Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753229AbdCNVEe (ORCPT <rfc822;w@1wt.eu>);
        Tue, 14 Mar 2017 17:04:34 -0400
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:34326 "EHLO
        atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751745AbdCNVEb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Mar 2017 17:04:31 -0400
Date: Tue, 14 Mar 2017 22:04:24 +0100
From: Pavel Machek <pavel@ucw.cz>
To: Thomas Garnier <thgarnie@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "H . Peter Anvin" <hpa@zytor.com>, Jonathan Corbet <corbet@lwn.net>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Lorenzo Stoakes <lstoakes@gmail.com>,
        Kees Cook <keescook@chromium.org>, Juergen Gross <jgross@suse.com>,
        Andy Lutomirski <luto@kernel.org>,
        Paul Gortmaker <paul.gortmaker@windriver.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Michal Hocko <mhocko@suse.com>, zijun_hu <zijun_hu@htc.com>,
        Chris Wilson <chris@chris-wilson.co.uk>,
        Andy Lutomirski <luto@amacapital.net>,
        "Rafael J . Wysocki" <rjw@rjwysocki.net>,
        Len Brown <len.brown@intel.com>, Jiri Kosina <jikos@kernel.org>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Rusty Russell <rusty@rustcorp.com.au>,
        Paolo Bonzini <pbonzini@redhat.com>, Borislav Petkov <bp@suse.de>,
        Christian Borntraeger <borntraeger@de.ibm.com>,
        Frederic Weisbecker <fweisbec@gmail.com>,
        "Luis R . Rodriguez" <mcgrof@kernel.org>,
        Stanislaw Gruszka <sgruszka@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Tim Chen <tim.c.chen@linux.intel.com>, Joerg Roedel <joro@8bytes.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
        kasan-dev@googlegroups.com, linux-mm@kvack.org,
        linux-pm@vger.kernel.org, linux-efi@vger.kernel.org,
        xen-devel@lists.xenproject.org, lguest@lists.ozlabs.org,
        kvm@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit
Message-ID: <20170314210424.GA5023@amd>
References: <20170314170508.100882-1-thgarnie@google.com>
 <20170314170508.100882-3-thgarnie@google.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V"
Content-Disposition: inline
In-Reply-To: <20170314170508.100882-3-thgarnie@google.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1644
Lines: 47


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue 2017-03-14 10:05:08, Thomas Garnier wrote:
> This patch makes the GDT remapped pages read-only to prevent corruption.
> This change is done only on 64-bit.
>=20
> The native_load_tr_desc function was adapted to correctly handle a
> read-only GDT. The LTR instruction always writes to the GDT TSS entry.
> This generates a page fault if the GDT is read-only. This change checks
> if the current GDT is a remap and swap GDTs as needed. This function was
> tested by booting multiple machines and checking hibernation works
> properly.
>=20
> KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the
> per-cpu variable was removed for functions to fetch the original GDT.
> Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
> expected. For testing, VMs were started and restored on multiple
> configurations.
>=20
> Signed-off-by: Thomas Garnier <thgarnie@google.com>

Can we get the same change for 32-bit, too? Growing differences
between 32 and 64 bit are a bit of a problem...
								Pavel
							=09
--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAljIWtgACgkQMOfwapXb+vIlbQCgw3SF2oZqnpnzX74DsEZIUg8l
i4AAn0LNA1S1APtp1QrB07wudB48v9VL
=mc0C
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--