On Mon, Apr 09, 2018 at 10:44:47AM +0100, Andrew Cooper wrote:
> The existing FLAT_KERNEL_SS expands to the correct value, 0xe02b, but is the
> wrong constant to use.  Switch to FLAT_USER_SS32.
> 
> For compat domains however, the reported values are entirely bogus.
> FLAT_USER_SS32 (value 0xe02b) is FLAT_RING3_CS in the 32bit ABI, while
> FLAT_USER_CS32 (value 0xe023) is FLAT_RING1_DS with an RPL of 3.
> 
> The guests SYSCALL callback is invoked with a broken iret frame, and if left
> unmodified by the guest, will fail on the way back out when Xen's iret tries
> to load a code segment into %ss.
> 
> In practice, this is only a problem for 32bit PV guests on AMD hardware, as
> Intel hardware doesn't permit the SYSCALL instruction outside of 64bit mode.
> 
> This appears to have been broken ever since 64bit support was added to Xen,
> and has gone unnoticed because Linux doesn't use SYSCALL in 32bit builds.
> 
> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
> ---
> CC: Jan Beulich <jbeul...@suse.com>
> CC: Roger Pau Monné <roger....@citrix.com>
> CC: Wei Liu <wei.l...@citrix.com>
> CC: Juergen Gross <jgr...@suse.com>
> 
> This wants backporting basically everywhere, and as such, also wants to be
> considered for 4.11 at this point.
> ---
>  xen/arch/x86/x86_64/compat/entry.S | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/x86/x86_64/compat/entry.S 
> b/xen/arch/x86/x86_64/compat/entry.S
> index 6c7fcf9..2bc046c 100644
> --- a/xen/arch/x86/x86_64/compat/entry.S
> +++ b/xen/arch/x86/x86_64/compat/entry.S
> @@ -197,7 +197,7 @@ ENTRY(cstar_enter)
>          /* sti could live here when we don't switch page tables below. */
>          CR4_PV32_RESTORE
>          movq  8(%rsp),%rax /* Restore %rax. */
> -        movq  $FLAT_KERNEL_SS,8(%rsp)
> +        movq  $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain.  Compat 
> handled lower. */
>          pushq %r11
>          pushq $FLAT_USER_CS32
>          pushq %rcx
> @@ -223,6 +223,11 @@ ENTRY(cstar_enter)
>          movq  VCPU_domain(%rbx),%rcx
>          cmpb  $0,DOMAIN_is_32bit_pv(%rcx)
>          je    switch_to_kernel
> +
> +        /* Fix up reported %cs/%ss for compat domains. */
> +        movl  $0xe033, UREGS_ss(%rsp) /* Compat FLAT_RING3_SS */
> +        movl  $0xe02b, UREGS_cs(%rsp) /* Compat FLAT_RING3_CS */

I wonder if it would be better to introduce COMPAT_FLAT_RING3_* in
xen-x86_64.h?

In any case, the reasoning and code looks correct to me:

Reviewed-by: Wei Liu <wei.l...@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to