[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CET-IBT and kexec?

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: David Vrabel <dvrabel@xxxxxxxxxx>
Date: Mon, 7 Mar 2022 17:10:05 +0000
Cc: Andew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Mon, 07 Mar 2022 17:10:15 +0000
Feedback-id: 82.70.146.41
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

kexec_reloc (see xen/arch/x86/x86_64/kexec_reloc.S) has an indirectbranch as part of switching page tables. I understand that if CET-IBT isenabled this will raise an exception since there's no ENDBR64instruction and (as far as I could tell) CET-IBT has not been disabledin machine_kexec() prior to calling kexec_reloc().

Have I correctly spotted an issue, and if so, would the correct fix beto disable CET-IBT in machine_kexec()?

I guess this would also be an issue if kexec'ing to a image withoutCET-IBT support.


David

Follow-Ups:
- Re: CET-IBT and kexec?
  - From: Andrew Cooper

Prev by Date: Re: [PATCH v2] livepatch: set -f{function,data}-sections compiler option
Next by Date: Re: [PATCH v2] livepatch: set -f{function,data}-sections compiler option
Previous by thread: [PATCH v2] codeql: add support for analyzing C, Python and Go
Next by thread: Re: CET-IBT and kexec?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.