[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/cet: Use dedicated NOP4 for cf_clobber

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 8 Mar 2022 15:37:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aYoeYTUrEsfdZN8EWGkJp4LDTrT0YyJ7/wR7cBQ7f5I=; b=iFD4Y2Vt5/9WnnL3+YXwvyzCXijeHcrc6LmLMoO5uxNJXP4i88HdCSTgw6DCxhWse2O9ruFJ6PBf50i/7pHG2X1pw4435hR1hISB8sq6slhokqshlhjAL4ccaKzCLabhizdFxSG8T9SPxYZaZ8nYnAxGFhRZzRvaCSdpb3wgKk2Fc7KAbGTBwWgEggZMBO0feMWR+dgBX3vg26UTz2vm8ViTR1/UwQdSJPG+HpS0ts251haf4Lrc1WNFy5p3spXljwfUpf/S75WrWSBdLPSOdJnUW2clueXvrk9vnE5zDDixJF5jxYpgpFR1r8myG1ZJWNUaKWOkY+TZe2ErPKuCWg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cv9c7JF2wQlSX67PMnTvp18LGuSxuiBU1EDO76K/VeF2+nS/XSGcMSUkPyOgQJEMpXgC5krQ4NsPAowuKHrv5bnZ4Ip6Zno9m78DxfCjg+3vXm15FhoZcGNV6fSvFJdxN3DBjxeE5l6GdcG+qE+wgHos4ObW0VJsIu8Ee96In7OfGwO4Xiv3dnYBrWiBE9pOG3O9t32d3UWCXaMzJXYNuOSiTd9rTDUPz+8aPts3gcxKLz8cl4RjSoOgFplyQgSVN5uXQjAiLi5h071GcghIj8Ts/cBJNv/xZxMIe6VRtIIJ0IqN3JqOVtHm8R51z7qUdxUbMkDeEW2+jen9Oye8hA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, Michael Kurth <mku@xxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 08 Mar 2022 14:37:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 08.03.2022 15:01, Andrew Cooper wrote:
> For livepatching, we need to look at a potentially clobbered function and
> determine whether it used to have an ENDBR64 instruction.
> 
> Use a non-default 4-byte P6 long nop, not emitted by toolchains, and introduce
> the was_endbr64() predicate.

Did you consider using ENDBR32 for this purpose? I'm worried that
the pattern you picked is still too close to what might be used
(down the road) by a tool chain. If ENDBR32 isn't suitable for
some reason, how about "nop %sp" or "nopw (%rsp)" (and then maybe
even "data16" substituted by rex, cs, ds, es, or ss)?

One neat thing about ENDBR32 would be that you wouldn't even
need memcpy() - you'd merely flip the low main opcode bit.

> Bjoern: For the livepatching code, I think you want:
> 
>   if ( is_endbr64(...) || was_endbr64(...) )
>       needed += ENDBR64_LEN;

Looks like I didn't fully understand the problem then from your
initial description. The adjustment here (and the one needed in
Björn's patch) is to compensate for the advancing of the
targets of altcalls past the ENDBR?

> --- a/xen/arch/x86/include/asm/endbr.h
> +++ b/xen/arch/x86/include/asm/endbr.h
> @@ -52,4 +52,16 @@ static inline void place_endbr64(void *ptr)
>      *(uint32_t *)ptr = gen_endbr64();
>  }
>  
> +/*
> + * After clobbering ENDBR64, we may need to confirm that the site used to
> + * contain an ENDBR64 instruction.  Use an encoding which isn't the default
> + * P6_NOP4.
> + */
> +#define ENDBR64_POISON "\x66\x0f\x1f\x00" /* osp nopl (%rax) */

In case this remains as is - did you mean "opsz" instead of "osp"?
But this really is "nopw (%rax)" anyway.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.