[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks

To: Jan Beulich <jbeulich@xxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 26 Jun 2020 15:46:09 +0100
Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 Jun 2020 14:46:19 +0000
Ironport-sdr: bUFHq1LnhwQU5oif03q5KuADDlgQaaaQ23BYdHvfugd/oRHKtcMGNNl9S/aNHs9PiJ3oWir00j QYo7NRCSMSDXPMg2Vddp5Ck3AvNJC/LQcbocQxLUgCQs5b1OWCI4P16+dWYUUfhW37bgsxnRnX AJkwf7rsyuMagpLpFROs/ZX9Ur9/qXBNagJU2nXtDqlIWiXxPcAs/DlzMPX4Mp07q3lWGKvPtm e8Sum32ng+lRbK/WhmTpFo9ZCxsgI65WXMvBOr1nmwywKpjSDcNCy5qPzvLAv6Pl90OohHY6Pk yJ8=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26/06/2020 15:26, Jan Beulich wrote:
> On 26.06.2020 15:59, Ross Lagerwall wrote:
>> On 2020-06-26 13:24, Andrew Cooper wrote:
>>> @@ -56,18 +57,48 @@ int arch_livepatch_safety_check(void)
>>>      return -EBUSY;
>>>  }
>>>  
>>> -int arch_livepatch_quiesce(void)
>>> +int noinline arch_livepatch_quiesce(void)
>>>  {
>>> +    /* If Shadow Stacks are in use, disable CR4.CET so we can modify 
>>> CR0.WP. */
>>> +    if ( cpu_has_xen_shstk )
>> Should this be:
>>     if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk )
>>
>> to match arch_livepatch_revive?
> While it may look a little asymmetric, I think it's preferable
> to is IS_ENABLED() only where really needed, i.e. here it
> guarding code that otherwise may not build.

The reason for the asymmetry is because of the asm() block, which needs
compiling out when we detect that we don't have a compatible assembler.

I was wondering whether I should make cpu_has_xen_shstk be false for
!CONFIG_XEN_SHSTK, but that would be 4.15 work at this point.

~Andrew

Follow-Ups:
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Jan Beulich

References:
- [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Jan Beulich

Prev by Date: RE: [PATCH for-4.14] changelog: Add notes about CET and Migration changes
Next by Date: Re: [PATCH for-4.14] changelog: Add notes about CET and Migration changes
Previous by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.