Xen project Mailing List

Re: [PATCH v2 03/14] x86/shstk: Introduce Supervisor Shadow Stack support

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 2 Jun 2020 14:06:11 +0200

Cc: Anthony Perard <anthony.perard@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 02 Jun 2020 12:06:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 29.05.2020 20:36, Andrew Cooper wrote: > On 29/05/2020 12:59, Jan Beulich wrote: >> On 28.05.2020 20:10, Andrew Cooper wrote: >>> On 28/05/2020 11:25, Jan Beulich wrote: >>>> On 27.05.2020 21:18, Andrew Cooper wrote: >>>>> --- a/xen/arch/x86/Kconfig >>>>> +++ b/xen/arch/x86/Kconfig >>>>> @@ -34,6 +34,10 @@ config ARCH_DEFCONFIG >>>>> config INDIRECT_THUNK >>>>> def_bool $(cc-option,-mindirect-branch-register) >>>>> >>>>> +config HAS_AS_CET >>>>> + # binutils >= 2.29 and LLVM >= 7 >>>>> + def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy;endbr64) >>>> So you put me in a really awkward position: I'd really like to see >>>> this series go in for 4.14, yet I've previously indicated I want the >>>> underlying concept to first be agreed upon, before any uses get >>>> introduced. >>> There are already users. One of them is even in context. >> Hmm, indeed. I clearly didn't notice this aspect when reviewing >> Anthony's series. >> >>> I don't see that there is anything open for dispute in the first place. >>> Being able to do exactly this was a one key driving factor to a newer >>> Kconfig, because it is superior mechanism to the ad-hoc mess we had >>> previously (not to mention, a vast detriment to build time). >> This "key driving factor" was presumably from your perspective. >> Could you point me to a discussion (and resulting decision) that >> this is an explicit goal of that work? I don't recall any, and >> hence I also don't recall having been given a chance in influence >> the direction, decision, and overall outcome. > > It took up a large chunk of the build system design session in Chicago. I don't recall; perhaps I was in another parallel session? If it's the one with notes at https://lists.xenproject.org/archives/html/xen-devel/2019-07/msg00786.html then a remark close to the top suggests I was there, but there's no sign of this aspect having got discussed. There is, among the issues listed, "Xen build re-evaluates compiler support for every translation unit", but that's only remotely related. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.