x86/xen: remove hypercall page

commit 7fa0da5373685e7ed249af3fa317ab1e1ba8b0a6 upstream.

The hypercall page is no longer needed. It can be removed, as from the
Xen perspective it is optional.

But, from Linux's perspective, it removes naked RET instructions that
escape the speculative protections that Call Depth Tracking and/or
Untrain Ret are trying to achieve.

This is part of XSA-466 / CVE-2024-53241.

Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index e26d3f80b5174bd30226fd2b470aa3312f06daa1..89cd98693efc53187ec14135649868f47d8ba3a9 100644 (file)
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -88,8 +88,6 @@ struct xen_dm_op_buf;
  * there aren't more than 5 arguments...)
  */
 
-extern struct { char _entry[32]; } hypercall_page[];
-
 void xen_hypercall_func(void);
 DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
 

diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index d75c392651e730075ef5770e0655de92247ee836..c366ba8c43109023757a6100b0f3f8143878b93c 100644 (file)
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -26,8 +26,6 @@
 #include "smp.h"
 #include "pmu.h"
 
-EXPORT_SYMBOL_GPL(hypercall_page);
-
 DEFINE_STATIC_CALL(xen_hypercall, xen_hypercall_hvm);
 EXPORT_STATIC_CALL_TRAMP(xen_hypercall);
 

diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
index c041810392f601f70da9f5a5a4af1c1e9cfaee52..f9020581bf6f743a40c725c3ccfcc2a90a0e7b50 100644 (file)
--- a/arch/x86/xen/enlighten_hvm.c
+++ b/arch/x86/xen/enlighten_hvm.c
@@ -101,15 +101,8 @@ static void __init init_hvm_pv_info(void)
        /* PVH set up hypercall page in xen_prepare_pvh(). */
        if (xen_pvh_domain())
                pv_info.name = "Xen PVH";
-       else {
-               u64 pfn;
-               uint32_t msr;
-
+       else
                pv_info.name = "Xen HVM";
-               msr = cpuid_ebx(base + 2);
-               pfn = __pa(hypercall_page);
-               wrmsr_safe(msr, (u32)pfn, (u32)(pfn >> 32));
-       }
 
        xen_setup_features();
 

diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c
index ada3868c02c231d0f10863cabf71a076f003acb5..00ee9399fd0c325ab29a52583e57e3cc7a9aa20d 100644 (file)
--- a/arch/x86/xen/enlighten_pvh.c
+++ b/arch/x86/xen/enlighten_pvh.c
@@ -27,17 +27,10 @@ EXPORT_SYMBOL_GPL(xen_pvh);
 
 void __init xen_pvh_init(struct boot_params *boot_params)
 {
-       u32 msr;
-       u64 pfn;
-
        xen_pvh = 1;
        xen_domain_type = XEN_HVM_DOMAIN;
        xen_start_flags = pvh_start_info.flags;
 
-       msr = cpuid_ebx(xen_cpuid_base() + 2);
-       pfn = __pa(hypercall_page);
-       wrmsr_safe(msr, (u32)pfn, (u32)(pfn >> 32));
-
        if (xen_initial_domain())
                x86_init.oem.arch_setup = xen_add_preferred_consoles;
        x86_init.oem.banner = xen_banner;

diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 61f904daee85f675f6eafc1bf68e890fce634fd5..152bbe900a174a123f194587e91d525155fce81c 100644 (file)
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -146,24 +146,6 @@ SYM_FUNC_START(xen_hypercall_intel)
 SYM_FUNC_END(xen_hypercall_intel)
        .popsection
 
-.pushsection .text
-       .balign PAGE_SIZE
-SYM_CODE_START(hypercall_page)
-       .rept (PAGE_SIZE / 32)
-               UNWIND_HINT_FUNC
-               ANNOTATE_UNRET_SAFE
-               ret
-               .skip 31, 0xcc
-       .endr
-
-#define HYPERCALL(n) \
-       .equ xen_hypercall_##n, hypercall_page + __HYPERVISOR_##n * 32; \
-       .type xen_hypercall_##n, @function; .size xen_hypercall_##n, 32
-#include <asm/xen-hypercalls.h>
-#undef HYPERCALL
-SYM_CODE_END(hypercall_page)
-.popsection
-
        ELFNOTE(Xen, XEN_ELFNOTE_GUEST_OS,       .asciz "linux")
        ELFNOTE(Xen, XEN_ELFNOTE_GUEST_VERSION,  .asciz "2.6")
        ELFNOTE(Xen, XEN_ELFNOTE_XEN_VERSION,    .asciz "xen-3.0")
@@ -177,7 +159,6 @@ SYM_CODE_END(hypercall_page)
 #ifdef CONFIG_XEN_PV
        ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,          _ASM_PTR startup_xen)
 #endif
-       ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, _ASM_PTR hypercall_page)
        ELFNOTE(Xen, XEN_ELFNOTE_FEATURES,
                .ascii "!writable_page_tables|pae_pgdir_above_4gb")
        ELFNOTE(Xen, XEN_ELFNOTE_SUPPORTED_FEATURES,