Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1716454imm; Tue, 22 May 2018 08:15:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpMvEnq60TUdvV5jI5pZB+lVtbQ2si8Hf96A3TRjJCYEKyxirRdb/6/vVwkzMB55wGWNtWN X-Received: by 2002:a65:610d:: with SMTP id z13-v6mr19683486pgu.260.1527002134482; Tue, 22 May 2018 08:15:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527002134; cv=none; d=google.com; s=arc-20160816; b=MYUG3Lg1RsTAUp8Ec0c0BVtH+4C0fIDPX6C+zkeejnxcsQfwNRFoHYI2H+MmOG0c8x 5peGYqSqy8plsOV3OBd0laOu4gJDeNdOvuQ/l0gZgo7Ulc1TqkS0+4/OBoY/mqjvUa2f pi7rmrX8MKZR3SASrIiLPdyjlqLPfd6O7+iF/4759nuZgP5GbNDFpTn93molv1YeHlVB Uealn9n/QZn/KAzQh7vb3MzVJpJxn8tZTU+r08lY572moaHgJaSbTEj/ZEYVP0NNzfVB IwMei1ZVy2caUd/AM4uW3oA3glZdVpyVDckG1ti/AJBcSEUk8tzdMfqm1Gp5haGRbzRx RsiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=RNZB0N+wXiLNCB48CQ+jmBuqa1msyGXnAR8nT9vRNfg=; b=W5292EyqDuMIFzjyt0pUA4eftFAZIM6PVqwoniSWXwQ0YKGCuLQk44VmfQWvhxJNa5 EC7KQySVnh92o5f9fElypg5DWBWzTE2LcgeF7oA86h5cPOlFWoiJR2MdKqEpaY8XZiSW N1bYpuIF4FdRvozLGTHWr3A7QeGkhO3zkJgpK5Ka6HXH+dq9QCJaE7a8BV7XkYu7EqZJ OJa8ZRO20r0kYTu9/d9rXJe56NcvV4PnghLWgGnYtehD7e45AMEITc75fmGy59MFDoxf Vna3AvXvYeajbulzR6CfqHxJTBu5FgaX2CUtKROUaV6xf95cvCPRGcLsuUdT3IgySkbg UYxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=KyryvSYT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u6-v6si15904976pfm.183.2018.05.22.08.15.18; Tue, 22 May 2018 08:15:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=KyryvSYT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751374AbeEVPPJ (ORCPT + 99 others); Tue, 22 May 2018 11:15:09 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:54774 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751229AbeEVPPI (ORCPT ); Tue, 22 May 2018 11:15:08 -0400 Received: by mail-it0-f67.google.com with SMTP id z6-v6so339132iti.4 for ; Tue, 22 May 2018 08:15:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RNZB0N+wXiLNCB48CQ+jmBuqa1msyGXnAR8nT9vRNfg=; b=KyryvSYTEZSALR9g4CNGrFETfo7l91FiisH1MkdkNTS4DSTxL6M54C9IAqfQ0vDwx7 6Fx4wbdnBymXMH+x8+hXXYJTrlaF+eZR5xLrDw/Hnfk01+ftdLzgGeN83bdalscWrXW0 lgWZHpgdtFWBOiN87GoRyMHfX0U/5r1/1GYwbgFlXC6Bv73izbCw+KsX5yMqy9yIp7fU nItM0oPPae+ADOPlef4yVuW227aOD2Qpy5bxOQMACjXO2oADmWccD8lQccPE0VVR4XXA y95fmYE8UzhsHqM0tRxj4w6JnAIRktP9e3wZp/GRsCBFt5iJQxb+H1iZhNBOHO5cvS3+ Cmgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RNZB0N+wXiLNCB48CQ+jmBuqa1msyGXnAR8nT9vRNfg=; b=S/F7QTDbar3jfGVfuM+/+uyTmGm8Jef9veWI2k0g2S0GT+CS7WFfXyjLZeIEym7U88 QmxxZAtHH8mhaWHa86ti1OppwygvE1Za6rNjrL80eWM9h9i4RT3S4x01jVCcF2XS1MSk BvJcRnv/NvjKPGfCtro9jz0azhVDiTB0fm9g77+R6Gbms+PwbxP1RiyKVZsw2xQ3VgHP y9K6jJzR1q7j2r6zdcpTzXS89h5zjq01ZlgsAtKNHXPWsq9VJMJnchga5sbK4ls7HHO8 ulXVUBAKmpkl7AZqUSw/Kp3DMmFVl/Algqt9AQJh787NNGUkyKyoZKPLyDBFT7PfsyWz Eqgg== X-Gm-Message-State: ALKqPwe+K/xy072F29n5rkkEQ4a7/LZH7v+bT7ejd7pfSrGulG0CKURg FlFFdcf96k9UE6/gjP+WtaNGn+XXTOGAzHXDHg== X-Received: by 2002:a24:3754:: with SMTP id r81-v6mr1686738itr.152.1527002107782; Tue, 22 May 2018 08:15:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:7f0a:0:0:0:0:0 with HTTP; Tue, 22 May 2018 08:15:07 -0700 (PDT) In-Reply-To: <5B0421E502000078001C4B91@prv1-mh.provo.novell.com> References: <20180522035445.16911-1-boris.ostrovsky@oracle.com> <20180522035445.16911-2-boris.ostrovsky@oracle.com> <5B0421E502000078001C4B91@prv1-mh.provo.novell.com> From: Brian Gerst Date: Tue, 22 May 2018 11:15:07 -0400 Message-ID: Subject: Re: [PATCH v4 1/2] xen/PVH: Set up GS segment for stack canary To: Jan Beulich Cc: xen-devel , Boris Ostrovsky , Juergen Gross , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 22, 2018 at 9:57 AM, Jan Beulich wrote: >>>> On 22.05.18 at 15:45, wrote: >> On Mon, May 21, 2018 at 11:54 PM, Boris Ostrovsky wrote: >>> @@ -98,6 +101,12 @@ ENTRY(pvh_start_xen) >>> /* 64-bit entry point. */ >>> .code64 >>> 1: >>> + /* Set base address in stack canary descriptor. */ >>> + mov $MSR_GS_BASE,%ecx >>> + mov $canary, %rax >>> + cdq >>> + wrmsr >> >> CDQ only sign-extends EAX to RAX. What you really want is to move the >> high 32-bits to EDX (or zero EDX if we can guarantee it is loaded >> below 4G). > > What you describe is CDQE (AT&T name: CLTD); CDQ (AT&T: CLTQ) > sign-extends EAX to EDX:EAX. But that would still be wrong, as it would set EDX to 0xFFFFFFFF if the kernel was loaded between 2G and 4G. Looking closer at the code, we just left 32-bit mode, so we must have been loaded below 4G, therefore EDX must be zero. -- Brian Gerst