Xen project Mailing List

Re: [PATCH 01/65] x86: Introduce support for CET-IBT

To: Andrew Cooper <amc96@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 29 Nov 2021 10:21:25 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7cEs2/M3jieIQEYwYwHNJ+hh85DhRLGO3M18TCSvnN8=; b=bnS9xwa02k/VpNjpc5CyvlxKtfjB/h3a2yYMhfDF5/cpy/Ac/Fo4v/TQM7RxArd998Tdq5gTTly7dDcoll7TZoRlD4zFFPJD1ja14aDTg3Qhcl7+f67muvmspKtoLfmKP9oLZe9Lls/C2rdvGaFZ5UaQObLxH9deAxiMsGdo0Cvw+KbhdziEezO128o9vptieMfwJ+6c2uQbE68X2XAySapRVeI71V8d9HnYQvNpbIa42PCievJ2XGuyr+kj2T2E1kcYksP5j5/SK1MFQasMJ2M1QhyuIxV4pEB0+Awcm9yhxfGpCngJrCd93aQXU2c5e2jApXCdTR5q3YqCnx258Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cCct9lW/M3qVM02rhpx1FyublysCxzEHsHYvptBSQP2dY/6T+6ewtr4Yo5L4zMIogeEfNDm/dxDamboLD7nVkWSkdGK9/gyFwMQ+pgtPAbc+QQVlF1OnNA8awfuHTa2f9r1iG5BaUj7aJUlvIQzlzI6SLM3+0E/LZvg4iH5jjv4gjkSBQ9w95Wmq9yPbUTYn0M0u8p7cLNQ9sGDZX8ni4KkJbdEbdT5J425todKlOAhWu0eOOgMPhP5wGAcFW+9xJ4pEP3InLp/wcgVpHAer68hIMxs/O5hsHNko7YsXhDYnlNoyNsYGyj6r+noImpMVyzpddDuLt1+efpcA416mOw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 29 Nov 2021 09:21:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.11.2021 16:21, Andrew Cooper wrote: > On 26/11/2021 14:10, Jan Beulich wrote: >> On 26.11.2021 13:33, Andrew Cooper wrote: >>> @@ -124,6 +129,18 @@ config XEN_SHSTK >>> When CET-SS is active, 32bit PV guests cannot be used. Backwards >>> compatiblity can be provided via the PV Shim mechanism. >>> >>> +config XEN_IBT >>> + bool "Supervisor Indirect Branch Tracking" >>> + depends on HAS_CC_CET_IBT >>> + default y >>> + help >>> + Control-flow Enforcement Technology (CET) is a set of features in >>> + hardware designed to combat Return-oriented Programming (ROP, also >>> + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET >>> + feature designed to provide function pointer protection. >>> + >>> + This option arranges for Xen to use CET-IBT for its own protection. >> Shouldn't this depend on BROKEN until it's actually functional? > > It compiles fine right from now, and making it BROKEN would inhibit > bisection through the series. > > Nothing actually matters until patch 65 turns on MSR_S_CET.ENDBR_EN. "Nothing" except that until then the promised extra security isn't there. >>> --- a/xen/arch/x86/x86_emulate/x86_emulate.h >>> +++ b/xen/arch/x86/x86_emulate/x86_emulate.h >>> @@ -35,6 +35,11 @@ >>> # error Unknown compilation width >>> #endif >>> >>> +#ifndef cf_check >>> +/* Cope with userspace build not knowing about CET-IBT */ >>> +#define cf_check >>> +#endif >> Imo this shouldn't go here, but in tools/tests/x86_emulator/x86-emulate.h, >> and then presumably without #ifdef. > > I considered that, but the test harness isn't the only userspace > harness. There is the fuzzing harness too, and I'm not sure we want to > force every userspace harness to provide the same workaround. But that's the idea of putting it where I suggested: This header gets re-used by the fuzzing harness: x86-emulate.c x86-emulate.h wrappers.c: %: [ -L $* ] || ln -sf $(XEN_ROOT)/tools/tests/x86_emulator/$* Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.