Re: [Xen-devel] [PATCH v5] x86/xpti: Don't leak TSS-adjacent percpu data via Meltdown

On 12.08.2019 12:29, Andrew Cooper wrote: On 12/08/2019 08:23, Jan Beulich wrote: @@ -747,16 +747,10 @@ void load_system_tables(void) .bitmap = IOBMP_INVALID_OFFSET, }; -    _set_tssldt_desc( -    gdt + TSS_ENTRY, -    (unsigned long)tss, -    offsetof(struct tss_

Re: [Xen-devel] [PATCH v5] x86/xpti: Don't leak TSS-adjacent percpu data via Meltdown

On 12/08/2019 12:04, Jan Beulich wrote: > On 12.08.2019 12:29, Andrew Cooper wrote: >> On 12/08/2019 08:23, Jan Beulich wrote: >>> @@ -747,16 +747,10 @@ void load_system_tables(void) >>>   .bitmap = IOBMP_INVALID_OFFSET, >>>   }; >>>   -    _set_tssldt_desc( >>> -    gdt + TSS_ENTRY

Re: [Xen-devel] [PATCH v5] x86/xpti: Don't leak TSS-adjacent percpu data via Meltdown

On 12/08/2019 08:23, Jan Beulich wrote: > @@ -747,16 +747,10 @@ void load_system_tables(void) > .bitmap = IOBMP_INVALID_OFFSET, > }; >   > -    _set_tssldt_desc( > -    gdt + TSS_ENTRY, > -    (unsigned long)tss, > -    offsetof(struct tss_struct, __cacheline_filler) - 1,

[Xen-devel] [PATCH v5] x86/xpti: Don't leak TSS-adjacent percpu data via Meltdown

From: Andrew Cooper The XPTI work restricted the visibility of most of memory, but missed a few aspects when it came to the TSS. Given that the TSS is just an object in percpu data, the 4k mapping for it created in setup_cpu_root_pgt() maps adjacent percpu data, making it all leakable via Meltd