[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/cet: Remove writeable mapping of the BSPs shadow stack

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 17 Mar 2022 10:17:29 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zYhkLTumvEsULc9IAoj6RJhmvVG9juxDdMNjXQr2V7Y=; b=AsUKyPl0lpYvOwrALUIEXtuq7sfGwVHcvf6wHTbmqKjaxwpbrqGqnNm/jpjsr4PMHKYYp/fHQVlalXR7zSFTwcj7Ob2OyHkf/2AFlA9A5b4BFlXEMOA1ArZEitaH5+wVEBrIty5vV7L7xrTa9o2RB1M+XtYW2tNLmMu44o2GQ9WSOpAcXNB2+uwdxwfNiktwqmbuF0qfbA4pkH+6R7hwQGhgSqyZrZbJXsN4ClStiPSQy7GthTmxT+i+20+S0SEe1qqaPz8lhn8TiqekjtslrVPSPBsOhdaE+ysB0g7FC4qwXEXKSGZjb2eW4WBkm3ja0s+rxyiaTzuwcYbgCOozuA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ASyZrU00ZDty9b4tmNDGuR6Zr2GDlzVY3IOCasrGVtYyIpq1qmeD8Pdj6eOX3Kwu/QK5YDu5RTKW75kGakgJ4EAqYeQJ2+vBeakE4QDaO70ytOgi7Wm53heYr0WfEhbfqoQ6QPsnCWvfVzMzwUpYbSh68kLfWxDqIqMlRlhKE3kpaYDkIsdIrbae4laXF4RrpS1/SiLASbdPi5DPRsp/6iVtduaAvsNZjS/mSLx+x5+a7PSKDPyyP5YlPPlLFoL7l2bF5HbsHVbIXFlMqatkkf0mkaSMyEpECs+rDZYqX/whO0nCx0YhWBhyU2aHyYTbxpqVErqCZP/yrMsN8ywl2A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 17 Mar 2022 09:17:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.03.2022 20:23, Andrew Cooper wrote:
> On 16/03/2022 08:33, Jan Beulich wrote:
>> On 15.03.2022 17:53, Andrew Cooper wrote:
>>> --- a/xen/arch/x86/xen.lds.S
>>> +++ b/xen/arch/x86/xen.lds.S
>>> @@ -215,8 +215,9 @@ SECTIONS
>>>    } PHDR(text)
>>>    DECL_SECTION(.init.data) {
>>>  #endif
>>> +       . = ALIGN(STACK_SIZE);
>>> +       *(.init.bss.stack_aligned)
>> No real need for the ALIGN() here - it's the contributions to the
>> section which ought to come with proper alignment. Imo ALIGN()
>> should only ever be there ahead of a symbol definition, as otherwise
>> the symbol might not mark what it is intended to mark due to padding
>> which might be inserted. See also 01fe4da6243b ("x86: force suitable
>> alignment in sources rather than in linker script").
>>
>> Really we should consider using
>>
>>     *(SORT_BY_ALIGNMENT(.init.data .init.data.* .init.bss.*))
>>
>> While I can see your point against forcing sorting by alignment
>> globally, this very argument doesn't apply here (at least until
>> there appeared a way for the section attribute and -fdata-sections
>> to actually interact, such that .init.* could also become per-
>> function/object).
>>
>> Then again - this block of zeroes doesn't need to occupy space in
>> the binary.
> 
> It already occupies space, because of mkelf32.

Hmm, yes, and not just because of mkelf32: Since we munge everything
in a single PT_LOAD segment in the linker script, all of .init.*
necessarily has space allocated.

>>  It could very well live in a @nobits .init.bss in the
>> final ELF binary. But sadly the section isn't @nobits in the object
>> file, and with that there would need to be a way to make the linker
>> convert it to @nobits (and I'm unaware of such). What would work is
>> naming the section .bss.init.stack_aligned (or e.g.
>> .bss..init.stack_aligned to make it easier to separate it from
>> .bss.* in the linker script) - that'll make gcc mark it @nobits.
> 
> Living in .bss would prevent it from being reclaimed.  We've got several
> nasty bugs from shooting holes in the Xen image, and too many special
> cases already.

I didn't suggest to put it in .bss; the suggested name was merely so
that gcc would mark the section @nobits and we could exclude the
section from what makes in into .bss in the final image independent
of .init.* vs .bss.* ordering in the linker script. But anyway - with
the above this aspect is now moot anyway.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.