|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH RFC v2 00/12] xen/x86: use per-vcpu stacks for 64 bit pv domains
On Mon, Jan 22, 2018 at 01:32:44PM +0100, Juergen Gross wrote: > As a preparation for doing page table isolation in the Xen hypervisor > in order to mitigate "Meltdown" use dedicated stacks, GDT and TSS for > 64 bit PV domains mapped to the per-domain virtual area. > > The per-vcpu stacks are used for early interrupt handling only. After > saving the domain's registers stacks are switched back to the normal > per physical cpu ones in order to be able to address on-stack data > from other cpus e.g. while handling IPIs. > > Adding %cr3 switching between saving of the registers and switching > the stacks will enable the possibility to run guest code without any > per physical cpu mapping, i.e. avoiding the threat of a guest being > able to access other domains data. > > Without any further measures it will still be possible for e.g. a > guest's user program to read stack data of another vcpu of the same > domain, but this can be easily avoided by a little PV-ABI modification > introducing per-cpu user address spaces. > > This series is meant as a replacement for Andrew's patch series: > "x86: Prerequisite work for a Xen KAISER solution". > > What needs to be done: > - verify livepatching is still working Is there an git repo for this? > - performance evaluation (Dario is working on it) > - the real page table switching > > > Changes since RFC V1: > - switch back to per physical cpu stacks in interrupt handling > - complete rework of series > - rebase to current staging > - adding reverts of Jan's band-aid patches > - adding two minor cleanups at the begin of the series > - done much more testing, including NMIs > > Juergen Gross (12): > x86: cleanup processor.h > x86: don't use hypervisor stack size for dumping guest stacks > x86: do a revert of e871e80c38547d9faefc6604532ba3e985e65873 > x86: revert 5784de3e2067ed73efc2fe42e62831e8ae7f46c4 > x86: don't access saved user regs via rsp in trap handlers > x86: add a xpti command line parameter > x86: allow per-domain mappings without NX bit or with specific mfn > xen/x86: use dedicated function for tss initialization > x86: enhance syscall stub to work in per-domain mapping > x86: allocate per-vcpu stacks for interrupt entries > x86: modify interrupt handlers to support stack switching > x86: activate per-vcpu stacks in case of xpti > > docs/misc/xen-command-line.markdown | 16 +- > xen/arch/x86/cpu/common.c | 56 ++++--- > xen/arch/x86/domain.c | 84 ++++++++-- > xen/arch/x86/mm.c | 102 ++++++++++--- > xen/arch/x86/pv/domain.c | 161 +++++++++++++++++++- > xen/arch/x86/smpboot.c | 211 -------------------------- > xen/arch/x86/traps.c | 26 ++-- > xen/arch/x86/x86_64/asm-offsets.c | 6 +- > xen/arch/x86/x86_64/compat/entry.S | 98 ++++++------ > xen/arch/x86/x86_64/entry.S | 295 > ++++++++++++------------------------ > xen/arch/x86/x86_64/traps.c | 47 +++--- > xen/common/wait.c | 8 +- > xen/include/asm-x86/asm_defns.h | 49 +++--- > xen/include/asm-x86/config.h | 13 +- > xen/include/asm-x86/current.h | 71 ++++++--- > xen/include/asm-x86/desc.h | 5 + > xen/include/asm-x86/domain.h | 5 + > xen/include/asm-x86/mm.h | 3 + > xen/include/asm-x86/processor.h | 42 ----- > xen/include/asm-x86/regs.h | 2 + > xen/include/asm-x86/system.h | 8 + > xen/include/asm-x86/x86_64/page.h | 5 +- > 22 files changed, 647 insertions(+), 666 deletions(-) > > -- > 2.13.6 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |