[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 00/14] x86: Support for CET Supervisor Shadow Stacks

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 27 May 2020 20:18:33 +0100
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 27 May 2020 19:19:46 +0000
  • Ironport-sdr: ljXFLm6vJNGuhH71VFga8ld5yUtQeikwNp2tlkhaq8oVuyij+A1TdxM7HaHaOeTzmRI0VV0Zng HPQ13O3QjuMhFyqsliSE9jkK/Ce6AvmjGeUJepoaWmrpp4JfUzKmXdGJkbqvc7Q7Jhdx9do5UB emcVV+uXPT4q3xgZ/xY8QjEMkUBayoYw1RdyT4cZ0tF3ltQDIcv9MUiKnqtvjlD3kq+MfHX42g MxgWRqulkEy6NI10dLzawMQC/ucVuUk/qbDFYjDht43OowdxWcaRE8p1ZcoNWlWNu0QNRjafMQ 3ac=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
This series implements Shadow Stack support for Xen to use.

You'll need a CET-capable toolchain (Binutils >= 2.29 or LLVM >= 7), but no
specific compiler support required.

CET-SS makes PV32 unusable, so using shadow stacks prevents the use of 32bit
PV guests.  Compatibilty can be obtained using PV Shim.

See patches for individual changes.

Andrew Cooper (14):
  x86/traps: Clean up printing in {do_reserved,fatal}_trap()
  x86/traps: Factor out extable_fixup() and make printing consistent
  x86/shstk: Introduce Supervisor Shadow Stack support
  x86/traps: Implement #CP handler and extend #PF for shadow stacks
  x86/shstk: Re-layout the stack block for shadow stacks
  x86/shstk: Create shadow stacks
  x86/cpu: Adjust enable_nmis() to be shadow stack compatible
  x86/cpu: Adjust reset_stack_and_jump() to be shadow stack compatible
  x86/spec-ctrl: Adjust DO_OVERWRITE_RSB to be shadow stack compatible
  x86/extable: Adjust extable handling to be shadow stack compatible
  x86/alt: Adjust _alternative_instructions() to not create shadow stacks
  x86/entry: Adjust guest paths to be shadow stack compatible
  x86/S3: Save and restore Shadow Stack configuration
  x86/shstk: Activate Supervisor Shadow Stacks

 docs/misc/xen-command-line.pandoc   |  25 ++++
 xen/arch/x86/Kconfig                |  18 +++
 xen/arch/x86/acpi/wakeup_prot.S     |  58 +++++++++
 xen/arch/x86/alternative.c          |  14 +++
 xen/arch/x86/boot/x86_64.S          |  35 +++++-
 xen/arch/x86/cpu/common.c           |  39 +++++-
 xen/arch/x86/crash.c                |   7 ++
 xen/arch/x86/mm.c                   |  46 ++++---
 xen/arch/x86/setup.c                |  56 +++++++++
 xen/arch/x86/smpboot.c              |   3 +-
 xen/arch/x86/spec_ctrl.c            |   8 ++
 xen/arch/x86/traps.c                | 239 ++++++++++++++++++++++++++----------
 xen/arch/x86/x86_64/compat/entry.S  |   1 +
 xen/arch/x86/x86_64/entry.S         |  50 +++++++-
 xen/include/asm-x86/asm_defns.h     |   8 +-
 xen/include/asm-x86/config.h        |   5 +
 xen/include/asm-x86/cpufeature.h    |   1 +
 xen/include/asm-x86/cpufeatures.h   |   1 +
 xen/include/asm-x86/current.h       |  60 +++++++--
 xen/include/asm-x86/mm.h            |   1 -
 xen/include/asm-x86/msr-index.h     |   3 +
 xen/include/asm-x86/page.h          |   1 +
 xen/include/asm-x86/processor.h     |  60 ++++++---
 xen/include/asm-x86/spec_ctrl_asm.h |  16 ++-
 xen/include/asm-x86/x86-defns.h     |  35 ++++++
 xen/include/asm-x86/x86_64/page.h   |   1 +
 xen/scripts/Kconfig.include         |   4 +
 27 files changed, 664 insertions(+), 131 deletions(-)

-- 
2.11.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.