[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6.5 23/26] x86/entry: Clobber the Return Stack Buffer on entry to Xen

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 04 Jan 2018 03:22:39 -0700
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 04 Jan 2018 10:22:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 04.01.18 at 01:15, <andrew.cooper3@xxxxxxxxxx> wrote:
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -246,7 +246,7 @@ enough. Setting this to a high value may cause boot 
> failure, particularly if
>  the NMI watchdog is also enabled.
>  
>  ### bti (x86)
> -> `= List of [ thunk=retpoline|lfence|plain, ibrs=<bool> ]`
> +> `= List of [ thunk=retpoline|lfence|plain, ibrs=<bool>, 
> rsb_{vmexit,native}=bool ]`

<bool>

> --- a/xen/arch/x86/spec_ctrl.c
> +++ b/xen/arch/x86/spec_ctrl.c
> @@ -33,6 +33,7 @@ enum ind_thunk {
>      THUNK_JMP,
>  } opt_thunk __initdata = THUNK_DEFAULT;
>  int opt_ibrs __initdata = -1;
> +int opt_rsb_native __initdata = -1, opt_rsb_vmexit __initdata = -1;

static

> --- a/xen/include/asm-x86/nops.h
> +++ b/xen/include/asm-x86/nops.h
> @@ -67,9 +67,11 @@
>  
>  #define ASM_NOP22 ASM_NOP8 ASM_NOP8 ASM_NOP6
>  #define ASM_NOP26 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP2
> +#define ASM_NOP27 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP3
>  #define ASM_NOP32 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP8
>  #define ASM_NOP33 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP7 ASM_NOP2
>  #define ASM_NOP39 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP7
> +#define ASM_NOP40 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP8 ASM_NOP8

See how this is getting more and more ugly?

> @@ -178,6 +209,11 @@
>  
>  /* Use after a VMEXIT from an HVM guest. */
>  #define SPEC_CTRL_ENTRY_FROM_VMEXIT                                     \
> +    ALTERNATIVE_2 __stringify(ASM_NOP27),                               \
> +        "DO_OVERWRITE_RSB maybexen=0 ss=1",                             \
> +        X86_FEATURE_RSB_VMEXIT_SS,                                      \
> +        "DO_OVERWRITE_RSB maybexen=0 ss=0",                             \
> +        X86_FEATURE_RSB_VMEXIT;                                         \
>      ALTERNATIVE_2 __stringify(ASM_NOP32),                               \
>          __stringify(DO_SPEC_CTRL_ENTRY_FROM_VMEXIT                      \
>                      ibrs_val=SPEC_CTRL_IBRS),                           \

The use of __stringify() wants to become consistent: Either you
never use plain quoting, or you only ever use __stringify() when
plain quoting wouldn't yield the intended effect (of, in particular,
macro expansion before stringification).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v6.5 00/26] x86: Mitigations for SP2/CVE-2017-5715/Branch Target Injection
  - From: Andrew Cooper
- [Xen-devel] [PATCH v6.5 23/26] x86/entry: Clobber the Return Stack Buffer on entry to Xen
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v6.5 22/26] x86/boot: Calculate the most appropriate BTI mitigation to use
Next by Date: Re: [Xen-devel] [PATCH v6.5 24/26] x86/ctxt: Issue a speculation barrier between vcpu contexts
Previous by thread: [Xen-devel] [PATCH v6.5 23/26] x86/entry: Clobber the Return Stack Buffer on entry to Xen
Next by thread: [Xen-devel] [PATCH v6.5 18/26] x86/migrate: Move MSR_SPEC_CTRL on migrate
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.