[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Date: Fri, 26 Jun 2020 16:07:49 +0100
Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 Jun 2020 15:08:02 +0000
Ironport-sdr: bfqrn94nP2go7apZzwt9TQE+Uacg+I/K53KWJkcnA7d6kHo0kELQVuHjMvy6bL6mwiLQf8l0Rd cLufiwfoBqBsf42vtQAJo3bdd9VOn2GIU0Dyv+SspCJ3FR4eXddEBW2D2s9VbNdsIivfS3v+RQ Ex0KbZKJCY2cVw+TT4ssfnEucVOUIDoTUpJqTjGfDp7cDmxqekC16e506+qcx7TcTMc61mXP5h KIDS7REjdzRwmBgoUpUlYEXBPinmwanFvBsuqGiAI9g4b1CL83K1h8KAL6Xsf0UI3BMbDpZjS1 lYA=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2020-06-26 15:46, Andrew Cooper wrote:
> On 26/06/2020 15:26, Jan Beulich wrote:
>> On 26.06.2020 15:59, Ross Lagerwall wrote:
>>> On 2020-06-26 13:24, Andrew Cooper wrote:
>>>> @@ -56,18 +57,48 @@ int arch_livepatch_safety_check(void)
>>>>      return -EBUSY;
>>>>  }
>>>>  
>>>> -int arch_livepatch_quiesce(void)
>>>> +int noinline arch_livepatch_quiesce(void)
>>>>  {
>>>> +    /* If Shadow Stacks are in use, disable CR4.CET so we can modify 
>>>> CR0.WP. */
>>>> +    if ( cpu_has_xen_shstk )
>>> Should this be:
>>>     if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk )
>>>
>>> to match arch_livepatch_revive?
>> While it may look a little asymmetric, I think it's preferable
>> to is IS_ENABLED() only where really needed, i.e. here it
>> guarding code that otherwise may not build.
> 
> The reason for the asymmetry is because of the asm() block, which needs
> compiling out when we detect that we don't have a compatible assembler.
> 

In that case,

Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Thanks

Follow-Ups:
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper

References:
- [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Jan Beulich
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper

Prev by Date: Re: [PATCH for-4.14] mm: fix public declaration of struct xen_mem_acquire_resource
Next by Date: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Previous by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.