Xen project Mailing List

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 1 Mar 2022 12:59:09 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=euxWGwpNFpXQayf1WVFqTvC95+comyZxg0/6MsdppYw=; b=MQ7O+YEthIfeHC1OI/UADKld26qo6JYGIpcMlcJbqQ5AFvanF/J+UtYIatSBuh5cLrRc4PojIjNthQoEJSYJOXvUviIhBArFeeNHel5d5bS7g0tGikzyLqT6b5RE1CbUXa6M7ZxDPwdVHBTKWw4eJ/psXQdJ6lD9iXBqFqb/pI0Sumq057pClpMOSKoV+g6cBjiq0J0G3hUX0dv+vX9knY1EiVx2zqT4VM6nO8BcCASdvVH7MB/uHki6lGnSi7fZofsnWxg/XogRe1ALyLyzxtw9CEDlZS68Coef6iv7OEcAgXRX4ppcCjmZrzMNLmNh2P+IWspgXVE3gCKCNPueeQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h/lJyp+tvL1+Jbk1hCI0A2FR/JKfRj7kCfyWsae94+/z+eeblDkKt2ovyDsGl8+40BU81ulfTyXNbMNO3MaY4VkdAghXtze/cEAg+EPmU4Bg25LSpN1VclQdlbguAfitPh+LvOMJ1OJW+G2tNlQmUtv0w8FTHIkxG3ANEkFD+26+7ZHw+9Be4rzgLHOnlYKE+tXNu2MKG7ImYJo1z1amQ2wWfkagj9X4O2kXu3rTaE5m1zWcZ8VBEb70f3TXkG4QSPNFg2ccR6EDqxZ7Dv4yI7zeVw+nlN3KmltLz5mhEOQeSUxLS4KTxZgZ67YXjSI+4E9KQkzH3FEf8CSvZYyjdA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 01 Mar 2022 11:59:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.02.2022 13:56, Andrew Cooper wrote: > @@ -330,6 +333,41 @@ static void init_or_livepatch _apply_alternatives(struct > alt_instr *start, > add_nops(buf + a->repl_len, total_len - a->repl_len); > text_poke(orig, buf, total_len); > } > + > + /* > + * Clobber endbr64 instructions now that altcall has finished optimising > + * all indirect branches to direct ones. > + */ > + if ( force && cpu_has_xen_ibt ) Btw, this is now also entered when the function is called from apply_alternatives() (i.e. when livepatching), but ... > + { > + void *const *val; > + unsigned int clobbered = 0; > + > + /* > + * This is some minor structure (ab)use. We walk the entire contents > + * of .init.{ro,}data.cf_clobber as if it were an array of pointers. > + * > + * If the pointer points into .text, and at an endbr64 instruction, > + * nop out the endbr64. This causes the pointer to no longer be a > + * legal indirect branch target under CET-IBT. This is a > + * defence-in-depth measure, to reduce the options available to an > + * adversary who has managed to hijack a function pointer. > + */ > + for ( val = __initdata_cf_clobber_start; > + val < __initdata_cf_clobber_end; ... this being main binary boundaries, no action would be taken on the livepatch binary. Hence (also due to having been here before during boot), all that I understand will happen ... > + val++ ) > + { > + void *ptr = *val; > + > + if ( !is_kernel_text(ptr) || !is_endbr64(ptr) ) > + continue; > + > + add_nops(ptr, 4); > + clobbered++; > + } > + > + printk("altcall: Optimised away %u endbr64 instructions\n", > clobbered); ... that this message be logged once per patch load (with a number of 0). I think the enclosing if() wants to be amended by "&& system_state < SYS_STATE_active". If you agree, I can easily make a patch. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.