[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.16] x86/shstk: Fix use of shadow stacks with XPTI active

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 2 Nov 2021 16:14:19 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tVBw7AMQdgSQTvRHgIYBfd4vmJagVng9eSCcaCzr0cM=; b=Mk0S2wYsbRKFF9V4CuN3YvXlOlqkCHrAKY6CmxpfTMQyHcIGf6FBHJ0jsNklJGjUOF/LK1gSmd9Dos7WpgMd0Y3baK4JSQC5kCFpqMHkAyTuOXnHPrRGmOMEvr3WvxjNaEbl/f/BOLi1xKKAMAaPHi6K4dCJW5IvYklqvCglXzJX95nYr/Awj0aeDCEjfQ2R7le4VYVHVo8wv6HPCDLJaqnhPHXFXKiRvvI5FZT4g7BLwkQlmCwBjbRBh4EivUihYccq3MHSqJzQRnXhJU36vdHSlsbdayw+yBvFwAkFmrwioz36USSrAbBYOZ0WreYMI8WLLna5w8iWvuX7Es51OA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZrMBed56no4gBGaDFlwWfcR+OfLal5cszJV2HLqQBzZAHU+U5te/sSQu3BT7j1xbN++J+ISRZYpyjmLtUfs1jnx/jLAao4RsbMxcKf2k9igfN5UvII29YnF4gOqUgUpyoGuDZY55jA0zz+tLm/19WghGCS0xVDkhrY0pW1IUyCOVACSpQ42wDSRdLraILTPYSSUxo4zj+mzvlJnQKEQQo7QGOCzm8T0zI/o7971vhdSIs5a5AWiDGRKuf3WNgGjONYH0knAI6IMPwUtvjUD9+eZeBWjZUpGR8srOrkRPF5o9tAddX6sJGeAAh+UDAMHVu7Y3XjFUJ5oEHenICVZLwg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 02 Nov 2021 15:14:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02.11.2021 15:39, Andrew Cooper wrote:
> The call to setup_cpu_root_pgt(0) in smp_prepare_cpus() is too early.  It
> clones the BSP's stack while the .data mapping is still in use, causing all
> mappings to be fully read read/write (and with no guard pages either).  This
> ultimately causes #DF when trying to enter the dom0 kernel for the first time.
> 
> Defer setting up BSPs XPTI pagetable until reinit_bsp_stack() after we've set
> up proper shadow stack permissions.
> 
> Fixes: 60016604739b ("x86/shstk: Rework the stack layout to support shadow 
> stacks")
> Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks")
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.