On Wed, Feb 24, 2016 at 5:18 PM, Luis R. Rodriguez <mcg...@kernel.org> wrote: > > On Feb 24, 2016 8:40 AM, "Andy Lutomirski" <l...@amacapital.net> wrote: >> >> On Feb 24, 2016 12:33 AM, "Ingo Molnar" <mi...@kernel.org> wrote: >> > >> > For hard coded platform quirks I'd suggest we add x86_platform.quirks >> > flags. For >> > example the F00F hack for Xen could be done via: >> > >> > x86_platform.quirks.idt_remap = 0; >> > >> >> Don't we unconditionally remap the IDT? I think Kees did it for >> general purpose hardening due to our complete inability to hide the >> IDT address. I.e. I think we can remove the f00f condition entirely. >> > > Kees can you confirm ? >
No need. /* * Set the IDT descriptor to a fixed read-only location, so that the * "sidt" instruction will not leak the location of the kernel, and * to defend the IDT against arbitrary memory write vulnerabilities. * It will be reloaded in cpu_init() */ __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO); idt_descr.address = fix_to_virt(FIX_RO_IDT); IIUI this works around f00f as a side effect. The only other thing needed is the code that X86_BUG_F00F guards, which is responsible for fixing up the error generated on attempted F00F exploitation from an OOPS to a SIGILL. I see no reason why that code couldn't be allowed to run on even a PV guest on a F00F-affected CPU -- it would never trigger anyway.