[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] xen/CET: Fix __initconst_cf_clobber
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Thu, 3 Mar 2022 10:29:18 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ROQqiSTlb9OyluAuhgdY19GjFJI/EbkNuVhfA5yV2Pg=; b=aXLOu1nkdJZ8HwAVXC0Th3DvvgSG0n847SF2sFzeCE5R6SzkZMUFT9zh9Ytb4q0Bp/rQnydiomS9PNP7FDWX3TY+Bvi5q8NjAijbMNj+TA3VB0vOz+yW9lLgSGUlEFcj1ZylD66aNw6aLazOT7nnQU0H1O4Wg+794Q7wK7PpEY/NXD6aY9Z6kQtNdj6M+7rwiViHKtSvwVBRhGpldI1TN2bmWepB3QT2BTBRvK2A/4Uhjg9KyTZ47tTHH9otBgpridA8skMJus9yH0tL6dY5BJXfuc68+yCFP/yGaet5XWhwF4wBw9hJywv3dI1Gzpl9rlD0FiSdgGhUJu/MTLM5pQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OQ1zrheGl2/cyhgHcRAXrNxXJ9DmpZbOf9LDkMfoY7lZdod4Lz45YG+WFSV3YbGo17SNbXgy5ie6CS+Dpqd4qh7vaMQps/1D9KeHiwAf1sjSRenQSFkEpaduYgd6TsovVYD0dJHRdgS1uA1ueMD4/6hC6WEDaTA+sHutuXVUm9XE5VQTi3qH19YtggSeeR7uheA5/OwiUW/JXRtXk/HLuh/iArSkG+cFKv0fdF+ngo5cC+FyKH0K8isHcH7t8eCZlyJhM+T8hD7q7Mxhj/TD5U7l6nY0qC8UsrqUVnq44RfQKGgqUZaWQsWhTJQcER/evgqJsDxhjaGerGhBwse9mw==
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Thu, 03 Mar 2022 10:29:51 +0000
- Ironport-data: A9a23:7CfdOK4TvtSyYm0wwLQZdgxRtCXHchMFZxGqfqrLsTDasY5as4F+v mRLDW2AP62LN2L1L4snPdvk8E4BuMLUnNcwHVNvrCk3Hi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yE6j8lkf5KkYAL+EnkZqTRMFWFw0XqPp8Zj2tQy2YPhWFvU0 T/Pi5a31GGNimYc3l08s8pvmDs31BglkGpF1rCWTakjUG72zxH5PrpGTU2CByKQrr1vNvy7X 47+IISRpQs1yfuP5uSNyd4XemVSKlLb0JPnZnB+A8BOiTAazsA+PzpS2FPxpi67hh3Q9+2dx umhurSQRjlwO4bDnd9EQkd0CgFxbYle+bjudC3XXcy7lyUqclPpyvRqSko3IZcZ6qB8BmQmG f4wcW5XKErZ3qTvnez9GrIEascLdaEHOKs2vH16wC6fJvEhWZ3ZGI3B5MNC3Sd2jcdLdRrbT 5REMmUyMU+dC/FJElcqMZ5ine2mvyHyLyV1hWjNopoZ8lGGmWSd15CyaYGIK7RmX/59jkue4 27L4Wn9KhUbL8CEjyqI9Gq2ge3Clj+9X5gdfJWn8tZ6jVvVwXYcYDUUX1ampfiyimalRslSb UcT/0ITQbMarRLxCIOnBlvh/SDC7kV0t8ds//MSyA6zk6//7AOiX3laYidhZ4wCrM4xbGl/v rOWpO/BCTtqubyTbHuS8LaIsD+/URQowX8+iTwsFlVcvYS6yG0npleWF4s4Tvbp5jHgMWyom 1i3QD4Ca6L/ZCLh/4Gy5hj5jj2lvfAlpSZlt1yMDgpJAu6UDbNJhrBEC3CGtZ6sz67DFzFtW UTofeDEtoji6rnXyUSwrB0lRu3B2hp8GGS0baRTN5cg7S+x3HWoYJpd5jpzTG8wbJpaI2O3P B6I5l4IjHO2AJdMRfUtC25WI553pZUM6Py/DqyEBjawSsIZmPC7ENFGOhfLgjGFfLkEmqAjI 5aLGftA/l5BYZmLOAGeHr9HuZdyn3hW7TqKGfjTkkT2uZLDNSX9YepUbzOzghURsfrsTPP9q I0EaaNnCnx3DYXDX8Ug2dVLfABScCNiXsieRg4+XrfrHzeK0VoJUpf56bggZ5Zkj+JSkOLJ9 Wu6QUhW1Bz0gnivFOlAQikLhG/HNXqnkU8GAA==
- Ironport-hdrordr: A9a23:Ok0Mq6pH1qhMmqOl886TCncaV5uFL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssSkb6K290KnpewK4yXbsibNhcotKLzOWxFdAS7sSo7cKogeQVxEWk9Qy6U 4OSdkGNDSdNykYsS++2njDLz9C+qjHzEnLv5an854Fd2gDAMsAjzuRSDzraXGeLDM2XqbRf6 Dsgvav0gDQH0j/Gf7LYUXtMdKzxeHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoi2X KtqX242oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweTYph7UbHqhkF3nAjv0idprD D/mWZlAy1B0QKXQohzm2qq5+DU6kdq15Yl8y7AvZKsm72geNtwMbs/uWsQSGqm16NnhqAn7E sD5RPoi3IcZymw7RjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklW6voMRiKobzPKt MeRP00JcwmBW+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBqVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaMqAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu7djDlhCy8rBrZbQQF++oQoV4ridSt0kc7jmZ8 o=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYLoJgAXApmKaYwEKz6VCRfhdKvKytRW4AgAAwoAA=
- Thread-topic: [PATCH] xen/CET: Fix __initconst_cf_clobber
On 03/03/2022 07:35, Jan Beulich wrote:
> On 02.03.2022 23:10, Andrew Cooper wrote:
>> The linker script collecting .init.rodata.* ahead of .init.rodata.cf_clobber
>> accidentally causes __initconst_cf_clobber to be a no-op.
>>
>> Rearrange the linker script to unbreak this.
>>
>> The IOMMU adjust_irq_affinities() hooks currently violate the safety
>> requirement for being cf_clobber, by also being __initcall().
>>
>> Consolidate to a single initcall using iommu_call() (satisfying the
>> cf_clobber
>> safety requirement), and also removes the dubious property that we'd call
>> into
>> both vendors IOMMU drivers on boot, relying on the for_each_*() loops to be
>> empty for safety.
>>
>> With this fixed, an all-enabled build of Xen has 1681 endbr64's (1918
>> including .init.text) with 382 (23%) being clobbered during boot.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> This will do for the immediate purpose, so:
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Thanks.
>> --- a/xen/arch/x86/xen.lds.S
>> +++ b/xen/arch/x86/xen.lds.S
>> @@ -210,6 +210,12 @@ SECTIONS
>> DECL_SECTION(.init.data) {
>> #endif
>>
>> + . = ALIGN(POINTER_ALIGN);
>> + __initdata_cf_clobber_start = .;
>> + *(.init.data.cf_clobber)
>> + *(.init.rodata.cf_clobber)
>> + __initdata_cf_clobber_end = .;
>> +
>> *(.init.rodata)
>> *(.init.rodata.*)
> I wonder if this shouldn't really be two sections. Live-patching will
> need to supply two ranges to apply_alternatives() anyway (one for each
> section, unless you want to start requiring to pass a linker script to
> "$(LD) -r" when generating live patches, just to fold the two sections),
> so in the core hypervisor we may want to follow suit.
I don't see why livepatches would need two sections - they're linked in
a similar way to Xen IIRC. Either way, if changes are needed, they
should be part of the livepatch work.
>> --- a/xen/drivers/passthrough/x86/iommu.c
>> +++ b/xen/drivers/passthrough/x86/iommu.c
>> @@ -462,6 +462,12 @@ bool arch_iommu_use_permitted(const struct domain *d)
>> likely(!p2m_get_hostp2m(d)->global_logdirty));
>> }
>>
>> +static int cf_check __init adjust_irq_affinities(void)
>> +{
>> + return iommu_call(&iommu_ops, adjust_irq_affinities);
>> +}
>> +__initcall(adjust_irq_affinities);
> I assume it is intentional that you didn't re-use the inline wrapper,
> to avoid its (then non-__init) instantiation to stay with an ENDBR.
> Yet then you could at least _call_ that wrapper here, instead of open-
> coding it.
No - that was unintentional. I only merged the initcalls late during
development and forgot the wrapper.
I've adjusted to:
- return iommu_call(&iommu_ops, adjust_irq_affinities);
+ return iommu_adjust_irq_affinities();
> And I further think the iommu_enabled checks should move out
> of the vendor functions, plus the hook also has no need anymore to have
> a return type of int. I guess I'll make a follow-on patch if you don't
> want to fold this in here.
Yeah, I'd prefer not to fold cleanup into this bugfix, but there are
certainly improvements to be done.
~Andrew
|
