[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/cet: Clear IST supervisor token busy bits on S3 resume

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 14 Mar 2022 15:29:55 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tYHR7PcaYqY7VjWLjnvS5cXYPgv6I6R4EJ2G8G7mzGg=; b=L7ai+ao8muujJCaqc4quA/ufRepYQGfWD8GyQjVvsIi/jR4mJUBpkhYOuJZXX/Q+zg2bsqrGnOYJtR/6HEkc3mPU4c2OGSQoQlxHal1UfF3gimZzspf1tsEE34yJ3QK01SjTInoES7eV7j9TEkQe9vhKux7n6J5lU5Zy+GCH+OtlIDddAihp9Vm5iAmB5HlYObCf+H5KCBqugg0ohg4BOZC9x3ZGWfvFTUvDE8iQJ6QnBxvGtnq4qnkukw4RnRhmvLtpzf3k0LAfz+YVCOVMVkh+x/bKFIwV8ks3YpNxj2Cg/Us/PXdx6f1rrJNzJ/91H9grmITZouD4JETJOEVTBQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RxLqbWcqkxA++sRHmIiJVvRAfayi2sqeshw6hKBNqRfxtiQllqupUczWiUIUtd5yNFIdwtwsj6nUoMKiQlvH+o7SiphK3idzSsbB8KUEgD6BlLWONxNQnY9LceM/B0adrhIy37/2XJUBoeGpB8YRPeug5Ml9kJlmOgsJOLurU5kb8A58GNwqrV0fNFjWNNlTDEMeZs5+QAvHnI0I3B1sZICTcEBS6ZS6t8kajsXdqk1p2QBIRexRwbbOqjzWnvw4Bsh3r+zM1FqecA1AzH8AaajLxxBxYQ7osd/397HcL/7FAp8qGueMarPMY86exRTfnDqR4I+Y+cKZaOBP3J6wEg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 14 Mar 2022 14:30:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.03.2022 12:00, Andrew Cooper wrote:
> Stacks are not freed across S3.  Execution just stops, leaving supervisor
> token busy bits active.  Fixing this for the primary shadow stack was done
> previously, but there is a (rare) risk that an IST token is left busy too.
> This will manifest as #DF next time the IST vector gets used.

Thinking about it some more - wouldn't it be more natural to turn off
CET as CPUs are being brought down (and for the BSP as late as possible
before actually invoking S3)? That way no new busy bits can be written
anymore.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.