[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP

To: "Wu, Feng" <feng.wu@xxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Thu, 08 May 2014 02:57:55 +0100
Cc: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "ian.campbell@xxxxxxxxxx" <ian.campbell@xxxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 08 May 2014 01:58:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 08/05/2014 02:41, Wu, Feng wrote:
>
>> -----Original Message-----
>> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx]
>> Sent: Wednesday, May 07, 2014 7:54 PM
>> To: Jan Beulich
>> Cc: Wu, Feng; ian.campbell@xxxxxxxxxx; Dong, Eddie; Nakajima, Jun; Tian,
>> Kevin; xen-devel@xxxxxxxxxxxxx
>> Subject: Re: [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by
>> SMAP
>>
>> On 07/05/14 12:40, Jan Beulich wrote:
>>>>>> On 07.05.14 at 11:44, <andrew.cooper3@xxxxxxxxxx> wrote:
>>>> On 07/05/14 09:19, Feng Wu wrote:
>>>>> @@ -673,6 +675,7 @@ ENTRY(nmi_crash)
>>>>>          ud2
>>>>>
>>>>>  ENTRY(machine_check)
>>>>> +        ASM_CLAC
>>>> This is not needed.  the start of handle_ist_exception has a SAVE_ALL,
>>>> which also covers the nmi entry point.
>>>>
>>>> On the subject of IST exceptions, perhaps the double fault explicitly
>>>> wants a STAC to reduce the likelihood of taking a further fault while
>>>> trying to dump state. ?
>>> I agree. And perhaps along with do_double_fault(), fatal_trap()
>>> should then also get a stac() added?
>>>
>>> Jan
>>>
>> With doubt_fault: being sole caller of do_double_fault(), editing the
>> entry point in entry.S to "ASM_STAC; SAVE_ALL 0" is sufficient to avoid
>> stac() in do_doube_fault() itself.
> I think it's better to add "ASM_STAC" just before " call  do_double_fault".
> Do you think this is okay, Andrew? Thanks!

I am not fussed where exactly the STAC goes in the entry point, but
don't leave a CLAC in the SAVE_ALL.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Wu, Feng

References:
- [Xen-devel] [PATCH v6 00/10] x86: Enable Supervisor Mode Access Prevention (SMAP)
  - From: Feng Wu
- [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Feng Wu
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
  - From: Wu, Feng

Prev by Date: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Next by Date: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Previous by thread: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Next by thread: Re: [Xen-devel] [PATCH v6 05/10] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.