Re: [PATCH v3 01/11] x86/boot: enumerate documentation for the x86 hardware_subarch

From: Andy Lutomirski
Date: Wed Feb 24 2016 - 20:29:54 EST

On Wed, Feb 24, 2016 at 5:18 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> On Feb 24, 2016 8:40 AM, "Andy Lutomirski" <luto@xxxxxxxxxxxxxx> wrote:
>> On Feb 24, 2016 12:33 AM, "Ingo Molnar" <mingo@xxxxxxxxxx> wrote:
>> >
>> > For hard coded platform quirks I'd suggest we add x86_platform.quirks
>> > flags. For
>> > example the F00F hack for Xen could be done via:
>> >
>> > x86_platform.quirks.idt_remap = 0;
>> >
>> Don't we unconditionally remap the IDT? I think Kees did it for
>> general purpose hardening due to our complete inability to hide the
>> IDT address. I.e. I think we can remove the f00f condition entirely.
> Kees can you confirm ?

No need.

* Set the IDT descriptor to a fixed read-only location, so that the
* "sidt" instruction will not leak the location of the kernel, and
* to defend the IDT against arbitrary memory write vulnerabilities.
* It will be reloaded in cpu_init() */
__set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO);
idt_descr.address = fix_to_virt(FIX_RO_IDT);

IIUI this works around f00f as a side effect. The only other thing
needed is the code that X86_BUG_F00F guards, which is responsible for
fixing up the error generated on attempted F00F exploitation from an
OOPS to a SIGILL. I see no reason why that code couldn't be allowed
to run on even a PV guest on a F00F-affected CPU -- it would never
trigger anyway.