[2/3] x86: relax LDT check in arch_set_info_guest()

Message ID	efe72f90-0fa5-d1c6-b87f-9b8e7b45b0f8@suse.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <SRS0=WOnx=Z4=lists.xenproject.org=xen-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B42BD2245C From: Jan Beulich <jbeulich@suse.com> To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org> References: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Message-ID: <efe72f90-0fa5-d1c6-b87f-9b8e7b45b0f8@suse.com> Date: Fri, 6 Dec 2019 11:14:39 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH 2/3] x86: relax LDT check in arch_set_info_guest() Precedence: list Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	x86: XSA-298 follow-up \| expand [0/3] x86: XSA-298 follow-up [1/3] x86: relax GDT check in arch_set_info_guest() [2/3] x86: relax LDT check in arch_set_info_guest() [3/3] x86/PV: polish pv_set_gdt()

Message ID

efe72f90-0fa5-d1c6-b87f-9b8e7b45b0f8@suse.com (mailing list archive)

State

Superseded

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B42BD2245C
From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
References: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com>
Message-ID: <efe72f90-0fa5-d1c6-b87f-9b8e7b45b0f8@suse.com>
Date: Fri, 6 Dec 2019 11:14:39 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <57491ade-fa47-5e66-47ac-a5f79de84070@suse.com>
Content-Language: en-US
Subject: [Xen-devel] [PATCH 2/3] x86: relax LDT check in
 arch_set_info_guest()
Precedence: list
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

x86: XSA-298 follow-up | expand

Commit Message

Jan Beulich Dec. 6, 2019, 10:14 a.m. UTC

It is wrong for us to check the base address when there's no LDT in the
first place.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
TBD: I also wonder whether we wouldn't better set v->arch.pv.ldt_base to
     zero for an empty LDT, just like do_mmuext_op() does.

Comments

Andrew Cooper Dec. 6, 2019, 10:33 a.m. UTC | #1

On 06/12/2019 10:14, Jan Beulich wrote:
> It is wrong for us to check the base address when there's no LDT in the
> first place.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> TBD: I also wonder whether we wouldn't better set v->arch.pv.ldt_base to
>      zero for an empty LDT, just like do_mmuext_op() does.

My query with patch 1 is also applicable here.

As for setting it to zero, we should use something non-canonical
instead.  Doing so would have saved us from XSA-298, which was only a
problem in guests because the base falling to 0.

~Andrew

Jan Beulich Dec. 6, 2019, 11:35 a.m. UTC | #2

On 06.12.2019 11:33, Andrew Cooper wrote:
> On 06/12/2019 10:14, Jan Beulich wrote:
>> It is wrong for us to check the base address when there's no LDT in the
>> first place.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> ---
>> TBD: I also wonder whether we wouldn't better set v->arch.pv.ldt_base to
>>      zero for an empty LDT, just like do_mmuext_op() does.
> 
> My query with patch 1 is also applicable here.

As is my answer there.

> As for setting it to zero, we should use something non-canonical
> instead.  Doing so would have saved us from XSA-298, which was only a
> problem in guests because the base falling to 0.

I can certainly do so (in do_mmuext_op() then as well).

Jan

--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -989,8 +989,9 @@  int arch_set_info_guest(
         for ( i = 0; !fail && i < nr_gdt_frames; ++i )
             fail |= v->arch.pv.gdt_frames[i] != c(gdt_frames[i]);
 
-        fail |= v->arch.pv.ldt_base != c(ldt_base);
         fail |= v->arch.pv.ldt_ents != c(ldt_ents);
+        if ( v->arch.pv.ldt_ents )
+            fail |= v->arch.pv.ldt_base != c(ldt_base);
 
         if ( fail )
            return -EOPNOTSUPP;

[2/3] x86: relax LDT check in arch_set_info_guest()

Commit Message

Comments

Patch