[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

  • To: Jiamei Xie <Jiamei.Xie@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 17 Mar 2022 11:11:10 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ciXfkNKFsYPy2ZFbOWkf5THmn8+TOYjlAZNARB2E6k4=; b=YdnaP2uRf+fLpytym/HZGm9nPF3TK7JizVbxtEQm3bNG+WPHchBtjOm7RJUywLHmxsQ5w29BkAfSnVg8H5xJp1eh9kQWtVxoiNPv6EzEXxZscClt+eMALKRGTSc1izhTI4rrFpSl0qHXylHuA3EYhmluVwsW3D7tM++G3RzdQfxhyzIxU4i4UM4uR1gynJNMTg6ZNZS5ula23vlSr0lIM+YizI0GEBz1KGiTgW0QkQZV0T9Xe7UfqDab8fWO/ECFgH+ei9MWfNpH/pNEUaXM21Q3Z7TNMEY5G5D9ah0TVbByl0B7cW0XMAVT0ok2uUtJT4CNID1k7r9jVfd73cpORg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EvssoNoR5hga1JwA7riNP78oY7HqBKTUV3MUXqx+MtIbEYsnn7gg1SHA1PYAY3R5ejAXx0vYRuotHZBVMQrtOwHLbPR4cPPVpxHW0qVWMyTBHVDLSCvyiG0V17xiISoK8U8dkPY/GgEgcU20ZUn1+Q2bL+ggD6GC5IX3LnFYyXCUfu1ydoBs83dpbMbTPfjbzr3edaQ5PeTP71r+2DGpr+otBuNIDGWyh+foDqnBj3PeSBRXMfatbVkfTyl/o5fwFSwGqzm8aq//wA7CVtiR27shz7b9y8+b/SNpOcWm8+7oCk+hC0qRQJptNry1SWspxV0eTGbjaNNKMprlVLKeiw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Michael Kurth <mku@xxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 17 Mar 2022 10:11:20 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17.03.2022 11:00, Jiamei Xie wrote:
>> -----Original Message-----
>> From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of
>> Jiamei Xie
>> Sent: 2022年3月17日 17:17
>>
>>> -----Original Message-----
>>> From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of
>>> Ross Lagerwall
>>> Sent: 2022年3月10日 1:12
>>> To: Bjoern Doebel <doebel@xxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
>>> Cc: Michael Kurth <mku@xxxxxxxxx>; Martin Pohlack
>>> <mpohlack@xxxxxxxxx>; Roger Pau Monne <roger.pau@xxxxxxxxxx>;
>>> Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Konrad Rzeszutek Wilk
>>> <konrad.wilk@xxxxxxxxxx>
>>> Subject: Re: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-
>>> enhanced functions
>>>
>>>> From: Bjoern Doebel <doebel@xxxxxxxxx>
>>>> Sent: Wednesday, March 9, 2022 2:53 PM
>>>> To: xen-devel@xxxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxxx>
>>>> Cc: Michael Kurth <mku@xxxxxxxxx>; Martin Pohlack
>>> <mpohlack@xxxxxxxxx>; Roger Pau Monne <roger.pau@xxxxxxxxxx>;
>>> Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Bjoern Doebel
>>> <doebel@xxxxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>;
>>> Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
>>>> Subject: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-
>>> enhanced functions
>>>>
>>>> Xen enabled CET for supporting architectures. The control flow aspect of
>>>> CET expects functions that can be called indirectly (i.e., via function
>>>> pointers) to start with an ENDBR64 instruction. Otherwise a control flow
>>>> exception is raised.
>>>>
>>>> This expectation breaks livepatching flows because we patch functions by
>>>> overwriting their first 5 bytes with a JMP + <offset>, thus breaking the
>>>> ENDBR64. We fix this by checking the start of a patched function for
>>>> being ENDBR64. In the positive case we move the livepatch JMP to start
>>>> behind the ENDBR64 instruction.
>>>>
>>>> To avoid having to guess the ENDBR64 offset again on patch reversal
>>>> (which might race with other mechanisms adding/removing ENDBR
>>>> dynamically), use the livepatch metadata to store the computed offset
>>>> along with the saved bytes of the overwritten function.
>>>>
>>>> Signed-off-by: Bjoern Doebel <doebel@xxxxxxxxx>
>>>> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
>>>> CC: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
>>>
>>> Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
>>
>> Tested-by: Jiamei xie <jiamei.xie@xxxxxxx>
>>
>> Cheers,
>> Jiamei
> Sorry I forgot to add the scope I tested in last email. I tested it on 
> armv8a. It worked fine and  didn't break arm.
> Tested-by: Jiamei xie <jiamei.xie@xxxxxxx>

Yet in any event there's meanwhile been a v6, so I'm unsure of taking the
tag over there.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.