Re: [PATCH v2 13/14] x86/S3: Save and restore Shadow Stack configuration

[Jan Beulich <jbeulich@xxxxxxxx>]

On 27.05.2020 21:18, Andrew Cooper wrote:
> See code for details
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Wei Liu <wl@xxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> 
> Semi-RFC - I can't actually test this path.  Currently attempting to arrange
> for someone else to.

Nevertheless
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with one question, just for my understanding:

> @@ -48,6 +58,51 @@ ENTRY(s3_resume)
>          pushq   %rax
>          lretq
>  1:
> +#ifdef CONFIG_XEN_SHSTK
> +        /*
> +         * Restoring SSP is a little complicated, because we are intercepting
> +         * an in-use shadow stack.  Write a temporary token under the stack,
> +         * so SETSSBSY will successfully load a value useful for us, then
> +         * reset MSR_PL0_SSP to its usual value and pop the temporary token.
> +         */
> +        mov     saved_rsp(%rip), %rdi
> +        cmpq    $1, %rdi
> +        je      .L_shstk_done
> +
> +        /* Set up MSR_S_CET. */
> +        mov     $MSR_S_CET, %ecx
> +        xor     %edx, %edx
> +        mov     $CET_SHSTK_EN | CET_WRSS_EN, %eax
> +        wrmsr
> +
> +        /* Construct the temporary supervisor token under SSP. */
> +        sub     $8, %rdi
> +
> +        /* Load it into MSR_PL0_SSP. */
> +        mov     $MSR_PL0_SSP, %ecx
> +        mov     %rdi, %rdx
> +        shr     $32, %rdx
> +        mov     %edi, %eax
> +        wrmsr
> +
> +        /* Enable CET.  MSR_INTERRUPT_SSP_TABLE is set up later in 
> load_system_tables(). */
> +        mov     $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx
> +        mov     %rbx, %cr4

Does this imply NMI or #MC are fatal between here and there?

Jan