Xen project Mailing List

Re: [PATCH] x86/cet: Clear IST supervisor token busy bits on S3 resume

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 14 Mar 2022 15:16:28 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lKy9kjb4F95P5+EZuYqqtKU6trViXlEUaxZ/EqpPj8w=; b=mRKwymn8j0wT/0hlEk+C+lqTl4XR7LCkFV4tCnWsRO+oKO0TBCKI0jEO/XO8Kkgz+HrUSLNTMTpWMKjaZ9t0YkwHChOUwQRoA9EqH7WnQZwNQqTjSIGZLaRAvj56QR69CkAaZuP3pb0ljONzqQmb0pP+YSpIgoz1VW2XeJL16iJ7IzqMjcboH9MdyDndlVrLk/YUxJrnE6kY8jF4WAVO4KyhDbpFJsm59vZ9wiKxoY02pOlRWJ7Yfv+jSP6ypQS8aX7H99YGrhpNY/kNTulV4WLnb0tE6FPG1rB0oAYd/DRXzxKVJ0nLtWpfhjg4l7HioJ1oA+2wJsRgm3J2Nca+Tg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XFA3uquhWfE4LI1miSKfSBGXaKbU2bhNcRvHJCtL+zYetv1rL+kQ1u+u0QSi+XHuriQdtaA0rQmAGZrAO/JUN5NV9uw3Nnx6QEFQsBv4EeDe3eLVc86naf1E6ZRoGei8rdLhhJOokjXsNOyZ1ReUrIpEqjaCk1dvJrc+npm9aORdEYl4eknmAPQa1MMONCcH4zYWbqYv1fWdF8YATdKL7qvhDzC2eEaFtMu1zM4gXh/Q5c0PwObspr/+xnNHAthlk1cD/CXi2xRLIPigZNKUbOVf5GZN9bFdf48jMJ1mAl8yhbjGkaFbDRa2eZVtO/umWFyEnW+pe6kUMO0JEX7x9Q==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 14 Mar 2022 14:16:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.03.2022 12:00, Andrew Cooper wrote: > Stacks are not freed across S3. Execution just stops, leaving supervisor > token busy bits active. Fixing this for the primary shadow stack was done > previously, but there is a (rare) risk that an IST token is left busy too. > This will manifest as #DF next time the IST vector gets used. Under what (rare) condition would this happen? The only scenario I could come up with (which wouldn't result in a crash anyway) is the NMI watchdog hitting after a CPU was already taken offline, and the handler not managing to complete before power is cut. I think it would help to mention one such specific case. > --- /dev/null > +++ b/xen/arch/x86/include/asm/shstk.h > @@ -0,0 +1,46 @@ > +/****************************************************************************** > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; If not, see <http://www.gnu.org/licenses/>. > + * > + * Copyright (c) 2022 Citrix Systems Ltd. > + */ > +#ifndef XEN_ASM_SHSTK_H > +#define XEN_ASM_SHSTK_H > + > +/* > + * RDSSP is a nop when shadow stacks are active. I guess there's a "not" missing here, supported by ... > Also, SSP has a minimum > + * alignment of 4 which enforced by hardware. > + * > + * We load 1 into a register, then RDSSP. If shadow stacks are not active, > + * RDSSP is a nop, and the 1 is preserved. ... this. As an alternative I wouldn't mind if you removed the redundancy. Then Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.