[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] x86/livepatch: Fix livepatch application when CET is active

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 18 Apr 2023 18:54:43 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pVcOGkqVAfHnxEW6KpN88v8nvWMqLX9ErkEbpJwWj6U=; b=KQ/0xz9hNhYFtsO1H8JOCIuSiJYm7vyAiXS+GKhcPIvTX4ktSEg3CPqN7XNAPGPr0UWtCVbdYbUySZm12qudqau62fwnjErmDK95C0hrsNbOtKtxBBf2cC9yNZA2dnsP39JefD+zCAN2ucfgTfJMY2bXWAsqsvcOuxhrmi93VqvYSXNBRrBWCrEvu+nkfCMzSQALywLhqxC+eLaIBjTmw2mSO2Xy//m1y8EVvNfOBcOrqjbSRKFTCdBEdxZfkOJG19eSJ1QDkFgVO9H6KO1VV13Ypaa5YAO3/oYd/nnvUqPWtIF0Vefs1eWY+2o//5H+PUfHHbYOgNXGMCYXfAtJvg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ahICyN+yYc44t61JGv9S0VCnpvEqk17oxH8UKPKyKkLJNVh9ywDILxhVvXKvM000JiSbYZEb+fH/NY9sr6C1ovWVc4DwATG6bcz28t4PeT948ZqM/r9wHDxNmt/0qQ90CqY+N7mKYSTuQ2HKQDaJQdPu25hnO5U9NR36LxNC+trJCbNkoe56IX/RQdDC60LuH/4COh//C/rQdCri/TW0d01gaWDiE70+sAP3MP+Fcp9yYQhUpbmJrEny3ZRI0IbSUjQFV/5y/CHnK4WKDDnQ3kQu3DNUL3qKl9mUUUXVmo1x8RtonrsaxZ9x208NKRWsSm8BGEFMVw/+7b/0O2ZG2Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
  • Delivery-date: Tue, 18 Apr 2023 17:55:18 +0000
  • Ironport-data: A9a23:A9VNaqBa4LpfcBVW/xPiw5YqxClBgxIJ4kV8jS/XYbTApDsh3z0Ax 2EbUG7VM6rZYmfwed9xaoXg9BlSsZHWzYdhQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFuspvlDs15K6p4G9B7gRkDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw089pKm5L5 8IhM3M8QRuO3Nm73JPic7w57igjBJGD0II3nFhFlWucNtB/BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI+uxruwA/zyQouFTpGPPTdsaHWoN+mUGAq 3id12/4HgsbJJqUzj/tHneE37eTwnygBNtPfFG+3uAtgFivn2BNMk09XgWwq9DjqmGbAc0Kf iT4/QJr98De7neDXtT7GhG1vnOAlhodQMZLVf037hmXzajZ6BrfAXILJhZDYtE7sM49RRQxy 0SE2djuAFRHr7m9WX+bsLCOoluaOi8TN2YOIzAFSQgt5MPqq4U+yBnIS75e/LWdi9T0HXTrx WmMpS1m3bEL15ZXj+O84EzNhC+qqt7RVAkp6w7LX2WjqARkeIqiYI/u4l/ehRpdELukopC6l CBss6CjAComVPlhSATlrD0xIYyU
  • Ironport-hdrordr: A9a23:/49/zKwqmbP/K/Yyc0FcKrPx/uskLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9xYgBHpTnkAsW9qBznhPpICOUqTNWftWrdyQiVxeNZnPLfKlTbckWQmI5gPM 9bAtBD4bbLfD9HZKjBkWyF+uIbsaK6Ge2T9JTj5kYoaTsvR7Br7g9/BAreOkpqRDNeDZ58MJ aH/MJIqxepZHxSN62Adww4dtmGg+eOuIPtYBYACRJiwA6SjQmw4Lq/NxSDxB8RXx5G3L9n22 nYlA7S4LmlrpiAu23h/l6Wy64TtMrqy9NFCsDJos8JKg/0ggLtX4hlU63qhkFKnAn6gmxKrP D85zMbe+hj4XLYeW+45TH33RP77Too43j+jXeFnHrKu6XCNXgHIvsEobgcXgrS6kImst05+r lMxXilu51eCg6FtDjh5uLPSwphmiOP0DEfeNYo/jFiuLYlGfZsRM0kjTVo+a47bVXHAVUcYa FT5MK13ocoTbrVVQGUgoBV+q3RYp0CJGb6fqE8gL3u79F3pgEJ86JK/r1uop5HzuNId6V5
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18/04/2023 6:30 pm, Andrew Cooper wrote:
> On 18/04/2023 12:10 pm, Andrew Cooper wrote:
>> diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
>> index 36a07ef77eae..98529215ddec 100644
>> @@ -5879,6 +5880,75 @@ int destroy_xen_mappings(unsigned long s, unsigned 
>> long e)
>>      return modify_xen_mappings(s, e, _PAGE_NONE);
>>  }
>>  
>> +/*
>> + * Similar to modify_xen_mappings(), but used by the alternatives and
>> + * livepatch in weird contexts.  All synchronization, TLB flushing, etc is 
>> the
>> + * responsibility of the caller, and *MUST* not be introduced here.
>> + *
>> + * Must be limited to XEN_VIRT_{START,END}, i.e. over l2_xenmap[].
>> + * Must be called with present flags, and over present mappings.
>> + * Must be called on leaf page boundaries, i.e. s and e must not be in the
>> + * middle of a superpage.
>> + */
>> +void init_or_livepatch modify_xen_mappings_lite(
>> +    unsigned long s, unsigned long e, unsigned int _nf)
>> +{
>> +    unsigned long v = s, fm, nf;
>> +
>> +    /* Set of valid PTE bits which may be altered. */
>> +#define FLAGS_MASK 
>> (_PAGE_NX|_PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_RW|_PAGE_PRESENT)
>> +    fm = put_pte_flags(FLAGS_MASK);
>> +    nf = put_pte_flags(_nf & FLAGS_MASK);
>> +#undef FLAGS_MASK
>> +
>> +    ASSERT(nf & _PAGE_PRESENT);
>> +    ASSERT(IS_ALIGNED(s, PAGE_SIZE) && s >= XEN_VIRT_START);
>> +    ASSERT(IS_ALIGNED(e, PAGE_SIZE) && e <= XEN_VIRT_END);
>> +
>> +    while ( v < e )
>> +    {
>> +        l2_pgentry_t *pl2e = &l2_xenmap[l2_table_offset(v)];
>> +        l2_pgentry_t l2e = l2e_read_atomic(pl2e);
>> +        unsigned int l2f = l2e_get_flags(l2e);
>> +
>> +        ASSERT(l2f & _PAGE_PRESENT);
>> +
>> +        if ( l2e_get_flags(l2e) & _PAGE_PSE )
>> +        {
>> +            ASSERT(l1_table_offset(v) == 0);
>> +            ASSERT(e - v >= (1UL << L2_PAGETABLE_SHIFT));
> On second thoughts, no.  This has just triggered in my final sanity
> testing before pushing.
>
> Currently debugging.

(XEN) livepatch: lp: Applying 1 functions
(XEN) *** ML (ffff82d040200000, ffff82d0403b4000, 0x163)
(XEN)   l2t[001] SP: 000000009f4001a1->000000009f4001e3  (v
ffff82d040200000, e ffff82d0403b4000)
(XEN) hi_func: Hi! (called 1 times)
(XEN) Hook executing.
(XEN) *** ML (ffff82d040200000, ffff82d0403b4000, 0x121)
(XEN)   l2t[001] SP: 000000009f4001e3->000000009f4001a1  (v
ffff82d040200000, e ffff82d0403b4000)
(XEN) livepatch: module metadata:

When Xen is using forced 2M alignment, the virtual_region entry for
.text isn't aligned up to the end of the region.

So the final bullet point is actually wrong.  I'm going to relax it to
say that it is the callers responsibility to make sure that bad things
don't happen if s or e are in the middle of a superpage, because I'm not
changing how virtual_region works to satisfy this assert.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.