[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking


  • To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 16 Feb 2022 21:59:47 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lz7K2ltQNzFGFu55w3iG0G/eidwsqwDIT34Zd0SFUIE=; b=c1Dixyo7HBcYOI3s62cxskry01BLbsddT1JHDhJS8ODLDIRqRJK0rp0lug707C3weqrHnlKzej0OnRYoeiDScTcKkhYTt+A3oMykGKzvxcyH+K4WJ4ycI5E4xMwOstb0Ryh15lXRwivtLjSWo/KLBuJOXxRX1ioipsZ6mzsZ9bbtlj8SWPGg3qh2eAr1c0kxLRSfifMtSAzO3V3eWuope5dx/xpAUN+Ey72YMd6iS+MNxPLvn+7g6I6GgPanacAy9UMJjvjSmE3FAEJRipqJgVKoGKJMTm+FvF3USNJ18oGzvExgCKhHZuylTI1uAIlG+gyLEV5tv6hra09UCiXnnA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aPaAFVqsPrBekjiCiEEIfL0ppY+3vfS5vzNOMyIzMwF3t4KHdF/HjiYxQBu1ROVBKlQXpYRKaCfnVxRbXQbpIKI2y3q7j1RMI6EmUKCg+YHrljmruXjKtOlU5zNr5KOVdrPLI+9I4uV5G4+nELHbVSQY9qBi6tSJBdyi1LVtEWbyuKDxOc1Fhg/MxtoOQ4ljFc6ockT4R5RHi6Dk5zHnljfCyQ/5j59wMjMmy6gNtSebTvL/AFE9CAP+SImuWbrBWcMFX0PSLJzoiWRcqeKjwST75lAb1asz68WoMYRSQKeTosximY5b3+rx7V37Hxa7lI0jvVe/5uB1wf+ZAnG90A==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 21:59:55 +0000
  • Ironport-data: A9a23:g5okI6M7HeVs5MPvrR32kcFynXyQoLVcMsEvi/4bfWQNrUoh0WAGn WJJUWrUP//bM2X8LYtzao+x9UpVvpCHnd5nTAto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdpJYz/uUGuCJQUNUjMlkfZKhTr6UUsxNbVU8En1500s9w7RRbrNA2rBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKk3N6CpR0YUd6EPdgKMq 0Qv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYoxqTpY5p5 fZSj7mbeCQ1M7LLk8Y5SjANRkmSPYUekFPGCX22sMjVxEzaaXr8hf5pCSnaP6VBpLwxWzsXs 6VFdnZdNXhvhMrvqF6/YsBqit4uM4/AO4QHt2s75TrYEewnUdbIRKCiCdpwgmtq1psQQ662i 8wxOTZTZyzKUhN1Ig1IEo0Dp+frm1LBSmgNwL6SjfVuuDWCpOBr65DhKMHQe8CKbcxNk1yEu 3nd+GDkHhAdMsfZwj2AmlquifXIhjjTQ58JGfuz8fsCqE2ewCkfBQMbUXO/oOKlkQiuVtRHM UsW9yEy668o+ySDS9DnWhSirX2svxgCWsFRGek39AGMzKXP5w+TQGMDS1Zpd9gOpMIwAzsw2 TehndnkGDhuu729Um+G+/GfqjbaESoIKW4PYwcUQA1D5MPsyKkolQ7GRNtnFK+zj/X2FCv2z jTMqzIx74j/luZSif/9pwqexWvx+N6ZFWbZ+zk7QEqK9DknfKOGeLaNwmn48ftfK427akCo6 S1sd9el0MgCCpSElSqoSeoLHa206/vtDAAwkWKDDLF6qW3zpifLkZR4pWgneRw3appslSrBP ReL0T698qO/K5dDgUVfR4uqQ/onwqH7fTgOfqCFN4EeCnSdmeLuwc2PWaJy9z21+KTPuftmU Xt+TSpKJSxHYUiA5GDrL9rxKZdxmkgDKZr7HPgXNSiP37uEf2KyQrwYKlaIZe1RxPra/FmEr o8FZprbkk83vAjCjs//q9N7wbcidyZTOHwLg5YPKr7rzvRORAnN9MM9MZt+Itc4zsy5Z8/D/ 22nW18w9bYMrSavFOl+UVg6MOmHdc8m9RoTZHVwVX71iylLSdv+t883KspoFYTLAcQ+lJaYu dFeIJ7eahmOIxyakwkggW7V9twyLk/62ljXYkJIolEXJvZdeuAAwfe9FiPH/ygSFCun88w4p ryrzATARpQfAQ9lCa7rhDiHljtdZFARx7B/WVXmON5WdBm++YRmMXWp3PQ2P9sNOVPIwT7Dj 1SaBhIRpO/spY4p8YaW2fDY/tnxS+YuTFBHG2T77KqtMXWI9GSU3oIdAv2DeirQVT2o9fz6N /lV1fz1LNYOgE1O79hnC79uwK9nv4nvqrZWwx5KBnLOa1j3WLpsLmPfhZtEt7FXx68fsgyzA xrd9t5fMLSPGcXkDF9Oe1Z1MrXdjakZw2CA4+40LUP24D5M0ICGCUgCbQORjCF9LaduNN93y +kWp8NLuRe0jQAnM4jag3kMpXiMNHEJT44uqooeXN3wkgMux1xPPc7cByvx7M3dYtlAKBB3c Dqdha6EjLVA3EvSNXE0ECGVj+ZagJ0PvjFMzUMDeAvVyoaU2Kdv0U0D6ykzQyRU0g5DgrB6N WVcPkFoIbmDomVzj89ZUmHwQwxMCXV1IKAqJ4flQIEBc3SVaw==
  • Ironport-hdrordr: A9a23:kVBsaaoX2U/AQj+oAVx6sqEaV5uPL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssSkb6K290KnpewK4yXbsibNhc4tKLzOWxFdAS7sSrLcKogeQVBEWk9Qy6U 4OSdkGNDSdNykYsS++2njDLz9C+qjGzEnLv5an854Fd2gDAMsAjzuRSDzraXGeLDM2X6bRf6 Dsgvav0gDQH0j/Gf7LYUXtMdKzxeHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoi2X KtqX272oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweTYph7UbHqhkF2nAjv0idurD D/mWZmAy1B0QKWQohzm2q15+DU6kdr15Yl8y7BvZKsm72jeNtwMbs/uWsQSGqm16NnhqAg7E sD5RPoi3IcZymw7RjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklWqvoMRiKoLzPKt MeR/00JcwmBW+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNB6Vs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaNaAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu4hjDlhCy8vBrZbQQF++oWEV4rydSq8kc77mst 6ISedrP8M=
  • Ironport-sdr: /zBoNJfBC5Po0FR/6Tg+YuXKwf6kwPlJMOBbtRMHHzV/b5iy7r8ngpA4xlrGmpgxf/owLY1Ngq Cn7DABKDjmnYoxTdBFGgFrlO/ex1QKWNqNCvZ1o8GTyus3qbYCaWEqpMNfPRrZwcEEAH6XMDzV fzYL1r2X38++KNCXxCAGorZ2K89SxJEtSTQowEHg10LL+qPJTmxc+Bx235/t2QnXCc7taTpGCI EFNKHARObsTW3wmz/Q3uln7JkHt8Im06mEQsTpGJ52G7+jkdqWIA5gQTv4C2pm9iluXICpfuVG T20w5vGksgJgMFPlrdMK3rHV
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYIaGi+1XAXGQfKUGTLygtpBu/SKyTBUWAgAAJC4CAAAkaAIAABn4AgAOf2oA=
  • Thread-topic: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking

On 14/02/2022 14:38, Jan Beulich wrote:
> On 14.02.2022 15:15, Andrew Cooper wrote:
>> On 14/02/2022 13:43, Jan Beulich wrote:
>>> On 14.02.2022 14:10, Andrew Cooper wrote:
>>>> On 14/02/2022 12:50, Andrew Cooper wrote:
>>>>> CET Indirect Branch Tracking is a hardware feature designed to protect 
>>>>> against
>>>>> forward-edge control flow hijacking (Call/Jump oriented programming), and 
>>>>> is a
>>>>> companion feature to CET Shadow Stacks added in Xen 4.14.
>>>>>
>>>>> Patches 1 thru 5 are prerequisites.  Patches 6 thru 60 are fairly 
>>>>> mechanical
>>>>> annotations of function pointer targets.  Patches 61 thru 70 are the final
>>>>> enablement of CET-IBT.
>>>>>
>>>>> This series functions correctly with GCC 9 and later, although an 
>>>>> experimental
>>>>> GCC patch is required to get more helpful typechecking at build time.
>>>>>
>>>>> Tested on a TigerLake NUC.
>>>>>
>>>>> CI pipelines:
>>>>>   https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/470453652
>>>>>   https://cirrus-ci.com/build/4962308362338304
>>>>>
>>>>> Major changes from v1:
>>>>>  * Boilerplate for mechanical commits
>>>>>  * UEFI runtime services unconditionally disable IBT
>>>>>  * Comprehensive build time check for embedded endbr's
>>>> There's one thing I considered, and wanted to discuss.
>>>>
>>>> I'm tempted to rename cf_check to cfi for the function annotation, as
>>>> it's shorter without reducing clarity.
>>> What would the 'i' stand for in this acronym?
>> The class of techniques is called Control Flow Integrity.
>>
>>>  Irrespective of the answer
>>> I'd like to point out the name collision with the CFI directives at
>>> assembler level. This isn't necessarily an objection (I'm certainly for
>>> shortening), but we want to avoid introducing confusion.
>> I doubt there is confusion to be had here.  One is entirely a compiler
>> construct which turns into ENDBR64 instructions in the assembler, and
>> one is a general toolchain construct we explicitly disable.
> Hmm. I'm still at best half convinced. Plus we generally have been
> naming our shorthands after the actual attribute names. By using
> "cfi" such a connection would also be largely lost. Roger, Wei,
> others - do you opinions either way?

My point is this.  Doing nothing is my easiest option.

But if anyone has length/alternative suggestions, dealing with them now
is going to be infinitely easier than once this series is committed.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.