Xen project Mailing List

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Tue, 8 Mar 2022 08:06:02 -0500

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3U3C21nHbh6mCK8Uus/6EZdN0ukFe+dqwkhazJX0mcQ=; b=RU4WLfqEF7WM5mCxDKxxquSP464Mbh0AOJcFaazC6EqEQYfKc3s/69CBBGHzZbusVVE9+vOOuWm4zmiXYqo9lHayJz1ebJhIHlayJfYvAO1+9ly7KriAlk85XtYz0zw7coAeALGiM9FIwNSerQVNs3KHFg+JN4c4Z+wYGpIQqr00axAL4alhdmqPRq1fvER4Y3Po0ebO5S6U/Y0pMojFVx/m//h0SqjxFLgxW/Wf2lI7bm+b7iiyDIcVkfwBnTQSzIqDIYzyZW0SxjzhkJx6AZaHUHDuL+ZWhBAOE0qFJ8v9s/I2EuI+pBHtTXZ3pRLs7XKYehLntn+7E0zIBbg69g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ILakcvTkwE1+9VuNmQObt2wr4jROyZXkdVvR09dfwUwFBfontVknKpuua8I7QFzoFSF6Gd+zH/HybBsNzkFhfbS1I+cQKnwDyEPy/ZXScCJwPEY0/P2Rq6PfjgE8rsEAU+1B/h3Vo8Kh1vhXotxWYzKx5qiWYstAhjQu1C7eN9bIUBY4GicVFpTzTNxegTm+LYDM2LzUi9WI/AmhF4jg4OZ3K3h5TvSm3mYjvH4JMJSJDl2xHWZFywYWv32DY2MwtBhFRvuok6K+LXHPeyQj4g6TPx9g48GZa55cK2QLOJ2I4PgdsSOKSkeCtx3+NS2deiEJsooeWNIeNlAPsodBrQ==

Cc: Bjoern Doebel <doebel@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Michael Kurth <mku@xxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Delivery-date: Tue, 08 Mar 2022 13:06:24 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Mar 08, 2022 at 12:44:54PM +0000, Andrew Cooper wrote: > On 08/03/2022 10:29, Bjoern Doebel wrote: > > @@ -104,18 +122,34 @@ void noinline arch_livepatch_revive(void) > > > > int arch_livepatch_verify_func(const struct livepatch_func *func) > > { > > + BUILD_BUG_ON(sizeof(struct x86_livepatch_meta) != > > LIVEPATCH_OPAQUE_SIZE); > > + > > /* If NOPing.. */ > > if ( !func->new_addr ) > > { > > /* Only do up to maximum amount we can put in the ->opaque. */ > > - if ( func->new_size > sizeof(func->opaque) ) > > + if ( func->new_size > sizeof_field(struct x86_livepatch_meta, > > + instruction) ) > > return -EOPNOTSUPP; > > > > if ( func->old_size < func->new_size ) > > return -EINVAL; > > } > > - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) > > - return -EINVAL; > > + else > > + { > > + /* > > + * Space needed now depends on whether the target function > > + * starts with an ENDBR64 instruction. > > + */ > > + uint8_t needed; > > + > > + needed = ARCH_PATCH_INSN_SIZE; > > + if ( is_endbr64(func->old_addr) ) > > + needed += ENDBR64_LEN; > > This won't work for cf_clobber targets, I don't think. The ENDBR gets > converted to NOP4 and fails this check, but the altcalls calling > old_func had their displacements adjusted by +4. > > The is_endbr64() check will fail, and the 5-byte jmp will be written at > the start of the function, and corrupt the instruction stream for the > altcall()'d callers. > > Let me write an incremental patch to help. Please add Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> on the patches. Thank you > > ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.