[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/kexec: Fix kexec-reboot with CET active

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: David Vrabel <dvrabel@xxxxxxxxxx>
Date: Mon, 7 Mar 2022 22:11:34 +0000
Cc: Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Mon, 07 Mar 2022 22:11:59 +0000
Feedback-id: 82.70.146.41
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07/03/2022 20:53, Andrew Cooper wrote:

The kexec_reloc() asm has an indirect jump to relocate onto the identity
trampoline.  While we clear CET in machine_crash_shutdown(), we fail to clear
CET for the non-crash path.  This in turn highlights that the same is true of
resetting the CPUID masking/faulting.

Move both pieces of logic from machine_crash_shutdown() to machine_kexec(),
the latter being common for all kexec transitions.  Adjust the condition for
CET being considered active to check in CR4, which is simpler and more robust.


Reviewed-by: David Vrabel <dvrabel@xxxxxxxxxxxx>

Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT")
Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks")
Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in 
context_switch()")
Reported-by: David Vrabel (XXX which alias to use?)


Amazon, please.

David

References:
- [PATCH] x86/kexec: Fix kexec-reboot with CET active
  - From: Andrew Cooper

Prev by Date: [PATCH v2 2/2] xen/x86: Livepatch: support patching CET-enhanced functions
Next by Date: Re: [XEN v9 3/4] xen/arm64: io: Handle the abort due to access to stage1 translation table
Previous by thread: [PATCH] x86/kexec: Fix kexec-reboot with CET active
Next by thread: Re: [PATCH] x86/kexec: Fix kexec-reboot with CET active
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.