[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 08/16] x86/shstk: Create shadow stacks

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 4 May 2020 16:08:17 +0100
Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 04 May 2020 15:08:50 +0000
Ironport-sdr: Xz63FMZyf8hWLY7PLjITaPwT89WVg3nUrHNbIzXwYddsEqqDLDpOppoTcPfQrJP/P0SQ2GJXjn K5FFOFdBTsS6PTjJKfi1kllQ2wjtF3ut6CVUv1bFU5r+AokzGPS8pKBRHW+54KB3JDlnnVA9pj Ji+tvxrh+qFBAgl0IeODq33hzLTTj7DSKUQQ2eNB3vwjQF9lIzKxi6Kc/EUSE517T9jEsY26F8 1iYCGw1UUtl/wEl0BqFwrgxn/UUgyrET+vxi6qXAJZI0zxHQHrz9C8EgC4sesTThLXYtaLWrHC Xxk=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04/05/2020 15:55, Jan Beulich wrote:
>> +            /* Poision unused entries. */
>> +            for ( i = IST_MAX;
>> +                  i < ARRAY_SIZE(this_cpu(tss_page).ist_ssp); ++i )
>> +                    ist_ssp[i] = 0x8600111111111111ul;
> IST_MAX == IST_DF, so you're overwriting one token here.

And failing to poison entry 0.  This was a bad rearrangement when
tidying the series up.

Unfortunately, testing the #DF path isn't terribly easy.

>> --- a/xen/include/asm-x86/processor.h
>> +++ b/xen/include/asm-x86/processor.h
>> @@ -434,7 +434,8 @@ struct __packed tss64 {
>>      uint16_t :16, bitmap;
>>  };
>>  struct tss_page {
>> -    struct tss64 __aligned(PAGE_SIZE) tss;
>> +    uint64_t __aligned(PAGE_SIZE) ist_ssp[8];
>> +    struct tss64 tss;
>>  };
> Just curious - any particular reason you put this ahead of the TSS?

Yes.  Reduced chance of interacting with a buggy IO bitmap offset.

Furthermore, we could do away most of the IO emulation quirking, and the
#GP path overhead, if we actually constructed a real IO bitmap for
dom0.  That would require using the 8k following the TSS.

~Andrew

References:
- [PATCH 00/16] x86: Support for CET Supervisor Shadow Stacks
  - From: Andrew Cooper
- [PATCH 08/16] x86/shstk: Create shadow stacks
  - From: Andrew Cooper
- Re: [PATCH 08/16] x86/shstk: Create shadow stacks
  - From: Jan Beulich

Prev by Date: [PATCH] x86emul: extend x86_insn_is_mem_write() coverage
Next by Date: [PATCH] x86/hvm: simplify hvm_physdev_op allowance control
Previous by thread: Re: [PATCH 08/16] x86/shstk: Create shadow stacks
Next by thread: [PATCH 02/16] x86/traps: Clean up printing in do_reserved_trap()/fatal_trap()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.