From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f69.google.com (mail-wm0-f69.google.com [74.125.82.69]) by kanga.kvack.org (Postfix) with ESMTP id 207436B0389 for ; Tue, 14 Mar 2017 17:04:30 -0400 (EDT) Received: by mail-wm0-f69.google.com with SMTP id b140so1691279wme.3 for ; Tue, 14 Mar 2017 14:04:30 -0700 (PDT) Received: from atrey.karlin.mff.cuni.cz (atrey.karlin.mff.cuni.cz. [195.113.26.193]) by mx.google.com with ESMTPS id l127si1284669wmf.62.2017.03.14.14.04.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2017 14:04:28 -0700 (PDT) Date: Tue, 14 Mar 2017 22:04:24 +0100 From: Pavel Machek Subject: Re: [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit Message-ID: <20170314210424.GA5023@amd> References: <20170314170508.100882-1-thgarnie@google.com> <20170314170508.100882-3-thgarnie@google.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline In-Reply-To: <20170314170508.100882-3-thgarnie@google.com> Sender: owner-linux-mm@kvack.org List-ID: To: Thomas Garnier Cc: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Jonathan Corbet , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Lorenzo Stoakes , Kees Cook , Juergen Gross , Andy Lutomirski , Paul Gortmaker , Andrew Morton , Michal Hocko , zijun_hu , Chris Wilson , Andy Lutomirski , "Rafael J . Wysocki" , Len Brown , Jiri Kosina , Matt Fleming , Ard Biesheuvel , Boris Ostrovsky , Rusty Russell , Paolo Bonzini , Borislav Petkov , Christian Borntraeger , Frederic Weisbecker , "Luis R . Rodriguez" , Stanislaw Gruszka , Peter Zijlstra , Josh Poimboeuf , Vitaly Kuznetsov , Tim Chen , Joerg Roedel , Radim =?utf-8?B?S3LEjW3DocWZ?= , x86@kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-pm@vger.kernel.org, linux-efi@vger.kernel.org, xen-devel@lists.xenproject.org, lguest@lists.ozlabs.org, kvm@vger.kernel.org, kernel-hardening@lists.openwall.com --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue 2017-03-14 10:05:08, Thomas Garnier wrote: > This patch makes the GDT remapped pages read-only to prevent corruption. > This change is done only on 64-bit. >=20 > The native_load_tr_desc function was adapted to correctly handle a > read-only GDT. The LTR instruction always writes to the GDT TSS entry. > This generates a page fault if the GDT is read-only. This change checks > if the current GDT is a remap and swap GDTs as needed. This function was > tested by booting multiple machines and checking hibernation works > properly. >=20 > KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the > per-cpu variable was removed for functions to fetch the original GDT. > Instead of reloading the previous GDT, VMX will reload the fixmap GDT as > expected. For testing, VMs were started and restored on multiple > configurations. >=20 > Signed-off-by: Thomas Garnier Can we get the same change for 32-bit, too? Growing differences between 32 and 64 bit are a bit of a problem... Pavel =09 --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljIWtgACgkQMOfwapXb+vIlbQCgw3SF2oZqnpnzX74DsEZIUg8l i4AAn0LNA1S1APtp1QrB07wudB48v9VL =mc0C -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org