x86/xen: remove hypercall page

commit 7fa0da5373685e7ed249af3fa317ab1e1ba8b0a6 upstream.

The hypercall page is no longer needed. It can be removed, as from the
Xen perspective it is optional.

But, from Linux's perspective, it removes naked RET instructions that
escape the speculative protections that Call Depth Tracking and/or
Untrain Ret are trying to achieve.

This is part of XSA-466 / CVE-2024-53241.

Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index e26d3f80b5174bd30226fd2b470aa3312f06daa1..89cd98693efc53187ec14135649868f47d8ba3a9 100644 (file)
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -88,8 +88,6 @@ struct xen_dm_op_buf;
  * there aren't more than 5 arguments...)
  */
 
-extern struct { char _entry[32]; } hypercall_page[];
-
 void xen_hypercall_func(void);
 DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
 

diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index de78a0762fda0464647c21a8a4f76515ad8a6122..6c70d8ea81f0d8e5cf138d1455090ff04797e9f5 100644 (file)
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -21,8 +21,6 @@
 #include "smp.h"
 #include "pmu.h"
 
-EXPORT_SYMBOL_GPL(hypercall_page);
-
 DEFINE_STATIC_CALL(xen_hypercall, xen_hypercall_hvm);
 EXPORT_STATIC_CALL_TRAMP(xen_hypercall);
 

diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
index f591fc5f7022ba46f2075e53b1734d0d2f38a3c3..2489aa789338a5206b9c92ebedfb8bf93766de4f 100644 (file)
--- a/arch/x86/xen/enlighten_hvm.c
+++ b/arch/x86/xen/enlighten_hvm.c
@@ -101,15 +101,8 @@ static void __init init_hvm_pv_info(void)
        /* PVH set up hypercall page in xen_prepare_pvh(). */
        if (xen_pvh_domain())
                pv_info.name = "Xen PVH";
-       else {
-               u64 pfn;
-               uint32_t msr;
-
+       else
                pv_info.name = "Xen HVM";
-               msr = cpuid_ebx(base + 2);
-               pfn = __pa(hypercall_page);
-               wrmsr_safe(msr, (u32)pfn, (u32)(pfn >> 32));
-       }
 
        xen_setup_features();
 

diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c
index 0d5e34b9e6f93985a243cc69c632ae0d8f9e8ce1..aaeb1fb5bfed4c40d3554a9fef69cfcc770be872 100644 (file)
--- a/arch/x86/xen/enlighten_pvh.c
+++ b/arch/x86/xen/enlighten_pvh.c
@@ -25,17 +25,10 @@ bool xen_pvh __section(".data") = 0;
 
 void __init xen_pvh_init(struct boot_params *boot_params)
 {
-       u32 msr;
-       u64 pfn;
-
        xen_pvh = 1;
        xen_domain_type = XEN_HVM_DOMAIN;
        xen_start_flags = pvh_start_info.flags;
 
-       msr = cpuid_ebx(xen_cpuid_base() + 2);
-       pfn = __pa(hypercall_page);
-       wrmsr_safe(msr, (u32)pfn, (u32)(pfn >> 32));
-
        xen_efi_init(boot_params);
 }
 

diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 61f904daee85f675f6eafc1bf68e890fce634fd5..152bbe900a174a123f194587e91d525155fce81c 100644 (file)
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -146,24 +146,6 @@ SYM_FUNC_START(xen_hypercall_intel)
 SYM_FUNC_END(xen_hypercall_intel)
        .popsection
 
-.pushsection .text
-       .balign PAGE_SIZE
-SYM_CODE_START(hypercall_page)
-       .rept (PAGE_SIZE / 32)
-               UNWIND_HINT_FUNC
-               ANNOTATE_UNRET_SAFE
-               ret
-               .skip 31, 0xcc
-       .endr
-
-#define HYPERCALL(n) \
-       .equ xen_hypercall_##n, hypercall_page + __HYPERVISOR_##n * 32; \
-       .type xen_hypercall_##n, @function; .size xen_hypercall_##n, 32
-#include <asm/xen-hypercalls.h>
-#undef HYPERCALL
-SYM_CODE_END(hypercall_page)
-.popsection
-
        ELFNOTE(Xen, XEN_ELFNOTE_GUEST_OS,       .asciz "linux")
        ELFNOTE(Xen, XEN_ELFNOTE_GUEST_VERSION,  .asciz "2.6")
        ELFNOTE(Xen, XEN_ELFNOTE_XEN_VERSION,    .asciz "xen-3.0")
@@ -177,7 +159,6 @@ SYM_CODE_END(hypercall_page)
 #ifdef CONFIG_XEN_PV
        ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,          _ASM_PTR startup_xen)
 #endif
-       ELFNOTE(Xen, XEN_ELFNOTE_HYPERCALL_PAGE, _ASM_PTR hypercall_page)
        ELFNOTE(Xen, XEN_ELFNOTE_FEATURES,
                .ascii "!writable_page_tables|pae_pgdir_above_4gb")
        ELFNOTE(Xen, XEN_ELFNOTE_SUPPORTED_FEATURES,