From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pavel Machek Subject: Re: [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit Date: Tue, 14 Mar 2017 22:04:24 +0100 Message-ID: <20170314210424.GA5023__7590.15683220259$1489525549$gmane$org@amd> References: <20170314170508.100882-1-thgarnie@google.com> <20170314170508.100882-3-thgarnie@google.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6830491996570968849==" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cntcO-0001fE-Eu for xen-devel@lists.xenproject.org; Tue, 14 Mar 2017 21:04:32 +0000 In-Reply-To: <20170314170508.100882-3-thgarnie@google.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Thomas Garnier Cc: Michal Hocko , Stanislaw Gruszka , linux-doc@vger.kernel.org, kvm@vger.kernel.org, Radim =?utf-8?B?S3LEjW3DocWZ?= , Matt Fleming , Frederic Weisbecker , Chris Wilson , linux-mm@kvack.org, Paul Gortmaker , linux-efi@vger.kernel.org, Alexander Potapenko , "H . Peter Anvin" , kernel-hardening@lists.openwall.com, Boris Ostrovsky , zijun_hu , lguest@lists.ozlabs.org, xen-devel@lists.xenproject.org, Jonathan Corbet , Joerg Roedel , x86@kernel.org, kasan-dev@googlegroups.com, Christian Borntraeger , Ingo Molnar , Andrey Ryabinin , Borislav List-Id: xen-devel@lists.xenproject.org --===============6830491996570968849== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue 2017-03-14 10:05:08, Thomas Garnier wrote: > This patch makes the GDT remapped pages read-only to prevent corruption. > This change is done only on 64-bit. >=20 > The native_load_tr_desc function was adapted to correctly handle a > read-only GDT. The LTR instruction always writes to the GDT TSS entry. > This generates a page fault if the GDT is read-only. This change checks > if the current GDT is a remap and swap GDTs as needed. This function was > tested by booting multiple machines and checking hibernation works > properly. >=20 > KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the > per-cpu variable was removed for functions to fetch the original GDT. > Instead of reloading the previous GDT, VMX will reload the fixmap GDT as > expected. For testing, VMs were started and restored on multiple > configurations. >=20 > Signed-off-by: Thomas Garnier Can we get the same change for 32-bit, too? Growing differences between 32 and 64 bit are a bit of a problem... Pavel =09 --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljIWtgACgkQMOfwapXb+vIlbQCgw3SF2oZqnpnzX74DsEZIUg8l i4AAn0LNA1S1APtp1QrB07wudB48v9VL =mc0C -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- --===============6830491996570968849== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v cmcveGVuLWRldmVsCg== --===============6830491996570968849==--