[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks

To: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 26 Jun 2020 16:08:49 +0100
Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 Jun 2020 15:08:56 +0000
Ironport-sdr: KMAP5/iI7KGQCDicV0q8qkboU0msafPKyb4nfgXGC33TfWdFltZwZOxT6YmjI/3ACs5e8CKQbQ gHlzfm/rAS65StxHRdwjXCWxyuKrxWOAB1tfJdyLbJEWjO4O9Py05rzm5q9TNzdBKOohwoI/q8 wfmrKqUMhenhumtwbGZlzm6jl+CA2hL8i5iR0OFYDa14Gfty+0CZEbq0T5aLciZg6ghMDH9OjR riIh4OmolRQslEAvEsBQtlYTusfSGLFUMd1q4aiZ2PEAnFNWXrlZ2N0qNP12H98dwCMR0bcG+P rZk=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26/06/2020 16:07, Ross Lagerwall wrote:
> On 2020-06-26 15:46, Andrew Cooper wrote:
>> On 26/06/2020 15:26, Jan Beulich wrote:
>>> On 26.06.2020 15:59, Ross Lagerwall wrote:
>>>> On 2020-06-26 13:24, Andrew Cooper wrote:
>>>>> @@ -56,18 +57,48 @@ int arch_livepatch_safety_check(void)
>>>>>      return -EBUSY;
>>>>>  }
>>>>>  
>>>>> -int arch_livepatch_quiesce(void)
>>>>> +int noinline arch_livepatch_quiesce(void)
>>>>>  {
>>>>> +    /* If Shadow Stacks are in use, disable CR4.CET so we can modify 
>>>>> CR0.WP. */
>>>>> +    if ( cpu_has_xen_shstk )
>>>> Should this be:
>>>>     if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk )
>>>>
>>>> to match arch_livepatch_revive?
>>> While it may look a little asymmetric, I think it's preferable
>>> to is IS_ENABLED() only where really needed, i.e. here it
>>> guarding code that otherwise may not build.
>> The reason for the asymmetry is because of the asm() block, which needs
>> compiling out when we detect that we don't have a compatible assembler.
>>
> In that case,
>
> Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Thanks.  I've decided to clean this up in the (growing) series of 4.15
changes.

~Andrew

References:
- [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Jan Beulich
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Andrew Cooper
- Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
  - From: Ross Lagerwall

Prev by Date: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by Date: Re: [PATCH for-4.14] mm: fix public declaration of struct xen_mem_acquire_resource
Previous by thread: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible with CET Shadow Stacks
Next by thread: [xen-unstable-smoke test] 151376: tolerable all pass - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.