Re: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Feng Wu <feng.wu@intel.com>
Cc: kevin.tian@intel.com, ian.campbell@citrix.com,
	eddie.dong@intel.com, xen-devel@lists.xen.org, JBeulich@suse.com,
	jun.nakajima@intel.com
Subject: Re: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Date: Wed, 7 May 2014 10:44:59 +0100	[thread overview]
Message-ID: <536A009B.20802@citrix.com> (raw)
In-Reply-To: <1399450782-14735-6-git-send-email-feng.wu@intel.com>

On 07/05/14 09:19, Feng Wu wrote:
> Clear AC bit in RFLAGS at the beginning of exception, interrupt, hypercall,
> so Xen itself can be protected by SMAP mechanism.
>
> Signed-off-by: Feng Wu <feng.wu@intel.com>
> ---
>  xen/arch/x86/x86_64/compat/entry.S | 3 ++-
>  xen/arch/x86/x86_64/entry.S        | 7 +++++--
>  xen/arch/x86/x86_64/traps.c        | 2 +-
>  xen/include/asm-x86/asm_defns.h    | 5 ++++-
>  4 files changed, 12 insertions(+), 5 deletions(-)
>
> diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
> index 32b3bcc..00dd0f3 100644
> --- a/xen/arch/x86/x86_64/compat/entry.S
> +++ b/xen/arch/x86/x86_64/compat/entry.S
> @@ -13,6 +13,7 @@
>  #include <irq_vectors.h>
>  
>  ENTRY(compat_hypercall)
> +        ASM_CLAC
>          pushq $0
>          SAVE_VOLATILE type=TRAP_syscall compat=1
>  
> @@ -178,7 +179,7 @@ ENTRY(compat_restore_all_guest)
>  
>  .section .fixup,"ax"
>  .Lfx0:  sti
> -        SAVE_ALL
> +        SAVE_ALL 0
>          movq  UREGS_error_code(%rsp),%rsi
>          movq  %rsp,%rax
>          andq  $~0xf,%rsp
> diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
> index 1c81852..205251d 100644
> --- a/xen/arch/x86/x86_64/entry.S
> +++ b/xen/arch/x86/x86_64/entry.S
> @@ -68,7 +68,7 @@ iret_exit_to_guest:
>  
>  .section .fixup,"ax"
>  .Lfx0:  sti
> -        SAVE_ALL
> +        SAVE_ALL 0
>          movq  UREGS_error_code(%rsp),%rsi
>          movq  %rsp,%rax
>          andq  $~0xf,%rsp
> @@ -273,6 +273,7 @@ ENTRY(sysenter_entry)
>          pushq $0
>          pushfq
>  GLOBAL(sysenter_eflags_saved)
> +        ASM_CLAC
>          pushq $3 /* ring 3 null cs */
>          pushq $0 /* null rip */
>          pushq $0
> @@ -309,6 +310,7 @@ UNLIKELY_END(sysenter_gpf)
>          jmp   .Lbounce_exception
>  
>  ENTRY(int80_direct_trap)
> +        ASM_CLAC
>          pushq $0
>          SAVE_VOLATILE 0x80
>  
> @@ -621,7 +623,7 @@ ENTRY(double_fault)
>  
>          .pushsection .init.text, "ax", @progbits
>  ENTRY(early_page_fault)
> -        SAVE_ALL
> +        SAVE_ALL 0
>          movq  %rsp,%rdi
>          call  do_early_page_fault
>          jmp   restore_all_xen
> @@ -673,6 +675,7 @@ ENTRY(nmi_crash)
>          ud2
>  
>  ENTRY(machine_check)
> +        ASM_CLAC

This is not needed.  the start of handle_ist_exception has a SAVE_ALL,
which also covers the nmi entry point.

On the subject of IST exceptions, perhaps the double fault explicitly
wants a STAC to reduce the likelihood of taking a further fault while
trying to dump state. ?

>          pushq $0
>          movl  $TRAP_machine_check,4(%rsp)
>          jmp   handle_ist_exception
> diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c
> index 90072c1..b87b33e 100644
> --- a/xen/arch/x86/x86_64/traps.c
> +++ b/xen/arch/x86/x86_64/traps.c
> @@ -437,7 +437,7 @@ void __devinit subarch_percpu_traps_init(void)
>      /* Common SYSCALL parameters. */
>      wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS);
>      wrmsr(MSR_SYSCALL_MASK,
> -          X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT|
> +          X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT|
>            X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_TF,
>            0U);
>  }
> diff --git a/xen/include/asm-x86/asm_defns.h b/xen/include/asm-x86/asm_defns.h
> index 0302836..9aa3657 100644
> --- a/xen/include/asm-x86/asm_defns.h
> +++ b/xen/include/asm-x86/asm_defns.h
> @@ -190,7 +190,10 @@ static inline void stac(void)
>  #endif
>  
>  #ifdef __ASSEMBLY__
> -.macro SAVE_ALL
> +.macro SAVE_ALL clear_ac=1
> +.if \clear_ac
> +        ASM_CLAC
> +.endif
>          addq  $-(UREGS_error_code-UREGS_r15), %rsp
>          cld
>          movq  %rdi,UREGS_rdi(%rsp)

next prev parent reply	other threads:[~2014-05-07  9:44 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-07  8:19 [PATCH v6 00/10] x86: Enable Supervisor Mode Access Prevention (SMAP) Feng Wu
2014-05-07  8:19 ` [PATCH v6 01/10] x86: define macros CPUINFO_features and CPUINFO_FEATURE_OFFSET Feng Wu
2014-05-07  8:19 ` [PATCH v6 02/10] x86: move common_interrupt to entry.S Feng Wu
2014-05-07  8:19 ` [PATCH v6 03/10] x86: merge stuff from asm-x86/x86_64/asm_defns.h to asm-x86/asm_defns.h Feng Wu
2014-05-07  8:19 ` [PATCH v6 04/10] x86: Add support for STAC/CLAC instructions Feng Wu
2014-05-07  9:36   ` Andrew Cooper
2014-05-07  8:19 ` [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP Feng Wu
2014-05-07  9:44   ` Andrew Cooper [this message]
2014-05-07 11:40     ` Jan Beulich
2014-05-07 11:53       ` Andrew Cooper
2014-05-08  1:41         ` Wu, Feng
2014-05-08  1:57           ` Andrew Cooper
2014-05-08  2:02             ` Wu, Feng
2014-05-08  6:40               ` Jan Beulich
2014-05-08  6:49                 ` Wu, Feng
2014-05-08  6:54                   ` Jan Beulich
2014-05-08  6:58                     ` Wu, Feng
2014-05-08  7:08                       ` Jan Beulich
2014-05-08  7:13                         ` Wu, Feng
2014-05-08  9:48               ` Andrew Cooper
2014-05-07  8:19 ` [PATCH v6 06/10] x86: Temporary disable SMAP to legally access user pages in kernel mode Feng Wu
2014-05-07  9:49   ` Andrew Cooper
2014-05-08  1:14   ` Tian, Kevin
2014-05-07  8:19 ` [PATCH v6 07/10] VMX: Disable SMAP feature when guest is in non-paging mode Feng Wu
2014-05-08  1:16   ` Tian, Kevin
2014-05-07  8:19 ` [PATCH v6 08/10] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen Feng Wu
2014-05-07 10:26   ` Andrew Cooper
2014-05-07 11:44     ` Jan Beulich
2014-05-07 11:47       ` Andrew Cooper
2014-05-08  2:32     ` Wu, Feng
2014-05-08  1:20   ` Tian, Kevin
2014-05-08  6:25     ` Wu, Feng
2014-05-08  7:06       ` Jan Beulich
2014-05-07  8:19 ` [PATCH v6 09/10] x86/hvm: Add SMAP support to HVM guest Feng Wu
2014-05-07 10:46   ` Andrew Cooper
2014-05-07 11:47     ` Jan Beulich
2014-05-08  1:22   ` Tian, Kevin
2014-05-07  8:19 ` [PATCH v6 10/10] x86/tools: Expose SMAP to HVM guests Feng Wu
2014-05-07  8:35 ` [PATCH v6 00/10] x86: Enable Supervisor Mode Access Prevention (SMAP) Jan Beulich
2014-05-07  9:00   ` Wu, Feng
2014-05-07  9:33     ` Jan Beulich
2014-05-07  8:57 ` Ian Campbell
2014-05-07  8:59   ` Wu, Feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=536A009B.20802@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=eddie.dong@intel.com \
    --cc=feng.wu@intel.com \
    --cc=ian.campbell@citrix.com \
    --cc=jun.nakajima@intel.com \
    --cc=kevin.tian@intel.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.