[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 68/70] x86/setup: Rework MSR_S_CET handling for CET-IBT

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 15 Feb 2022 20:58:31 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JPLHhX/RZu03sGePa0Ovma9LHYxY/o3Uv7lyFhJwVGQ=; b=M3vb5RCB3cyBxsB6boWBF+d1xD+raAav2InOiYC8Bg+MySj/oriNWzSdu9H6UW8qaPzONUIfCkqnfE+Ec9LXDqoQ88RAwdTtvEOTJvbauSE4Qln22KtxgRoxq5j39far/V6ZX4VVh36sByxGAU1f2RU5UiWFGGRLwy+ZDFa1O/Gkq3TZn1IwFIqnqpTsgNbrmgoI9uP2+Fa+1GxWLoPlm8QxpZoO09IJw9GeEmUTEW31xpeVV7Nr0Hh65Kz1XbfBxH/FOE858g9xgarh6x7DGCgS1AoAxe5hMs79al7/vyskd9vJtBBNO2r5JdSL1ug2SKuFFN/JlR6gU++H+nk12Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kI3qaPGI+kg0O5aUVK6wMkqxIpXtqpX01O/hM3ev03hBbu2lrwtYIKlmPvX/VQlSKFTxfeTUVjPei5yBPgilszm3aQvjq7fLEFoc7xRnY88psutwj2MZPAcbM0wV3G7FUM/7vTZ4l4yRk7OvUg26xxXgQXVpdXAjavyQJ9u3fEtYqS4SmYwpfbcnQPhaQiAHdDnDNimQosL+UCrlPBofoJtiDHqfJ5aaBZe5rMLS8Kk9zBh9RqrI/q0uha4GIJaFn1EH/Hrb4LJo0Yr+nhyKqRQeU5FMIzhQNnUqU5p0eUmbsIeKFStAGKb/Ag79JaHpd2LClOwJoJLRzbmvVAx52Q==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 15 Feb 2022 20:58:55 +0000
  • Ironport-data: A9a23:BOpC1KjeeUIdbUp5AxbNWfnDX161thcKZh0ujC45NGQN5FlHY01je htvWTiGM6zcajbzKI1wYYq0/B8CusXcytZqHVc5rX1mH3sb9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oAMKRCQ7InQLlbGILes1htZGEk0GE/NtTo5w7Rj2tQx3IDia++wk YiaT/P3aQfNNwFcagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDfjZw0/DaptVBoaHq 9Prl9lVyI97EyAFUbtJmp6jGqEDryW70QKm0hK6UID66vROS7BbPg/W+5PwZG8O4whlkeydx /1K7NuuaRcofZHsp8QAWFpmDxpaMbFvreqvzXiX6aR/zmXDenrohf5vEFs3LcsT/eMf7WNmr KJCbmpXN1ba2rzwkOnTpupE36zPKOHCOo8Ft24m5jbeFfs8GrjIQrnQ5M8e1zA17ixLNaiFO JBIMGU1BPjGSx9iB2gsK7EGoL+tm2LYXGUGom+z+aVitgA/yyQuieOwYbI5YOeiVchT20qVu G/C12D4GQ0BcsySzyKf9XChjfOJmjn0MKoNEJWo+/gsh0ecrkQRAhALUVqwodGil1WzHdlYL iQpFjEG9PZoshbxF5+kAkP+8CXsUgMgt8R4FLR99iGdy+nowzm5G2NHcCJ6TNA6nZpjLdA17 WOhk9TsDD1plbSaT3OB67uZxQ+P1TgpwXwqPnFdE1ZcizX3iMRq10+UEI4/eEKgpoCtQVnNL ya2QD/Sbln5peoCzO2F8F/OmFpATbCZH1dutm07so9Ihz6VhbJJhaT1szA3Dt4ade51q2VtW 1BexaCjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9wMv2EueRoxa51eEdMMX KM0kVkPjKK/wVPwNfMnC25PI5hCIVfc+STNCamPM4smjmlZfw6b5iB+DXN8LEi2+HXAZZoXY M/BGe71VC5yIf0+kFKeGrdMuZd2l3tW7T6CGvjGI+GPjOP2iIi9EuxebjNjr4kRscu5neki2 48EaZXTk0wFCLKWj+u+2dd7EG3m5EMTXPjeg8dWavSCMkxhHmQgAOXW2rQvZ8pumKE9qwsC1 ijlMqOB4Fag13DBNyuQbXVvNOHmUZpl9CppNi0wJ1e4nXMkZN/3vqsYcpI2e5gh9fBikqEoH 6VUJZ3YD6QdUCnD9hQccYL58N5oeiO0iF/cJCGiejU+IcJtHlSb5t/+cwLz3yASFS7r59Amq rit21qDE5oOTghvFujMb/erww/jtHQRgrsqDUDJPsNSaAPn940zc379ifo+IsctLxTfx2TFi 1bKUElA/eSU+t076tjEg6yAvryFKeomExoIBXTf4Ja3KTLeojipz7hfXbvaZjvaTm71pvmvP L0H0/HmPfQbt19WqI4gQa1zxKcz6taz9b9XygNoQCfCY1ixU+4yJ3CH2Y9Et7FXx68fsgyzA xrd9t5fMLSPGcXkDF9Oe1Z1MrXdjakZymvI8PA4AETm/ysmrrOIXHJbMwSIlCEAfqB+N5kow Lt5tcMbg+BlZsHG7jpSYvhoylmx
  • Ironport-hdrordr: A9a23:ZBXCrq6MDv7a0BGkzQPXwWyBI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhJU3Jmbi7Scy9qeu1z+863WBjB8bfYOCAghroEGgC1/qs/9SEIUPDH4FmpN 5dmsRFeb7N5B1B/LzHCWqDYpYdKbu8gdiVbI7lph8HJ2ALV0gj1XYDNu/yKDwteOAsP+tcKH Po3Lsgm9PWQwVxUi3UPAhmY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC v4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKv+/VXEO0aSSAWQR4Z 7xSiQbToJOArTqDziISC7Wqk3dOfAVmiffIBGj8CDeSIfCNU0H4oJ69Pxkm13imhcdVZhHod J2NyjyjesnMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1UwKp5KuZJIMvB0vFtLA CuNrCp2N9GNVeBK3zJtGhmx9KhGnw1AxedW0AH/siYySJfknx1x1YRgJV3pAZNyLstD51fo+ jUOKVhk79DCscQcKJmHe8EBc+6EHbETx7AOH+bZV7nCKYEMXTQrIOf2sR52Mi6PJgTiJcikp XIV11V8WY0ZkL1EMWLmIZG9xjcKV/NFAgFCvsukaSRloeMNoYDABfzP2zGyfHQ0Mn3KverLs qOBA==
  • Ironport-sdr: /E+DLJP+dXdSXnT/XFxJJlg//GILZamp2G6f6L3LqSV/+x3BRKeF+3wESIy/DK5aPs+5n+21Hr o6RJntDgGiVJSgpTOctBl6AkxivQ0QYqslGiPGNJ1N1wURBu6YbQWX0gTeYMtbtD1HQYITfsvp WtX4FU/pCV4oQiOr+Wz3khbxSAjtdahrtI3Rz4Hz7poXDAkSkSxufNG6rl+NxgGONGJcTjuy/l DifcRFXKsrsHEH3dmritHKUKuNHoE2WXabTE7HXOtjcUvzVD4DQZYHsqgS45gdsEmgXRwovPA6 2v1nbqAtvlVPGlnUS15AAWfD
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYIaOTUcnCkY5v50erixQZ+OuCLKyU0+kAgABGY4A=
  • Thread-topic: [PATCH v2 68/70] x86/setup: Rework MSR_S_CET handling for CET-IBT
On 15/02/2022 16:46, Jan Beulich wrote:
> On 14.02.2022 13:51, Andrew Cooper wrote:
>> CET-SS and CET-IBT can be independently controlled, so the configuration of
>> MSR_S_CET can't be constant any more.
>>
>> Introduce xen_msr_s_cet_value(), mostly because I don't fancy
>> writing/maintaining that logic in assembly.  Use this in the 3 paths which
>> alter MSR_S_CET when both features are potentially active.
>>
>> To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN.  This is
>> common with the CET-SS setup, so reorder the operations to set up CR4 and
>> MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up
>> MSR_PL0_SSP and SSP if SHSTK_EN was also set.
>>
>> Adjust the crash path to disable CET-IBT too.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks,

> albeit with a nit and a remark:
>
>> --- a/xen/arch/x86/acpi/wakeup_prot.S
>> +++ b/xen/arch/x86/acpi/wakeup_prot.S
>> @@ -63,7 +63,26 @@ ENTRY(s3_resume)
>>          pushq   %rax
>>          lretq
>>  1:
>> -#ifdef CONFIG_XEN_SHSTK
>> +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT)
>> +        call    xen_msr_s_cet_value
>> +        test    %eax, %eax
>> +        jz      .L_cet_done
>> +
>> +        /* Set up MSR_S_CET. */
>> +        mov     $MSR_S_CET, %ecx
>> +        xor     %edx, %edx
>> +        wrmsr
>> +
>> +        /* Enable CR4.CET. */
>> +        mov     $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx
>> +        mov     %rcx, %cr4
>> +
>> +        /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP 
>> */
>> +
>> +#if defined(CONFIG_XEN_SHSTK)
> Just #ifdef, as it was before?

I can if you insist, but that's breaking consistency with the other
ifdefary.

>
>> @@ -90,10 +101,6 @@ ENTRY(s3_resume)
>>          mov     %edi, %eax
>>          wrmsr
>>  
>> -        /* Enable CET.  MSR_INTERRUPT_SSP_TABLE is set up later in 
>> load_system_tables(). */
>> -        mov     $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx
>> -        mov     %rbx, %cr4
> The latter part of this comment could do with retaining.

So I tried that in v1, and concluded not for v2.

There is nowhere appropriate for it to live, anywhere in this block. 
And it is an artefact of me bootstrapping SHSTK to start with.

The truth is that nothing about MSR_ISST_TABLE matters until
load_system_table sets up both this and the TSS IST fields together. 
IST exceptions are already fatal at this point for non-SHSTK reasons.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.