[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] x86/kexec: Fix kexec-reboot with CET active

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 7 Mar 2022 20:53:13 +0000
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, David Vrabel <dvrabel@xxxxxxxxxx>
  • Delivery-date: Mon, 07 Mar 2022 20:53:56 +0000
  • Ironport-data: A9a23:KNy4L6hw+01ltNmAD51CKmyyX161cBAKZh0ujC45NGQN5FlHY01je htvWDrUM/yONGD9L9pyaYmx8UhXu8eEydFqHFdur3wyE3gb9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6jefSLlbFILas1hpZHGeIcw98z0M78wIFqtQw24LhWFvS4 YiaT/D3YzdJ5RYlagr41IrbwP9flKyaVOQw5wFWiVhj5TcyplFNZH4tDfjZw0jQG+G4KtWSV efbpIxVy0uCl/sb5nFJpZ6gGqECaua60QFjERO6UYD66vRJjnRaPqrWqJPwwKqY4tmEt4kZ9 TlDiXC/YQ0wGPzNkd4FahRdHHEiNL1j5ZXWcHfq5KR/z2WeG5ft6/BnDUVwNowE4OdnR2pJ8 JT0KhhUMErF3bjvhuvmFK883azPL+GyVG8bklhmwSvUErANRpfbTr+RzdRZwC0xloZFGvO2i 88xN2cxMEueOEAn1lE/LJ0nt9WrqCLDQxYDoXK+o5UMv0zRw1kkuFTqGIWMIYHbLSlPpW6Ho krW8mK/BQsVXPST1yCM+H+oruTGmz/yUsQUGaHQ3u5nhhify3IeDDUSVECnur+ph0imQdVdJ kcIvC00osAa1mamU938VB2Qu2Ofs1gXXN84LgEhwFjTkOyOuV/fXzVaCG4aADA7iCMobTYz8 A6IlunxPDFqv+3JQGK4652F/DznbED5MlQ+TSMDSAIE5fzqr4cykg/DQ75fLUKlsjHmMWqum m7X9UDSk51W1JdWjPvjoTgrlhrx/sChc+Ij2unAsotJBCtdbZXtWYGn4EOzAR1ofNfAFQnpU JTpdqGjAAEy4XOlyXTlrAYlRujBCxO53Nv02wYH834JrWjFxpJbVdoMiAyS3W8wWir+RRfnY VXIpSRa74JJMX2hYMdfOtztVZp1nfW7TIS4DZg4i+aihLArL2drGwk0OSatM53FyhBwwcnTx 7/BGSpTMZrqIfs+l2fnLwvs+bQq2jo/1QvuqWPTlHyaPU6lTCfNE98taQLWBshgtf/siFiFo r53aprRoz0CAbKWX8Ui2dNKRbz8BSNgXs6eRg0+XrPrHzeK70l6U66Bme56Itc990mX/8+Rl kyAtoZj4AKXrRX6xc+iMxiPtJuHsU5DkE8G
  • Ironport-hdrordr: A9a23:AHYWGKlMsYlrxmqXT/JykLdXdrvpDfIi3DAbv31ZSRFFG/Fxl6 iV/cjzsiWE7gr5OUtQ/uxoV5PwIk80maQb3WBzB8bHYOCFghrLEGgK1+KLqFeMdxEWntQtrJ uIGJIfNDSfNzZHZL7BkWyFL+o=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The kexec_reloc() asm has an indirect jump to relocate onto the identity
trampoline.  While we clear CET in machine_crash_shutdown(), we fail to clear
CET for the non-crash path.  This in turn highlights that the same is true of
resetting the CPUID masking/faulting.

Move both pieces of logic from machine_crash_shutdown() to machine_kexec(),
the latter being common for all kexec transitions.  Adjust the condition for
CET being considered active to check in CR4, which is simpler and more robust.

Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT")
Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks")
Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in 
context_switch()")
Reported-by: David Vrabel (XXX which alias to use?)
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: David Vrabel <dvrabel@xxxxxxxxxx>
---
 xen/arch/x86/crash.c         | 10 ----------
 xen/arch/x86/machine_kexec.c | 10 ++++++++++
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c
index 003222c0f1ac..99089f77a7eb 100644
--- a/xen/arch/x86/crash.c
+++ b/xen/arch/x86/crash.c
@@ -187,16 +187,6 @@ void machine_crash_shutdown(void)
 
     nmi_shootdown_cpus();
 
-    /* Reset CPUID masking and faulting to the host's default. */
-    ctxt_switch_levelling(NULL);
-
-    /* Disable CET. */
-    if ( cpu_has_xen_shstk || cpu_has_xen_ibt )
-    {
-        wrmsrl(MSR_S_CET, 0);
-        write_cr4(read_cr4() & ~X86_CR4_CET);
-    }
-
     info = kexec_crash_save_info();
     info->xen_phys_start = xen_phys_start;
     info->dom0_pfn_to_mfn_frame_list_list =
diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c
index 751a9efcaf6a..d83aa4e7e93b 100644
--- a/xen/arch/x86/machine_kexec.c
+++ b/xen/arch/x86/machine_kexec.c
@@ -156,6 +156,16 @@ void machine_kexec(struct kexec_image *image)
      */
     local_irq_disable();
 
+    /* Reset CPUID masking and faulting to the host's default. */
+    ctxt_switch_levelling(NULL);
+
+    /* Disable CET. */
+    if ( read_cr4() & X86_CR4_CET )
+    {
+        wrmsrl(MSR_S_CET, 0);
+        write_cr4(read_cr4() & ~X86_CR4_CET);
+    }
+
     /* Now regular interrupts are disabled, we need to reduce the impact
      * of interrupts not disabled by 'cli'.
      *
-- 
2.11.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.