[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 00/16] x86: Support for CET Supervisor Shadow Stacks

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 1 May 2020 23:58:22 +0100
Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 01 May 2020 22:59:22 +0000
Ironport-sdr: tvG01VWEhW9lEFXuYuSyuiQfsPHtPwE54KCT0FZT3ZQyrETbooExtlWNlIk+4j9NJ3pKOEm75Q b+x+EVLcXMtWpDKddHDvArnH8eIcgctc+pYmuZ8TqWNIRxrmeFL9W70A2t42ehsVoQ6CQoOt/V 83Jgdw1iHZ4S7hCaYmL5XCCzVNDkTlPXvE6cUoeTo1eHWK8GF4abRoi4yzrYRrpgimmFNQvGIx lAJ10SqevCFFx0nt3KE9hptBvQdCVuC4g1p6LoktErRxOAQqLqJ0m0czbOJ99siyvkFBRkwvxx NbE=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This series implements Shadow Stack support for Xen to use.

You'll need a CET-capable toolchain (Binutils 2.32 and later), but no specific
compiler support required.

CET-SS makes PV32 unusable, so using shadow stacks prevents the use of 32bit
PV guests.  Compatibilty can be obtained using PV Shim

Andrew Cooper (16):
  x86/traps: Drop last_extable_addr
  x86/traps: Clean up printing in do_reserved_trap()/fatal_trap()
  x86/traps: Factor out exception_fixup() and make printing consistent
  x86/smpboot: Write the top-of-stack block in cpu_smpboot_alloc()
  x86/shstk: Introduce Supervisor Shadow Stack support
  x86/traps: Implement #CP handler and extend #PF for shadow stacks
  x86/shstk: Re-layout the stack block for shadow stacks
  x86/shstk: Create shadow stacks
  x86/cpu: Adjust enable_nmis() to be shadow stack compatible
  x86/cpu: Adjust reset_stack_and_jump() to be shadow stack compatible
  x86/spec-ctrl: Adjust DO_OVERWRITE_RSB to be shadow stack compatible
  x86/extable: Adjust extable handling to be shadow stack compatible
  x86/ioemul: Rewrite stub generation to be shadow stack compatible
  x86/alt: Adjust _alternative_instructions() to not create shadow stacks
  x86/entry: Adjust guest paths to be shadow stack compatible
  x86/shstk: Activate Supervisor Shadow Stacks

 xen/arch/x86/Kconfig                |  17 +++
 xen/arch/x86/acpi/wakeup_prot.S     |  56 ++++++++++
 xen/arch/x86/alternative.c          |  14 +++
 xen/arch/x86/boot/x86_64.S          |  30 +++++-
 xen/arch/x86/cpu/common.c           |  34 +++++-
 xen/arch/x86/crash.c                |   7 ++
 xen/arch/x86/ioport_emulate.c       |  11 +-
 xen/arch/x86/mm.c                   |  41 ++++---
 xen/arch/x86/pv/emul-priv-op.c      |  91 ++++++++++++----
 xen/arch/x86/pv/gpr_switch.S        |  37 ++-----
 xen/arch/x86/setup.c                |  56 ++++++++++
 xen/arch/x86/smpboot.c              |  10 +-
 xen/arch/x86/spec_ctrl.c            |   8 ++
 xen/arch/x86/traps.c                | 206 ++++++++++++++++++++++--------------
 xen/arch/x86/x86_64/compat/entry.S  |   2 +-
 xen/arch/x86/x86_64/entry.S         |  39 ++++++-
 xen/include/asm-x86/cpufeature.h    |   1 +
 xen/include/asm-x86/cpufeatures.h   |   1 +
 xen/include/asm-x86/current.h       |  59 ++++++++---
 xen/include/asm-x86/io.h            |   3 +-
 xen/include/asm-x86/mm.h            |   1 -
 xen/include/asm-x86/msr-index.h     |   3 +
 xen/include/asm-x86/page.h          |   1 +
 xen/include/asm-x86/processor.h     |  60 +++++++----
 xen/include/asm-x86/spec_ctrl_asm.h |  16 ++-
 xen/include/asm-x86/x86-defns.h     |  36 +++++++
 xen/include/asm-x86/x86_64/page.h   |   1 +
 xen/scripts/Kconfig.include         |   4 +
 28 files changed, 640 insertions(+), 205 deletions(-)

-- 
2.11.0

Follow-Ups:
- [PATCH 13/16] x86/ioemul: Rewrite stub generation to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 11/16] x86/spec-ctrl: Adjust DO_OVERWRITE_RSB to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 10/16] x86/cpu: Adjust reset_stack_and_jump() to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 16/16] x86/shstk: Activate Supervisor Shadow Stacks
  - From: Andrew Cooper
- [PATCH 12/16] x86/extable: Adjust extable handling to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 15/16] x86/entry: Adjust guest paths to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 14/16] x86/alt: Adjust _alternative_instructions() to not create shadow stacks
  - From: Andrew Cooper
- [PATCH 04/16] x86/smpboot: Write the top-of-stack block in cpu_smpboot_alloc()
  - From: Andrew Cooper
- [PATCH 03/16] x86/traps: Factor out exception_fixup() and make printing consistent
  - From: Andrew Cooper
- [PATCH 01/16] x86/traps: Drop last_extable_addr
  - From: Andrew Cooper
- [PATCH 09/16] x86/cpu: Adjust enable_nmis() to be shadow stack compatible
  - From: Andrew Cooper
- [PATCH 05/16] x86/shstk: Introduce Supervisor Shadow Stack support
  - From: Andrew Cooper
- [PATCH 02/16] x86/traps: Clean up printing in do_reserved_trap()/fatal_trap()
  - From: Andrew Cooper
- [PATCH 08/16] x86/shstk: Create shadow stacks
  - From: Andrew Cooper
- [PATCH 07/16] x86/shstk: Re-layout the stack block for shadow stacks
  - From: Andrew Cooper
- [PATCH 06/16] x86/traps: Implement #CP handler and extend #PF for shadow stacks
  - From: Andrew Cooper

Prev by Date: [PATCH 01/16] x86/traps: Drop last_extable_addr
Next by Date: [PATCH 03/16] x86/traps: Factor out exception_fixup() and make printing consistent
Previous by thread: [xen-unstable test] 149896: tolerable FAIL - PUSHED
Next by thread: [PATCH 06/16] x86/traps: Implement #CP handler and extend #PF for shadow stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.