[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/4] x86: suppress SMAP and SMEP while running 32-bit PV guest code

> -----Original Message-----
> From: Jan Beulich [mailto:jbeulich@xxxxxxxx]
> Sent: Wednesday, March 9, 2016 8:37 PM
> To: andrew.cooper3@xxxxxxxxxx; Wu, Feng <feng.wu@xxxxxxxxx>; xen-
> devel@xxxxxxxxxxxxxxxxxxxx
> Cc: keir@xxxxxxx
> Subject: Re: [PATCH 2/4] x86: suppress SMAP and SMEP while running 32-bit PV
> guest code
> >>>> Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 03/09/16 1:33 PM >>>
> >On 09/03/16 12:27, Wu, Feng wrote:
> >> Oh, thanks for the clarification! Do you know how "An NMI or #MC may
> occur
> >> between clearing CR4.SMEP and CR4.SMAP in compat_restore_all_guest and
> >> it actually returning to guest context, in which case the guest would run 
> >> with
> >> the two features enabled. " can happen? Especially how the guest can run
> >> with the two features enabled?
> >
> >NMIs and MCEs can occur at any point, even if interrupts are disabled.
> >
> >The bad situation is this sequence:
> >
> >* Xen is returning to the guest and disables CR4.SMEP/SMAP
> >* NMI occurs while still in Xen
> >* NMI exit path sees it is returning to Xen and re-enabled CR4.SMEP/SMAP
> Well, almost: Re-enabling happens on the NMI entry path. The NMI exit
> path would, seeing it's returning to Xen context, simply not disable them
> again.

Thinking about this again, in this case, when the NMI happens, we are in
Xen context (CPL in cs is 0), so the CPL of the saved cs in stack is 0,right?
why do we re-enable CR4.SMEP/SMAP in this case? I mean do we only
need to enable SMEP/SMAP when coming from 32bit pv guest (CPL of cs is 1) ?


> Jan
> >* Xen ends up returning to guest with CR4.SMEP/SMAP enabled.
> >
> >~Andrew

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.