• Thomas Garnier's avatar
    x86: Make the GDT remapping read-only on 64-bit · 45fc8757
    Thomas Garnier authored
    This patch makes the GDT remapped pages read-only, to prevent accidental
    (or intentional) corruption of this key data structure.
    
    This change is done only on 64-bit, because 32-bit needs it to be writable
    for TSS switches.
    
    The native_load_tr_desc function was adapted to correctly handle a
    read-only GDT. The LTR instruction always writes to the GDT TSS entry.
    This generates a page fault if the GDT is read-only. This change checks
    if the current GDT is a remap and swap GDTs as needed. This function was
    tested by booting multiple machines and checking hibernation works
    properly.
    
    KVM SVM and VMX were adapted to use the writeable GDT. On VMX, the
    per-cpu variable was removed for functions to fetch the original GDT.
    Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
    expected. For testing, VMs were started and restored on multiple
    configurations.
    Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
    Cc: Alexander Potapenko <glider@google.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Christian Borntraeger <borntraeger@de.ibm.com>
    Cc: Dmitry Vyukov <dvyukov@google.com>
    Cc: Frederic Weisbecker <fweisbec@gmail.com>
    Cc: Jiri Kosina <jikos@kernel.org>
    Cc: Joerg Roedel <joro@8bytes.org>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: Juergen Gross <jgross@suse.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Len Brown <len.brown@intel.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Lorenzo Stoakes <lstoakes@gmail.com>
    Cc: Luis R . Rodriguez <mcgrof@kernel.org>
    Cc: Matt Fleming <matt@codeblueprint.co.uk>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Paolo Bonzini <pbonzini@redhat.com>
    Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
    Cc: Pavel Machek <pavel@ucw.cz>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Radim Krčmář <rkrcmar@redhat.com>
    Cc: Rafael J . Wysocki <rjw@rjwysocki.net>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Stanislaw Gruszka <sgruszka@redhat.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Tim Chen <tim.c.chen@linux.intel.com>
    Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
    Cc: kasan-dev@googlegroups.com
    Cc: kernel-hardening@lists.openwall.com
    Cc: kvm@vger.kernel.org
    Cc: lguest@lists.ozlabs.org
    Cc: linux-doc@vger.kernel.org
    Cc: linux-efi@vger.kernel.org
    Cc: linux-mm@kvack.org
    Cc: linux-pm@vger.kernel.org
    Cc: xen-devel@lists.xenproject.org
    Cc: zijun_hu <zijun_hu@htc.com>
    Link: http://lkml.kernel.org/r/20170314170508.100882-3-thgarnie@google.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    45fc8757
svm.c 138 KB