[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 14 Feb 2022 14:15:39 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+/M+up3u21H5aCWSuyMDsIZV5CyiRJCxmfayMhFC+LY=; b=DO77sHGifZ53GE7eClct7b60ybhRjwIAdJrU+u3okD4jZRHBvoU5j1dXIm23D6es3hkSp7Eng5LL05YEbIQ/g8KaNxU8U+obOGXlGQclzUeomTvRYAE9X1K1oeWpWJf4UtBowaDe+KLBbP4welGnTGh6P4mTORhxx/MPa+lL+d5RAced4LSYNcpszDw15BqnqplqWjlVk7x54fvP/LPqb3B1sY+RgnVfNBiRj8rCm35ep7De238Fmdvbk8S11+5lVvuGcs131yLrX62B/0+rpnh8MTyZWS/4CqSijwwFI51vMeefXlNsxTFPI59rvl8wJSmG1lKnE1wY3XGM65iwGA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KdUvfzn/gNDDTqISoKDgW/A1CyrjPk+6othe6DG6BPhWwPhrun34qF2S/1oGSSKMe9X4bASyiKHw4vq+gP82+dohs9RVGhck/xUYBSoucEX8vo1dFRO+aGWJoJlDNviEAqt1r+/QhgbT0Cpy2RQG8DA02+rcox8qhO1KzeDpmL+zi/aAtRLR825GU07eAtLT5oh4llk+OitRqEtiWw8BkB1+lLF5YtyfUnZodK1XEkNLjr9CEJeWkt8i5aT9MNLghuQJiXUpnJeW7vP5T1hgWD2UglDnRFuSyRmZx+2dOodPVqift1V3N6ApYiLbuX9Xh1UZ4QMvYtyoJ9EQF1jPhQ==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 14 Feb 2022 14:16:19 +0000
  • Ironport-data: A9a23:I4yj2qOVvHbVHgfvrR3zkcFynXyQoLVcMsEvi/4bfWQNrUp0hTxTy GYZWm3TbvmNYmemKdFwYdm1oENTscOGzIVjSQto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdpJYz/uUGuCJQUNUjMlkfZKhTr6UUsxNbVU8En1500s/w7RRbrNA2rBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKk3N6CpR0YUd6EPdgKMq 0Qv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYowSqzstX2 tJpj7e9ZTUZH4mRlro+bjANRkmSPYUekFPGCX22sMjVxEzaaXr8hf5pCSnaP6VBpLwxWzsXs 6VFdnZdNXhvhMrvqF6/YsBqit4uM4/AO4QHt2s75TrYEewnUdbIRKCiCdpwgmlr1pkeRaq2i 8wxQB5FZw3jTxpzH0oNNM09vOr4qULQfGgNwL6SjfVuuDWCpOBr65DhKMHQe8CKbcxNk1yEu 3nd+GDkHhAdMsfZwj2AmlquifXIhjjTQ58JGfuz8fsCqE2ewCkfBQMbUXO/oOKlkQiuVtRHM UsW9yEy668o+ySDS9DnWhSirX2svxgCWsFRGek39AGMzKXP5w+TQGMDS1Zpc8c6vcU7QTgr0 F6hnN7zAzFr9rqPRhq19L2ZsDezMig9NnIZaGkPSg5ty9v+pIA+iDrfQ9AlF7S65vXqHRngz jbMqzIx74j/luZSif/9pwqexWvx+N6ZFWbZ+zk7QEqUzVJiQpyiQ7aD5HTp3ddkcYjHbWSo6 S1sd9el0MgCCpSElSqoSeoLHa206/vtDAAwkWKDDLF6qW3zpifLkZR4pWgneRw3appslSrBP ReL0T698qO/K5dDgUVfR4uqQ/onwqH7fTgOfqCFN4EeCnSdmeLuwc2PWaJy9z23+KTPuftmU Xt+TSpLJSxEYZmLNBLsG48gPUUX7i4/33jPYpvw0g6q17GTDFbMF+tZbwveM71htfjeyOkwz zq4H5HUoyizrcWkOnWHmWLtBQxiwYcH6WDe9JUMK7/rzvtOE2A9Ef7BqY7NiKQ+95m5Ytzgp ynnMmcBkQKXrSSedW2iNyAyAJuyDM0XhS9qYkQR0aOAhiFLSZyx950Wa5ZfVeBhrISPO9YvF KJbEyhBa9wSIgn6F8M1M8Ws8tw6LE7z7e9MVgL8CAUCk1dbb1Wh0vfvfxf19TlICSyytMAkp Kan2B+dSp0GLzmOxu6NN5pDFnu94ioQnvxcRUzNLoUBcUng6tEyeSfwkuU2M4cHLhCanmmW0 AOfABE5o+jRotBqrImV1P7c94r5QfFjGkd6HnXA6erkPyft4Wf+k5RLV/yFfG6BWTqsqrmif +hc09r1LOYDwARRq4N5HrsylfA+6tLjqqV01ANhGHmXPV2nBqk5eiuN3NVVt70Lzbhc4FPkV kWK89hcGLOIJMK6TwJBeFt7NryOjKhGlCPT4PI5JFTByBV2pLfXA19POxSsiTBGKOcnOo0S3 up86tUd7Bayi0R2P4/e3DxU7WmFMlcJT74j6sMBGIbuhwcmlgNCbJjbBnOk6Z2DcYwRYEwjI zvSj6venbVMgEHFdiNrR3TK2ONcg7UIuQxLkwBedwjYxIKdi69lxgBV/BQ2Uh9Rn0dO3O9EM 2R2M1F4ePeV9DByickfB22hFmmt3vFCFpAdH7fRqFDkcg==
  • Ironport-hdrordr: A9a23:csp9jK2fSwGHTjPY+aF5kAqjBRZyeYIsimQD101hICG9Lfb2qy n+ppgmPEHP5Qr5AEtQ5OxpOMG7MBbhHQYc2/heAV7QZnibhILOFvAi0WKC+UyuJ8SazIBgPM hbAtFD4bHLfDtHZIPBkXOF+rUbsZm6GcKT9J/jJh5WJGkAAcAB0+46MHfhLqQffngdOXNTLu v52iMznUvHRZ1hVLXdOpBqZZmgm/T70LbdJTIWDR8u7weDyRmy7qThLhSe1hACFxtS3LYL6w H+4k/Ez5Tml8v+5g7X1mfV4ZgTssDm0MF/CMuFjdVQAinwizyveJ9qV9S5zXIISaCUmRMXee v30lAd1vdImjXsl6aO0ELQMjzboXITArnZuAelaDXY0JfErXkBerV8bMpiA2XkAgwbzYxBOe twrhKkX9A8N2KwoA3to9fPTB1kjUyyvD4rlvMSlWVWVc8EZKZWtpF3xjIeLH4sJlOz1GkcKp gkMCgc3ocjTXqKK3TC+mV/yt2lWXo+Wh+AX0gZo8SQlzxbhmpwwUcUzNEW2i5ozuNwd7BUo+ Dfdqh4nrBHScEbKap7GecaWMOyTmjAWwjFPm6eKUnuUKsHJ3XOoZjq56hd3pDmRLUYiJ8p3J jRWlJRsmA/P0roFM2VxZVOtgvARW2sNA6dg/22J6IJzIEUaICbQxFreWpe5PdI+c9vcfEzc8 zDTa5rPw==
  • Ironport-sdr: ssp5zLyMpGHiFHZg68k1FMhQVjOexb27ZwAJydK4YOsVZybZ471Rmd4ovej8s9aCLJb0bPLNyw Zcm5IDYYi5sQ4Snf1iVdWStvxkwAtoxCkxdalY0NEmk8tbH3t1psYfOVyQLRPdV6dwmsaNirKg 4TEsQSqcI7hgjar84wl8F+Ww89VojC0o4kSvzcPVuZ70VxVe2A2jsbrTrVY34lhcxG2te+hiEx 7CSzrC7oKc5Amz1mRSPxJG9w9AhRoZysWn4ygqy8Y3SOZqQ41MIZNIaYzXfQ175HAidYI6+I4L ZBDVN7zjwTVT6Kw9nHj/cLBW
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYIaGi+1XAXGQfKUGTLygtpBu/SKyTBUWAgAAJC4CAAAkaAA==
  • Thread-topic: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking

On 14/02/2022 13:43, Jan Beulich wrote:
> On 14.02.2022 14:10, Andrew Cooper wrote:
>> On 14/02/2022 12:50, Andrew Cooper wrote:
>>> CET Indirect Branch Tracking is a hardware feature designed to protect 
>>> against
>>> forward-edge control flow hijacking (Call/Jump oriented programming), and 
>>> is a
>>> companion feature to CET Shadow Stacks added in Xen 4.14.
>>>
>>> Patches 1 thru 5 are prerequisites.  Patches 6 thru 60 are fairly mechanical
>>> annotations of function pointer targets.  Patches 61 thru 70 are the final
>>> enablement of CET-IBT.
>>>
>>> This series functions correctly with GCC 9 and later, although an 
>>> experimental
>>> GCC patch is required to get more helpful typechecking at build time.
>>>
>>> Tested on a TigerLake NUC.
>>>
>>> CI pipelines:
>>>   https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/470453652
>>>   https://cirrus-ci.com/build/4962308362338304
>>>
>>> Major changes from v1:
>>>  * Boilerplate for mechanical commits
>>>  * UEFI runtime services unconditionally disable IBT
>>>  * Comprehensive build time check for embedded endbr's
>> There's one thing I considered, and wanted to discuss.
>>
>> I'm tempted to rename cf_check to cfi for the function annotation, as
>> it's shorter without reducing clarity.
> What would the 'i' stand for in this acronym?

The class of techniques is called Control Flow Integrity.

>  Irrespective of the answer
> I'd like to point out the name collision with the CFI directives at
> assembler level. This isn't necessarily an objection (I'm certainly for
> shortening), but we want to avoid introducing confusion.

I doubt there is confusion to be had here.  One is entirely a compiler
construct which turns into ENDBR64 instructions in the assembler, and
one is a general toolchain construct we explicitly disable.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.