[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.18] x86: re-run exception-from-stub recovery selftests with CET-SS enabled

commit 5ac3cbbf83e1f955aeaf5d0f503099f5249b5c25
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jul 4 14:06:19 2024 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 4 14:06:19 2024 +0200

    x86: re-run exception-from-stub recovery selftests with CET-SS enabled
    
    On the BSP, shadow stacks are enabled only relatively late in the
    booting process. They in particular aren't active yet when initcalls are
    run. Keep the testing there, but invoke that testing a 2nd time when
    shadow stacks are active, to make sure we won't regress that case after
    addressing XSA-451.
    
    While touching this code, switch the guard from NDEBUG to CONFIG_DEBUG,
    such that IS_ENABLED() can validly be used at the new call site.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: cfe3ad67127b86e1b1c06993b86422673a51b050
    master date: 2024-02-27 13:49:52 +0100
---
 xen/arch/x86/extable.c           | 8 +++++---
 xen/arch/x86/include/asm/setup.h | 2 ++
 xen/arch/x86/setup.c             | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c
index 8ffcd346d7..12cc9935d8 100644
--- a/xen/arch/x86/extable.c
+++ b/xen/arch/x86/extable.c
@@ -128,10 +128,11 @@ search_exception_table(const struct cpu_user_regs *regs, 
unsigned long *stub_ra)
     return 0;
 }
 
-#ifndef NDEBUG
+#ifdef CONFIG_DEBUG
+#include <asm/setup.h>
 #include <asm/traps.h>
 
-static int __init cf_check stub_selftest(void)
+int __init cf_check stub_selftest(void)
 {
     static const struct {
         uint8_t opc[8];
@@ -155,7 +156,8 @@ static int __init cf_check stub_selftest(void)
     unsigned int i;
     bool fail = false;
 
-    printk("Running stub recovery selftests...\n");
+    printk("%s stub recovery selftests...\n",
+           system_state < SYS_STATE_active ? "Running" : "Re-running");
 
     for ( i = 0; i < ARRAY_SIZE(tests); ++i )
     {
diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h
index 9a460e4db8..14d15048eb 100644
--- a/xen/arch/x86/include/asm/setup.h
+++ b/xen/arch/x86/include/asm/setup.h
@@ -38,6 +38,8 @@ void *bootstrap_map(const module_t *mod);
 
 int xen_in_range(unsigned long mfn);
 
+int cf_check stub_selftest(void);
+
 extern uint8_t kbd_shift_flags;
 
 #ifdef NDEBUG
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 25017b5d96..f2592c3dc9 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -738,6 +738,10 @@ static void noreturn init_done(void)
 
     system_state = SYS_STATE_active;
 
+    /* Re-run stub recovery self-tests with CET-SS active. */
+    if ( IS_ENABLED(CONFIG_DEBUG) && cpu_has_xen_shstk )
+        stub_selftest();
+
     domain_unpause_by_systemcontroller(dom0);
 
     /* MUST be done prior to removing .init data. */
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.18

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.