From: Thomas Garnier <thgarnie@google.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"kvm list" <kvm@vger.kernel.org>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"X86 ML" <x86@kernel.org>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Thu, 9 Mar 2017 13:54:16 -0800 [thread overview]
Message-ID: <CAJcbSZExVWA0jvAoxLLc+58Ag9cHchifrHP=fFfzU_onHo2PyA@mail.gmail.com> (raw)
In-Reply-To: <CALCETrWv-u7OdjWDY+5eF7p-ngPun-yYf0QegMzYc6MGVQd-4w@mail.gmail.com>
On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>> On 09/03/2017 21:32, Andy Lutomirski wrote:
>>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@google.com> wrote:
>>>
>>>> --- a/arch/x86/xen/enlighten.c
>>>> +++ b/arch/x86/xen/enlighten.c
>>>> @@ -710,7 +710,7 @@ static void load_TLS_descriptor(struct thread_struct *t,
>>>>
>>>> *shadow = t->tls_array[i];
>>>>
>>>> - gdt = get_cpu_gdt_table(cpu);
>>>> + gdt = get_cpu_gdt_rw(cpu);
>>>> maddr = arbitrary_virt_to_machine(&gdt[GDT_ENTRY_TLS_MIN+i]);
>>>> mc = __xen_mc_entry(0);
>>> Boris, is this right? I don't see why it wouldn't be, but Xen is special.
>>
>> Under Xen PV, the GDT is already read-only at this point. (It is not
>> safe to let the guest have writeable access to system tables, so the
>> guest must relinquish write access to the frames wishing to be used as
>> LDTs or GDTs.)
>>
>> The hypercall acts on the frame, not a virtual address, so either alias
>> should be fine here.
>>
>> Under this new scheme, there will be two read-only aliases. I guess
>> this is easier to maintain the split consistently across Linux, than to
>> special case Xen PV because it doesn't need the second alias.
>>
>
> I think we would gain nothing at all by special-casing Xen PV -- Linux
> allocates the fixmap vaddrs at compile time, so we'd still allocate
> them even if we rejigger all the helpers to avoid using them.
>
I don't have any experience with Xen so it would be great if virtme can test it.
I can remove the unused functions, I just thought they were useful
shortcuts given some of them are already used.
> --Andy
--
Thomas
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"kvm list" <kvm@vger.kernel.org>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"X86 ML" <x86@kernel.org>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Andi Kleen" <ak@linux.intel.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joerg Roedel" <joro@8bytes.org>,
"Prarit Bhargava" <prarit@redhat.com>,
kasan-dev <kasan-dev@googlegroups.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Borislav Petkov" <bp@suse.de>, "Len Brown" <len.brown@intel.com>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"He Chen" <he.chen@linux.intel.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Jiri Kosina" <jikos@kernel.org>,
lguest@lists.ozlabs.org, "Andy Lutomirski" <luto@kernel.org>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Lorenzo Stoakes" <lstoakes@gmail.com>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
"David Vrabel" <david.vrabel@citrix.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Thu, 9 Mar 2017 13:54:16 -0800 [thread overview]
Message-ID: <CAJcbSZExVWA0jvAoxLLc+58Ag9cHchifrHP=fFfzU_onHo2PyA@mail.gmail.com> (raw)
In-Reply-To: <CALCETrWv-u7OdjWDY+5eF7p-ngPun-yYf0QegMzYc6MGVQd-4w@mail.gmail.com>
On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>> On 09/03/2017 21:32, Andy Lutomirski wrote:
>>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@google.com> wrote:
>>>
>>>> --- a/arch/x86/xen/enlighten.c
>>>> +++ b/arch/x86/xen/enlighten.c
>>>> @@ -710,7 +710,7 @@ static void load_TLS_descriptor(struct thread_struct *t,
>>>>
>>>> *shadow = t->tls_array[i];
>>>>
>>>> - gdt = get_cpu_gdt_table(cpu);
>>>> + gdt = get_cpu_gdt_rw(cpu);
>>>> maddr = arbitrary_virt_to_machine(&gdt[GDT_ENTRY_TLS_MIN+i]);
>>>> mc = __xen_mc_entry(0);
>>> Boris, is this right? I don't see why it wouldn't be, but Xen is special.
>>
>> Under Xen PV, the GDT is already read-only at this point. (It is not
>> safe to let the guest have writeable access to system tables, so the
>> guest must relinquish write access to the frames wishing to be used as
>> LDTs or GDTs.)
>>
>> The hypercall acts on the frame, not a virtual address, so either alias
>> should be fine here.
>>
>> Under this new scheme, there will be two read-only aliases. I guess
>> this is easier to maintain the split consistently across Linux, than to
>> special case Xen PV because it doesn't need the second alias.
>>
>
> I think we would gain nothing at all by special-casing Xen PV -- Linux
> allocates the fixmap vaddrs at compile time, so we'd still allocate
> them even if we rejigger all the helpers to avoid using them.
>
I don't have any experience with Xen so it would be great if virtme can test it.
I can remove the unused functions, I just thought they were useful
shortcuts given some of them are already used.
> --Andy
--
Thomas
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"kvm list" <kvm@vger.kernel.org>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"X86 ML" <x86@kernel.org>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Andi Kleen" <ak@linux.intel.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joerg Roedel" <joro@8bytes.org>,
"Prarit Bhargava" <prarit@redhat.com>,
kasan-dev <kasan-dev@googlegroups.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Borislav Petkov" <bp@suse.de>, "Len Brown" <len.brown@intel.com>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"He Chen" <he.chen@linux.intel.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Jiri Kosina" <jikos@kernel.org>,
lguest@lists.ozlabs.org, "Andy Lutomirski" <luto@kernel.org>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Lorenzo Stoakes" <lstoakes@gmail.com>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
"David Vrabel" <david.vrabel@citrix.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>
Subject: [kernel-hardening] Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Thu, 9 Mar 2017 13:54:16 -0800 [thread overview]
Message-ID: <CAJcbSZExVWA0jvAoxLLc+58Ag9cHchifrHP=fFfzU_onHo2PyA@mail.gmail.com> (raw)
In-Reply-To: <CALCETrWv-u7OdjWDY+5eF7p-ngPun-yYf0QegMzYc6MGVQd-4w@mail.gmail.com>
On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>> On 09/03/2017 21:32, Andy Lutomirski wrote:
>>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@google.com> wrote:
>>>
>>>> --- a/arch/x86/xen/enlighten.c
>>>> +++ b/arch/x86/xen/enlighten.c
>>>> @@ -710,7 +710,7 @@ static void load_TLS_descriptor(struct thread_struct *t,
>>>>
>>>> *shadow = t->tls_array[i];
>>>>
>>>> - gdt = get_cpu_gdt_table(cpu);
>>>> + gdt = get_cpu_gdt_rw(cpu);
>>>> maddr = arbitrary_virt_to_machine(&gdt[GDT_ENTRY_TLS_MIN+i]);
>>>> mc = __xen_mc_entry(0);
>>> Boris, is this right? I don't see why it wouldn't be, but Xen is special.
>>
>> Under Xen PV, the GDT is already read-only at this point. (It is not
>> safe to let the guest have writeable access to system tables, so the
>> guest must relinquish write access to the frames wishing to be used as
>> LDTs or GDTs.)
>>
>> The hypercall acts on the frame, not a virtual address, so either alias
>> should be fine here.
>>
>> Under this new scheme, there will be two read-only aliases. I guess
>> this is easier to maintain the split consistently across Linux, than to
>> special case Xen PV because it doesn't need the second alias.
>>
>
> I think we would gain nothing at all by special-casing Xen PV -- Linux
> allocates the fixmap vaddrs at compile time, so we'd still allocate
> them even if we rejigger all the helpers to avoid using them.
>
I don't have any experience with Xen so it would be great if virtme can test it.
I can remove the unused functions, I just thought they were useful
shortcuts given some of them are already used.
> --Andy
--
Thomas
next prev parent reply other threads:[~2017-03-09 21:54 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 22:03 [PATCH v5 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:43 ` Andrew Cooper
2017-03-09 21:43 ` [kernel-hardening] Re: [Xen-devel] " Andrew Cooper
2017-03-09 21:43 ` Andrew Cooper
2017-03-09 21:46 ` Andy Lutomirski
2017-03-09 21:46 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:46 ` Andy Lutomirski
2017-03-09 21:54 ` Thomas Garnier
2017-03-09 21:54 ` Thomas Garnier [this message]
2017-03-09 21:54 ` [kernel-hardening] Re: [Xen-devel] " Thomas Garnier
2017-03-09 21:54 ` Thomas Garnier
2017-03-09 21:56 ` Boris Ostrovsky
2017-03-09 21:56 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 21:56 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 21:56 ` Boris Ostrovsky
2017-03-09 22:13 ` Boris Ostrovsky
2017-03-09 22:13 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 22:13 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 22:13 ` Boris Ostrovsky
2017-03-09 22:31 ` Thomas Garnier
2017-03-09 22:31 ` [Xen-devel] " Thomas Garnier
2017-03-09 22:31 ` [kernel-hardening] " Thomas Garnier
2017-03-09 22:31 ` Thomas Garnier
2017-03-09 23:17 ` Boris Ostrovsky
2017-03-09 23:17 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 23:17 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 23:17 ` Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky
2017-03-13 18:32 ` [Xen-devel] " Boris Ostrovsky
2017-03-13 18:32 ` [kernel-hardening] " Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky
2017-03-13 19:24 ` Thomas Garnier
2017-03-13 19:24 ` [kernel-hardening] " Thomas Garnier
2017-03-13 19:24 ` Thomas Garnier
2017-03-13 19:24 ` Thomas Garnier
2017-03-09 21:46 ` Andy Lutomirski
2017-03-06 22:03 ` [PATCH v5 3/3] x86: Make the GDT remapping read-only on 64-bit Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJcbSZExVWA0jvAoxLLc+58Ag9cHchifrHP=fFfzU_onHo2PyA@mail.gmail.com' \
--to=thgarnie@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=chris@chris-wilson.co.uk \
--cc=fenghua.yu@intel.com \
--cc=fweisbec@gmail.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=matt@codeblueprint.co.uk \
--cc=mhocko@suse.com \
--cc=paul.gortmaker@windriver.com \
--cc=pavel@ucw.cz \
--cc=rkrcmar@redhat.com \
--cc=sgruszka@redhat.com \
--cc=x86@kernel.org \
--cc=zijun_hu@htc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.