[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/cet: Use dedicated NOP4 for cf_clobber

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 17 Mar 2022 11:43:10 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ouDn1d60YR/2pX0Xed/S8YOUCFZJ0++aPkPnbAMQ8qQ=; b=Mm0Ooa/1iatoLQcz6qwSvXj/9n+r9CFHwArmNS3nworRjE257P5aKfyJCkGVxwv+zDvLUDf/hQ2/pMhzbezkkIuW0ghqY3n8J3ndoy+EekrIqPQAu+swJXXRLpYvEcn49ea+jhYCRHoRshZK65NInyMI7ylAqhA/i9bRNLV9EXGQxePrZOkCXMjzO6Y+gQooYTMJrWHXqBaEGXLxQoCmEduogjXoL6oI17HZGa1hgmkHuCNjBmFENSHNT/pBRUpWNsIYEBcs065jrIlbbS7DivSC8S86ZQ9D0ebx5RDUlyjPerwCfaz4ABnwB9GUXcYfgKaM7f0RAgPPl7u5TOfN3A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j/IkgEoWXKM0KF6rs6uPTRRfBldKKd4A4uUneXr1Ye8lzSXzjIGcmzFPX4+XVnzWR98ZaO4Ptb3yP3VQMT8YT3fhCrdKBLbvZ676QYSr223sPhIlKni127EL0m0EIZEAIRp726C120wTs6IvYkiHcc2dx+shz6AUg4Jff0BchPuOHyo6hw2w/2tIg2FgVqKoncNl/mMPDWP7jWSVR0BfB1iinG4aUeE8nb3MZSKNKTC2HIH5iNS3zpCMGeucaPbO9GJkfKTzBgLB1v1gjIlfrW3hbLAuh9ojPTLvXrY2ylyJ3M/K+2l1VAjDK8f4u4lcGA0lYu9qe94wAUiYf2hQuQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, Michael Kurth <mku@xxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 17 Mar 2022 10:43:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17.03.2022 11:02, Andrew Cooper wrote:
> For livepatching, we need to look at a potentially clobbered function and
> determine whether it used to have an ENDBR64 instruction.
> 
> Use a non-default 4-byte P6 long nop, not emitted by toolchains, and extend
> check-endbr.sh to look for it.
> 
> The choice of nop has some complicated consequences.  nopw (%rax) has a ModRM
> byte of 0, which the Bourne compatible shells unconditionally strip from
> parameters, meaning that we can't pass it to `grep -aob`.

Urgh. But as per my earlier comments I'm happier with ...

> Therefore, use nopw (%rcx) so the ModRM byte becomes 1.

... a non-zero ModR/M byte anyway.

> This then demonstrates another bug.  Under perl regexes, \1 thru \9 are
> subpattern matches, and not octal escapes.  Switch the `grep -P` runes to use
> hex escapes instead.
> 
> The build time check then requires that the endbr64 poison have the same
> treatment as endbr64 to avoid placing the byte pattern in immediate operands.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

> Jan: As you had the buggy grep, can you please confirm that hex escapes work.

(Build-)Tested-by: Jan Beulich <jbeulich@xxxxxxxx>

When working out the workaround, I actually did test with hex, but
then switched to octal to make easily visible that the two patterns
actually match. I also did wonder about octal and sub-pattern
matching conflicting, but the grep I used definitely didn't have
an issue there. Hence I assume grep behavior changed at some point;
I wonder how they mean to have octal expressed now.
https://perldoc.perl.org/perlre specifically outlines how the
conflict is dealt with - assuming you have observed grep to misbehave,
I wonder whether they've accumulated a bug. (The doc also makes clear
that such references aren't limited to single digit numbers; you may
want to adjust your description in this regard.)

Depending on how exactly your grep behaves, switching to always-three-
digit octal escapes may be an alternative to retain the property of
making obvious the similarity between the two pattern representations.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.