[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 06/70] x86: Introduce support for CET-IBT
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Wed, 16 Feb 2022 21:54:56 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4CdaV5XZvvzfZn3L7inuYC3WF1kLNIJVIbm73IUmq90=; b=WteRwn7ARCpIrX5kbMLVWCmvUtfbHRLZCuSZVYVQq3UKIu8FcxdJYjru+ykXvmZ0QDJAYIsuunBKK5b2TidFsZKunSwM1baJJEARKl0qUsOAl6Vc+qhLT/6y/2fMNgfpQC+hB7+Ho6lplrJP/NDAjUWXNgrpMAtHitKWTNCWbo/J1efpWL2suS0PyTjwk4h0Huvu1XCq8FciFrDukkxcRjcZ5Ai717Ez2vLGGFqyA+KZA49hPxByopDC7OmANqq2g16sae0ev3s64GK3OZju0gcKboBMPNuHreV8RJbIYdmz/RM0XJ8PwN+IzlfjjVBfhd+y4MJynwUArz/UaDJ0pw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i050TjaqKDpNXd2M9VDRkxYWurWrEGo546q8gZs4EsCvhevMf+mdO1ungpDViTGtabpKJv/TRO6EhQODQftOkojBmAa+EQ1ILgGArIc8Cn9ChYKcC/IxfPuquNbBJWFTFPXPyF7ejh3j4/eSKADP2jJ1BOkQ/Vf6NWafQYiRN28u1si2sz7fEdHjJTju1lGFl3DyXqAWfLv84+EpB505eLALpPlAenu2QNVFaebN1EcKXakEZHrLWFqcpwwSLa0B19miExZT8gWVb+Q2G45kwh8xFPloSE8lPayTc4gsYyTOTSyoa1twmIbCR39tNBhhWnviVutxgpDFd4Yad24ZLQ==
- Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 16 Feb 2022 21:55:17 +0000
- Ironport-data: A9a23:7yQ6jqKrkBOON2VMFE+RCpIlxSXFcZb7ZxGr2PjKsXjdYENShDMHz mIcCmmPbKzbYTf9Kt5yOYXl90kHvpWBnddiHQRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUakideSc+EH170Ug6xbZj6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB3OuM5g0 dBGi6W0ClsOYOrGwvtCVh1hRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Gls3JAVQaqFD yYfQShycEraYgNlAHssVJAws+q1q13iVhQN/Tp5ooJoujOOnWSdyoPFINfTP9CHW8hRtkKZv X7duXT0BAkAM96SwibD9Wij7sfQmQvrVYRUE6e3ntZoilCOwm0YCDUNSEC25/K+jyaDt8l3c hJOvHB09O5rqRLtHoKVswCETGCs+TkCSsNVGNMD7ELR7fST6VyGWW0Ad2sUADA5j/MeSTsv3 16PutrmAz1zrbGYIU6gGqeoQSCaYnZMczJbDcMQZU5cuoS4/tlv5v7aZos7SMaIYsvJ9SYcK txghAw3nP0tgMECzM1XFniX0mv39vAlouPYjzg7v15JDCskPOZJhKTysDA3CMqsyq7DEzFtW 1BexqCjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9wMsWwnfhY4Y59eEdMMX KM1kVkMjHO0FCH0BZKbnqrrU5h6pUQePYiNug/ogipmPcEqKV7vENBGbk+MxWH9+HXAYolkU ap3hf2EVC5AYYw+lWLeb75EjdcDm3BvrUuOFMuT50n2jtKjiIu9FO5t3K2mNbtisstpYWz9r r5iCid9408PALelM3aNqNN7wJJjBSFTOK0aYvd/L4arCgFnBHsgG7nWx7YgcJZihKNbiqHD+ XTVZ6OS4ACXaaTvJVrYZ3Z9RqnoWJoj/3s3MTZ1ZQSj2mQ5YJbp56AaLsNlcb4i/e1l7Ph1U /haJJnQXqUREmzKq2YHcJ3wjI1+bxD31wiACDWoPWokdJl6Sg2XptK9Jlnz9DMDBzacvNclp +HyzRvSRJcOHlwwDMvfZP+14Um2uHwRxLB7U0fSe4EBc0Tw6ol6bSf2i6Zvcc0LLBzCwBqc1 hqXXkhE9bWc/ddt/YCQ166eroqvH+9vJWZgHjHWveSsKC3X3mu/2oscAuyGSi/QCTHv86K4a OQLk/ylaK8bnExHupZXGqpwyf5s/MPmorJXw1g2HHjPaFj3WLpsLmPfgJtKv6xJgLRYpRG3S gSE/dwDYeeFP8bsEVgwIgs5b7vciaFIy2eKtfllcl/n4CJX/aacVRQANhaBvyVRMb9pPd532 uwmosMXt1SyhxdC3gxqVcyIG7Bg9kA9bpg=
- Ironport-hdrordr: A9a23:G8WKB6pniY6nwQ0Ybi1LOuAaV5uPL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssSkb6K290KnpewK4yXbsibNhc4tKLzOWxFdAS7sSrLcKogeQVBEWk9Qy6U 4OSdkGNDSdNykYsS++2njDLz9C+qjGzEnLv5an854Fd2gDAMsAjzuRSDzraXGeLDM2X6bRf6 Dsgvav0gDQH0j/Gf7LYUXtMdKzxeHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoi2X KtqX272oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweTYph7UbHqhkF2nAjv0idurD D/mWZmAy1B0QKWQohzm2q15+DU6kdr15Yl8y7BvZKsm72jeNtwMbs/uWsQSGqm16NnhqAg7E sD5RPoi3IcZymw7RjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklWqvoMRiKoLzPKt MeR/00JcwmBW+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNB6Vs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaNaAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu4hjDlhCy8vBrZbQQF++oWEV4rydSq8kc77mst 6ISedrP8M=
- Ironport-sdr: MGqM3qF2EOW1V3YY9EPaDikB/x1v+boGNzhdvqPMl3EMIkGPC53tCoiii3jXnJ5q5jJmQGus8e xCSuBpmn0NTviinhcFFMFz6BlZh9U94x4XEOZ7O/nkmMb9krZDaE2h1sMY7VxySAaayeYvPoFc +ghZyF4wIPToJrdKObNzTULz3b985yQ8GWm3vyBlW5du9Ah4E5MBMOEQcSzZAC+NNYNrQ9lFly i0V3NmROYWdH8Ruh/9BHLyiugpWAyl2xueNAG3PdSWUDOhqSHRgJP6yYuUByvmGtyxcqZEdBIy tRwR44zgt/KgvEB5y6aXmwLc
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYIaGnWFhAM4OJ5EW/0Vr9kMg6BqyUpdoAgAIWjgA=
- Thread-topic: [PATCH v2 06/70] x86: Introduce support for CET-IBT
On 15/02/2022 14:01, Jan Beulich wrote:
> On 14.02.2022 13:50, Andrew Cooper wrote:
>> --- a/xen/arch/x86/Kconfig
>> +++ b/xen/arch/x86/Kconfig
>> @@ -39,6 +39,11 @@ config HAS_AS_CET_SS
>> # binutils >= 2.29 or LLVM >= 6
>> def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
>>
>> +config HAS_CC_CET_IBT
>> + # GCC >= 9 and binutils >= 2.29
>> + # Retpoline check to work around
>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
>> + def_bool $(cc-option,-fcf-protection=branch -mmanual-endbr
>> -mindirect-branch=thunk-extern) && $(as-instr,endbr64)
> At the top of asm-defns.h we have a number of similarly operand-less
> instructions expressed via .macro expanding to .byte. I don't see why
> we couldn't do so here as well, eliminating the need for the
> $(as-instr ...). In fact ...
>
>> --- a/xen/arch/x86/include/asm/asm-defns.h
>> +++ b/xen/arch/x86/include/asm/asm-defns.h
>> @@ -57,6 +57,12 @@
>> INDIRECT_BRANCH jmp \arg
>> .endm
>>
>> +#ifdef CONFIG_XEN_IBT
>> +# define ENDBR64 endbr64
>> +#else
>> +# define ENDBR64
>> +#endif
> ... it could also be this macro which ends up conditionally empty,
> but would then want expressing as an assembler macro. Albeit no, the
> lower case form would probably still be needed to deal with compiler
> emitted insns, as the compiler doesn't appear to make recognition of
> the command line option dependent on the underlying assembler's
> capabilities.
$(as-instr) isn't only for endbr64. It also for the notrack prefix,
which GCC does emit for any function pointer call laundered through void
* even when everything was otherwise cf_check.
It's another area where treating the cf_check-ness as type-checking
falls down, and created some very weird build failures until I figured
out that Juergen's "Don't use the hypercall table for calling compat
hypercalls" really did need to be a prerequisite.
CET-IBT toolchain support is 3 years old already, and I don't think
there is any value attempting to support a developer mixing a new GCC
and ancient binutils.
>> --- a/xen/arch/x86/include/asm/cpufeatures.h
>> +++ b/xen/arch/x86/include/asm/cpufeatures.h
>> @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW
>> used by Xen for PV */
>> XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for
>> HVM */
>> XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for
>> idle */
>> XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow
>> Stacks */
>> +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect
>> Branch Tracking */
> Is a feature flag actually warranted here, rather than a single
> global boolean? You don't key any alternatives patching to this
> bit, unlike was the case for XEN_SHSTK. And the only consumer is
> cpu_has_xen_ibt, expanding to the boot CPU's instance of the bit.
These are just bits. They long predate alternatives finding a
convenient use for the form, and are 8 times more compact than a global
boolean, with better locality of reference too.
~Andrew
|