[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v5 3/3] x86: Make the GDT remapping read-only on 64-bit
- To: Thomas Garnier <thgarnie@xxxxxxxxxx>
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
- Date: Thu, 9 Mar 2017 13:35:13 -0800
- Cc: Michal Hocko <mhocko@xxxxxxxx>, Stanislaw Gruszka <sgruszka@xxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, kvm list <kvm@xxxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, "linux-efi@xxxxxxxxxxxxxxx" <linux-efi@xxxxxxxxxxxxxxx>, Alexander Potapenko <glider@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, "kernel-hardening@xxxxxxxxxxxxxxxxxx" <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, zijun_hu <zijun_hu@xxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Michael Ellerman <mpe@xxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, Prarit Bhargava <prarit@xxxxxxxxxx>, kasan-dev <kasan-dev@xxxxxxxxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Rusty Russell <rusty@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, He Chen <he.chen@xxxxxxxxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>, lguest@xxxxxxxxxxxxxxxx, Andy Lutomirski <luto@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Lorenzo Stoakes <lstoakes@xxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, "linux-pm@xxxxxxxxxxxxxxx" <linux-pm@xxxxxxxxxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
- Delivery-date: Thu, 09 Mar 2017 21:35:41 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@xxxxxxxxxx> wrote:
> This patch makes the GDT remapped pages read-only to prevent corruption.
> This change is done only on 64-bit.
>
> The native_load_tr_desc function was adapted to correctly handle a
> read-only GDT. The LTR instruction always writes to the GDT TSS entry.
> This generates a page fault if the GDT is read-only. This change checks
> if the current GDT is a remap and swap GDTs as needed. This function was
> tested by booting multiple machines and checking hibernation works
> properly.
>
> KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the
> per-cpu variable was removed for functions to fetch the original GDT.
> Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
> expected. For testing, VMs were started and restored on multiple
> configurations.
I like this patch.
> +
> +/*
> + * The LTR instruction marks the TSS GDT entry as busy. On 64-bit, the GDT is
> + * a read-only remapping. To prevent a page fault, the GDT is switched to the
> + * original writeable version when needed.
> + */
> +#ifdef CONFIG_X86_64
> static inline void native_load_tr_desc(void)
> {
> + struct desc_ptr gdt;
> + int cpu = raw_smp_processor_id();
> + bool restore = 0;
> + struct desc_struct *fixmap_gdt;
> +
> + native_store_gdt(&gdt);
This part will slow this function down considerably, but with the
recent KVM improvements, I think that there are no callers left that
care about performance, so this should be fine.
--Andy
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
