Re: [Xen-devel] [PATCH] x86/xen: Fix 32-bit PV guests's usage of kernel_stack
From: Andrew Cooper
Date: Wed Apr 09 2014 - 10:42:26 EST
On 09/04/14 15:29, David Vrabel wrote:
> On 09/04/14 15:21, Jan Beulich wrote:
>>>>> On 09.04.14 at 16:06, <boris.ostrovsky@xxxxxxxxxx> wrote:
>>> --- a/arch/x86/xen/xen-asm_32.S
>>> +++ b/arch/x86/xen/xen-asm_32.S
>>> @@ -88,7 +88,11 @@ ENTRY(xen_iret)
>>> * avoid having to reload %fs
>>> */
>>> #ifdef CONFIG_SMP
>>> + pushw %fs
>>> + movl $(__KERNEL_PERCPU), %eax
>>> + movl %eax, %fs
>>> GET_THREAD_INFO(%eax)
>>> + popw %fs
>> I don't think it's guaranteed that this can't fault.
> If loading %fs faults when it is restored previously, the fixup zeros
> the value. However, this later load could still fault even if the first
> succeeded.
>
> Suggest copying the fixup section from the RESTORE_REGS macros in
> arch/x86/kernel/entry_32.S
>
> David
If loading __KERNEL_PERCPU info fs faults, the kernel has bigger
problems to worry about.
The latter load however can easy fault; The arguments for %ds in
XSA-42/ CVE-2013-0228 applies to %{e,f,g}s as well.
Furthermore, I am a little concerned about the performance impact of
this. I would have thought that in most cases, %fs will already be
correct, at which point reloading it twice is a waste of time.
~Andrew
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/