[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Fri, 26 Jun 2020 16:49:03 +0200
Cc: Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 Jun 2020 14:49:08 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.06.2020 16:46, Andrew Cooper wrote:
> On 26/06/2020 15:26, Jan Beulich wrote:
>> On 26.06.2020 15:59, Ross Lagerwall wrote:
>>> On 2020-06-26 13:24, Andrew Cooper wrote:
>>>> @@ -56,18 +57,48 @@ int arch_livepatch_safety_check(void)
>>>>      return -EBUSY;
>>>>  }
>>>>  
>>>> -int arch_livepatch_quiesce(void)
>>>> +int noinline arch_livepatch_quiesce(void)
>>>>  {
>>>> +    /* If Shadow Stacks are in use, disable CR4.CET so we can modify 
>>>> CR0.WP. */
>>>> +    if ( cpu_has_xen_shstk )
>>> Should this be:
>>>     if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk )
>>>
>>> to match arch_livepatch_revive?
>> While it may look a little asymmetric, I think it's preferable
>> to is IS_ENABLED() only where really needed, i.e. here it
>> guarding code that otherwise may not build.
> 
> The reason for the asymmetry is because of the asm() block, which needs
> compiling out when we detect that we don't have a compatible assembler.
> 
> I was wondering whether I should make cpu_has_xen_shstk be false for
> !CONFIG_XEN_SHSTK, but that would be 4.15 work at this point.

Ah yes, this might then help with other code as well.

Jan

References:
- [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Jan Beulich
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper

Prev by Date: Re: [PATCH for-4.14] changelog: Add notes about CET and Migration changes
Next by Date: [PATCH] build: tweak variable exporting for make 3.82
Previous by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.