Xen project Mailing List

Re: [PATCH 63/65] x86/setup: Rework MSR_S_CET handling for CET-IBT

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 6 Dec 2021 11:49:15 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ETWBE5Tgi7RxJH6hIPyvMR1Kms4ofCQDjyr6RKVTKrI=; b=EAzv1dyFhRcnC+CVCC2YNjIeSwRLb6M7HmJ5NvJ5GdpEiUqfA2d+ItmhdsNrcFx0dgDyjNEUkXAsDjr+OAzq0Ir6YgneuzQevot/s5cx7/+fpDgzLOz6PCUiTcxH6qwlhC5XexrEdHIWjTi+v+sUX1BlRa8w+SuTc6fo8b6+sP1GlFlvL5cj9C75KY9nW4CnU01RpF+2gvxrDid4RyNEX+30aRsOuLa5k9dOfR5Xrk1hVJXwRvnpoS37cabTNSYJc1X1aHlUICWfAcWQFfpeXSAO8+2tetd7JDMC8VDLg2gGhRmtl5SVZXEtEEpU86l1XplfA1BLR4w9h6fMQ2S+ng==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mmBMBWBJiy7PS2KeTKkIy5zGDqm9Ig/Dts85EHda4+x6uhWBTJ4paL90Cb8yxrE2Kex1mjBN9ar666BBCLAbPigZ0VmepZpB75aTCLBdzFD0ulIcGmk2D9AuJECQbCRlVqX1yjPMkKuIHRaxtQwcWAfeOT8rZp0S0Lfr6Zm3XXltRUnZ4ivLsgFrxSkBC6E1pu+OpJrHz3SitFYqHDtLVvBAgRAOEch54I1i2w/AtnNrBFm3kX1A9wK4tuIFmfyX3hcANbqqGv+vpCnr9bAOjH7gjrl7n8YgUXuIWn/m9KpqfStU2b0EYR1ziNKYkvfXk3eMwUAtc0uuQUDFdcOEsw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 06 Dec 2021 10:49:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.11.2021 13:34, Andrew Cooper wrote: > --- a/xen/arch/x86/acpi/wakeup_prot.S > +++ b/xen/arch/x86/acpi/wakeup_prot.S > @@ -63,7 +63,24 @@ ENTRY(s3_resume) > pushq %rax > lretq > 1: > -#ifdef CONFIG_XEN_SHSTK > +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) > + call xen_msr_s_cet_value > + test %eax, %eax > + je .L_cet_done Nit: I consider it generally misleading to use JE / JNE (and a few other Jcc) with other than CMP-like insns. Only those handle actual "relations", whereas e.g. TEST only produces particular flag states, so would more consistently be followed by JZ / JNZ in cases like this one. But since this is very much a matter of taste, I'm not going to insist on a change here. > + /* Set up MSR_S_CET. */ > + mov $MSR_S_CET, %ecx > + xor %edx, %edx > + wrmsr > + > + /* Enable CR4.CET. */ > + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx > + mov %rcx, %cr4 Is it valid / safe to enable CR4.CET (with CET_SHSTK_EN already active) before ... > +#if defined(CONFIG_XEN_SHSTK) > + test $CET_SHSTK_EN, %eax (Intermediate remark: Using %al would seem to suffice and be a shorter encoding.) > + je .L_cet_done > + > /* > * Restoring SSP is a little complicated, because we are intercepting > * an in-use shadow stack. Write a temporary token under the stack, > @@ -71,14 +88,6 @@ ENTRY(s3_resume) > * reset MSR_PL0_SSP to its usual value and pop the temporary token. > */ > mov saved_ssp(%rip), %rdi > - cmpq $1, %rdi > - je .L_shstk_done > - > - /* Set up MSR_S_CET. */ > - mov $MSR_S_CET, %ecx > - xor %edx, %edx > - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax > - wrmsr > > /* Construct the temporary supervisor token under SSP. */ > sub $8, %rdi > @@ -90,12 +99,9 @@ ENTRY(s3_resume) > mov %edi, %eax > wrmsr > > - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in > load_system_tables(). */ > - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx > - mov %rbx, %cr4 ... the writing of MSR_PL0_SSP in context here? ISTR some ordering issues back at the time when you introduced CET-SS, so I thought I'd better ask to be sure. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.