[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 62/65] x86/entry: Make IDT entrypoints CET-IBT compatible

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 3 Dec 2021 14:32:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zb7cm9reoOABpbeZcWOi636UrNj1FmHcrdrZtUHPBoU=; b=efdUoGqPhwdHi9gH8xq6xprEcSu8LK98cDEZ5zSaaNSUttjm4lRoeZX4nDlkuphBWp9WjMtrCG/oOD4kbsB7FU1AOQTnmYbjFxFX51cuJtv2kIEBoneUGbnn7t+CK+WRj4N07OfINPjfODhcK08FwTn2YKakc6fwu4RSVkc+Ifi9Q4T6hZWkuYyGaoy+BC//ZcvWv5nHDDaNKCqvY10KUpskjbDjWagf98ymvOow0XKKEVoMPEnBNwJ4CHZs5O04Y2LfCAeMjvaepJE+FMR9zJoE7K11K7GnD3N0QYaF+emztBS4bqXDBfDTzFtxRqFIOKolvaIpwASDcJXmNdyQpA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I8UpvYNlwl08JamvKz/I6q0dcEHPmjCq8VXnrgWQVSq5Wm50h38ttgSfJFjJM/S5vj7Ef5Rq/ejH9Juw9JWynqXaqVc2HGx4rlWxjIVqWm5j4LFyS+grifsijG2XpuEIFj85eVBmy+giIFhB1VB6HSgk25I6xGRcGT1tdNz0r5YnIU7O8TB04w3pbTkTy3LWS9w/NBl9iq5KAlh4ManWQloa+FAfyJxu6KVxEUFyvnfghi1PlNnIO2c1NVh0RF2fRtSoMLMR3zVvjyDKo2Bo0J6sTfoAaRAsW3mrV85qap3JoMlkTPC6L9dKJdDvfNaFU80Rc9wsIW8LpwPzihZyEA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 03 Dec 2021 13:33:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26.11.2021 13:34, Andrew Cooper wrote:
> Each IDT vector needs to land on an endbr64 instruction.  This is especially
> important for the #CP handler, which will escalate to #DF if the endbr64 is
> missing.

One question here: How does this work? I don't recall there being any "CET
shadow" along the lines of "STI shadow" and "SS shadow", yet there's
clearly an insn boundary here that gets "skipped" if the 2nd #CP gets
converted to #DF. And fetching of the first handler insn also isn't part
of exception delivery (and could cause other exceptions first, like #PF).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.