[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit
- To: Pavel Machek <pavel@xxxxxx>
- From: Thomas Garnier <thgarnie@xxxxxxxxxx>
- Date: Tue, 14 Mar 2017 14:20:19 -0700
- Cc: Michal Hocko <mhocko@xxxxxxxx>, Stanislaw Gruszka <sgruszka@xxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, kvm list <kvm@xxxxxxxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, linux-efi@xxxxxxxxxxxxxxx, Alexander Potapenko <glider@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Kernel Hardening <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, zijun_hu <zijun_hu@xxxxxxx>, lguest@xxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Jonathan Corbet <corbet@xxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, kasan-dev <kasan-dev@xxxxxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Rusty Russell <rusty@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Linux PM list <linux-pm@xxxxxxxxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Lorenzo Stoakes <lstoakes@xxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
- Delivery-date: Tue, 14 Mar 2017 21:20:33 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Tue, Mar 14, 2017 at 2:04 PM, Pavel Machek <pavel@xxxxxx> wrote:
> On Tue 2017-03-14 10:05:08, Thomas Garnier wrote:
>> This patch makes the GDT remapped pages read-only to prevent corruption.
>> This change is done only on 64-bit.
>>
>> The native_load_tr_desc function was adapted to correctly handle a
>> read-only GDT. The LTR instruction always writes to the GDT TSS entry.
>> This generates a page fault if the GDT is read-only. This change checks
>> if the current GDT is a remap and swap GDTs as needed. This function was
>> tested by booting multiple machines and checking hibernation works
>> properly.
>>
>> KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the
>> per-cpu variable was removed for functions to fetch the original GDT.
>> Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
>> expected. For testing, VMs were started and restored on multiple
>> configurations.
>>
>> Signed-off-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
>
> Can we get the same change for 32-bit, too? Growing differences
> between 32 and 64 bit are a bit of a problem...
> Pavel
It was discussed on previous versions that 32-bit read-only support
would create issues that why it was favor for 64-bit only right now.
>
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures)
> http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
Thomas
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
