Xen project Mailing List

Re: [PATCH v3] x86/cet: Use dedicated NOP4 for cf_clobber

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 17 Mar 2022 15:21:53 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZtsCjFJy3SAf5+62VquVWL7CN9CufFRJlebFQ8TFX1I=; b=Wp1MMxsUqWShtqv00QL0wpCIHodBxTlis+frJdDxtJS0bzaoHDp9T3K6Qasyi4Wd5P8UWyIyOvBx7IM9IIij8XMn1DRWhQwZBghyH/U5CaoCSODIfiKtq2onGRNOZLddurrur9yu1tYOOC7MMAA/9Z4i/2X4RqQKd5Z41p1WLZVTtvGHDH216hzBKyImHqzBiUNTEQqk3QDZC1exi3NBHC40d+P7babRSVMG7yjhXb8O4OrQCRr3X8+lHqZ269kBBdBz8gvLY6pH3yRHUj8H8vICenpL/kIJKhrKjpSgqSEWy0WFldD7XUPnThNDQUWO3ZpdSKB/Lv/MTxf5uS/kfA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=drPH2deXTHslqJEWFKk+1UnXZ5JeC2pgMiIoe78M/83run3ae7yhpEA8bibjqKpQLtDMik2k0r1xEoqH/5e4vBAP8cwLsLCHCCU7A0S/z8qAAdIGqCY0rPoaXgNZODWh1KegoUKbVWDpAtrsnmUNngAjc3DgGSlLAHAXHcvDqBPgCpQQJdsApvUUUiMeLI7HOuse0X3WuqZI/6f3EoA+NuO+oodcRbuPvg9Z4q3kR9GePcup3gbIokINR+J8oS92oA2X3kMJKoYC+PkP0tp5f100IRHGTB3R1FC+LxT3R4Iso7+JTcotpeGDeoVXktph6EveNCbQlKCM/dzIyzICiQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, Michael Kurth <mku@xxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 17 Mar 2022 14:22:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.03.2022 15:06, Andrew Cooper wrote: > For livepatching, we need to look at a potentially clobbered function and > determine whether it used to have an ENDBR64 instruction. > > Use a non-default 4-byte P6 long nop, not emitted by toolchains, and extend > check-endbr.sh to look for it. The same logic can check for the absence of > any endbr32 instructions, so include a check for those too. > > The choice of nop has some complicated consequences. nopw (%rax) has a ModRM > byte of 0, which the Bourne compatible shells unconditionally strip from > parameters, meaning that we can't pass it to `grep -aob`. > > Therefore, use nopw (%rcx) so the ModRM byte becomes 1. > > This then demonstrates another bug. Under perl regexes, \1 thru \9 are > subpattern matches, and not octal escapes, while the behaviour of \10 and > higher depend on the number of capture groups. Switch the `grep -P` runes to > use hex escapes instead, which are unambiguous > > The build time check then requires that the endbr64 poison have the same > treatment as endbr64 to avoid placing the byte pattern in immediate operands. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> with one nit (which likely I should have spotted before): > @@ -45,13 +45,15 @@ echo "X" | grep -aobP "\130" -q 2>/dev/null || > perl_re=false > ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > > $VALID & > > # > -# Second, look for any endbr64 byte sequence > +# Second, look for all endbr64, endbr32 and nop poison byte sequences > # This has a couple of complications: > # > # 1) Grep binary search isn't VMA aware. Copy .text out as binary, causing > # the grep offset to be from the start of .text. > # > # 2) dash's printf doesn't understand hex escapes, hence the use of octal. > +# `grep -P` on the other hand can has various ambiguities with octal-like > +# escapes, so use hex escapes instead which are unambiguous. There looks to be a stray "can" in here. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.