lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CALCETrXGDvprLCB259Lhcx_iPO3fvNkbvEBnrSx0s86PAO-r6A@mail.gmail.com>
Date:	Tue, 15 Jul 2014 12:02:37 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Subject: Re: [RFC PATCH] x86_64,entry,xen: Do not invoke espfix64 on Xen

On Tue, Jul 15, 2014 at 12:00 PM, Boris Ostrovsky
<boris.ostrovsky@...cle.com> wrote:
> On 07/15/2014 01:22 PM, Andy Lutomirski wrote:
>>
>> On Tue, Jul 15, 2014 at 10:19 AM, Boris Ostrovsky
>> <boris.ostrovsky@...cle.com> wrote:
>>>
>>> On 07/15/2014 12:23 PM, Andy Lutomirski wrote:
>>>>
>>>>
>>>> diff --git a/arch/x86/kernel/paravirt_patch_64.c
>>>> b/arch/x86/kernel/paravirt_patch_64.c
>>>> index 3f08f34..a1da673 100644
>>>> --- a/arch/x86/kernel/paravirt_patch_64.c
>>>> +++ b/arch/x86/kernel/paravirt_patch_64.c
>>>> @@ -6,7 +6,6 @@ DEF_NATIVE(pv_irq_ops, irq_disable, "cli");
>>>>    DEF_NATIVE(pv_irq_ops, irq_enable, "sti");
>>>>    DEF_NATIVE(pv_irq_ops, restore_fl, "pushq %rdi; popfq");
>>>>    DEF_NATIVE(pv_irq_ops, save_fl, "pushfq; popq %rax");
>>>> -DEF_NATIVE(pv_cpu_ops, iret, "iretq");
>>>>    DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax");
>>>>    DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax");
>>>>    DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3");
>>>> @@ -50,7 +49,6 @@ unsigned native_patch(u8 type, u16 clobbers, void
>>>> *ibuf,
>>>>                  PATCH_SITE(pv_irq_ops, save_fl);
>>>>                  PATCH_SITE(pv_irq_ops, irq_enable);
>>>>                  PATCH_SITE(pv_irq_ops, irq_disable);
>>>> -               PATCH_SITE(pv_cpu_ops, iret);
>>>
>>>
>>>
>>> Does this mean that we are no longer patching IRET with a jump to a
>>> hypercall?
>>>
>> IIUC this means that, on native, we are no longer patching
>> INTERRUPT_RETURN with an "iretq" instruction, so INTERRUPT_RETURN will
>> remain a "jmp native_iret".  I'm not sure why this patch was there in
>> the first place.  On Xen, it should still get patched with the
>> hypercall (although someone should verify this).
>
>
> Right, I missed the fact that this is native_patch.
>
> I did some light testing and it appears to work. Are you targeting this for
> 3.16?
>

That's the idea -- this, or some other fix, is needed for 3.16.

--Andy

> One way or the other we need to disable espfix64 on PV --- I discovered that
> one of Peter's tests crashes the hypervisor.
>
>
> -boris



-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ