[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v2 2/3] x86: Remap GDT tables in the Fixmap section
- To: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
- From: Thomas Garnier <thgarnie@xxxxxxxxxx>
- Date: Thu, 26 Jan 2017 11:10:23 -0800
- Cc: X86 ML <x86@xxxxxxxxxx>, Stanislaw Gruszka <sgruszka@xxxxxxxxxx>, kvm list <kvm@xxxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, "linux-efi@xxxxxxxxxxxxxxx" <linux-efi@xxxxxxxxxxxxxxx>, Alexander Potapenko <glider@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, "kernel-hardening@xxxxxxxxxxxxxxxxxx" <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Michael Ellerman <mpe@xxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, Prarit Bhargava <prarit@xxxxxxxxxx>, kasan-dev <kasan-dev@xxxxxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Jiri Kosina <jikos@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, He Chen <he.chen@xxxxxxxxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Rusty Russell <rusty@xxxxxxxxxxxxxxx>, lguest@xxxxxxxxxxxxxxxx, Andy Lutomirski <luto@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Chen Yucong <slaoub@xxxxxxxxx>, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>, Adam Buchbinder <adam.buchbinder@xxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, "linux-pm@xxxxxxxxxxxxxxx" <linux-pm@xxxxxxxxxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
- Delivery-date: Thu, 26 Jan 2017 19:10:33 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Thu, Jan 26, 2017 at 10:52 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier <thgarnie@xxxxxxxxxx> wrote:
>> Each processor holds a GDT in its per-cpu structure. The sgdt
>> instruction gives the base address of the current GDT. This address can
>> be used to bypass KASLR memory randomization. With another bug, an
>> attacker could target other per-cpu structures or deduce the base of
>> the main memory section (PAGE_OFFSET).
>>
>> This patch relocates the GDT table for each processor inside the
>> Fixmap section. The space is reserved based on number of supported
>> processors.
>>
>> For consistency, the remapping is done by default on 32 and 64 bit.
>>
>> Each processor switches to its remapped GDT at the end of
>> initialization. For hibernation, the main processor returns with the
>> original GDT and switches back to the remapping at completion.
>>
>> This patch was tested on both architectures. Hibernation and KVM were
>> both tested specially for their usage of the GDT.
>
> I like this version much better. Thanks!
Thanks for the feedback! I like this version better too.
>
> --Andy
--
Thomas
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
