|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH RFC v2 00/12] xen/x86: use per-vcpu stacks for 64 bit pv domains
>>> On 22.01.18 at 13:32, <jgross@xxxxxxxx> wrote: > As a preparation for doing page table isolation in the Xen hypervisor > in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for > 64 bit PV domains mapped to the per-domain virtual area. > > The per-vcpu stacks are used for early interrupt handling only. After > saving the domain's registers stacks are switched back to the normal > per physical cpu ones in order to be able to address on-stack data > from other cpus e.g. while handling IPIs. > > Adding %cr3 switching between saving of the registers and switching > the stacks will enable the possibility to run guest code without any > per physical cpu mapping, i.e. avoiding the threat of a guest being > able to access other domains data. > > Without any further measures it will still be possible for e.g. a > guest's user program to read stack data of another vcpu of the same > domain, but this can be easily avoided by a little PV-ABI modification > introducing per-cpu user address spaces. > > This series is meant as a replacement for Andrew's patch series: > "x86: Prerequisite work for a Xen KAISER solution". Considering in particular the two reverts, what I'm missing here is a clear description of the meaningful additional protection this approach provides over the band-aid. For context see also https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg01735.html Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |