[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC PATCH] x86/pagewalk: Honor SMAP_CHECK_DISABLED

On 08/05/18 12:38, Jason Andryuk wrote:
> On Mon, May 7, 2018 at 4:05 PM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 
> wrote:
>> On 07/05/2018 20:57, Jason Andryuk wrote:
>>> commit 4c5d78a10dc89427140a50a1df5a0b8e9f073e82 (x86/pagewalk:
>>> Re-implement the pagetable walker) removed honoring the
>>> smap_check_policy of the running VCPU.  guest_walk_tables is used by
>>> copy_{to,from}_guest for HVMs, so it is called when the hypervisor is
>>> copying data and SMAP is inappropriate to enforce.
>>> The out-of-tree v4v hypercall copies a domain's source buffer into a
>>> different domain's destination ring.  For an HVM, the kernel makes the
>>> hypercall from ring 0, so the userspace buffer access looks like a SMAP
>>> violation.  In Xen 4.6, v4v could set SMAP_CHECK_DISABLED to avoid this
>>> SMAP failure, but that no longer works since the re-write.
>>> Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
>> I'm sorry, but no.  It is never appropriate to ignore the guest paging
>> settings.  The correct fix here is in the kernel, to surround the v4v
>> hypercall handler with stac/clac to whitelist userspace accesses.  See
>> the implementation of the privcmd hypercall which already does this.
> Oh, I didn't realize stac/clac are already used with a hypercall.
> Thanks for the pointer.
>> If I could go back in time and nack the introduction of
>> smap_check_policy, I would.  As it stands, I'm (slowly) removing its
>> use, and will eventually delete it.
> I think you are close.  It seems to me smap_check_policy is set but not used.

So it is!  Patch incomming.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.