Re: [PATCH v3 01/11] x86/boot: enumerate documentation for the x86 hardware_subarch

[Andy Lutomirski]

On Wed, Feb 24, 2016 at 5:18 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
>
> On Feb 24, 2016 8:40 AM, "Andy Lutomirski" <luto@xxxxxxxxxxxxxx> wrote:
>>
>> On Feb 24, 2016 12:33 AM, "Ingo Molnar" <mingo@xxxxxxxxxx> wrote:
>> >
>> > For hard coded platform quirks I'd suggest we add x86_platform.quirks
>> > flags. For
>> > example the F00F hack for Xen could be done via:
>> >
>> >         x86_platform.quirks.idt_remap = 0;
>> >
>>
>> Don't we unconditionally remap the IDT?  I think Kees did it for
>> general purpose hardening due to our complete inability to hide the
>> IDT address. I.e. I think we can remove the f00f condition entirely.
>>
>
> Kees can you confirm ?
>

No need.

        /*
         * Set the IDT descriptor to a fixed read-only location, so that the
         * "sidt" instruction will not leak the location of the kernel, and
         * to defend the IDT against arbitrary memory write vulnerabilities.
         * It will be reloaded in cpu_init() */
        __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO);
        idt_descr.address = fix_to_virt(FIX_RO_IDT);

IIUI this works around f00f as a side effect.  The only other thing
needed is the code that X86_BUG_F00F guards, which is responsible for
fixing up the error generated on attempted F00F exploitation from an
OOPS to a SIGILL.  I see no reason why that code couldn't be allowed
to run on even a PV guest on a F00F-affected CPU -- it would never
trigger anyway.