Xen project Mailing List

Re: [PATCH v2 06/70] x86: Introduce support for CET-IBT

From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Wed, 16 Feb 2022 21:54:56 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4CdaV5XZvvzfZn3L7inuYC3WF1kLNIJVIbm73IUmq90=; b=WteRwn7ARCpIrX5kbMLVWCmvUtfbHRLZCuSZVYVQq3UKIu8FcxdJYjru+ykXvmZ0QDJAYIsuunBKK5b2TidFsZKunSwM1baJJEARKl0qUsOAl6Vc+qhLT/6y/2fMNgfpQC+hB7+Ho6lplrJP/NDAjUWXNgrpMAtHitKWTNCWbo/J1efpWL2suS0PyTjwk4h0Huvu1XCq8FciFrDukkxcRjcZ5Ai717Ez2vLGGFqyA+KZA49hPxByopDC7OmANqq2g16sae0ev3s64GK3OZju0gcKboBMPNuHreV8RJbIYdmz/RM0XJ8PwN+IzlfjjVBfhd+y4MJynwUArz/UaDJ0pw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i050TjaqKDpNXd2M9VDRkxYWurWrEGo546q8gZs4EsCvhevMf+mdO1ungpDViTGtabpKJv/TRO6EhQODQftOkojBmAa+EQ1ILgGArIc8Cn9ChYKcC/IxfPuquNbBJWFTFPXPyF7ejh3j4/eSKADP2jJ1BOkQ/Vf6NWafQYiRN28u1si2sz7fEdHjJTju1lGFl3DyXqAWfLv84+EpB505eLALpPlAenu2QNVFaebN1EcKXakEZHrLWFqcpwwSLa0B19miExZT8gWVb+Q2G45kwh8xFPloSE8lPayTc4gsYyTOTSyoa1twmIbCR39tNBhhWnviVutxgpDFd4Yad24ZLQ==

Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 16 Feb 2022 21:55:17 +0000

Ironport-data: A9a23:7yQ6jqKrkBOON2VMFE+RCpIlxSXFcZb7ZxGr2PjKsXjdYENShDMHz mIcCmmPbKzbYTf9Kt5yOYXl90kHvpWBnddiHQRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUakideSc+EH170Ug6xbZj6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB3OuM5g0 dBGi6W0ClsOYOrGwvtCVh1hRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Gls3JAVQaqFD yYfQShycEraYgNlAHssVJAws+q1q13iVhQN/Tp5ooJoujOOnWSdyoPFINfTP9CHW8hRtkKZv X7duXT0BAkAM96SwibD9Wij7sfQmQvrVYRUE6e3ntZoilCOwm0YCDUNSEC25/K+jyaDt8l3c hJOvHB09O5rqRLtHoKVswCETGCs+TkCSsNVGNMD7ELR7fST6VyGWW0Ad2sUADA5j/MeSTsv3 16PutrmAz1zrbGYIU6gGqeoQSCaYnZMczJbDcMQZU5cuoS4/tlv5v7aZos7SMaIYsvJ9SYcK txghAw3nP0tgMECzM1XFniX0mv39vAlouPYjzg7v15JDCskPOZJhKTysDA3CMqsyq7DEzFtW 1BexqCjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9wMsWwnfhY4Y59eEdMMX KM1kVkMjHO0FCH0BZKbnqrrU5h6pUQePYiNug/ogipmPcEqKV7vENBGbk+MxWH9+HXAYolkU ap3hf2EVC5AYYw+lWLeb75EjdcDm3BvrUuOFMuT50n2jtKjiIu9FO5t3K2mNbtisstpYWz9r r5iCid9408PALelM3aNqNN7wJJjBSFTOK0aYvd/L4arCgFnBHsgG7nWx7YgcJZihKNbiqHD+ XTVZ6OS4ACXaaTvJVrYZ3Z9RqnoWJoj/3s3MTZ1ZQSj2mQ5YJbp56AaLsNlcb4i/e1l7Ph1U /haJJnQXqUREmzKq2YHcJ3wjI1+bxD31wiACDWoPWokdJl6Sg2XptK9Jlnz9DMDBzacvNclp +HyzRvSRJcOHlwwDMvfZP+14Um2uHwRxLB7U0fSe4EBc0Tw6ol6bSf2i6Zvcc0LLBzCwBqc1 hqXXkhE9bWc/ddt/YCQ166eroqvH+9vJWZgHjHWveSsKC3X3mu/2oscAuyGSi/QCTHv86K4a OQLk/ylaK8bnExHupZXGqpwyf5s/MPmorJXw1g2HHjPaFj3WLpsLmPfgJtKv6xJgLRYpRG3S gSE/dwDYeeFP8bsEVgwIgs5b7vciaFIy2eKtfllcl/n4CJX/aacVRQANhaBvyVRMb9pPd532 uwmosMXt1SyhxdC3gxqVcyIG7Bg9kA9bpg=

Ironport-hdrordr: A9a23:G8WKB6pniY6nwQ0Ybi1LOuAaV5uPL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssSkb6K290KnpewK4yXbsibNhc4tKLzOWxFdAS7sSrLcKogeQVBEWk9Qy6U 4OSdkGNDSdNykYsS++2njDLz9C+qjGzEnLv5an854Fd2gDAMsAjzuRSDzraXGeLDM2X6bRf6 Dsgvav0gDQH0j/Gf7LYUXtMdKzxeHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoi2X KtqX272oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweTYph7UbHqhkF2nAjv0idurD D/mWZmAy1B0QKWQohzm2q15+DU6kdr15Yl8y7BvZKsm72jeNtwMbs/uWsQSGqm16NnhqAg7E sD5RPoi3IcZymw7RjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklWqvoMRiKoLzPKt MeR/00JcwmBW+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNB6Vs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaNaAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu4hjDlhCy8vBrZbQQF++oWEV4rydSq8kc77mst 6ISedrP8M=

Ironport-sdr: MGqM3qF2EOW1V3YY9EPaDikB/x1v+boGNzhdvqPMl3EMIkGPC53tCoiii3jXnJ5q5jJmQGus8e xCSuBpmn0NTviinhcFFMFz6BlZh9U94x4XEOZ7O/nkmMb9krZDaE2h1sMY7VxySAaayeYvPoFc +ghZyF4wIPToJrdKObNzTULz3b985yQ8GWm3vyBlW5du9Ah4E5MBMOEQcSzZAC+NNYNrQ9lFly i0V3NmROYWdH8Ruh/9BHLyiugpWAyl2xueNAG3PdSWUDOhqSHRgJP6yYuUByvmGtyxcqZEdBIy tRwR44zgt/KgvEB5y6aXmwLc

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYIaGnWFhAM4OJ5EW/0Vr9kMg6BqyUpdoAgAIWjgA=

Thread-topic: [PATCH v2 06/70] x86: Introduce support for CET-IBT

On 15/02/2022 14:01, Jan Beulich wrote: > On 14.02.2022 13:50, Andrew Cooper wrote: >> --- a/xen/arch/x86/Kconfig >> +++ b/xen/arch/x86/Kconfig >> @@ -39,6 +39,11 @@ config HAS_AS_CET_SS >> # binutils >= 2.29 or LLVM >= 6 >> def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) >> >> +config HAS_CC_CET_IBT >> + # GCC >= 9 and binutils >= 2.29 >> + # Retpoline check to work around >> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 >> + def_bool $(cc-option,-fcf-protection=branch -mmanual-endbr >> -mindirect-branch=thunk-extern) && $(as-instr,endbr64) > At the top of asm-defns.h we have a number of similarly operand-less > instructions expressed via .macro expanding to .byte. I don't see why > we couldn't do so here as well, eliminating the need for the > $(as-instr ...). In fact ... > >> --- a/xen/arch/x86/include/asm/asm-defns.h >> +++ b/xen/arch/x86/include/asm/asm-defns.h >> @@ -57,6 +57,12 @@ >> INDIRECT_BRANCH jmp \arg >> .endm >> >> +#ifdef CONFIG_XEN_IBT >> +# define ENDBR64 endbr64 >> +#else >> +# define ENDBR64 >> +#endif > ... it could also be this macro which ends up conditionally empty, > but would then want expressing as an assembler macro. Albeit no, the > lower case form would probably still be needed to deal with compiler > emitted insns, as the compiler doesn't appear to make recognition of > the command line option dependent on the underlying assembler's > capabilities. $(as-instr) isn't only for endbr64. It also for the notrack prefix, which GCC does emit for any function pointer call laundered through void * even when everything was otherwise cf_check. It's another area where treating the cf_check-ness as type-checking falls down, and created some very weird build failures until I figured out that Juergen's "Don't use the hypercall table for calling compat hypercalls" really did need to be a prerequisite. CET-IBT toolchain support is 3 years old already, and I don't think there is any value attempting to support a developer mixing a new GCC and ancient binutils. >> --- a/xen/arch/x86/include/asm/cpufeatures.h >> +++ b/xen/arch/x86/include/asm/cpufeatures.h >> @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW >> used by Xen for PV */ >> XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for >> HVM */ >> XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for >> idle */ >> XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow >> Stacks */ >> +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect >> Branch Tracking */ > Is a feature flag actually warranted here, rather than a single > global boolean? You don't key any alternatives patching to this > bit, unlike was the case for XEN_SHSTK. And the only consumer is > cpu_has_xen_ibt, expanding to the boot CPU's instance of the bit. These are just bits. They long predate alternatives finding a convenient use for the form, and are 8 times more compact than a global boolean, with better locality of reference too. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.