned LDTs with special permissions.  This is
> +      * needed to prevent us from installing evil descriptors such as
> +      * call gates.  On native, we could merge the ldt_struct and LDT
> +      * allocations, but it's not worth trying to optimize.

I don't think baremetal should care about xen and frankly, this is
getting ridiculous, slowly - baremetal has to wait with a potentially
critical security fix just because it breaks xen. Dammit, this level of
intrusiveness into x86 should've never been allowed.

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3 0/3] x86: modify_ldt improvement, test, and config option
  - From: Andy Lutomirski
- [Xen-devel] [PATCH v3 1/3] x86/ldt: Make modify_ldt synchronous
  - From: Andy Lutomirski

Prev by Date: [Xen-devel] Xen on ARM: How to run an Android on xen
Next by Date: Re: [Xen-devel] [PATCH v3 2/3] x86/ldt: Make modify_ldt optional
Previous by thread: Re: [Xen-devel] [PATCH v3 1/3] x86/ldt: Make modify_ldt synchronous
Next by thread: Re: [Xen-devel] [PATCH v3 1/3] x86/ldt: Make modify_ldt synchronous
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.