[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 06/14] x86/shstk: Create shadow stacks

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Tue, 2 Jun 2020 14:35:12 +0200
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Tue, 02 Jun 2020 12:35:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 29.05.2020 21:35, Andrew Cooper wrote:
> On 28/05/2020 13:50, Jan Beulich wrote:
>> On 27.05.2020 21:18, Andrew Cooper wrote:
>>> +    /* Primary Shadow Stack.  1x 4k in stack page 5. */
>>>      p += PRIMARY_SHSTK_SLOT * PAGE_SIZE;
>>> -    map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, _PAGE_NONE);
>>> +    if ( IS_ENABLED(CONFIG_XEN_SHSTK) )
>>> +        write_sss_token(p + PAGE_SIZE - 8);
>>> +
>>> +    map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, 
>>> PAGE_HYPERVISOR_SHSTK);
>>>  }
>>>  
>>>  void memguard_unguard_stack(void *p)
>> Would this function perhaps better zap the tokens?
> 
> Why?  We don't zap any other stack contents, and let the regular page
> scrubbing clean it.

Except that Xen used pages, if re-used by Xen itself, may not go
through a round of scrubbing. As long as we use 1:1 mappings,
re-using the same page for a shadow stack will end up having the
necessary token already in place. Looks like a defense-in-depth
measure to zap them off as soon as a page goes out of (shadow
stack) use.

Jan

Prev by Date: Re: [PATCH v2 06/14] x86/shstk: Create shadow stacks
Next by Date: Re: [PATCH-for-4.14 1/2] xen: fix build with CONFIG_HYPFS_CONFIG enabled
Previous by thread: Re: [PATCH v2 06/14] x86/shstk: Create shadow stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.