AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
aa4ea67552
linux_dsm_epyc7002/arch/x86/xen
History
Thomas Garnier 69218e4799 x86: Remap GDT tables in the fixmap section 
Each processor holds a GDT in its per-cpu structure. The sgdt
instruction gives the base address of the current GDT. This address can
be used to bypass KASLR memory randomization. With another bug, an
attacker could target other per-cpu structures or deduce the base of
the main memory section (PAGE_OFFSET).

This patch relocates the GDT table for each processor inside the
fixmap section. The space is reserved based on number of supported
processors.

For consistency, the remapping is done by default on 32 and 64-bit.

Each processor switches to its remapped GDT at the end of
initialization. For hibernation, the main processor returns with the
original GDT and switches back to the remapping at completion.

This patch was tested on both architectures. Hibernation and KVM were
both tested specially for their usage of the GDT.

Thanks to Boris Ostrovsky <boris.ostrovsky@oracle.com> for testing and
recommending changes for Xen support.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Len Brown <len.brown@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Luis R . Rodriguez <mcgrof@kernel.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Rafael J . Wysocki <rjw@rjwysocki.net>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: kasan-dev@googlegroups.com
Cc: kernel-hardening@lists.openwall.com
Cc: kvm@vger.kernel.org
Cc: lguest@lists.ozlabs.org
Cc: linux-doc@vger.kernel.org
Cc: linux-efi@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-pm@vger.kernel.org
Cc: xen-devel@lists.xenproject.org
Cc: zijun_hu <zijun_hu@htc.com>
Link: http://lkml.kernel.org/r/20170314170508.100882-2-thgarnie@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-03-16 09:06:35 +01:00
..
apic.c x86/xen: Fix APIC id mismatch warning on Intel 2017-01-29 18:59:16 -05:00
debugfs.c x86/xen: Audit and remove any unnecessary uses of module.h 2016-07-14 15:06:59 +02:00
debugfs.h debugfs: Add support to print u32 array in debugfs 2012-04-17 00:18:36 -04:00
efi.c XEN: EFI: Move x86 specific codes to architecture directory 2016-07-06 10:34:46 +01:00
enlighten.c x86: Remap GDT tables in the fixmap section 2017-03-16 09:06:35 +01:00
grant-table.c xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() 2016-08-26 10:44:22 +01:00
irq.c x86/xen: use xen_vcpu_id mapping for HYPERVISOR_vcpu_op 2016-07-25 13:32:34 +01:00
Kconfig xen/pvh: Bootstrap PVH guest 2017-02-07 08:07:01 -05:00
Makefile xen/pvh: Bootstrap PVH guest 2017-02-07 08:07:01 -05:00
mmu.c x86: Remap GDT tables in the fixmap section 2017-03-16 09:06:35 +01:00
mmu.h xen: make a pile of mmu pvop functions static 2011-05-20 14:25:24 -07:00
multicalls.c x86: Replace __get_cpu_var uses 2014-08-26 13:45:49 -04:00
multicalls.h xen: use this_cpu_xxx replace percpu_xxx funcs 2012-01-24 12:20:24 -05:00
p2m.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
pci-swiotlb-xen.c treewide: Constify most dma_map_ops structures 2017-01-24 12:23:35 -05:00
platform-pci-unplug.c xen/pvh: PVH guests always have PV devices 2017-02-07 08:07:01 -05:00
pmu.c xen: Make VPMU init message look less scary 2016-08-24 18:45:38 +01:00
pmu.h xen/PMU: Intercept PMU-related MSR and APIC accesses 2015-08-20 12:25:25 +01:00
setup.c xen/x86: Remove PVH support 2017-02-07 08:07:01 -05:00
smp.c x86: Remap GDT tables in the fixmap section 2017-03-16 09:06:35 +01:00
smp.h xen/x86: Remove PVH support 2017-02-07 08:07:01 -05:00
spinlock.c locking/spinlocks/x86, paravirt: Remove paravirt_ticketlocks_enabled 2017-01-14 09:33:46 +01:00
suspend.c xen: features and fixes for 4.5-rc0 2016-01-12 13:05:36 -08:00
time.c clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
trace.c xen: use generated hypervisor symbols in arch/x86/xen/trace.c 2015-03-16 14:49:13 +00:00
vdso.h
vga.c xen/vga: add the xen EFI video mode support 2012-09-24 09:28:57 -04:00
xen-asm_32.S x86/paravirt: Remove the unused irq_enable_sysexit pv op 2015-11-23 10:48:16 +01:00
xen-asm_64.S x86/asm/xen: Set ELF function type for xen_adjust_exception_frame() 2016-02-24 08:35:41 +01:00
xen-asm.h xen: make direct versions of irq_enable/disable/save/restore to common code 2009-02-04 16:59:04 -08:00
xen-asm.S x86/asm/xen: Create stack frames in xen-asm.S 2016-02-24 08:35:42 +01:00
xen-head.S xen/x86: Remove PVH support 2017-02-07 08:07:01 -05:00
xen-ops.h xen/x86: Remove PVH support 2017-02-07 08:07:01 -05:00
xen-pvh.S xen/pvh: Bootstrap PVH guest 2017-02-07 08:07:01 -05:00