[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] x86/shskt: Disable CET-SS on parts susceptible to fractured updates

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 4 Jan 2023 16:59:44 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xrAHntuMP5McfeZATKKyDoJutzM7llCarZaRHoOccBo=; b=ToNgNzYGJpYf1P2q9NKt2gq3c1S1+BTAvxLg68hycriFkS3/JL6H6gbyTBFvmRm//BVl0aYqz2C/b2eIUZ6TF89n1DN/klrdaVScN8uXBZ8bdFMsx5Vc2HZw0FPp/pwlXCD4d5OelpP+uXp8LVKLbjd9TTfOP4YrtlwncENq3Qm6NeNl4YPIM9tBbYrcbAl9mEQTKCE3LpQuWA2z9VMyNmB81K1KU10CRJP0J/qNQOxFlDxZYnzStnMn7bxLKbpqSQmIWvp1F5v0rdnCAn753r0sAWLhb4oVqFyBkECxPIDNEhTmU7h07yZmr8kUMJ1PdUXmVrKIm2bxtcZtIcjZDw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jxr6a4sdIJQV44zu1DxtIYp1Uvlu9RS5PQGirXM/MCsBCs5JCLfjvs99ltfklQHA1XQBwnLiG/z0GOnIg6hxaZ3RgRKKIEagaARTv3Zz7BXwfTSxVCu0/EpigYQCAEbGbLsXquokjTj418vJ8jHpifypR6Gb3HOVQESOJWevD0pR5nI3S8DG27I5Bd365hLXMMB9WmEZQ8vvmXC+1UweTRDXKLtkIFkwcbPCYiXPJbV9mwfvr25WE5uOwdNvDa/xONHb/MgO4vSn4Tqt2pPl7YQVDAdt2cpp1ghIUIwO/u+uOckU+RTBdVQjLUZOnhYaGS26OwATDg60puQW7Ssr0Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 04 Jan 2023 17:00:12 +0000
  • Ironport-data: A9a23:aOg0rq/Wp2unswfPhhRRDrUDon+TJUtcMsCJ2f8bNWPcYEJGY0x3n zRJXD+Oaa2KY2vyLo0gbY6woRwB6pPSmtAxHlBo+Hw8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIx1BjOkGlA5AdmPKgX5AO2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDkli1 qU8eTlTQSndmu2t5/G3aPRGnvUKeZyD0IM34hmMzBn/JNN+G9XpZfyP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTWKilAhuFTuGIO9ltiibMNZhEuH4 EnB+Hz0GEoyP92D0zuVtHmrg4cjmAuqANxMTOXlrpaGhnWt1FAKAiUrW2HlrMGGo1zuHMpZJ kALr39GQa8asRbDosPGdx+yrWOAvxUcc8FNCOB84waIooLL5y6JC25CSSROAPQ2uclzSTE02 1uhm9LyGScpoLCTUWia9LqfsXW1Iyd9EIMZTSoNTA9A6d+6pog21kjLVow7TP7zicDpEzbtx TzMtDI5m7gYkc8M0eO84EzDhDWv4JPOS2bZ+znqY45s1SshDKbNWmBiwQOEhRqcBO51lmW8g UU=
  • Ironport-hdrordr: A9a23:Jkg7F65PcBHunGa94gPXwPLXdLJyesId70hD6qkmc20zTiX+rb HMoB1773/JYVkqM03I9errBEDiexLhHPxOjrX5Zo3SODUO0VHARL2Ki7GO/9SKIUPDH4BmuZ uJ3MJFebvN5fQRt7eZ3OEYeexQpeW6zA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZIC1dxLDr/Ft5R0KgtQNaFohPLq6OZp8AgAAU6IA=
  • Thread-topic: [PATCH 2/2] x86/shskt: Disable CET-SS on parts susceptible to fractured updates
On 04/01/2023 3:44 pm, Jan Beulich wrote:
> On 04.01.2023 12:11, Andrew Cooper wrote:
>> Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack
>> Token".
>>
>> Architecturally, an event delivery which starts in CPL<3 and switches shadow
>> stack will first validate the Supervisor Shadow Stack Token (setting the busy
>> bit), then pushes CS/LIP/SSP.  One example of this is an NMI interrupting 
>> Xen.
>>
>> Some CPUs suffer from an issue called fracturing, whereby a fault/vmexit/etc
>> between setting the busy bit and completing the event injection renders the
>> action non-restartable, because when it comes time to restart, the busy bit 
>> is
>> found to be already set.
>>
>> This is far more easily encountered under virt, yet it is not the fault of 
>> the
>> hypervisor, nor the fault of the guest kernel.  The fault lies somewhere
>> between the architectural specification, and the uarch behaviour.
>>
>> Intel have allocated CPUID.7[1].ecx[18] CET_SSS to enumerate that supervisor
>> shadow stacks are safe to use.  Because of how Xen lays out its shadow 
>> stacks,
>> fracturing is not expected to be a problem on native.
> IOW that's the "contained in an aligned 32-byte region" constraint which we
> meet, aiui.

For practical purposes, it is "contained within a single cache line".

AMD's position is "if the OS doesn't have suitable alignment, or doesn't
place the shstk on WB memory, it gets to keep any resulting pieces". 
They have confirmed that if there is suitable alignment and it is on a
WB mapping, then no vmexit can occur which would fracture the the shadow
stack.

Intel retroactively tightened the constraints in microcode on TGL/ADL so
that MSR_PL?_SSP (or ISST pointers from memory) would suffer #GP if they
didn't refer to the top word in an aligned 32-byte region.

But this provide to be insufficient to fix the problem, hence the new
CPUID bit, and recommendation to disable supervisor shadow stacks by
default under virt.

>> Detect this case on boot and default to not using shstk if virtualised.
>> Specifying `cet=shstk` on the command line will override this heuristic and
>> enable shadow stacks irrespective.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
> with one nit (below).
>
>> This ideally wants backporting to Xen 4.14.  I have no idea how likely it is
>> to need to backport the prerequisite patch for new feature words, but we've
>> already had to do that once for security patches.  OTOH, I have no idea how
>> easy it is to trigger in non-synthetic cases.
> Plus: How likely is it that Xen actually is used virtualized in production?

All of our gitlab smoke tests, a larger part of QubesOS's CI, and
non-default PV-shim configurations.

As soon as we get guest CET working, then part of OSStest, and a portion
of XenServer's general testing too.

It does need backporting to all general support trees.  (When I first
started working on this problem with Intel, that would have included
4.14 too...)

>> @@ -1099,11 +1095,45 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>>      early_cpu_init();
>>  
>>      /* Choose shadow stack early, to set infrastructure up appropriately. */
>> -    if ( opt_xen_shstk && boot_cpu_has(X86_FEATURE_CET_SS) )
>> +    if ( !boot_cpu_has(X86_FEATURE_CET_SS) )
>> +        opt_xen_shstk = 0;
>> +
>> +    if ( opt_xen_shstk )
>>      {
>> -        printk("Enabling Supervisor Shadow Stacks\n");
>> +        /*
>> +         * Some CPUs suffer from Shadow Stack Fracturing, an issue whereby a
>> +         * fault/VMExit/etc between setting a Supervisor Busy bit and the
>> +         * event delivery completing renders the operation non-restartable.
>> +         * On restart, event delivery will find the Busy bit already set.
>> +         *
>> +         * This is a problem on bare metal, but outside of synthetic cases 
>> or
>> +         * a very badly timed #MC, it's not believed to problem.  It is a 
>> much
> Nit: "... to be a problem."

Fixed, thanks.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.