[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/4] x86: Further harden function pointers


  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 26 Nov 2021 21:22:54 +0000
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 26 Nov 2021 21:23:33 +0000
  • Ironport-data: A9a23:kbYFRaBESjPj0BVW/7Lkw5YqxClBgxIJ4kV8jS/XYbTApGgkgWQEy DdLXGGOMvncY2byKIolbd/k8kIH7JSEmIc2QQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WLGs1hxZH1c+EX5400w7wYbVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/rjjSkNRKl tJ3hYGKez8GDpeVqs8xekwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTY+9gnMk8auLsO5sSoCpIxjDFF/c2B5vERs0m4PcFjG1p2Z8XTJ4yY eIjNCJhdBrOTiZ3GW4nDK4xx+GDoGPgJmgwRFW9+vNsvjm7IBZK+LTiPNfaYNWiWdRenkHeo HnPuWv+HHkyOMSEzDuZ8lqlnuLVgT7gQ4UWCaG58fhxxlaUwwQ7DRQMUFKhrPqRi0igWsleI UgZ5iovq6cp8EWhCNL6WnWQsHOC+xIRRddUO+k78x2WjLrZ5R6DAWoJRSIHb8Yp3OcUbzE30 l6Cn/vyGCdi9raSTBq16bO8vT60fy8PIgc/iTQsFFVfpYO5+cdq00yJHo0L/LOJYsPdPDyrz DSx8i8Et6gpv/Yk55/iz3vrqmf5znTWdTId6gLSV2Ojywp2Yo+5eoClgWTmAeZ8wJWxFQfY4 iVd8ySKxKVXVMzWynTRKAkYNOjxv67tDdHKvbJ483DNHRyJ8mXrQ41f6SoWyKxBYpddIm+Bj KM+VGpsCH5v0JmCMf8fj2GZUZ1CIU3c+TLNDKi8gj1mOMUZSeN/1HsyDXN8Jki0+KTWrYkxO I2AbeGnBmsABKJswVKeHrlGju52n31lnzmNGvgXKihLN5LEPxZ5rp9fbTOzgh0RtvvY8G05D f4DXyd19/mveLKnOXSGmWLiBVsLMWI6FfjLRz9/LYa+zv5dMDh5UZf5mOp5E6Q8xvg9vrqYr xmVBx4DoHKi1CKvFOl/Qi06AF8Zdc0k9ixT0O1FFQvA5kXPlq7ztvpCLMVuIuF8nAGhpNYtJ 8Q4lwy7KqwnYlz6F/41NPERdaRuK0amgxygJS2gbGRtdpJsXVWRqNTlYhHu5G8FCS/u7Zkyp Lip1wX6R5sfRls9UJaKOaz3l17h72IAnO9SXlfTJoUBckvb74U3eTf6ieU6Ip9QJEyblCeaz QufHTwRufLJ/90u6NDMiK3d99WpHuJyE1B0BW7e6brqZyDW8nD6md1LUfqSfCCbX2Txof3wa eJQxvD6EfsGgFcV7NYsT+c1lfozvoK9qaVbwwJoGGTwQ26qUr4wcGOb2cRvt7FWwuMLswWBR U/SqMJRPq+EOZ25HQdJdhYldOmKydodhiLWsaYuOEz/6SJ6oOiHXEFVM0XegSBRNuIoYoYsw ONns88K8Q2vzBEtN4/e3CxT8m2NKF0GUrkm6c5GUNO61FJzxwEQe4HYBw/3/IqLOodFPUQdK zOJgLbP2uZHzU3YfntvTXXA0IKxX3jVVMymGLPaG2m0pw==
  • Ironport-hdrordr: A9a23:VallV6NgLl12pMBcTs+jsMiBIKoaSvp037Eqv3oRdfUzSL3/qy nOpoV96faaskdzZJhNo7+90cq7MBfhHPxOkOss1N6ZNWGM0gbFEGgL1/qa/9SKIU3DH4Bmu5 uIC5IObeHNMQ==
  • Ironport-sdr: Lk26teUFy4kLo+qVce/xxjjagqWPwvW4AMyBS4i1p2JDwgaBjsJx6yXIPc3x+wV4IGnwKV/aiv FFY8bzwZc9tOW/7hNqI5lF3D+ayvLpC+RKfguw6H58/AZ8bHuvqqMJBDxss9FGXM60PE8J3Uh+ gPf1jyWyUF1CqazC5WkRmWz97dg6DUJFqe3mr+uJpNCOcee02eLfDbhz+u/z2kpTpc9Z2ehBjn XQPgmQamX160ksY6e+EwDRGPNCKBOvzGpgbNii89TAKHi6JHlzqUiNOE9nY6qmYbWWOuIlydli WbKE0tFdf+e9TLqZ0MC7ZJ/F
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Slightly RFC, because patch 2 has some minor structure (ab)use, but the result
works alarmingly well.  So far, this demonstrates converting two subsystems.

hvm_funcs is the other area of especially low hanging fruit, but IOMMU, vPMU
also look like good candidates.  Anything which is partially altcall'd already
would benefit from being fully altcall'd.

Should we consider introducing __ro_after_init right now (as an alias to
__read_mostly) as this conversion is touching a lot of ares where true
post-init immutability ought to be enforced.

Andrew Cooper (4):
  x86/altcall: Check and optimise altcall targets
  x86/altcall: Optimise away endbr64 instruction where possible
  xen/xsm: Use __init_data_cf_clobber for xsm_ops
  x86/ucode: Use altcall, and __initdata_cf_clobber

 xen/arch/x86/alternative.c           | 60 ++++++++++++++++++++++++++++++++++++
 xen/arch/x86/cpu/microcode/amd.c     |  2 +-
 xen/arch/x86/cpu/microcode/core.c    | 38 ++++++++++++-----------
 xen/arch/x86/cpu/microcode/intel.c   |  2 +-
 xen/arch/x86/cpu/microcode/private.h |  2 +-
 xen/arch/x86/xen.lds.S               |  5 +++
 xen/include/xen/init.h               |  2 ++
 xen/xsm/dummy.c                      |  2 +-
 xen/xsm/flask/hooks.c                |  2 +-
 xen/xsm/silo.c                       |  2 +-
 10 files changed, 93 insertions(+), 24 deletions(-)

-- 
2.11.0




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.