| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jun 2020 12:07:55 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: Jürgen Groß <jgross@...e.com>,
Andy Lutomirski <luto@...nel.org>, <x86@...nel.org>
CC: Sasha Levin <sashal@...nel.org>, <linux-kernel@...r.kernel.org>,
"Boris Ostrovsky" <boris.ostrovsky@...cle.com>,
Stefano Stabellini <sstabellini@...nel.org>,
<xen-devel@...ts.xenproject.org>
Subject: Re: [PATCH fsgsbase v2 4/4] x86/fsgsbase: Fix Xen PV support
On 29/06/2020 06:17, Jürgen Groß wrote:
> On 26.06.20 19:24, Andy Lutomirski wrote:
>> On Xen PV, SWAPGS doesn't work. Teach __rdfsbase_inactive() and
>> __wrgsbase_inactive() to use rdmsrl()/wrmsrl() on Xen PV. The Xen
>> pvop code will understand this and issue the correct hypercalls.
>>
>> Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
>> Cc: Juergen Gross <jgross@...e.com>
>> Cc: Stefano Stabellini <sstabellini@...nel.org>
>> Cc: xen-devel@...ts.xenproject.org
>> Signed-off-by: Andy Lutomirski <luto@...nel.org>
>> ---
>> arch/x86/kernel/process_64.c | 20 ++++++++++++++------
>> 1 file changed, 14 insertions(+), 6 deletions(-)
>>
>> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
>> index cb8e37d3acaa..457d02aa10d8 100644
>> --- a/arch/x86/kernel/process_64.c
>> +++ b/arch/x86/kernel/process_64.c
>> @@ -163,9 +163,13 @@ static noinstr unsigned long
>> __rdgsbase_inactive(void)
>> lockdep_assert_irqs_disabled();
>> - native_swapgs();
>> - gsbase = rdgsbase();
>> - native_swapgs();
>> + if (!static_cpu_has(X86_FEATURE_XENPV)) {
>> + native_swapgs();
>> + gsbase = rdgsbase();
>> + native_swapgs();
>> + } else {
>> + rdmsrl(MSR_KERNEL_GS_BASE, gsbase);
>> + }
>> return gsbase;
>> }
>> @@ -182,9 +186,13 @@ static noinstr void __wrgsbase_inactive(unsigned
>> long gsbase)
>> {
>> lockdep_assert_irqs_disabled();
>> - native_swapgs();
>> - wrgsbase(gsbase);
>> - native_swapgs();
>> + if (!static_cpu_has(X86_FEATURE_XENPV)) {
>> + native_swapgs();
>> + wrgsbase(gsbase);
>> + native_swapgs();
>> + } else {
>> + wrmsrl(MSR_KERNEL_GS_BASE, gsbase);
>> + }
>> }
>> /*
>>
>
> Another possibility would be to just do (I'm fine either way):
>
> diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
> index acc49fa6a097..b78dd373adbf 100644
> --- a/arch/x86/xen/enlighten_pv.c
> +++ b/arch/x86/xen/enlighten_pv.c
> @@ -318,6 +318,8 @@ static void __init xen_init_capabilities(void)
> setup_clear_cpu_cap(X86_FEATURE_XSAVE);
> setup_clear_cpu_cap(X86_FEATURE_OSXSAVE);
> }
> +
> + setup_clear_cpu_cap(X86_FEATURE_FSGSBASE);
That will stop both userspace and Xen (side effect of the guest kernel's
CR4 choice) from using the instructions.
Even when the kernel is using the paravirt fastpath, its still Xen
actually taking the hit. MSR_{FS,GS}_BASE/SHADOW are thousands of
cycles to access, whereas {RD,WR}{FS,GS}BASE are a handful.
~Andrew
Powered by blists - more mailing lists