Xen project Mailing List

Re: [PATCH v2 69/70] x86/efi: Disable CET-IBT around Runtime Services calls

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Wed, 16 Feb 2022 10:14:29 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NfBFHIon4DQN6FibBfU6ww05ycs8WLzjZ4KvIryNk+8=; b=YQRVrGa2WD13NPx5SaSz8jazNRwV3lfmIW2yE2eZASLAU1tspZejE9AD1A7ojkaBvmKyVvXAeKLSr8TYrQ5AvZM0qz7Xlgs8wts3Wa78lxZIHutVV1PcFi5hFFNHfHGuVO8ZXYtvm+6/8nGHri8kGifS8mcDCo8mnE2M0P1Vo07oNH8s9LkKkKiTI+cx76Wkg0o9MCvTwmuHgQjEvsckUo4HAcRfGRWnF9UJiW1H7azGdRETlS+AAmPVmcRCc6C2M1nrEhrYc0YyV0avE5l4DwGepmiH2jwcc8ITYyfuSwYllkKkwQUEeM1IgTaLQIn1GmdQMYoCCvtPPvfVEamd9Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D9TQg/UjlzHMlEGvBpOdcRTZhcapHT8udX1H4SqZtuG8pwvt53rvjc0+8i+/QhP/LyabvcaLarnnPQ9hRXTGN/YLETWQ/bODpe5WSZ89D/gRGGl8S/KHkWc5Nil6K5KdAx/lZ1CrVp0n0Bs1howZpmuXEyixR5gv02D61QPXAcOA5SPxJ1q4o/ENZ6PVDc2BlbAGSbdWeEgRfC7MUXhFqqbevQ9adhVkeOIR1Tdshd1ckUT/NNmMxNd6O+ftLOIcBYeYclDL3auT2oBx9Rh5M9PiWH9Fq0b6oeewZnCRiSDhs0k8tiBWcWksd7ZpEBDgu2L0oAtnWhw/BcMFd6F/cQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 16 Feb 2022 09:14:39 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.02.2022 00:00, Andrew Cooper wrote: > On 15/02/2022 16:53, Jan Beulich wrote: >> On 14.02.2022 13:51, Andrew Cooper wrote: >>> --- a/xen/common/efi/runtime.c >>> +++ b/xen/common/efi/runtime.c >>> @@ -21,6 +21,7 @@ struct efi_rs_state { >>> * don't strictly need that. >>> */ >>> unsigned long __aligned(32) cr3; >>> + unsigned long msr_s_cet; >>> #endif >>> }; >> The latest with the next addition here we will probably want to ... >> >>> @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) >> ... no longer have this be the function's return type. > > So about this. > > why aren't we using __attribute__((force_align_arg_pointer)) ? It > exists in at least GCC 4.1 and Clang 6. Perhaps first and foremost because this is the first time I encounter this attribute, despite it having been around for so long. However, Clang 6 would be a little too high for the main box I have a Clang installed on - that's Clang 5 only (and, afaict, no option to upgrade without also upgrading the distro, while I'd also like to avoid having to also build myself Clang binaries; maybe sooner or later that's going to be unavoidable, though). While from binary searching its libraries it looks to know of that attribute, it still doesn't accept its use. The other issue I see is that using it would be fragile: We cannot afford to forget putting the attribute on any of the relevant functions. Whereas the present model makes it impossible to miss any instance. Finally the attribute's interaction with -mpreferred-stack-boundary= isn't spelled out anywhere. It looks to behave sanely on gcc 11, but who knows whether this has always been the case. Jan > We're way way overdue bumping the minimum toolchain versions, and Clang > 3.5=>6 is still very obsolete minimum version. This way, we're not > depending on some very subtle ABI mechanics to try and keep the stack > properly aligned. > > ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.