[v2] Introduce a REQUIRE_NX Kconfig option

[PATCH v2 0/2] Introduce a REQUIRE_NX Kconfig option

Alejandro Vallejo posted 2 patches 10 months, 2 weeks ago

Diff against v3
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20230615153157.444-1-alejandro.vallejo@cloud.com

There is a newer version of this series

xen/arch/x86/Kconfig                  | 16 ++++++
xen/arch/x86/boot/head.S              | 73 ++++++++++++++++++++++++---
xen/arch/x86/boot/trampoline.S        |  3 +-
xen/arch/x86/cpu/intel.c              | 32 ++++++------
xen/arch/x86/efi/efi-boot.h           |  9 ++++
xen/arch/x86/include/asm/cpufeature.h |  3 +-
xen/arch/x86/include/asm/msr-index.h  |  2 +-
7 files changed, 111 insertions(+), 27 deletions(-)

Expand all Fold all

[PATCH v2 0/2] Introduce a REQUIRE_NX Kconfig option

Posted by Alejandro Vallejo 10 months, 2 weeks ago

v2:
  * Created assembly override for cases where XD_DISABLE is set
  * Turned rdmsrl() into rdmsr_safe() when reading IA32_MSR_MISC_ENABLE in C

This option hardens Xen by forcing it to write secure (NX-enhanced) PTEs
regardless of the runtime NX feature bit in boot_cpu_data. This prevents an
attacker with partial write support from affecting Xen's PTE generation
logic by overriding the NX feature flag. The patch asserts support for the
NX bit in PTEs at boot time and if so short-circuits the cpu_has_nx macro
to 1.

Alejandro Vallejo (2):
  x86/boot: Clear XD_DISABLE from the early boot path
  x86: Add Kconfig option to require NX bit support

 xen/arch/x86/Kconfig                  | 16 ++++++
 xen/arch/x86/boot/head.S              | 73 ++++++++++++++++++++++++---
 xen/arch/x86/boot/trampoline.S        |  3 +-
 xen/arch/x86/cpu/intel.c              | 32 ++++++------
 xen/arch/x86/efi/efi-boot.h           |  9 ++++
 xen/arch/x86/include/asm/cpufeature.h |  3 +-
 xen/arch/x86/include/asm/msr-index.h  |  2 +-
 7 files changed, 111 insertions(+), 27 deletions(-)

-- 
2.34.1