From: He Chen <he.chen@linux.intel.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Wu Feng <feng.wu@intel.com>, Wang Yong <yong.y.wang@intel.com>,
Nakajima Jun <jun.nakajima@intel.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH V2] xen: support enabling SMEP/SMAP for HVM only
Date: Fri, 12 Aug 2016 18:03:20 +0800 [thread overview]
Message-ID: <20160812100320.GA31791@HE> (raw)
In-Reply-To: <57AC963E0200007800105182@prv-mh.provo.novell.com>
On Thu, Aug 11, 2016 at 07:14:06AM -0600, Jan Beulich wrote:
> >>> On 11.08.16 at 11:17, <he.chen@linux.intel.com> wrote:
> > @@ -1404,12 +1438,20 @@ void __init noreturn __start_xen(unsigned long mbi_p)
> > if ( !opt_smep )
> > setup_clear_cpu_cap(X86_FEATURE_SMEP);
> > if ( cpu_has_smep )
> > + {
> > set_in_cr4(X86_CR4_SMEP);
> > + if ( smep_hvm_only )
> > + write_cr4(read_cr4() & ~X86_CR4_SMEP);
> > + }
>
> So that'll clear CR4.SMEP right here, but won't help with CR4 loads
> from mmu_cr4_features (as e.g. happens indirectly during VM exits,
> since the HOST_CR4 field gets set from this variable).
>
> Did you in fact test your change, including validation of the features
> correctly remaining off over the lifetime of the system?
>
> Further, considering that you don't clear the two flags from Xen's
> internal feature bitmap, and taken together with the internal feature
> bitmap driving alternative instruction patching, I'd assume pointless
> (and performance wise perhaps harmful) patching to now take place.
>
Let me see whether I understand this correctly...
Regarding alternative instruction patching, if enabling SMAP for HVM but
disabling it for Xen, SMAP bit must be set in x86_capability feature
bitmap and cleared in mmu_cr4_features, which means instruction patching
would take place and a #UD may occur (since SMAP is disable in Xen, but
STAC/CLAC are patched and called).
A little dirty solution I can think of now is to temperarily clear SMAP
bit in x86_capability before patching instruction and then set it back
when instruction patching finish, like:
```
if ( opt_smap == SMAP_HVM_ONLY )
setup_clear_cpu_cap(X86_FEATURE_SMAP);
alternative_instructions();
if ( opt_smap == SMAP_HVM_ONLY )
__set_bit(X86_FEATURE_SMAP, boot_cpu_data.x86_capability);
```
Appreciate it if you have a better solution.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-08-12 10:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-11 9:17 [PATCH V2] xen: support enabling SMEP/SMAP for HVM only He Chen
2016-08-11 13:14 ` Jan Beulich
2016-08-12 10:03 ` He Chen [this message]
2016-08-12 11:56 ` Jan Beulich
-- strict thread matches above, loose matches on Subject: below --
2016-08-11 3:02 He Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160812100320.GA31791@HE \
--to=he.chen@linux.intel.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=feng.wu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=xen-devel@lists.xen.org \
--cc=yong.y.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.