|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functions
On 17.03.22 11:00, Jiamei Xie wrote: -----Original Message----- From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Jiamei Xie Sent: 2022年3月17日 17:17 To: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>; Bjoern Doebel <doebel@xxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx Cc: Michael Kurth <mku@xxxxxxxxx>; Martin Pohlack <mpohlack@xxxxxxxxx>; Roger Pau Monne <roger.pau@xxxxxxxxxx>; Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Subject: RE: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET- enhanced functions Hi Bjoern,-----Original Message----- From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Ross Lagerwall Sent: 2022年3月10日 1:12 To: Bjoern Doebel <doebel@xxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx Cc: Michael Kurth <mku@xxxxxxxxx>; Martin Pohlack <mpohlack@xxxxxxxxx>; Roger Pau Monne <roger.pau@xxxxxxxxxx>; Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Subject: Re: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET- enhanced functionsFrom: Bjoern Doebel <doebel@xxxxxxxxx> Sent: Wednesday, March 9, 2022 2:53 PM To: xen-devel@xxxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxxx> Cc: Michael Kurth <mku@xxxxxxxxx>; Martin Pohlack<mpohlack@xxxxxxxxx>; Roger Pau Monne <roger.pau@xxxxxxxxxx>; Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Bjoern Doebel <doebel@xxxxxxxxx>; Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>; Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>Subject: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functionsXen enabled CET for supporting architectures. The control flow aspect of CET expects functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + <offset>, thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel <doebel@xxxxxxxxx> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> CC: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>Tested-by: Jiamei xie <jiamei.xie@xxxxxxx> Cheers, JiameiSorry I forgot to add the scope I tested in last email. I tested it on armv8a. It worked fine and didn't break arm. Tested-by: Jiamei xie <jiamei.xie@xxxxxxx> Thanks Jiamei!As Jan already pointed out there's a v6 patch out already. It is only cosmetically different from this one. Unless you insist, I'd not roll a v7 only to add this tag? Bjoern Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |