[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YtcRC0A8TvEHsMqJ@worktop.programming.kicks-ass.net>
Date: Tue, 19 Jul 2022 22:16:11 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
Cc: Andrew Cooper <Andrew.Cooper3@...rix.com>,
Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Johannes Wikner <kwikner@...z.ch>,
Alyssa Milburn <alyssa.milburn@...ux.intel.com>,
Jann Horn <jannh@...gle.com>, "H.J. Lu" <hjl.tools@...il.com>,
Joao Moreira <joao.moreira@...el.com>,
Joseph Nuzman <joseph.nuzman@...el.com>,
Steven Rostedt <rostedt@...dmis.org>,
Juergen Gross <jgross@...e.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>
Subject: Re: Virt Call depth tracking mitigation
On Tue, Jul 19, 2022 at 02:45:40PM +0000, Michael Kelley (LINUX) wrote:
> In Hyper-V, the hypercall page is *not* writable by the guest. Quoting
> from Section 3.13 in the Hyper-V TLFS:
>
> The hypercall page appears as an "overlay" to the GPA space; that is,
> it covers whatever else is mapped to the GPA range. Its contents are
> readable and executable by the guest. Attempts to write to the
> hypercall page will result in a protection (#GP) exception.
>
> And:
>
> After the interface has been established, the guest can initiate a
> hypercall. To do so, it populates the registers per the hypercall protocol
> and issues a CALL to the beginning of the hypercall page. The guest
> should assume the hypercall page performs the equivalent of a near
> return (0xC3) to return to the caller. As such, the hypercall must be
> invoked with a valid stack.
I'm hoping that these days you're following that 0xc3 with a 0xcc at the
very least ?
IIRC the whole hyper-v thing is negotiated using (virtual) MSRs, would
it be possible to write the address of a return thunk into an MSR and
have the hypervisor rewrite the hypercall page accordingly?
This is needed for the AMD jmp2ret thing anyway. Or you get to eat an
IBPB before every hypercall, which I'm guessing your performance people
aren't keen on.
Powered by blists - more mailing lists