[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack

To: Julien Grall <julien.grall@xxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Fri, 25 May 2018 13:52:06 -0700 (PDT)
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, sstabellini@xxxxxxxxxx, andre.przywara@xxxxxxx
Delivery-date: Fri, 25 May 2018 20:52:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, 22 May 2018, Julien Grall wrote:
> A stack is allocated per vCPU to be used by Xen. The allocation is done
> with alloc_xenheap_pages that does not zero the memory returned. However
> the top of the stack is containing information that will be used to
> store the initial state of the vCPU (see struct cpu_info). Some of the
> fields may not be initialized and will lead to use/leak bits of previous
> memory in some cases on the first run of vCPU (AFAICT this only happen on
> vCPU0 for Dom0).
> 
> While this is not strictly necessary, this patch zero the full stack to
> avoid more leakage.

Well spotted! struct cpu_info is the only instance of these cases, I
suggest to zero only sizeof(struct cpu_info) to avoid having any impact
on the boot time.

After all, with this series we have the mitigation enabled all the time
in Xen for XSA-263. Or do you think there are other reasons to be
concerned?



> This is part of XSA-263.
>
> Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
> ---
>  xen/arch/arm/domain.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index ec0f042bf7..e7b33e92fb 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -540,6 +540,7 @@ void free_vcpu_struct(struct vcpu *v)
>  int vcpu_initialise(struct vcpu *v)
>  {
>      int rc = 0;
> +    unsigned int i;
>  
>      BUILD_BUG_ON( sizeof(struct cpu_info) > STACK_SIZE );
>  
> @@ -547,6 +548,9 @@ int vcpu_initialise(struct vcpu *v)
>      if ( v->arch.stack == NULL )
>          return -ENOMEM;
>  
> +    for ( i = 0; i < (1U << STACK_ORDER); i++ )
> +        clear_page(v->arch.stack + (PAGE_SIZE * i));
> +
>      v->arch.cpu_info = (struct cpu_info *)(v->arch.stack
>                                             + STACK_SIZE
>                                             - sizeof(struct cpu_info));
> -- 
> 2.11.0
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack
  - From: Julien Grall

References:
- [Xen-devel] [PATCH 00/13] xen/arm: SSBD (aka Spectre-v4) mitigation (XSA-263)
  - From: Julien Grall
- [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH 06/13] xen/arm: Add ARCH_WORKAROUND_2 support for guests
Next by Date: Re: [Xen-devel] [PATCH 08/13] xen/arm: alternatives: Add dynamic patching feature
Previous by thread: [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack
Next by thread: Re: [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.