lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.20.1708261458370.2093@nanos>
Date:   Sat, 26 Aug 2017 15:05:48 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Juergen Gross <jgross@...e.com>
cc:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>, Peter Anvin <hpa@...or.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        Borislav Petkov <bp@...en8.de>,
        Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [patch V2 35/44] x86/idt: Switch early trap init to IDT tables

On Sat, 26 Aug 2017, Juergen Gross wrote:
> On 26/08/17 10:16, Thomas Gleixner wrote:
> > early_trap_init() is called from setup_arch(), not from
> > x86_64_start_kernel().
> > 
> > This patch merily renames the function and moves the code into a different
> > source file. So it's not changing the behaviour in any way.
> 
> It does: the IDT entries are now statically defined. Before that any
> call of set_intr_gate() would have registered the trap handler with
> the hypervisor, now this is done only when the IDT is being activated.
> Boris' patch is doing that.

The IDT entries are not statically defined, bcause that's impossible as
that would require the linker to split the address into bits and pieces and
then it would require relocation entries which do the same split again.

+void __init idt_setup_early_traps(void)
+{
+       idt_setup_from_table(idt_table, early_idts, ARRAY_SIZE(early_idts));
+}

It sets up the IDT entries from the table instead of having a gazillion
calls to set_intr_gate() in the code. So that ends up in write_idt_entry()
which is paravirtualized and ends up where it ended up before.

What occured to me right now, is that the patch removes:

     load_idt(&idt_descr);

from the original function without adding it to the new one. So that needs
to be fixed, but not in the XEN code. It simply wants to be added to
idt_setup_early_traps(). I'll send out a V3 of that particular patch.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ