similar to: 32-on-64 sysenter for pvops

In compat mode, the return value here was uninitialized. Signed-off-by: Zachary Amsden <zach@vmware.com> diff -r 1fda49a076ed arch/i386/kernel/sysenter.c --- a/arch/i386/kernel/sysenter.c Fri Apr 06 14:25:09 2007 -0700 +++ b/arch/i386/kernel/sysenter.c Fri Apr 06 14:27:31 2007 -0700 @@ -254,7 +254,7 @@ int arch_setup_additional_pages(struct l { struct mm_struct *mm = current->mm;

In compat mode, the return value here was uninitialized. Signed-off-by: Zachary Amsden <zach@vmware.com> diff -r 1fda49a076ed arch/i386/kernel/sysenter.c --- a/arch/i386/kernel/sysenter.c Fri Apr 06 14:25:09 2007 -0700 +++ b/arch/i386/kernel/sysenter.c Fri Apr 06 14:27:31 2007 -0700 @@ -254,7 +254,7 @@ int arch_setup_additional_pages(struct l { struct mm_struct *mm = current->mm;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1917 / XSA-44 version 2 Xen PV DoS vulnerability with SYSENTER UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The SYSENTER instruction can be used by PV guests to accelerate system call processing. This

The SYSENTER instruction jumps to a pre-programmed address at privilege level 0. We must not allow execution of guest code at that privilege level, so disable sysenter when we enter the guest (and re-enable it on return). This fixes current case where guest userspace can crash host. This save/restore adds 3% to guest context switch times. (If only there were some kind of scheduler hook or

The SYSENTER instruction jumps to a pre-programmed address at privilege level 0. We must not allow execution of guest code at that privilege level, so disable sysenter when we enter the guest (and re-enable it on return). This fixes current case where guest userspace can crash host. This save/restore adds 3% to guest context switch times. (If only there were some kind of scheduler hook or

Hi folks, Here is the result of the latest work on the pvops front, after the x86 arch merge. From the functionality point of view, almost nothing was changed, except for proper vsmp support - which was discussed, but not implemented before - and the introduction of smp_ops in x86_64, which eased the merging of the smp header. Speaking of the merge, a significant part (although not majority) of

Hi folks, Here is the result of the latest work on the pvops front, after the x86 arch merge. From the functionality point of view, almost nothing was changed, except for proper vsmp support - which was discussed, but not implemented before - and the introduction of smp_ops in x86_64, which eased the merging of the smp header. Speaking of the merge, a significant part (although not majority) of

This was set to zero immediately before the #GP injection code, since SYSENTER doesn''t really have a return address. Reported-by: Ian Campbell <Ian.Campbell@citrix.com> Furthermore, UREGS_cs and UREGS_rip don''t need to be written a second time, as the PUSHes above already can/do take care of putting in place the intended values. Signed-off-by: Jan Beulich

Currently the blacklist is maintained by hand in kprobes.c which is separated from the function definition and is hard to catch up the kernel update. To solve this issue, I've tried to implement new NOKPROBE_SYMBOL() macro for making kprobe blacklist at build time. Since the NOKPROBE_SYMBOL() macros can be placed right after the function is defined, it is easy to maintain. At this moment, I

Currently the blacklist is maintained by hand in kprobes.c which is separated from the function definition and is hard to catch up the kernel update. To solve this issue, I've tried to implement new NOKPROBE_SYMBOL() macro for making kprobe blacklist at build time. Since the NOKPROBE_SYMBOL() macros can be placed right after the function is defined, it is easy to maintain. At this moment, I

On 23/06/2020 14:03, Peter Zijlstra wrote: > On Tue, Jun 23, 2020 at 02:12:37PM +0200, Joerg Roedel wrote: >> On Tue, Jun 23, 2020 at 01:50:14PM +0200, Peter Zijlstra wrote: >>> If SNP is the sole reason #VC needs to be IST, then I'd strongly urge >>> you to only make it IST if/when you try and make SNP happen, not before. >> It is not the only reason, when ES

.. for both 32-bit apps in 64-bit pv guests and 32on64. This patch depends on more than just guest_context saved/restored as guest state during save/restore/migrate (namely the new fields holding callback addresses). Since the 32-bit kernel doesn''t make use of syscall (it would be possible to do so now, when running on a 64-bit hv), the compat mode guest code path for syscall

>>However, in case (2) the i386 guest kernel unconditionally goes for >>sysenter, and the hypervisor will accept this because CPUID has advertised >>SEP. *But* AMD CPUs do not support sysenter except in legacy mode! The >>correct thing to do is to use syscall. The hypervisor 32-on-64 compat code >>would accept CALLBACKTYPE_syscall, but the Linux i386 code here

OK, this is the revised paravirt.h (Andi has seen this before), then the second is the binary patching stuff. More things get added to the paravirt struct in future patches, but this basic stuff hasn't changed for some time. ==== This patch does the dumbest possible replacement of paravirtualized instructions: calls through a "paravirt_ops" structure. Currently these are function

The first patch fixes Xen PV regression introduced by 32-bit rewrite. Unlike the earlier version it uses ALTERNATIVE instruction and avoids using xen_sysexit (and sysret32 in compat mode) pv ops, as suggested by Andy. (I ended up patching TEST with XOR to avoid extra NOPs, even though I said yesterday it would be wrong. It's not wrong) As result of this patch irq_enable_sysexit and

The first patch fixes Xen PV regression introduced by 32-bit rewrite. Unlike the earlier version it uses ALTERNATIVE instruction and avoids using xen_sysexit (and sysret32 in compat mode) pv ops, as suggested by Andy. (I ended up patching TEST with XOR to avoid extra NOPs, even though I said yesterday it would be wrong. It's not wrong) As result of this patch irq_enable_sysexit and

The first patch fixes Xen PV regression introduced by 32-bit rewrite. Unlike the earlier version it uses ALTERNATIVE instruction and avoids using xen_sysexit (and sysret32 in compat mode) pv ops, as suggested by Andy. As result of this patch irq_enable_sysexit and usergs_sysret32 pv ops are not used anymore by anyone and so can be removed. v2: * patch both TEST and JZ intructions with a

The first patch fixes Xen PV regression introduced by 32-bit rewrite. Unlike the earlier version it uses ALTERNATIVE instruction and avoids using xen_sysexit (and sysret32 in compat mode) pv ops, as suggested by Andy. As result of this patch irq_enable_sysexit and usergs_sysret32 pv ops are not used anymore by anyone and so can be removed. v2: * patch both TEST and JZ intructions with a

The ALTERNATIVE() and ALTERNATIVE_2() macros are GNU assembler macros, which makes them quite inflexible for future changes. Convert them to preprocessor macros. Signed-off-by: Josh Poimboeuf <jpoimboe at redhat.com> --- arch/x86/entry/entry_32.S | 12 +++--- arch/x86/entry/entry_64.S | 10 ++--- arch/x86/entry/entry_64_compat.S | 8 ++--

This adds support for CONFIG_COMPAT_VDSO. As this will certainly raise questions, I left in the code needed for an alternative approach (which requires mode C code, but less build script changes). Signed-off-by: Jan Beulich <jbeulich@novell.com> Index: head-2007-02-27/arch/i386/Kconfig =================================================================== ---