Xen project Mailing List

Re: [PATCH 00/65] x86: Support for CET Indirect Branch Tracking

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 26 Nov 2021 13:48:40 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kQDITo9f9lV+o4bl/4+B6uaN7dki1K4r7F5gTsbexGQ=; b=Ye+gqIXYWf4JyEfRnQV6zCPo9eKEne0t8Qrs+zUCz1vz3+E7WvzC6tu6l4hVwwq6/MN8Jg3HN/ZNp8NnNZxikMvVieiiENxEBQqGtPib1IXNeEcQW/qz4q9d8EQAWMGlWuSRmLEhYFPVF+dDSiQBeTSrh4aPGW2Fsgibt436b2I6xQ6q2ShYSGsQQclufiTbk/N63e1j0RMk/hGWLPHl26oD4pCA1DiM+R1xb1f2llctscWxoyflIC34b6L/SB3NOdwguqvJPkm6v7RuDY+J0cdrKv1MTqaTc/Era53sy8/Ue0tckHmtdUXrYovEfaurf3xA8nhIOJg3pv9JDgnXYw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fF2IurVRqJdZL7wYymHMEurfy7dMbmqVedKh0oiQWfL2fwkTnNf348pJEKLkk2git5F7B+hpxE6QgsyRDuUF2mY7rCB2THUWws4XfvgBigwc48rqbM480wtk5kXAVhSJ5mqP+YeygzmvHHOEA/G2QkX1iTAVTTeWwa9/h5bm+9A7ChiDfRbEzVw+ffkjpBU0x7GQPONfJFKZD3uNKBIW87cpaCzmdO9/5vElLiT50yoGSo7GOaThXhbJkPiVt1J5S+QLO05ANJr40mIcWh2hxVE0JqJ1fuBxL6/3ydMML3ps/wrk7tcKfOl7twYoIWu6PREsXxofgJhBTLqe0eR2SA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 26 Nov 2021 12:49:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.11.2021 13:33, Andrew Cooper wrote: > CET Indirect Branch Tracking is a hardware feature designed to protect against > forward-edge control flow hijacking (Call/Jump oriented programming), and is a > companion feature to CET Shadow Stacks added in Xen 4.14. > > This series depends on lots of previously posted patches. See > xenbits/xen-cet-ibt for the full branch with all dependencies. > > Patch 1 introduces some compile time infrastructure. > > Patches 2 thru 56 annotate all function pointer targets in the common and x86 > hypervisor code. Patches are split by API and in no particular order, and > largely mechanical. As such, I'm limiting review mainly to The Rest. While > doing this work does depend on an experimental GCC change (patch 56), the > result does actually work properly with GCC 9 onwards. I wonder what this means. Are you talking about a gcc 9 with the experimental change backported? Or are you saying that things build fine there (but don't work as far as IBT is concerned) in the absence of the experimental change? In which case what about older gcc? > Various note accumulated through the work: > * I have already posted patches fixing some of the most egregious (ab)uses > of > function pointers. There are plenty of other areas which could do with > cleanup. > * With everything turned on, we get 1688 runtime endbr64's, and 233 init > time. The number of runtime endbr64's is expected to reduce with > Juergen's hypercall series (see later), and in common deployment cases > where not everything is compiled in by default. > * I have not checked for misaligned endbr64's, and I'm not sure there is > anything useful we could do upon discovering that there were any. > Naively, there is a 1 in 2^32 chance (endbr64 being 4 bytes long), but > this doesn't account for the structure of x86 code, which is most > certainly not a uniform random distribution of bytes. Do you really mean "misaligned" here? The 2nd sentence rather might suggest that you mean byte sequences resembling ENDBR, despite actually being part of other insns. If so, checking might not allow to prove anything, as e.g. displacements change with about every build. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.