[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 29 May 2020 19:50:44 +0100
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 29 May 2020 18:51:14 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/05/2020 14:31, Jan Beulich wrote:
> On 28.05.2020 15:22, Andrew Cooper wrote:
>> On 28/05/2020 13:03, Jan Beulich wrote:
>>> On 27.05.2020 21:18, Andrew Cooper wrote:
>>>> @@ -940,7 +944,8 @@ autogen_stubs: /* Automatically generated stubs. */
>>>>          entrypoint 1b
>>>>  
>>>>          /* Reserved exceptions, heading towards do_reserved_trap(). */
>>>> -        .elseif vec == TRAP_copro_seg || vec == TRAP_spurious_int || (vec 
>>>> > TRAP_simd_error && vec < TRAP_nr)
>>>> +        .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \
>>>> +                vec == X86_EXC_VE  || (vec > X86_EXC_CP && vec < TRAP_nr)
>>> Adding yet another || here adds to the fragility of the entire
>>> construct. Wouldn't it be better to implement do_entry_VE at
>>> this occasion, even its handling continues to end up in
>>> do_reserved_trap()? This would have the benefit of avoiding the
>>> pointless checking of %spl first thing in its handling. Feel
>>> free to keep the R-b if you decide to go this route.
>> I actually have a different plan, which deletes this entire clause, and
>> simplifies our autogen sanity checking somewhat.
>>
>> For vectors which Xen has no implementation of (for whatever reason),
>> use DPL0, non-present descriptors, and redirect #NP[IDT] into
>> do_reserved_trap().
> Except that #NP itself being a contributory exception, if the such
> covered exception is also contributory (e.g. #CP) or of page fault
> class (e.g. #VE), we'd get #DF instead of #NP afaict.

Hmm.  Good point.

I also had some other cleanup plans.  (In due course,) I'll see what I
can do to make the status quo better.

~Andrew

References:
- [PATCH v2 00/14] x86: Support for CET Supervisor Shadow Stacks
  - From: Andrew Cooper
- [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks
  - From: Andrew Cooper
- Re: [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks
  - From: Jan Beulich
- Re: [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks
  - From: Andrew Cooper
- Re: [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks
  - From: Jan Beulich

Prev by Date: Re: [PATCH v2 03/14] x86/shstk: Introduce Supervisor Shadow Stack support
Next by Date: Re: Bug: toolstack allows too low values to be set for shadow_memory
Previous by thread: Re: [PATCH v2 04/14] x86/traps: Implement #CP handler and extend #PF for shadow stacks
Next by thread: [PATCH v2 06/14] x86/shstk: Create shadow stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.