From d303784b68237ff3050daa184f560179dda21b8c Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Tue, 6 Mar 2018 16:46:57 +0100 Subject: [PATCH] x86/xpti: don't map stack guard pages Other than for the main mappings, don't even do this in release builds, as there are no huge page shattering concerns here. Note that since we don't run on the restructed page tables while HVM guests execute, the non-present mappings won't trigger the triple fault issue AMD SVM is susceptible to with our current placement of STGI vs TR loading. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm.c | 8 ++++++++ xen/arch/x86/smpboot.c | 3 ++- xen/include/asm-x86/mm.h | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 829a262950..8021f93a63 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5576,6 +5576,14 @@ void memguard_unguard_stack(void *p) STACK_SIZE - PRIMARY_STACK_SIZE - IST_MAX * PAGE_SIZE); } +bool memguard_is_stack_guard_page(unsigned long addr) +{ + addr &= STACK_SIZE - 1; + + return addr >= IST_MAX * PAGE_SIZE && + addr < STACK_SIZE - PRIMARY_STACK_SIZE; +} + void arch_dump_shared_mem_info(void) { printk("Shared frames %u -- Saved frames %u\n", diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 06207931f3..d376c69c42 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -799,7 +799,8 @@ static int setup_cpu_root_pgt(unsigned int cpu) /* Install direct map page table entries for stack, IDT, and TSS. */ for ( off = rc = 0; !rc && off < STACK_SIZE; off += PAGE_SIZE ) - rc = clone_mapping(__va(__pa(stack_base[cpu])) + off, rpt); + if ( !memguard_is_stack_guard_page(off) ) + rc = clone_mapping(__va(__pa(stack_base[cpu])) + off, rpt); if ( !rc ) rc = clone_mapping(idt_tables[cpu], rpt); diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 3013c266fe..96f3a34fc3 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -519,6 +519,7 @@ void memguard_unguard_range(void *p, unsigned long l); void memguard_guard_stack(void *p); void memguard_unguard_stack(void *p); +bool __attribute_const__ memguard_is_stack_guard_page(unsigned long addr); struct mmio_ro_emulate_ctxt { unsigned long cr2; -- 2.30.2