[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Fri, 26 Jun 2020 15:14:36 +0200
Cc: Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 Jun 2020 13:14:38 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.06.2020 14:24, Andrew Cooper wrote:
> Just like the alternatives infrastructure, the livepatch infrastructure
> disables CR0.WP to perform patching, which is not permitted with CET active.
> 
> Modify arch_livepatch_{quiesce,revive}() to disable CET before disabling WP,
> and reset the dirty bits on all virtual regions before re-enabling CET.
> 
> One complication is that arch_livepatch_revive() has to fix up the top of the
> shadow stack.  This depends on the functions not being inlined, even under
> LTO.  Another limitation is that reset_virtual_region_perms() may shatter the
> final superpage of .text depending on alignment.
> 
> This logic, and its downsides, are temporary until the patching infrastructure
> can be adjusted to not use CR0.WP.

In particular on this basis ...

> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Jan

Follow-Ups:
- RE: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Paul Durrant

References:
- [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper

Prev by Date: [xen-unstable-smoke test] 151376: tolerable all pass - PUSHED
Next by Date: RE: [PATCH for-4.14 v3] x86/tlb: fix assisted flush usage
Previous by thread: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by thread: RE: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.