linux.git/drivers/lguest, branch v2.6.23 Linux kernel source tree fix modules oopsing in lguest guests 2007-09-25T15:51:04+00:00 Rusty Russell rusty@rustcorp.com.au 2007-09-25T04:24:44+00:00 bbbd2bf00bab467cff7b1f418b2cb24c71291f59 The assembly templates for lguest guest patching are in the .init.text section. This means that modules get patched with "cc cc cc cc" or similar junk. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The assembly templates for lguest guest patching are in the .init.text
section.  This means that modules get patched with "cc cc cc cc" or similar
junk.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lguest: Fix guest crash when CONFIG_X86_USE_3DNOW=y 2007-09-12T19:19:46+00:00 Rusty Russell rusty@rustcorp.com.au 2007-09-11T07:06:37+00:00 c413fecc763e380ec93dc6faf726e7e735ade04e One of the very first things lguest_init() does is a memcpy. On Athlon/Duron/K7 or CyrixIII/VIA-C3 or Geode GX/LX, this tries to use MMX. memcpy -> _mmx_memcpy -> kernel_fpu_begin -> clts -> paravirt_ops.clts But we haven't set paravirt_ops.clts yet, so we do the native version and crash. The simplest solution is to use __memcpy. Thanks to Michael Rasenberger for the bug report. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
One of the very first things lguest_init() does is a memcpy.  On
Athlon/Duron/K7 or CyrixIII/VIA-C3 or Geode GX/LX, this tries to use
MMX.

memcpy -> _mmx_memcpy -> kernel_fpu_begin -> clts -> paravirt_ops.clts

But we haven't set paravirt_ops.clts yet, so we do the native version
and crash.  The simplest solution is to use __memcpy.

Thanks to Michael Rasenberger for the bug report.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix lguest page-pinning logic ("lguest: bad stack page 0xc057a000") 2007-08-30T16:58:22+00:00 Rusty Russell rusty@rustcorp.com.au 2007-08-29T20:35:08+00:00 8057d763ed7a7365dc3402db0aed7c87d8531ecb If the stack pointer is 0xc057a000, then the first stack page is at 0xc0579000 (the stack pointer is decremented before use). Not calculating this correctly caused guests with CONFIG_DEBUG_PAGEALLOC=y to be killed with a "bad stack page" message: the initial kernel stack was just proceeding the .smp_locks section which CONFIG_DEBUG_PAGEALLOC marks read-only when freeing. Thanks to Frederik Deweerdt for the bug report! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
If the stack pointer is 0xc057a000, then the first stack page is at
0xc0579000 (the stack pointer is decremented before use).  Not
calculating this correctly caused guests with CONFIG_DEBUG_PAGEALLOC=y
to be killed with a "bad stack page" message: the initial kernel stack
was just proceeding the .smp_locks section which
CONFIG_DEBUG_PAGEALLOC marks read-only when freeing.

Thanks to Frederik Deweerdt for the bug report!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lguest should depend on CONFIG_FUTEX 2007-08-24T04:23:33+00:00 Alexey Dobriyan adobriyan@sw.ru 2007-08-23T20:03:47+00:00 deec5950479b72eff3130dc6f956a87466ed41c6 It uses get_futex_key(). Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
It uses get_futex_key().

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
i386: Make patching more robust, fix paravirt issue 2007-08-11T22:58:13+00:00 Andi Kleen ak@suse.de 2007-08-10T20:31:03+00:00 ab144f5ec64c42218a555ec1dbde6b60cf2982d6 Commit 19d36ccdc34f5ed444f8a6af0cbfdb6790eb1177 "x86: Fix alternatives and kprobes to remap write-protected kernel text" uses code which is being patched for patching. In particular, paravirt_ops does patching in two stages: first it calls paravirt_ops.patch, then it fills any remaining instructions with nop_out(). nop_out calls text_poke() which calls lookup_address() which calls pgd_val() (aka paravirt_ops.pgd_val): that call site is one of the places we patch. If we always do patching as one single call to text_poke(), we only need make sure we're not patching the memcpy in text_poke itself. This means the prototype to paravirt_ops.patch needs to change, to marshal the new code into a buffer rather than patching in place as it does now. It also means all patching goes through text_poke(), which is known to be safe (apply_alternatives is also changed to make a single patch). AK: fix compilation on x86-64 (bad rusty!) AK: fix boot on x86-64 (sigh) AK: merged with other patches Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Commit 19d36ccdc34f5ed444f8a6af0cbfdb6790eb1177 "x86: Fix alternatives
and kprobes to remap write-protected kernel text" uses code which is
being patched for patching.

In particular, paravirt_ops does patching in two stages: first it
calls paravirt_ops.patch, then it fills any remaining instructions
with nop_out().  nop_out calls text_poke() which calls
lookup_address() which calls pgd_val() (aka paravirt_ops.pgd_val):
that call site is one of the places we patch.

If we always do patching as one single call to text_poke(), we only
need make sure we're not patching the memcpy in text_poke itself.
This means the prototype to paravirt_ops.patch needs to change, to
marshal the new code into a buffer rather than patching in place as it
does now.  It also means all patching goes through text_poke(), which
is known to be safe (apply_alternatives is also changed to make a
single patch).

AK: fix compilation on x86-64 (bad rusty!)
AK: fix boot on x86-64 (sigh)
AK: merged with other patches

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lguest files should explicitly include asm/paravirt.h 2007-08-11T22:47:42+00:00 Jes Sorensen jes@sgi.com 2007-08-10T20:01:11+00:00 b1a47190a6000d0e75ee4ffa75f3f6b16dd60a0b Files using bits from paravirt.h should explicitly include it rather than relying on it being pulled in by something else. Signed-off-by: Jes Sorensen <jes@sgi.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Files using bits from paravirt.h should explicitly include it rather than
relying on it being pulled in by something else.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lguest: Fix Malicious Guest GDT Host Crash 2007-08-09T15:14:56+00:00 Rusty Russell rusty@rustcorp.com.au 2007-08-09T10:57:13+00:00 0d027c01cd36b8cff727c78d2e40d334ba9895a8 If a Guest makes hypercall which sets a GDT entry to not present, we currently set any segment registers using that GDT entry to 0. Unfortunately, this is not sufficient: there are other ways of altering GDT entries which will cause a fault. The correct solution to do what Linux does: let them set any GDT value they want and handle the #GP when popping causes a fault. This has the added benefit of making our Switcher slightly more robust in the case of any other bugs which cause it to fault. We kill the Guest if it causes a fault in the Switcher: it's the Guest's responsibility to make sure it's not using segments when it changes them. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
If a Guest makes hypercall which sets a GDT entry to not present, we
currently set any segment registers using that GDT entry to 0.
Unfortunately, this is not sufficient: there are other ways of
altering GDT entries which will cause a fault.

The correct solution to do what Linux does: let them set any GDT value
they want and handle the #GP when popping causes a fault.  This has
the added benefit of making our Switcher slightly more robust in the
case of any other bugs which cause it to fault.

We kill the Guest if it causes a fault in the Switcher: it's the
Guest's responsibility to make sure it's not using segments when it
changes them.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix non-TSC guest clocksource lockup 2007-08-09T15:14:56+00:00 Rusty Russell rusty@rustcorp.com.au 2007-08-09T10:52:35+00:00 37250097e1b730c30da1790e354c0da65e617043 lguest uses a host-supplied wallclock-based clocksource when the TSC is not reliable. As this is already in nanoseconds, I naively used a multiplier of 1 and a shift of 0. But update_wall_time() in its infinite wisdom decides to adjust the clock a little (where does it think it's getting a more accurate time from?) It will happily tweak the multiplier... to 0, then -1. So the "fix" is to use a shift of 22 like everyone else, and a multiplier of 1 << 22. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
lguest uses a host-supplied wallclock-based clocksource when the TSC
is not reliable.  As this is already in nanoseconds, I naively used a
multiplier of 1 and a shift of 0.

But update_wall_time() in its infinite wisdom decides to adjust the
clock a little (where does it think it's getting a more accurate time
from?)

It will happily tweak the multiplier... to 0, then -1.

So the "fix" is to use a shift of 22 like everyone else, and a
multiplier of 1 << 22.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Enable lguest drivers in Kconfig 2007-08-07T01:21:15+00:00 Rusty Russell rusty@rustcorp.com.au 2007-08-06T00:48:18+00:00 cc1ff43b7002b40686f03269b5011d59965737a4 Lguest drivers need to default to "Y" otherwise they're never selected for new builds. (We don't bother prompting, because they're less than 4k combined, and implied by selecting lguest support). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Lguest drivers need to default to "Y" otherwise they're never selected
for new builds.  (We don't bother prompting, because they're less than
4k combined, and implied by selecting lguest support).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Make lguest compile with CONFIG_BLOCK=n and CONFIG_NET=n 2007-07-30T00:37:45+00:00 Rusty Russell rusty@rustcorp.com.au 2007-07-30T00:25:22+00:00 05ff09706bacc92ccadde3a74289118789581475 Gabriel C reports lguest doesn't compile with CONFIG_BLOCK=n. Fix this by introducing a config var for the block device, which depends on LGUEST && BLOCK. Do the same for the net driver, rather then depending gratuitously on CONFIG_NET. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Cc: Gabriel C <nix.or.die@googlemail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Gabriel C reports lguest doesn't compile with CONFIG_BLOCK=n.  Fix this
by introducing a config var for the block device, which depends on
LGUEST && BLOCK.  Do the same for the net driver, rather then depending
gratuitously on CONFIG_NET.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Gabriel C <nix.or.die@googlemail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>