Re: [PATCH RFC v2 00/12] xen/x86: use per-vcpu stacks for 64 bit pv domains

[Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>]

On Mon, Jan 22, 2018 at 01:32:44PM +0100, Juergen Gross wrote:
> As a preparation for doing page table isolation in the Xen hypervisor
> in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for
> 64 bit PV domains mapped to the per-domain virtual area.
> 
> The per-vcpu stacks are used for early interrupt handling only. After
> saving the domain's registers stacks are switched back to the normal
> per physical cpu ones in order to be able to address on-stack data
> from other cpus e.g. while handling IPIs.
> 
> Adding %cr3 switching between saving of the registers and switching
> the stacks will enable the possibility to run guest code without any
> per physical cpu mapping, i.e. avoiding the threat of a guest being
> able to access other domains data.
> 
> Without any further measures it will still be possible for e.g. a
> guest's user program to read stack data of another vcpu of the same
> domain, but this can be easily avoided by a little PV-ABI modification
> introducing per-cpu user address spaces.
> 
> This series is meant as a replacement for Andrew's patch series:
> "x86: Prerequisite work for a Xen KAISER solution".
> 
> What needs to be done:
> - verify livepatching is still working

Is there an git repo for this?

> - performance evaluation (Dario is working on it)
> - the real page table switching
> 
> 
> Changes since RFC V1:
> - switch back to per physical cpu stacks in interrupt handling
> - complete rework of series
> - rebase to current staging
> - adding reverts of Jan's band-aid patches
> - adding two minor cleanups at the begin of the series
> - done much more testing, including NMIs
> 
> Juergen Gross (12):
>   x86: cleanup processor.h
>   x86: don't use hypervisor stack size for dumping guest stacks
>   x86: do a revert of e871e80c38547d9faefc6604532ba3e985e65873
>   x86: revert 5784de3e2067ed73efc2fe42e62831e8ae7f46c4
>   x86: don't access saved user regs via rsp in trap handlers
>   x86: add a xpti command line parameter
>   x86: allow per-domain mappings without NX bit or with specific mfn
>   xen/x86: use dedicated function for tss initialization
>   x86: enhance syscall stub to work in per-domain mapping
>   x86: allocate per-vcpu stacks for interrupt entries
>   x86: modify interrupt handlers to support stack switching
>   x86: activate per-vcpu stacks in case of xpti
> 
>  docs/misc/xen-command-line.markdown |  16 +-
>  xen/arch/x86/cpu/common.c           |  56 ++++---
>  xen/arch/x86/domain.c               |  84 ++++++++--
>  xen/arch/x86/mm.c                   | 102 ++++++++++---
>  xen/arch/x86/pv/domain.c            | 161 +++++++++++++++++++-
>  xen/arch/x86/smpboot.c              | 211 --------------------------
>  xen/arch/x86/traps.c                |  26 ++--
>  xen/arch/x86/x86_64/asm-offsets.c   |   6 +-
>  xen/arch/x86/x86_64/compat/entry.S  |  98 ++++++------
>  xen/arch/x86/x86_64/entry.S         | 295 ++++++++++++------------------------
>  xen/arch/x86/x86_64/traps.c         |  47 +++---
>  xen/common/wait.c                   |   8 +-
>  xen/include/asm-x86/asm_defns.h     |  49 +++---
>  xen/include/asm-x86/config.h        |  13 +-
>  xen/include/asm-x86/current.h       |  71 ++++++---
>  xen/include/asm-x86/desc.h          |   5 +
>  xen/include/asm-x86/domain.h        |   5 +
>  xen/include/asm-x86/mm.h            |   3 +
>  xen/include/asm-x86/processor.h     |  42 -----
>  xen/include/asm-x86/regs.h          |   2 +
>  xen/include/asm-x86/system.h        |   8 +
>  xen/include/asm-x86/x86_64/page.h   |   5 +-
>  22 files changed, 647 insertions(+), 666 deletions(-)
> 
> -- 
> 2.13.6
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel