[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 2/2] xen/x86: Livepatch: support patching CET-enhanced functions



Hi Bjoern,

On 10/03/2022 07:35, Bjoern Doebel wrote:
Xen enabled CET for supporting architectures. The control flow aspect of
CET expects functions that can be called indirectly (i.e., via function
pointers) to start with an ENDBR64 instruction. Otherwise a control flow
exception is raised.

This expectation breaks livepatching flows because we patch functions by
overwriting their first 5 bytes with a JMP + <offset>, thus breaking the
ENDBR64. We fix this by checking the start of a patched function for
being ENDBR64. In the positive case we move the livepatch JMP to start
behind the ENDBR64 instruction.

To avoid having to guess the ENDBR64 offset again on patch reversal
(which might race with other mechanisms adding/removing ENDBR
dynamically), use the livepatch metadata to store the computed offset
along with the saved bytes of the overwritten function.

Signed-off-by: Bjoern Doebel <doebel@xxxxxxxxx>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
----
Changes since r1:
* (v2) use sizeof_field() to avoid unused variable warning
* (v3) make metadata variable const in arch_livepatch_revert
* (v4) rebase on top and make use of Andrew Cooper's was_endbr64() patch
* (v5) use padding byte to store offset rather than reducing opaque area
* (v6) style fixes

For the record, this patch depends on https://lore.kernel.org/xen-devel/20220308140126.8815-1-andrew.cooper3@xxxxxxxxxx/.

Your patch will be merged once the prereq has been merged.

Cheers,

--
Julien Grall



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.