Xen project Mailing List

Re: [PATCH 0/4] x86: Further harden function pointers

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 29 Nov 2021 09:51:48 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lyySaEq89sPMQp80bGSBPjq8INEHew6hleOR6yp3Gd0=; b=Oa4J16/WJEsRlXunenC+vdsExbGtuikt5kJhJxDb0USu+gqD4KB4O1EFf7OBYjrVVBRan0GbdxqBaPPHMYiuyj47rDfPLlFOXAjhi9Zk5wFrCms9Gd80ZIrD3jn1hS2Sl+gYfQPAEhC7l6Fm9xjQ+xjLNbvgtjaCnvb/LPU7iX2lUhoL2WDqkhZzlXfCf+8SQZBjgY5wWPO761I3YTRp3iwY+oUEUvyIvoTLG70LRcliRH3FxALbRMOJX3MsSRIdnCpJKPkdPB5W/qJdKj/YRFe6TGydG9UV1mKQbWGAKeis4bXC61YYJrWXCldz/ck37EqXub0+wS3DPZ5oWoFd0w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lsV5o5jsH4IDGk+ZBh9Jg66M1yQzCqK7VT8I1kwl7zNbjRV+WwLD6ryebAkuj9E6QGV2rOWH/qnVDD/oCVZXXSJL4ezfoC3CJ0E5lP5RmoHH3GtyE1CZm8TWUN0QK8m6wzR4jnIwv9dR8DgJqdrmKTstC7YmztdN6c8JBw8RHwb96ik0oBgs9B2fnwqL9Jfga11zrcCZ1/G1irX/Q9z+tZRCkbc3iLSfBAn15KC66JazKnq8cbMfpOc84mfdcCeCWmkQdSKzOpkVkxGfQB+fnIVt+c7qG7tD4JDEalJ7i4Yhh16mLowciRerIwUJMTnnL7lwGTz6sibSBJbGmJP0RA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 29 Nov 2021 08:52:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.11.2021 22:22, Andrew Cooper wrote: > Slightly RFC, because patch 2 has some minor structure (ab)use, but the result > works alarmingly well. So far, this demonstrates converting two subsystems. > > hvm_funcs is the other area of especially low hanging fruit, but IOMMU, vPMU > also look like good candidates. Anything which is partially altcall'd already > would benefit from being fully altcall'd. I'll post patches for hvm_funcs and vPMU hopefully later today. I intend to look into the remaining unconverted IOMMU instances (so far I've spotted one, but proper auditing may turn up more). For hvm_funcs what I have leaves a few ones still unconverted; I guess we can discuss whether to go beyond what I have in the context of that patch. > Should we consider introducing __ro_after_init right now (as an alias to > __read_mostly) as this conversion is touching a lot of ares where true > post-init immutability ought to be enforced. Well, it's largely orthogonal, but this might indeed be a good opportunity to at least make a first step. I'd go slightly beyond what you say and at least also introduce a respective new section, rather than aliasing __read_mostly. Jan > Andrew Cooper (4): > x86/altcall: Check and optimise altcall targets > x86/altcall: Optimise away endbr64 instruction where possible > xen/xsm: Use __init_data_cf_clobber for xsm_ops > x86/ucode: Use altcall, and __initdata_cf_clobber > > xen/arch/x86/alternative.c | 60 > ++++++++++++++++++++++++++++++++++++ > xen/arch/x86/cpu/microcode/amd.c | 2 +- > xen/arch/x86/cpu/microcode/core.c | 38 ++++++++++++----------- > xen/arch/x86/cpu/microcode/intel.c | 2 +- > xen/arch/x86/cpu/microcode/private.h | 2 +- > xen/arch/x86/xen.lds.S | 5 +++ > xen/include/xen/init.h | 2 ++ > xen/xsm/dummy.c | 2 +- > xen/xsm/flask/hooks.c | 2 +- > xen/xsm/silo.c | 2 +- > 10 files changed, 93 insertions(+), 24 deletions(-) >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.