From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Michal Hocko" <mhocko@suse.com>,
"Stanislaw Gruszka" <sgruszka@redhat.com>,
"kvm list" <kvm@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Pavel Machek" <pavel@ucw.cz>, "H . Peter Anvin" <hpa@zytor.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"Jiri Olsa" <jolsa@redhat.com>, zijun_hu <zijun_hu@htc.com>,
"Prarit Bhargava" <prarit@redhat.com>,
"Andi Kleen" <ak@linux.intel.com>,
"Len Brown" <len.brown@intel.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joerg Roedel" <joro@8bytes.org>, "X86 ML" <x86@kernel.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Ingo Molnar" <mingo@redhat.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"Borislav Petkov" <bp@suse.de>,
"Fenghua Yu" <fenghua.yu@intel.com>,
"Jiri Kosina" <jikos@kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"He Chen" <he.chen@linux.intel.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
lguest@lists.ozlabs.org, "Andy Lutomirski" <luto@kernel.org>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Lorenzo Stoakes" <lstoakes@gmail.com>,
"Paul Gortmaker" <paul.gortmaker@windriver.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Peter Zijlstra" <peterz@infradead.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>
Subject: Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section
Date: Mon, 13 Mar 2017 14:32:10 -0400 [thread overview]
Message-ID: <f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com> (raw)
In-Reply-To: <36579cc4-05e7-a448-767c-b9ad940362fc@oracle.com>
On 03/09/2017 06:17 PM, Boris Ostrovsky wrote:
> On 03/09/2017 05:31 PM, Thomas Garnier wrote:
>> On Thu, Mar 9, 2017 at 2:13 PM, Boris Ostrovsky
>> <boris.ostrovsky@oracle.com> wrote:
>>>>> I don't have any experience with Xen so it would be great if virtme can test it.
>>>> I am pretty sure I tested this series at some point but I'll test it again.
>>>>
>>>
>>> Fails 32-bit build:
>>>
>>>
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c: In function a??segment_basea??:
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: a??host_gdta??
>>> undeclared (first use in this function)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: (Each undeclared
>>> identifier is reported only once
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: for each
>>> function it appears in.)
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> a??inta?? in declaration of a??type namea??
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: error: type defaults to
>>> a??inta?? in declaration of a??type namea??
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: initialization
>>> from incompatible pointer type
>>> /home/build/linux-boris/arch/x86/kvm/vmx.c:2054: warning: unused
>>> variable a??gdta??
>>>
>>>
>>> -boris
>> It seems that I forgot to remove line 2054 on the rebase. My 32-bit
>> build comes clean but I assume it is not good enough compare to the
>> full version I build for 64-bit KVM testing.
>>
>> Remove just this line and it should build fine, I will fix this on the
>> next iteration.
>>
>> Thanks for testing,
>>
>
>
> So this, in fact, does break Xen in that the hypercall to set GDT fails.
>
> I will have lo look at this tomorrow but I definitely at least built
> with v3 of this series. And I don't see why I wouldn't have tested it
> once I built it.
There are a couple of problems for Xen PV guests that need to be addressed:
1. Xen's set_fixmap op needs non-default handling for
FIX_GDT_REMAP_BEGIN range
2. GDT remapping for PV guests needs to be RO for both 64 and 32-bit guests.
I don't know how you prefer to deal with (2), patch below is one
suggestion. With it all my boot tests (Xen and bare-metal) passed.
One problem with applying it directly is that kernel becomes
not-bisectable (Xen-wise) between patches 2 and 3 so perhaps you might
pull some of the changes from patch 3 to patch 2.
-boris
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index 9b7fda6..ec05f9c 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -39,6 +39,7 @@ extern struct desc_ptr idt_descr;
extern gate_desc idt_table[];
extern const struct desc_ptr debug_idt_descr;
extern gate_desc debug_idt_table[];
+extern pgprot_t pg_fixmap_gdt_flags;
struct gdt_page {
struct desc_struct gdt[GDT_ENTRIES];
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index bff2f8b..2682355 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -450,16 +450,16 @@ void load_percpu_segment(int cpu)
/* On 64-bit the GDT remapping is read-only */
#ifdef CONFIG_X86_64
-#define PAGE_FIXMAP_GDT PAGE_KERNEL_RO
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
#else
-#define PAGE_FIXMAP_GDT PAGE_KERNEL
+pgprot_t pg_fixmap_gdt_flags = PAGE_KERNEL;
#endif
/* Setup the fixmap mapping only once per-processor */
static inline void setup_fixmap_gdt(int cpu)
{
__set_fixmap(get_cpu_gdt_ro_index(cpu),
- __pa(get_cpu_gdt_rw(cpu)), PAGE_FIXMAP_GDT);
+ __pa(get_cpu_gdt_rw(cpu)), pg_fixmap_gdt_flags);
}
/* Load the original GDT from the per-cpu structure */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f46d47b..8871bcd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2051,7 +2051,7 @@ static bool update_transition_efer(struct vcpu_vmx
*vmx, int efer_offset)
*/
static unsigned long segment_base(u16 selector)
{
- struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
+ //struct desc_ptr *gdt = this_cpu_ptr(&host_gdt);
struct desc_struct *table;
unsigned long v;
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 4951fcf..2dc5f97 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1545,6 +1545,9 @@ asmlinkage __visible void __init
xen_start_kernel(void)
*/
xen_initial_gdt = &per_cpu(gdt_page, 0);
+ /* GDT can only be remapped RO. */
+ pg_fixmap_gdt_flags = PAGE_KERNEL_RO;
+
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 37cb5aa..ebbfe00 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -2326,6 +2326,7 @@ static void xen_set_fixmap(unsigned idx,
phys_addr_t phys, pgprot_t prot)
#endif
case FIX_TEXT_POKE0:
case FIX_TEXT_POKE1:
+ case FIX_GDT_REMAP_BEGIN ... FIX_GDT_REMAP_END:
/* All local page mappings */
pte = pfn_pte(phys, prot);
break;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-03-13 18:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 22:03 [PATCH v5 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size Thomas Garnier
2017-03-06 22:03 ` [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section Thomas Garnier
2017-03-09 21:32 ` Andy Lutomirski
2017-03-09 21:43 ` [Xen-devel] " Andrew Cooper
2017-03-09 21:46 ` Andy Lutomirski
2017-03-09 21:54 ` Thomas Garnier
2017-03-09 21:56 ` Boris Ostrovsky
2017-03-09 22:13 ` Boris Ostrovsky
2017-03-09 22:31 ` Thomas Garnier
2017-03-09 23:17 ` Boris Ostrovsky
2017-03-13 18:32 ` Boris Ostrovsky [this message]
2017-03-13 19:24 ` Thomas Garnier
2017-03-06 22:03 ` [PATCH v5 3/3] x86: Make the GDT remapping read-only on 64-bit Thomas Garnier
2017-03-09 21:35 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2230734-a13f-6c0d-8a01-15fd4408e799@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=andrew.cooper3@citrix.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=borntraeger@de.ibm.com \
--cc=bp@suse.de \
--cc=brgerst@gmail.com \
--cc=chris@chris-wilson.co.uk \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dvyukov@google.com \
--cc=fenghua.yu@intel.com \
--cc=fweisbec@gmail.com \
--cc=glider@google.com \
--cc=he.chen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jgross@suse.com \
--cc=jikos@kernel.org \
--cc=jolsa@redhat.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=lguest@lists.ozlabs.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=lstoakes@gmail.com \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mcgrof@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=paul.gortmaker@windriver.com \
--cc=pavel@ucw.cz \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=prarit@redhat.com \
--cc=rjw@rjwysocki.net \
--cc=rkrcmar@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=sgruszka@redhat.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=tim.c.chen@linux.intel.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=zijun_hu@htc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox