xenbits.xensource.com Git - people/andrewcoop/xen-test-framework.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 2 Mar 2017 18:20:31 +0000 (18:20 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 6 Mar 2017 10:55:41 +0000 (10:55 +0000)
commit	d88543ea122d25af2ac67c23ac7de58522ad74f0
tree	bd9f702236b1918aa6bdd36942ec286d94f231d3	tree
parent	a2b8a3f25558792e5956b960c6fa52698da811b0	commit \| diff

Make exec_user_param() safe with SMEP and SMAP active

To make this safe, the iret must move straight from supervisor code/stack to
user code/stack.  Therefore, the stack cannot be shared any more.

The existing user_stack[] can be used as the separate stack.  This make the
exec_user_param() infrastructure no longer reentrant, but this isn't expected
to be a problem for tests.

A new .text.user section is introduced, which is automatically mapped as user
during setup.

The behaviour of exec_user_param() and X86_VEC_RET2KERN are altered to match.
exec_user_param() stores the supervisor stack in %rbp across the user
execution, and fakes up a return address as if it had simply called the user
code.  X86_VEC_RET2KERN restores the stack from %rbp and follows the fake
return address to reenter exec_user_param()'s context.

Invocation of the user function call moves into exec_user_stub() which is
located inside .text.user.  The 32bit version must pass all parameters in
registers, rather than on the stack.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

arch/x86/entry_32.S		diff \| blob \| blame \| history
arch/x86/entry_64.S		diff \| blob \| blame \| history
arch/x86/hvm/traps.c		diff \| blob \| blame \| history
arch/x86/link.lds.S		diff \| blob \| blame \| history
arch/x86/pv/traps.c		diff \| blob \| blame \| history
include/xtf/lib.h		diff \| blob \| blame \| history
tests/pv-iopl/asm.S		diff \| blob \| blame \| history
tests/pv-iopl/main.c		diff \| blob \| blame \| history