|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH RFC 0/4] xen/x86: use per-vcpu stacks for 64 bit pv domains
As a preparation for doing page table isolation in the Xen hypervisor in order to mitigate "Meltdown" use dedicated stacks for 64 bit PV domains mapped to the per-domain virtual area. The TSS is added to that area, too, and the GDT is no longer a remapped version of the per physical cpu one. This will enable the possibility to run guest code without any per physical cpu mapping, i.e. avoiding the threat of a guest being able to access other domains data. Without any further measures it will still be possible for e.g. a guest's user program to read stack data of another vcpu of the same domain, but this can be easily avoided by a little PV-ABI modification introducing per-cpu user address spaces. This series is meant as a replacement for Andrew's patch series: "x86: Prerequisite work for a Xen KAISER solution". What needs to be done: - add livepatch support (should be rather easy) - debug-keys "d" needs some adaptions - performance evaluation - some optimizations? Juergen Gross (4): xen/x86: use dedicated function for tss initialization xen/x86: add helper for stack guard xen/x86: split context_switch() xen: use per-vcpu TSS and stacks for pv domains xen/arch/x86/cpu/common.c | 56 +++++++++++++---------- xen/arch/x86/domain.c | 106 +++++++++++++++++++++++++++++-------------- xen/arch/x86/mm.c | 8 +--- xen/arch/x86/pv/domain.c | 72 +++++++++++++++++++++++++++-- xen/arch/x86/x86_64/entry.S | 4 ++ xen/include/asm-x86/config.h | 9 +++- xen/include/asm-x86/mm.h | 11 +++++ xen/include/asm-x86/system.h | 1 + 8 files changed, 198 insertions(+), 69 deletions(-) -- 2.13.6 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |