Re: [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit

From: Thomas Garnier <thgarnie@google.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: "Michal Hocko" <mhocko@suse.com>,
	"Stanislaw Gruszka" <sgruszka@redhat.com>,
	linux-doc@vger.kernel.org, "kvm list" <kvm@vger.kernel.org>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	"Matt Fleming" <matt@codeblueprint.co.uk>,
	"Frederic Weisbecker" <fweisbec@gmail.com>,
	"Chris Wilson" <chris@chris-wilson.co.uk>,
	Linux-MM <linux-mm@kvack.org>,
	"Paul Gortmaker" <paul.gortmaker@windriver.com>,
	linux-efi@vger.kernel.org,
	"Alexander Potapenko" <glider@google.com>,
	"H . Peter Anvin" <hpa@zytor.com>,
	"Kernel Hardening" <kernel-hardening@lists.openwall.com>,
	"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
	zijun_hu <zijun_hu@htc.com>,
	lguest@lists.ozlabs.org, xen-devel@lists.xenproject.org,
	"Jonathan Corbet" <corbet@lwn.net>,
	"Joerg Roedel" <joro@8bytes.org>,
	"the arch/x86 maintainers" <x86@kernel.org>,
	kasan-dev <kasan-dev@googlegroups.com>,
	"Christian Borntraeger" <borntraeger@de.ibm.com>
Subject: Re: [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit
Date: Tue, 14 Mar 2017 14:20:19 -0700	[thread overview]
Message-ID: <CAJcbSZG7ds+q76dHtzOkYtMkkTXWwG3e7MAxKJi0=SmdmqA6tA__40921.9878762544$1489526495$gmane$org@mail.gmail.com> (raw)
In-Reply-To: <20170314210424.GA5023@amd>

On Tue, Mar 14, 2017 at 2:04 PM, Pavel Machek <pavel@ucw.cz> wrote:
> On Tue 2017-03-14 10:05:08, Thomas Garnier wrote:
>> This patch makes the GDT remapped pages read-only to prevent corruption.
>> This change is done only on 64-bit.
>>
>> The native_load_tr_desc function was adapted to correctly handle a
>> read-only GDT. The LTR instruction always writes to the GDT TSS entry.
>> This generates a page fault if the GDT is read-only. This change checks
>> if the current GDT is a remap and swap GDTs as needed. This function was
>> tested by booting multiple machines and checking hibernation works
>> properly.
>>
>> KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the
>> per-cpu variable was removed for functions to fetch the original GDT.
>> Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
>> expected. For testing, VMs were started and restored on multiple
>> configurations.
>>
>> Signed-off-by: Thomas Garnier <thgarnie@google.com>
>
> Can we get the same change for 32-bit, too? Growing differences
> between 32 and 64 bit are a bit of a problem...
>                                                                 Pavel

It was discussed on previous versions that 32-bit read-only support
would create issues that why it was favor for 64-bit only right now.

>
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

-- 
Thomas

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel