Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5cf31779-45c5-d37f-86bc-d5afb3fb7ab6@oracle.com>
Date: Thu, 9 Mar 2017 16:56:33 -0500
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Thomas Garnier <thgarnie@...gle.com>,
        Andy Lutomirski <luto@...capital.net>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>, Michal Hocko
 <mhocko@...e.com>,
        Stanislaw Gruszka <sgruszka@...hat.com>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        kvm list <kvm@...r.kernel.org>, Fenghua Yu <fenghua.yu@...el.com>,
        Matt Fleming <matt@...eblueprint.co.uk>,
        Frederic Weisbecker <fweisbec@...il.com>, X86 ML <x86@...nel.org>,
        Chris Wilson <chris@...is-wilson.co.uk>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        Paul Gortmaker <paul.gortmaker@...driver.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        Alexander Potapenko <glider@...gle.com>, Pavel Machek <pavel@....cz>,
        "H . Peter Anvin" <hpa@...or.com>,
        "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
        Jiri Olsa <jolsa@...hat.com>, zijun_hu <zijun_hu@....com>,
        Dave Hansen <dave.hansen@...el.com>, Andi Kleen <ak@...ux.intel.com>,
        "xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>,
        Jonathan Corbet <corbet@....net>,
        Michael Ellerman <mpe@...erman.id.au>, Joerg Roedel <joro@...tes.org>,
        Prarit Bhargava <prarit@...hat.com>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Ingo Molnar <mingo@...hat.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Borislav Petkov <bp@...e.de>, Len Brown <len.brown@...el.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        Kees Cook <keescook@...omium.org>, Arnd Bergmann <arnd@...db.de>,
        He Chen <he.chen@...ux.intel.com>, Brian Gerst <brgerst@...il.com>,
        Jiri Kosina <jikos@...nel.org>, lguest@...ts.ozlabs.org,
        Andy Lutomirski <luto@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dmitry Vyukov
 <dvyukov@...gle.com>, Juergen Gross <jgross@...e.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Lorenzo Stoakes <lstoakes@...il.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        "linux-pm@...r.kernel.org" <linux-pm@...r.kernel.org>,
        "Rafael J . Wysocki" <rjw@...ysocki.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Luis R . Rodriguez" <mcgrof@...nel.org>,
        David Vrabel <david.vrabel@...rix.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Tim Chen <tim.c.chen@...ux.intel.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap
 section

On 03/09/2017 04:54 PM, Thomas Garnier wrote:
> On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <luto@...capital.net> wrote:
>> On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.cooper3@...rix.com> wrote:
>>> On 09/03/2017 21:32, Andy Lutomirski wrote:
>>>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@...gle.com> wrote:
>>>>
>>>>> --- a/arch/x86/xen/enlighten.c
>>>>> +++ b/arch/x86/xen/enlighten.c
>>>>> @@ -710,7 +710,7 @@ static void load_TLS_descriptor(struct thread_struct *t,
>>>>>
>>>>>         *shadow = t->tls_array[i];
>>>>>
>>>>> -       gdt = get_cpu_gdt_table(cpu);
>>>>> +       gdt = get_cpu_gdt_rw(cpu);
>>>>>         maddr = arbitrary_virt_to_machine(&gdt[GDT_ENTRY_TLS_MIN+i]);
>>>>>         mc = __xen_mc_entry(0);
>>>> Boris, is this right?  I don't see why it wouldn't be, but Xen is special.
>>> Under Xen PV, the GDT is already read-only at this point.  (It is not
>>> safe to let the guest have writeable access to system tables, so the
>>> guest must relinquish write access to the frames wishing to be used as
>>> LDTs or GDTs.)
>>>
>>> The hypercall acts on the frame, not a virtual address, so either alias
>>> should be fine here.
>>>
>>> Under this new scheme, there will be two read-only aliases.  I guess
>>> this is easier to maintain the split consistently across Linux, than to
>>> special case Xen PV because it doesn't need the second alias.
>>>
>> I think we would gain nothing at all by special-casing Xen PV -- Linux
>> allocates the fixmap vaddrs at compile time, so we'd still allocate
>> them even if we rejigger all the helpers to avoid using them.
>>
> I don't have any experience with Xen so it would be great if virtme can test it.


I am pretty sure I tested this series at some point but I'll test it again.

-boris


>
> I can remove the unused functions, I just thought they were useful
> shortcuts given some of them are already used.
>
>> --Andy
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.