Re: [tip:x86/urgent] x86/iopl/64: Properly context-switch IOPL on Xen PV

[Borislav Petkov <bp@alien8.de>]

On Thu, Mar 17, 2016 at 02:19:12AM -0700, tip-bot for Andy Lutomirski wrote:
> Commit-ID:  b7a584598aea7ca73140cb87b40319944dd3393f
> Gitweb:     http://git.kernel.org/tip/b7a584598aea7ca73140cb87b40319944dd3393f
> Author:     Andy Lutomirski <luto@kernel.org>
> AuthorDate: Wed, 16 Mar 2016 14:14:21 -0700
> Committer:  Ingo Molnar <mingo@kernel.org>
> CommitDate: Thu, 17 Mar 2016 09:49:26 +0100
> 
> x86/iopl/64: Properly context-switch IOPL on Xen PV
> 
> On Xen PV, regs->flags doesn't reliably reflect IOPL and the
> exit-to-userspace code doesn't change IOPL.  We need to context
> switch it manually.
> 
> I'm doing this without going through paravirt because this is
> specific to Xen PV.  After the dust settles, we can merge this with
> the 32-bit code, tidy up the iopl syscall implementation, and remove
> the set_iopl pvop entirely.
> 
> Fixes XSA-171.
> 
> Reviewewd-by: Jan Beulich <JBeulich@suse.com>
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Andy Lutomirski <luto@amacapital.net>
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: David Vrabel <david.vrabel@citrix.com>
> Cc: Denys Vlasenko <dvlasenk@redhat.com>
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: Jan Beulich <JBeulich@suse.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: stable@vger.kernel.org
> Link: http://lkml.kernel.org/r/693c3bd7aeb4d3c27c92c622b7d0f554a458173c.1458162709.git.luto@kernel.org
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> ---
>  arch/x86/include/asm/xen/hypervisor.h |  2 ++
>  arch/x86/kernel/process_64.c          | 12 ++++++++++++
>  arch/x86/xen/enlighten.c              |  2 +-
>  3 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h
> index 8b2d4be..39171b3 100644
> --- a/arch/x86/include/asm/xen/hypervisor.h
> +++ b/arch/x86/include/asm/xen/hypervisor.h
> @@ -62,4 +62,6 @@ void xen_arch_register_cpu(int num);
>  void xen_arch_unregister_cpu(int num);
>  #endif
>  
> +extern void xen_set_iopl_mask(unsigned mask);
> +
>  #endif /* _ASM_X86_XEN_HYPERVISOR_H */
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index b9d99e0..9f75187 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -48,6 +48,7 @@
>  #include <asm/syscalls.h>
>  #include <asm/debugreg.h>
>  #include <asm/switch_to.h>
> +#include <asm/xen/hypervisor.h>
>  
>  asmlinkage extern void ret_from_fork(void);
>  
> @@ -411,6 +412,17 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
>  		     task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV))
>  		__switch_to_xtra(prev_p, next_p, tss);
>  
> +#ifdef CONFIG_XEN
> +	/*
> +	 * On Xen PV, IOPL bits in pt_regs->flags have no effect, and
> +	 * current_pt_regs()->flags may not match the current task's
> +	 * intended IOPL.  We need to switch it manually.
> +	 */
> +	if (unlikely(static_cpu_has(X86_FEATURE_XENPV) &&
> +		     prev->iopl != next->iopl))
> +		xen_set_iopl_mask(next->iopl);
> +#endif

I'm wondering if it would've been cleaner if this was a
arch_fixup_iopl_mask() defined in arch/x86/xen/enlighten.c and a stub
otherwise.

This would save you the ifdeffery and the export of
xen_set_iopl_mask()...

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.