[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 28 Apr 2014 10:48:15 +0100
Cc: kevin.tian@xxxxxxxxx, Feng Wu <feng.wu@xxxxxxxxx>, ian.campbell@xxxxxxxxxx, eddie.dong@xxxxxxxxx, xen-devel@xxxxxxxxxxxxx, jun.nakajima@xxxxxxxxx
Delivery-date: Mon, 28 Apr 2014 09:48:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 28/04/14 10:40, Jan Beulich wrote:
>>>> On 28.04.14 at 05:17, <feng.wu@xxxxxxxxx> wrote:
>> @@ -1394,6 +1398,15 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>>                          bootstrap_map, cmdline) != 0)
>>          panic("Could not set up DOM0 guest OS");
>>  
>> +    /*
>> +     * Enable SMAP after constructing domain0, since there are lots of 
>> accesses to
>> +     * user pages in construct_dom0(), which is safe at the current stage.
>> +     */
>> +    if ( disable_smap )
>> +        setup_clear_cpu_cap(X86_FEATURE_SMAP);
> You should not have moved this part - this should happen before APs
> get brought up.
>
>> @@ -1379,8 +1399,14 @@ void do_page_fault(struct cpu_user_regs *regs)
>>  
>>      if ( unlikely(!guest_mode(regs)) )
>>      {
>> -        pf_type = spurious_page_fault(addr, error_code);
>> -        BUG_ON(pf_type == smep_fault);
>> +        pf_type = spurious_page_fault(addr, regs);
>> +        if ( (pf_type == smep_fault) || (pf_type == smap_fault) )
>> +        {
>> +            console_start_sync();
>> +            printk("Xen %s violation\n", (pf_type == smep_fault) ? "SMEP" : 
>> "SMAP");
> I know it's largely a matter of taste, but could I talk you into doing
>
>             printk("Xen SM%cP violation\n", (pf_type == smep_fault) ? 'E' : 
> 'A');
>
> instead (unless others object)?

I concur.  Neither string is grepable.

>
>> @@ -1406,10 +1432,12 @@ void do_page_fault(struct cpu_user_regs *regs)
>>  
>>      if ( unlikely(current->domain->arch.suppress_spurious_page_faults) )
>>      {
>> -        pf_type = spurious_page_fault(addr, error_code);
>> -        if ( pf_type == smep_fault )
>> +        pf_type = spurious_page_fault(addr, regs);
>> +        if ( (pf_type == smep_fault) || (pf_type == smap_fault))
>>          {
>> -            gdprintk(XENLOG_ERR, "Fatal SMEP fault\n");
>> +            printk(XENLOG_G_ERR "%p fatal %s fault\n",
>> +                   current, (pf_type == smep_fault) ? "SMEP" : "SMAP");

That should be %pv rather than %p, which is an automagic format
parameter which will get you "d<domid>v<vcpuid>" formatted.

> And similarly here then?
>
> Jan
>

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Wu, Feng

References:
- [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Feng Wu
- Re: [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH] xen/arm64: disable alignment check
Next by Date: Re: [Xen-devel] [PATCH v3 2/9] x86: move common_interrupt to entry.S
Previous by thread: Re: [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
Next by thread: Re: [Xen-devel] [PATCH v3 7/9] x86: Enable Supervisor Mode Access Prevention (SMAP) for Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.