Received: by 10.192.165.148 with SMTP id m20csp736740imm; Wed, 2 May 2018 08:02:29 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrY/yzs0Wq/J/bgkJJO1BiExMPm+kt9rHPWkNqX/571p9d/yfQ3UqT7muawTJaTtFJvBgei X-Received: by 2002:a63:6185:: with SMTP id v127-v6mr16266391pgb.441.1525273349596; Wed, 02 May 2018 08:02:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525273349; cv=none; d=google.com; s=arc-20160816; b=GzNdbjIPbt63o6JdYIzNjwWr5I/LDdxZgwSHoh8E0HZvnLOjN2NsQoASGtIJ7JtRfL ovcoEwR7xM4/w6DyL32JyxIK00XmrvSUnGLILWGJv3NfpNLH6k/7xkjMWLwOqr3bHPTs K3zTA3qAnjYxetaRgEaoDRvAN2Vvh0H3blUMVUlhE0uVMeBmnZr2x3Xk01Mvm84cNQqf k6AwTZdGROm7e2VNK7fyAshloHul76qM4JDR4FS5lkKv4hDCg1xCAqIhcmCPLQwNVCug i1rjgo8LP3Fg7ol2K9zPzBFYkHENJ8YjKHVsqh7HaOR/8JSpEz8GxijOE6ApKgGL/Act QVEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:in-reply-to:references :subject:cc:to:from:date:message-id:arc-authentication-results; bh=r28uNWbQZo3PdAiuzFu5+C429VFMRGCk7cV+V3Ayhyc=; b=cj1CwMBrrr8E0yjZAS90rQDDbbG/FDIh+3dIbZ1o4UwNZmn5VtSS6otqlZjyVhj4uf BdZCv+R2EXLElriLPbUROa7BWPvo67gTV800nPIPWXr7M+SJ8ZasGMwDM+kTyqn99X0p 6nV5nlCtMcypxr3zNazUDTg6pK0XqXuMho48c+2qjonLbP6x+V8zeFXr9uFjhDbfmaF2 pxiUZ0XW+CPGitaCgwlrqkWBctKJRz8kzW8dyYarTrY3MbPar9RAaMhU5L5Xn1A4lO0N 4yuq/IA4m5PRYOfy/f/BXeVlZJNOe0bmLQ4c8JAqKyO7k5YZVkI0IdO/qmIM30X7oWhe IkMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p80si1595447pfi.345.2018.05.02.08.02.13; Wed, 02 May 2018 08:02:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751504AbeEBPBz convert rfc822-to-8bit (ORCPT + 99 others); Wed, 2 May 2018 11:01:55 -0400 Received: from prv1-mh.provo.novell.com ([137.65.248.33]:59470 "EHLO prv1-mh.provo.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751020AbeEBPBy (ORCPT ); Wed, 2 May 2018 11:01:54 -0400 Received: from INET-PRV1-MTA by prv1-mh.provo.novell.com with Novell_GroupWise; Wed, 02 May 2018 09:01:54 -0600 Message-Id: <5AE9D2DD02000078001C02F0@prv1-mh.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 18.0.0 Date: Wed, 02 May 2018 09:01:49 -0600 From: "Jan Beulich" To: "Boris Ostrovsky" Cc: "xen-devel" , "Juergen Gross" , , Subject: Re: [Xen-devel] [PATCH 3/4] xen/PVH: Set up GS segment for stack canary References: <20180430162339.17143-1-boris.ostrovsky@oracle.com> <20180430162339.17143-4-boris.ostrovsky@oracle.com> <5AE973CD02000078001C008E@prv1-mh.provo.novell.com> <615b0e30-c360-3ad4-f1b3-0e907d790643@oracle.com> In-Reply-To: <615b0e30-c360-3ad4-f1b3-0e907d790643@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8BIT Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >>> On 02.05.18 at 17:00, wrote: > On 05/02/2018 04:16 AM, Jan Beulich wrote: >>>>> On 30.04.18 at 18:23, wrote: >>> --- a/arch/x86/xen/xen-pvh.S >>> +++ b/arch/x86/xen/xen-pvh.S >>> @@ -54,6 +54,9 @@ >>> * charge of setting up it's own stack, GDT and IDT. >>> */ >>> >>> +#define PVH_GDT_ENTRY_CANARY 4 >>> +#define PVH_CANARY_SEL (PVH_GDT_ENTRY_CANARY * 8) >> I can only advise against doing it this way: There's no safeguard against >> someone changing asm/segment.h without changing this value (in fact >> this applies to all of the GDT selectors populated in this file). At the > very >> least tie this to GDT_ENTRY_BOOT_TSS / __BOOT_TSS? >> >>> @@ -64,6 +67,9 @@ ENTRY(pvh_start_xen) >>> mov %eax,%es >>> mov %eax,%ss >>> >>> + mov $(PVH_CANARY_SEL),%eax >>> + mov %eax,%gs >>> + >>> /* Stash hvm_start_info. */ >>> mov $_pa(pvh_start_info), %edi >>> mov %ebx, %esi >>> @@ -150,6 +156,7 @@ gdt_start: >>> .quad 0x00cf9a000000ffff /* __BOOT_CS */ >>> #endif >>> .quad 0x00cf92000000ffff /* __BOOT_DS */ >>> + .quad 0x0040900000000018 /* PVH_CANARY_SEL */ >> Without any further code before loading the selector, this points at >> physical address 0. Don't you need to add in the base address of >> the per-CPU stack_canary? > > This GDT is gone soon after we jump into generic x86 startup code.That > code will load its own GDT (and then set up per-cpu segments and all that). All understood, but why would you set up the per-CPU segment here if what you load into the segment register is not usable for the intended purpose (until that other code sets up things and reloads the segment registers)? Jan