From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Roger Pau Monné" <roger.pau@citrix.com>,
Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 4/8] Revert "x86/traps: 'Fix' safety of read_registers() in #DF path"
Date: Mon, 17 Mar 2025 12:03:20 +0100 [thread overview]
Message-ID: <0141cd64-348b-41fd-8a45-d8e236e60cb1@suse.com> (raw)
In-Reply-To: <20250311211043.3629696-5-andrew.cooper3@citrix.com>
On 11.03.2025 22:10, Andrew Cooper wrote:
> This reverts commit 6065a05adf152a556fb9f11a5218c89e41b62893.
>
> The discussed "proper fix" has now been implemented, and the #DF path no
> longer writes out-of-bounds. Restore the proper #DF IST pointer.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
> --- a/xen/arch/x86/cpu/common.c
> +++ b/xen/arch/x86/cpu/common.c
> @@ -847,13 +847,7 @@ void load_system_tables(void)
> tss->ist[IST_MCE - 1] = stack_top + (1 + IST_MCE) * PAGE_SIZE;
> tss->ist[IST_NMI - 1] = stack_top + (1 + IST_NMI) * PAGE_SIZE;
> tss->ist[IST_DB - 1] = stack_top + (1 + IST_DB) * PAGE_SIZE;
> - /*
> - * Gross bodge. The #DF handler uses the vm86 fields of cpu_user_regs
> - * beyond the hardware frame. Adjust the stack entrypoint so this
> - * doesn't manifest as an OoB write which hits the guard page.
> - */
> - tss->ist[IST_DF - 1] = stack_top + (1 + IST_DF) * PAGE_SIZE -
> - (sizeof(struct cpu_user_regs) - offsetof(struct cpu_user_regs, es));
> + tss->ist[IST_DF - 1] = stack_top + (1 + IST_DF) * PAGE_SIZE;
And one of these "es is special" also gone.
Jan
next prev parent reply other threads:[~2025-03-17 11:03 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-11 21:10 [PATCH 0/8] x86: Drop the vm86 segments selectors from struct cpu_user_regs Andrew Cooper
2025-03-11 21:10 ` [PATCH 1/8] x86/regs: Fold x86_64/regs.h into it's single includer Andrew Cooper
2025-03-17 10:49 ` Jan Beulich
2025-03-11 21:10 ` [PATCH 2/8] x86/traps: Rework register state printing to use a struct Andrew Cooper
2025-03-17 10:54 ` Jan Beulich
2025-03-11 21:10 ` [PATCH 3/8] x86/traps: Avoid OoB accesses to print the data selectors Andrew Cooper
2025-03-17 11:00 ` Jan Beulich
2025-03-17 11:04 ` Andrew Cooper
2025-03-11 21:10 ` [PATCH 4/8] Revert "x86/traps: 'Fix' safety of read_registers() in #DF path" Andrew Cooper
2025-03-17 11:03 ` Jan Beulich [this message]
2025-03-11 21:10 ` [PATCH 5/8] x86/domctl: Stop using XLAT_cpu_user_regs() Andrew Cooper
2025-03-17 11:38 ` Jan Beulich
2025-03-21 16:01 ` Andrew Cooper
2025-03-24 10:01 ` Jan Beulich
2025-03-17 11:42 ` Jan Beulich
2025-03-21 17:13 ` Andrew Cooper
2025-03-24 9:53 ` Jan Beulich
2025-03-11 21:10 ` [PATCH 6/8] x86/pv: Store the data segment selectors outside of cpu_user_regs Andrew Cooper
2025-03-17 11:58 ` Jan Beulich
2025-03-17 12:00 ` Andrew Cooper
2025-03-11 21:10 ` [PATCH 7/8] x86/public: Split the struct cpu_user_regs type Andrew Cooper
2025-03-17 12:15 ` Jan Beulich
2025-03-21 15:11 ` Andrew Cooper
2025-03-24 9:47 ` Jan Beulich
2025-07-25 17:34 ` Roger Pau Monné
2025-03-11 21:10 ` [PATCH 8/8] x86: Drop the vm86 segments selectors from struct cpu_user_regs Andrew Cooper
2025-03-17 12:16 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0141cd64-348b-41fd-8a45-d8e236e60cb1@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.