[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 14 Feb 2022 13:10:41 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gjteq4o6ekOhtftPo0iUqz/+mLLuuNCqewER07oN4P8=; b=hCXZhO1ZaFsw7D8isrfZfEqtiujvOXXKsm7Oeh9w39GkejNiDvZ3rdVpuikVE3gaRI+k1lq5fGYaRFlogbh6X6q3pjENhEeanvrLXVQct6rmfmqGmJSHhPbyNB9lD4JrUhdmdcug+aBTSpTAYEO30+eH7LLOu5ya1v3WqGGAu92p2y3TPm1Hpwmnk61MYRhNNzhYvTSAwU138KMBEAV0nFa0Bq/OPxD32/H359MVi5R6Sgw/rmm4u8Q2UIYdrGJE5LxlrWYoyocILKnU8efj4KBSUoFLWjDLA62WM2cLynD6BkHHydkWLb+fi6hTUl1ZbF691U/kXMMAcskjonmOtA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XJjqPJd+g8G4O16hgABXbx9yZKnsgx3Cl/7TeFdry+HEtmDu1Ms5fZTRw+Nn1XZIEc7yUl1JhYg20DWT0qUzN4b8T78r7/cWPGUp7zfsksmGJD43u9lu2+Vokkka+Gjo991zH8QuGADORXaJeVdKLpwHZSl+zOGLtNsEx3cNpwwQ7jEGGtihMWtGms5urRXK6Pv+rI40/0jfxPVF45ycWhX3kwqdL/Kv2CgHA+snzhFH3XSwES8pjbsN2BpqrAoIpZ37YSSscEmkO5NWi/UaU9ONQH2TL9kGjQnrf9s7pvVTbwOTjXEEZD9UHHF0CWZ7l1Lkz6y/tKhQ/5XQ5aeCDg==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Jan Beulich <JBeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 14 Feb 2022 13:10:54 +0000
  • Ironport-data: A9a23:H5wrZayFi0HmngOUiPR6t+d7wCrEfRIJ4+MujC+fZmUNrF6WrkUHm 2dJCm6Fb/2NZzH2KN0nbI/noUNT75XSzNM3TgQ/riAxQypGp/SeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnvopW1TYhSEUOZugH9IQM8aZfHAhLeNYYH1500g7wbdl2tcAbeWRWGthh /uj+6UzB3f9s9JEGjp8B3Wr8U4HUFza4Vv0j3RmDRx5lAa2e0o9VfrzEZqZPXrgKrS4K8bhL wr1IBNVyUuCl/slIovNfr8W6STmSJaKVeSFoiI+t6RPHnGuD8H9u0o2HKN0VKtZt9mGt9t47 d5IhIe6ciEgB5eSkbUxVTJHHAgraMWq+JefSZS+mcmazkmAeHrw2fR+SkoxOOX0+M4uXzsIr 6ZBbmlQMFbT3Ipaw5riIgVoru0lINPmI8U0vXZ4wCuCJf0nXYrCU+PB4towMDIY2JwXQaeON pBxhTxHZiXKXDplGQkrMLUSjsz1tEX0NB51kQfAzUYwyzeKl1EguFT3C/LXdcaNXt59hVuDq yTN+GGRKhMHMN2SzxKV/3TqgfXA9Qv+UZgXHae19dZrhkOS3W0ZDBAKVVq9ruK9g0T4UNVaQ 2QY4jErrLQy3EWzQ8PhQgajp3qZoh8bXcEWGOo/gCmv4KfJ5weSBkAfUyVMLtchsaceVTEsk 1OEgd7tLThuq6GOD2KQ8K+OqjG/MjRTKnUNDQcbSSMV7t+lp5s85jrUVcpqGqOxitzzGBnzz iqMoSx4gK8c5fPnzI3iowqB2Wj14MGUEEhlvW07Q15J8CtybauuYr2z42P95M96co/IYl+qo 3ctzp32AP81MbmBkymEQeMoFb6v5uqYPDC0vWODD6XN5Bz2pSf9INk4DCVWYR4wb51aIWOBj Fr75FsJjKK/KkdGekOej2iZL80xhZbtGt3+Phw/RoofO8MhHONrEcwHWKJx44wPuBV2+U3cE c3CGSpJMZr9If45pAdav89HjdcWKtkWnAs/v6zTwRW9yqa5b3WIU7oDO1bmRrlnsP/b8FWIr o4GbJHiJ/BjvArWOHe/zGLuBQpScShT6W7e96S7idJv0iI5QTp8Wpc9MJsqepB/nrQ9qws71 irVZ6Os83Km3SevAVzTMhhLMeqzNb4i/SNTFXF9Zj6Ahil8CbtDGY9CLvPbi5F8r7c9pRO1J tFYE/i97gNnFGiWpWRFNcOlxGGgHTzy7T+z0+OeSGFXV7ZrRhDT+8+ieQ3q9SIUCTGwu9d4q Lqlvj43i7JZL+i7JMqJOv+p0X2run0RxLB7U0fSe4EBc0Tw6ol6bSf2i6Zvcc0LLBzCwBqc1 hqXXkhE9bWc/ddt/Ymbn72AoqeoD/B6QhhQEV7E4OvkLiLd5Gein9NNCb7aYTDHWWro06y+f uEJnerkOfgKkQ8S4YpxGrpm14wk4N7rq+MIxwhoBiyTPV+qFqlhMj+N2swW7v9BwbpQuA2XX EOT+4YFZeXVaZ29SFNIfVgrdOWO0/0QiwL+1/VtLRWo/jJz8ZqGTV5WY0uGhhtCIeYnK4gi2 +og5pIbslTtlhowP9+apSlI7GDQfGcYWqAqu5xGUo/mjg0nlgNLbZDGU3Kk5ZiOb5NHM1UwI y/Sj63H3uwOyk3Hens1NH7MwesC2she5EEUlAcPdwaTh97Ipv4rxxkAoz04QzNcwghDz+8ua HNgMFd4JPnW8jpl7CSZs7tAx+2V6MWlx3HM
  • Ironport-hdrordr: A9a23:XFMRdKh3bdeGPvrg8W1JfGP4Q3BQXtgji2hC6mlwRA09TySZ// rBoB17726MtN9/YhEdcLy7VJVoBEmskKKdgrNhW4tKPjOW21dARbsKheCJrgEIWReOktK1vZ 0QFJSWY+eQMbEVt6nHCXGDYrQd/OU=
  • Ironport-sdr: tHlTv38JLab9bUI9A+a6q9S+zbLJ6lUMZ7iVN/xfBWm6EKu0gblU1eEH8JJFMJbQxmvsHKfl0a jKDgHEJND+K1ZQdtSsaZZeRh69shZzoikndwHJ+exsUylcNMSiI/qc0ptAOTBPJclDpe1eQavP FPLJT/FXq3a0SulLYuVdg+xq/g1GBEvdQ7W+pD0ZdwdwMWKzeWMAWWYF28LEV7CaKplGyuN0Y4 VOZOCXxpfg3r6q3XurFJq6DC1aKTRPMSrLLv38MJiJrc9lR718IJ63onRnj9aouytw/9iPXGSC qEEsfdX24C8OLMVSlmo1+kjF
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYIaGi+1XAXGQfKUGTLygtpBu/SKyTBUWA
  • Thread-topic: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking
On 14/02/2022 12:50, Andrew Cooper wrote:
> CET Indirect Branch Tracking is a hardware feature designed to protect against
> forward-edge control flow hijacking (Call/Jump oriented programming), and is a
> companion feature to CET Shadow Stacks added in Xen 4.14.
>
> Patches 1 thru 5 are prerequisites.  Patches 6 thru 60 are fairly mechanical
> annotations of function pointer targets.  Patches 61 thru 70 are the final
> enablement of CET-IBT.
>
> This series functions correctly with GCC 9 and later, although an experimental
> GCC patch is required to get more helpful typechecking at build time.
>
> Tested on a TigerLake NUC.
>
> CI pipelines:
>   https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/470453652
>   https://cirrus-ci.com/build/4962308362338304
>
> Major changes from v1:
>  * Boilerplate for mechanical commits
>  * UEFI runtime services unconditionally disable IBT
>  * Comprehensive build time check for embedded endbr's

There's one thing I considered, and wanted to discuss.

I'm tempted to rename cf_check to cfi for the function annotation, as
it's shorter without reducing clarity.

Changing now (i.e. before I commit) is easy.  Once committed, changing
is far harder.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.