[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 5/3] x86/vPMU: Harden indirect branches

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 1 Dec 2021 09:06:12 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vVie5wls5q4W79m2RL9G501fduxg5o1eY5f0Lef2o1U=; b=QxMnsp62woBimHu06UjQ1e7SZLNvV3gzhTi5qAcV98NTx9gNLEPfFJ0op8CTpnFSi71ZnzyUseKOsYxm/9a9roLLy6OTE6nWszymVdsAjdfFG+EYtQVSmaBvFaLZCbOfXvh8Vp4k4k63jawAVTcvwFkB+NOjmtBkEugpdh2sUdSUVFk+ahNjQFx3Be6sm30NjJ1vzywpZa5bjrQE8IYxMN/DTqHLrrzB38oa8FOSq3vBHFlZxxsHwQ7RTc+U2l85GqAUokj3l+UOG19zYpWcLQeNqHWb/xY4zxi5z9/uonygBQUnqXVbvh+pIaejkzyO8oXntt+dBXdFOOVgtCAGtQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jcCacMS5EUKiWPSmw6o+fF+2WrSwNR5angMydp0ju18K0PrGNCCpmD1RL9nHEhx0iqznPCNlNooXFa7J95ll9HW2WY+ex2mNdJvYUhKDmRf5FEBSBRY5p4ufEHqIkoky/p1aPUAHFPtA5JVOO0932kyNiUZSzFKfWJ1trnbmBUs/IGJJBbd7BjeZFD6pvlhd4OsVTHSZtXz2bogOXJD+xFM+EfgcwbCK82IK5e2Vt9ZTwaqen+GU7K+aqlAavbolk7//DV+z9+JzHYI5aIdAlIaUrAmIFhVkEgZnEv8ESRHnDaQwgN34blmh5J7HEg1CqaUC1ZmBCHd4gl6EjFGLHA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 01 Dec 2021 08:06:34 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 30.11.2021 23:05, Andrew Cooper wrote:
> --- a/xen/arch/x86/cpu/vpmu_amd.c
> +++ b/xen/arch/x86/cpu/vpmu_amd.c
> @@ -518,7 +518,7 @@ static int svm_vpmu_initialise(struct vcpu *v)
>      return 0;
>  }
>  
> -static const struct arch_vpmu_ops __initconstrel amd_vpmu_ops = {
> +static struct arch_vpmu_ops __initdata_cf_clobber amd_vpmu_ops = {

This depends on an uncommitted patch (introducing the annotation)
and hence is a little difficult to review without a pointer to that
patch (which doesn't look to have "cf_" in its subject, and I didn't
recall anything else to search for in my mailbox). The main question
I see here is whether it's warranted to drop the const: I'd like to
retain it if at all possible, just to document that the structure
doesn't get modified at runtime (read: initialization time).

Later... I've spotted it in my to-be-reviewed folder; it's
"x86/altcall: Optimise away endbr64 instruction where possible".
There's no discussion there either about const. Iirc the reason we
need __initconstrel alongside __initconst is for older tool chains
complaining about section conflicts. If that's right, for CET-IBT
we need relatively new tool chains anyway. Hence the mixing of
const and non-const within a section may not be an issue. IOW with
newer tool chains all could go in a single section; we'd need two
separate annotations only for older tool chains (falling back to
__initdata or __initconstrel). Of course at that point it might be
easier to have both .init.data.cf_clobber and
.init.rodata.cf_clobber in the first place, grouped together by
the linker script.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.