From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"kvm list" <kvm@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Mon, 13 Mar 2017 14:32:10 -0400 [thread overview]
Message-ID: <f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com> (raw)
In-Reply-To: <36579cc4-05e7-a448-767c-b9ad940362fc@oracle.com>
On 03/09/2017 06:17 PM, Boris Ostrovsky wrote:
> On 03/09/2017 05:31 PM, Thomas Garnier wrote:
>> On Thu, Mar 9, 2017 at 2:13 PM, Boris Ostrovsky
>> <boris.ostrovsky@oracle.com> wrote:
>>>>> I don't have any experience with Xen so it would be great if virtme can test it.
>>>> I am pretty sure I tested this series at some point but I'll test it again.
>>>>
>>>
>>> Fails 32-bit build:
>>>
>>>
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c: In function ‘segment_base’:
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: ‘host_gdt’
>>> undeclared (first use in this function)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: (Each undeclared
>>> identifier is reported only once
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: for each
>>> function it appears in.)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> ‘int’ in declaration of ‘type name’
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> ‘int’ in declaration of ‘type name’
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: initialization
>>> from incompatible pointer type
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: unused
>>> variable ‘gdt’
>>>
>>>
>>> -boris
>> It seems that I forgot to remove line 2054 on the rebase. My 32-bit
>> build comes clean but I assume it is not good enough compare to the
>> full version I build for 64-bit KVM testing.
>>
>> Remove just this line and it should build fine, I will fix this on the
>> next iteration.
>>
>> Thanks for testing,
>>
>
>
> So this, in fact, does break Xen in that the hypercall to set GDT fails.
>
> I will have lo look at this tomorrow but I definitely at least built
> with v3 of this series. And I don't see why I wouldn't have tested it
> once I built it.
There are a couple of problems for Xen PV guests that need to be addressed:
1. Xen's set_fixmap op needs non-default handling for
FIX_GDT_REMAP_BEGIN range
2. GDT remapping for PV guests needs to be RO for both 64 and 32-bit guests.
I don't know how you prefer to deal with (2), patch below is one
suggestion. With it all my boot tests (Xen and bare-metal) passed.
One problem with applying it directly is that kernel becomes
not-bisectable (Xen-wise) between patches 2 and 3 so perhaps you might
pull some of the changes from patch 3 to patch 2.
-boris
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index 9b7fda6..ec05f9c 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -39,6 +39,7 @@ extern struct desc_ptr idt_descr;
extern gate_desc idt_table[];
extern const struct desc_ptr debug_idt_descr;
extern gate_desc debug_idt_table[];
+extern pgprot_t pg_fixmap_gdt_flags;
struct gdt_page {
struct desc_struct gdt[GDT_ENTRIES];
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index bff2f8b..2682355 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -450,16 +450,16 @@ void load_percpu_segment(int cpu)
/* On 64-bit the GDT remapping is read-only */
#ifdef CONFIG_X86_64
-#define PAGE_FIXMAP_GDT PAGE_KERNEL_RO
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
#else
-#define PAGE_FIXMAP_GDT PAGE_KERNEL
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL;
#endif
/* Setup the fixmap mapping only once per-processor */
static inline void setup_fixmap_gdt(int cpu)
{
__set_fixmap(get_cpu_gdt_ro_index(cpu),
- __pa(get_cpu_gdt_rw(cpu)), PAGE_FIXMAP_GDT);
+ __pa(get_cpu_gdt_rw(cpu)), pg_fixmap_gdt_flags);
}
/* Load the original GDT from the per-cpu structure */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f46d47b..8871bcd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2051,7 +2051,7 @@ static bool update_transition_efer(struct vcpu_vmx
*vmx, int efer_offset)
*/
static unsigned long segment_base(u16 selector)
{
- struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
+ //struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
struct desc_struct *table;
unsigned long v;
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 4951fcf..2dc5f97 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1545,6 +1545,9 @@ asmlinkage __visible void __init
xen_start_kernel(void)
*/
xen_initial_gdt = &per_cpu(gdt_page, 0);
+ /* GDT can only be remapped RO. */
+ pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
+
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 37cb5aa..ebbfe00 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -2326,6 +2326,7 @@ static void xen_set_fixmap(unsigned idx,
phys_addr_t phys, pgprot_t prot)
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
+ case FIX_GDT_REMAP_BEGIN ... FIX_GDT_REMAP_END:
/* All local page mappings */
pte = pfn_pte(phys, prot);
break;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"kvm list" <kvm@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>,
"Prarit Bhargava" <prarit@redhat.com>,
"Andi Kleen" <ak@linux.intel.com>,
"Len Brown" <len.brown@intel.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joerg Roedel" <joro@8bytes.org>, "X86 ML" <x86@kernel.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Ingo Molnar" <mingo@redhat.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Borislav Petkov" <bp@suse.de>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Jiri Kosina" <jikos@kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"He Chen" <he.chen@linux.intel.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
lguest@lists.ozlabs.org, "Andy Lutomirski" <luto@kernel.org>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Lorenzo Stoakes" <lstoakes@gmail.com>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Peter Zijlstra" <peterz@infradead.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Mon, 13 Mar 2017 14:32:10 -0400 [thread overview]
Message-ID: <f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com> (raw)
In-Reply-To: <36579cc4-05e7-a448-767c-b9ad940362fc@oracle.com>
On 03/09/2017 06:17 PM, Boris Ostrovsky wrote:
> On 03/09/2017 05:31 PM, Thomas Garnier wrote:
>> On Thu, Mar 9, 2017 at 2:13 PM, Boris Ostrovsky
>> <boris.ostrovsky@oracle.com> wrote:
>>>>> I don't have any experience with Xen so it would be great if virtme can test it.
>>>> I am pretty sure I tested this series at some point but I'll test it again.
>>>>
>>>
>>> Fails 32-bit build:
>>>
>>>
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c: In function a??segment_basea??:
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: a??host_gdta??
>>> undeclared (first use in this function)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: (Each undeclared
>>> identifier is reported only once
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: for each
>>> function it appears in.)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> a??inta?? in declaration of a??type namea??
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> a??inta?? in declaration of a??type namea??
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: initialization
>>> from incompatible pointer type
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: unused
>>> variable a??gdta??
>>>
>>>
>>> -boris
>> It seems that I forgot to remove line 2054 on the rebase. My 32-bit
>> build comes clean but I assume it is not good enough compare to the
>> full version I build for 64-bit KVM testing.
>>
>> Remove just this line and it should build fine, I will fix this on the
>> next iteration.
>>
>> Thanks for testing,
>>
>
>
> So this, in fact, does break Xen in that the hypercall to set GDT fails.
>
> I will have lo look at this tomorrow but I definitely at least built
> with v3 of this series. And I don't see why I wouldn't have tested it
> once I built it.
There are a couple of problems for Xen PV guests that need to be addressed:
1. Xen's set_fixmap op needs non-default handling for
FIX_GDT_REMAP_BEGIN range
2. GDT remapping for PV guests needs to be RO for both 64 and 32-bit guests.
I don't know how you prefer to deal with (2), patch below is one
suggestion. With it all my boot tests (Xen and bare-metal) passed.
One problem with applying it directly is that kernel becomes
not-bisectable (Xen-wise) between patches 2 and 3 so perhaps you might
pull some of the changes from patch 3 to patch 2.
-boris
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index 9b7fda6..ec05f9c 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -39,6 +39,7 @@ extern struct desc_ptr idt_descr;
extern gate_desc idt_table[];
extern const struct desc_ptr debug_idt_descr;
extern gate_desc debug_idt_table[];
+extern pgprot_t pg_fixmap_gdt_flags;
struct gdt_page {
struct desc_struct gdt[GDT_ENTRIES];
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index bff2f8b..2682355 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -450,16 +450,16 @@ void load_percpu_segment(int cpu)
/* On 64-bit the GDT remapping is read-only */
#ifdef CONFIG_X86_64
-#define PAGE_FIXMAP_GDT PAGE_KERNEL_RO
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
#else
-#define PAGE_FIXMAP_GDT PAGE_KERNEL
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL;
#endif
/* Setup the fixmap mapping only once per-processor */
static inline void setup_fixmap_gdt(int cpu)
{
__set_fixmap(get_cpu_gdt_ro_index(cpu),
- __pa(get_cpu_gdt_rw(cpu)), PAGE_FIXMAP_GDT);
+ __pa(get_cpu_gdt_rw(cpu)), pg_fixmap_gdt_flags);
}
/* Load the original GDT from the per-cpu structure */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f46d47b..8871bcd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2051,7 +2051,7 @@ static bool update_transition_efer(struct vcpu_vmx
*vmx, int efer_offset)
*/
static unsigned long segment_base(u16 selector)
{
- struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
+ //struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
struct desc_struct *table;
unsigned long v;
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 4951fcf..2dc5f97 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1545,6 +1545,9 @@ asmlinkage __visible void __init
xen_start_kernel(void)
*/
xen_initial_gdt = &per_cpu(gdt_page, 0);
+ /* GDT can only be remapped RO. */
+ pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
+
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 37cb5aa..ebbfe00 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -2326,6 +2326,7 @@ static void xen_set_fixmap(unsigned idx,
phys_addr_t phys, pgprot_t prot)
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
+ case FIX_GDT_REMAP_BEGIN ... FIX_GDT_REMAP_END:
/* All local page mappings */
pte = pfn_pte(phys, prot);
break;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"kvm list" <kvm@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>,
"Prarit Bhargava" <prarit@redhat.com>,
"Andi Kleen" <ak@linux.intel.com>,
"Len Brown" <len.brown@intel.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joerg Roedel" <joro@8bytes.org>, "X86 ML" <x86@kernel.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Ingo Molnar" <mingo@redhat.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Borislav Petkov" <bp@suse.de>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Jiri Kosina" <jikos@kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"He Chen" <he.chen@linux.intel.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
lguest@lists.ozlabs.org, "Andy Lutomirski" <luto@kernel.org>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Lorenzo Stoakes" <lstoakes@gmail.com>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Peter Zijlstra" <peterz@infradead.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>
Subject: [kernel-hardening] Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Mon, 13 Mar 2017 14:32:10 -0400 [thread overview]
Message-ID: <f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com> (raw)
In-Reply-To: <36579cc4-05e7-a448-767c-b9ad940362fc@oracle.com>
On 03/09/2017 06:17 PM, Boris Ostrovsky wrote:
> On 03/09/2017 05:31 PM, Thomas Garnier wrote:
>> On Thu, Mar 9, 2017 at 2:13 PM, Boris Ostrovsky
>> <boris.ostrovsky@oracle.com> wrote:
>>>>> I don't have any experience with Xen so it would be great if virtme can test it.
>>>> I am pretty sure I tested this series at some point but I'll test it again.
>>>>
>>>
>>> Fails 32-bit build:
>>>
>>>
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c: In function ‘segment_base’:
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: ‘host_gdt’
>>> undeclared (first use in this function)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: (Each undeclared
>>> identifier is reported only once
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: for each
>>> function it appears in.)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> ‘int’ in declaration of ‘type name’
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> ‘int’ in declaration of ‘type name’
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: initialization
>>> from incompatible pointer type
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: unused
>>> variable ‘gdt’
>>>
>>>
>>> -boris
>> It seems that I forgot to remove line 2054 on the rebase. My 32-bit
>> build comes clean but I assume it is not good enough compare to the
>> full version I build for 64-bit KVM testing.
>>
>> Remove just this line and it should build fine, I will fix this on the
>> next iteration.
>>
>> Thanks for testing,
>>
>
>
> So this, in fact, does break Xen in that the hypercall to set GDT fails.
>
> I will have lo look at this tomorrow but I definitely at least built
> with v3 of this series. And I don't see why I wouldn't have tested it
> once I built it.
There are a couple of problems for Xen PV guests that need to be addressed:
1. Xen's set_fixmap op needs non-default handling for
FIX_GDT_REMAP_BEGIN range
2. GDT remapping for PV guests needs to be RO for both 64 and 32-bit guests.
I don't know how you prefer to deal with (2), patch below is one
suggestion. With it all my boot tests (Xen and bare-metal) passed.
One problem with applying it directly is that kernel becomes
not-bisectable (Xen-wise) between patches 2 and 3 so perhaps you might
pull some of the changes from patch 3 to patch 2.
-boris
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index 9b7fda6..ec05f9c 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -39,6 +39,7 @@ extern struct desc_ptr idt_descr;
extern gate_desc idt_table[];
extern const struct desc_ptr debug_idt_descr;
extern gate_desc debug_idt_table[];
+extern pgprot_t pg_fixmap_gdt_flags;
struct gdt_page {
struct desc_struct gdt[GDT_ENTRIES];
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index bff2f8b..2682355 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -450,16 +450,16 @@ void load_percpu_segment(int cpu)
/* On 64-bit the GDT remapping is read-only */
#ifdef CONFIG_X86_64
-#define PAGE_FIXMAP_GDT PAGE_KERNEL_RO
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
#else
-#define PAGE_FIXMAP_GDT PAGE_KERNEL
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL;
#endif
/* Setup the fixmap mapping only once per-processor */
static inline void setup_fixmap_gdt(int cpu)
{
__set_fixmap(get_cpu_gdt_ro_index(cpu),
- __pa(get_cpu_gdt_rw(cpu)), PAGE_FIXMAP_GDT);
+ __pa(get_cpu_gdt_rw(cpu)), pg_fixmap_gdt_flags);
}
/* Load the original GDT from the per-cpu structure */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f46d47b..8871bcd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2051,7 +2051,7 @@ static bool update_transition_efer(struct vcpu_vmx
*vmx, int efer_offset)
*/
static unsigned long segment_base(u16 selector)
{
- struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
+ //struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
struct desc_struct *table;
unsigned long v;
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 4951fcf..2dc5f97 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1545,6 +1545,9 @@ asmlinkage __visible void __init
xen_start_kernel(void)
*/
xen_initial_gdt = &per_cpu(gdt_page, 0);
+ /* GDT can only be remapped RO. */
+ pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
+
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 37cb5aa..ebbfe00 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -2326,6 +2326,7 @@ static void xen_set_fixmap(unsigned idx,
phys_addr_t phys, pgprot_t prot)
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
+ case FIX_GDT_REMAP_BEGIN ... FIX_GDT_REMAP_END:
/* All local page mappings */
pte = pfn_pte(phys, prot);
break;
next prev parent reply other threads:[~2017-03-13 18:32 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 22:03 [PATCH v5 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:43 ` Andrew Cooper
2017-03-09 21:43 ` [kernel-hardening] Re: [Xen-devel] " Andrew Cooper
2017-03-09 21:43 ` Andrew Cooper
2017-03-09 21:46 ` Andy Lutomirski
2017-03-09 21:46 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:46 ` Andy Lutomirski
2017-03-09 21:54 ` Thomas Garnier
2017-03-09 21:54 ` [Xen-devel] " Thomas Garnier
2017-03-09 21:54 ` [kernel-hardening] " Thomas Garnier
2017-03-09 21:54 ` Thomas Garnier
2017-03-09 21:56 ` Boris Ostrovsky
2017-03-09 21:56 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 21:56 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 21:56 ` Boris Ostrovsky
2017-03-09 22:13 ` Boris Ostrovsky
2017-03-09 22:13 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 22:13 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 22:13 ` Boris Ostrovsky
2017-03-09 22:31 ` Thomas Garnier
2017-03-09 22:31 ` [Xen-devel] " Thomas Garnier
2017-03-09 22:31 ` [kernel-hardening] " Thomas Garnier
2017-03-09 22:31 ` Thomas Garnier
2017-03-09 23:17 ` Boris Ostrovsky
2017-03-09 23:17 ` [Xen-devel] " Boris Ostrovsky
2017-03-09 23:17 ` [kernel-hardening] " Boris Ostrovsky
2017-03-09 23:17 ` Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky [this message]
2017-03-13 18:32 ` [kernel-hardening] Re: [Xen-devel] " Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky
2017-03-13 19:24 ` Thomas Garnier
2017-03-13 19:24 ` [kernel-hardening] " Thomas Garnier
2017-03-13 19:24 ` Thomas Garnier
2017-03-13 19:24 ` Thomas Garnier
2017-03-09 21:46 ` Andy Lutomirski
2017-03-06 22:03 ` [PATCH v5 3/3] x86: Make the GDT remapping read-only on 64-bit Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` [kernel-hardening] " Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-06 22:03 ` Thomas Garnier
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
2017-03-09 21:35 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=chris@chris-wilson.co.uk \
--cc=dave.hansen@intel.com \
--cc=fweisbec@gmail.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=matt@codeblueprint.co.uk \
--cc=mhocko@suse.com \
--cc=pavel@ucw.cz \
--cc=rkrcmar@redhat.com \
--cc=sgruszka@redhat.com \
--cc=thgarnie@google.com \
--cc=zijun_hu@htc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.