Commit 7fa0da53 authored by Juergen Gross's avatar Juergen Gross
Browse files

x86/xen: remove hypercall page 



The hypercall page is no longer needed. It can be removed, as from the
Xen perspective it is optional.

But, from Linux's perspective, it removes naked RET instructions that
escape the speculative protections that Call Depth Tracking and/or
Untrain Ret are trying to achieve.

This is part of XSA-466 / CVE-2024-53241.

Reported-by: default avatarAndrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
Reviewed-by: default avatarAndrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
parent b1c2cb86

arch/x86/include/asm/xen/hypercall.h

+0 −2
Original line number Diff line number Diff line
@@ -88,8 +88,6 @@ struct xen_dm_op_buf; 
 * there aren't more than 5 arguments...)

 */



extern struct { char _entry[32]; } hypercall_page[];



void xen_hypercall_func(void);

DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);

arch/x86/kernel/callthunks.c

+0 −5
Original line number Diff line number Diff line
@@ -142,11 +142,6 @@ static bool skip_addr(void *dest) 
	if (dest >= (void *)relocate_kernel &&

	    dest < (void*)relocate_kernel + KEXEC_CONTROL_CODE_MAX_SIZE)

		return true;

#endif

#ifdef CONFIG_XEN

	if (dest >= (void *)hypercall_page &&

	    dest < (void*)hypercall_page + PAGE_SIZE)

		return true;

#endif

	return false;

}

arch/x86/kernel/vmlinux.lds.S

+0 −4
Original line number Diff line number Diff line
@@ -519,14 +519,10 @@ INIT_PER_CPU(irq_stack_backing_store); 
 * linker will never mark as relocatable. (Using just ABSOLUTE() is not

 * sufficient for that).

 */

#ifdef CONFIG_XEN

#ifdef CONFIG_XEN_PV

xen_elfnote_entry_value =

	ABSOLUTE(xen_elfnote_entry) + ABSOLUTE(startup_xen);

#endif

xen_elfnote_hypercall_page_value =

	ABSOLUTE(xen_elfnote_hypercall_page) + ABSOLUTE(hypercall_page);

#endif

#ifdef CONFIG_PVH

xen_elfnote_phys32_entry_value =

	ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - LOAD_OFFSET);

arch/x86/xen/enlighten.c

+0 −2
Original line number Diff line number Diff line
@@ -22,8 +22,6 @@ 


#include "xen-ops.h"



EXPORT_SYMBOL_GPL(hypercall_page);



DEFINE_STATIC_CALL(xen_hypercall, xen_hypercall_hvm);

EXPORT_STATIC_CALL_TRAMP(xen_hypercall);

arch/x86/xen/enlighten_hvm.c

+1 −8
Original line number Diff line number Diff line
@@ -106,15 +106,8 @@ static void __init init_hvm_pv_info(void) 
	/* PVH set up hypercall page in xen_prepare_pvh(). */

	if (xen_pvh_domain())

		pv_info.name = "Xen PVH";

	else {

		u64 pfn;

		uint32_t msr;



	else

		pv_info.name = "Xen HVM";

		msr = cpuid_ebx(base + 2);

		pfn = __pa(hypercall_page);

		wrmsr_safe(msr, (u32)pfn, (u32)(pfn >> 32));

	}



	xen_setup_features();