Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5cf31779-45c5-d37f-86bc-d5afb3fb7ab6@oracle.com>
Date: Thu, 9 Mar 2017 16:56:33 -0500
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Thomas Garnier <thgarnie@...gle.com>,
        Andy Lutomirski <luto@...capital.net>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>, Michal Hocko
 <mhocko@...e.com>,
        Stanislaw Gruszka <sgruszka@...hat.com>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        kvm list <kvm@...r.kernel.org>, Fenghua Yu <fenghua.yu@...el.com>,
        Matt Fleming <matt@...eblueprint.co.uk>,
        Frederic Weisbecker <fweisbec@...il.com>, X86 ML <x86@...nel.org>,
        Chris Wilson <chris@...is-wilson.co.uk>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        Paul Gortmaker <paul.gortmaker@...driver.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        Alexander Potapenko <glider@...gle.com>, Pavel Machek <pavel@....cz>,
        "H . Peter Anvin" <hpa@...or.com>,
        "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
        Jiri Olsa <jolsa@...hat.com>, zijun_hu <zijun_hu@....com>,
        Dave Hansen <dave.hansen@...el.com>, Andi Kleen <ak@...ux.intel.com>,
        "xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>,
        Jonathan Corbet <corbet@....net>,
        Michael Ellerman <mpe@...erman.id.au>, Joerg Roedel <joro@...tes.org>,
        Prarit Bhargava <prarit@...hat.com>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Ingo Molnar <mingo@...hat.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Borislav Petkov <bp@...e.de>, Len Brown <len.brown@...el.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        Kees Cook <keescook@...omium.org>, Arnd Bergmann <arnd@...db.de>,
        He Chen <he.chen@...ux.intel.com>, Brian Gerst <brgerst@...il.com>,
        Jiri Kosina <jikos@...nel.org>, lguest@...ts.ozlabs.org,
        Andy Lutomirski <luto@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dmitry Vyukov
 <dvyukov@...gle.com>, Juergen Gross <jgross@...e.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Lorenzo Stoakes <lstoakes@...il.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        "linux-pm@...r.kernel.org" <linux-pm@...r.kernel.org>,
        "Rafael J . Wysocki" <rjw@...ysocki.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Luis R . Rodriguez" <mcgrof@...nel.org>,
        David Vrabel <david.vrabel@...rix.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Tim Chen <tim.c.chen@...ux.intel.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap
 section

On 03/09/2017 04:54 PM, Thomas Garnier wrote:
> On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <luto@...capital.net> wrote:
>> On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.cooper3@...rix.com> wrote:
>>> On 09/03/2017 21:32, Andy Lutomirski wrote:
>>>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Garnier <thgarnie@...gle.com> wrote:
>>>>
>>>>> --- a/arch/x86/xen/enlighten.c
>>>>> +++ b/arch/x86/xen/enlighten.c
>>>>> @@ -710,7 +710,7 @@ static void load_TLS_descriptor(struct thread_struct *t,
>>>>>
>>>>>         *shadow = t->tls_array[i];
>>>>>
>>>>> -       gdt = get_cpu_gdt_table(cpu);
>>>>> +       gdt = get_cpu_gdt_rw(cpu);
>>>>>         maddr = arbitrary_virt_to_machine(&gdt[GDT_ENTRY_TLS_MIN+i]);
>>>>>         mc = __xen_mc_entry(0);
>>>> Boris, is this right?  I don't see why it wouldn't be, but Xen is special.
>>> Under Xen PV, the GDT is already read-only at this point.  (It is not
>>> safe to let the guest have writeable access to system tables, so the
>>> guest must relinquish write access to the frames wishing to be used as
>>> LDTs or GDTs.)
>>>
>>> The hypercall acts on the frame, not a virtual address, so either alias
>>> should be fine here.
>>>
>>> Under this new scheme, there will be two read-only aliases.  I guess
>>> this is easier to maintain the split consistently across Linux, than to
>>> special case Xen PV because it doesn't need the second alias.
>>>
>> I think we would gain nothing at all by special-casing Xen PV -- Linux
>> allocates the fixmap vaddrs at compile time, so we'd still allocate
>> them even if we rejigger all the helpers to avoid using them.
>>
> I don't have any experience with Xen so it would be great if virtme can test it.


I am pretty sure I tested this series at some point but I'll test it again.

-boris


>
> I can remove the unused functions, I just thought they were useful
> shortcuts given some of them are already used.
>
>> --Andy
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.