[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 68/70] x86/setup: Rework MSR_S_CET handling for CET-IBT

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 16 Feb 2022 09:49:43 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lt0WqcjgodoNc9JCiCyXPdsLIcJAN19KQjqt4nQGX5Y=; b=IHDw4g60vu+hM8qwO1J/pl8F9uIuVQNAhnne3GC7bhWT57oP8zTBxgwNlb4k4jWPSsVxOJkW1SdehMTXdNtAJZfWxeVemU5amnOK+CzS7FtcDsu8Tsu0OYYvoiXw6e7tS6IlAk6pt6TjF9S1jBcOCPJNV1uhQSJXgbOh2tExqZIPAo9vaQHyRtr1pULYY2YUKHTxVhUDn2N4CjPaV6ZB+IloTrwwo4im+4m/CubGrrOBZl4ExibMKYJfeSC9nNku7HubaXbG69AdalvvK7wKYyPloriV8eIVYqC95qvTg1JfQgT3UWdd3ahHj8Al2JHd3Y3bL6EY1iD4f3UenAlQFQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EL0cm5otvBhqpspECtvM0YKjnPmoBslj0Es6Cj+Og3Bsb7F2/Kq/x56UzsN7sIiE1Q0B83ItEY+2YOV4KP/dWsv8B3E/uC1zlZTAj9Yu4cgfcB3QeGwTtNkvve4WMAsEalM3vLSMEra2hnNCnLkCWelF0XjwJIzs2uwbW8DwPqmrZzHf3RezcVNu+96erl2+3+b3aPO1+Oq8ayRU76l8naZd/SsKjfdeJpEn1Da47iMWpgTFTy+F6w0ZyT06eg/QMdDZ4f8KOyWjS6dPbrdNutLzp7+XJUkiG0Mi6RXscAzYDusEn12ifAvf21QW1I48A/Qn2euhja5A2rYdlS8WDw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 08:49:54 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 15.02.2022 21:58, Andrew Cooper wrote:
> On 15/02/2022 16:46, Jan Beulich wrote:
>> On 14.02.2022 13:51, Andrew Cooper wrote:
>>> CET-SS and CET-IBT can be independently controlled, so the configuration of
>>> MSR_S_CET can't be constant any more.
>>>
>>> Introduce xen_msr_s_cet_value(), mostly because I don't fancy
>>> writing/maintaining that logic in assembly.  Use this in the 3 paths which
>>> alter MSR_S_CET when both features are potentially active.
>>>
>>> To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN.  This is
>>> common with the CET-SS setup, so reorder the operations to set up CR4 and
>>> MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up
>>> MSR_PL0_SSP and SSP if SHSTK_EN was also set.
>>>
>>> Adjust the crash path to disable CET-IBT too.
>>>
>>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> Thanks,
> 
>> albeit with a nit and a remark:
>>
>>> --- a/xen/arch/x86/acpi/wakeup_prot.S
>>> +++ b/xen/arch/x86/acpi/wakeup_prot.S
>>> @@ -63,7 +63,26 @@ ENTRY(s3_resume)
>>>          pushq   %rax
>>>          lretq
>>>  1:
>>> -#ifdef CONFIG_XEN_SHSTK
>>> +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT)
>>> +        call    xen_msr_s_cet_value
>>> +        test    %eax, %eax
>>> +        jz      .L_cet_done
>>> +
>>> +        /* Set up MSR_S_CET. */
>>> +        mov     $MSR_S_CET, %ecx
>>> +        xor     %edx, %edx
>>> +        wrmsr
>>> +
>>> +        /* Enable CR4.CET. */
>>> +        mov     $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx
>>> +        mov     %rcx, %cr4
>>> +
>>> +        /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads 
>>> SSP */
>>> +
>>> +#if defined(CONFIG_XEN_SHSTK)
>> Just #ifdef, as it was before?
> 
> I can if you insist, but that's breaking consistency with the other
> ifdefary.

I guess consistent of not depends on the way you look at it. I
generally think simple conditionals should just use #ifdef. As
soon as there's an #elif or a more complex condition, #if
defined() is of course more consistent. But one #ifdef nested
inside another #if imo isn't a reason to use #if in both places.

Nevertheless, ftaod - I'm not going to insist, as I can see this
being a matter of personal preference.

>>> @@ -90,10 +101,6 @@ ENTRY(s3_resume)
>>>          mov     %edi, %eax
>>>          wrmsr
>>>  
>>> -        /* Enable CET.  MSR_INTERRUPT_SSP_TABLE is set up later in 
>>> load_system_tables(). */
>>> -        mov     $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx
>>> -        mov     %rbx, %cr4
>> The latter part of this comment could do with retaining.
> 
> So I tried that in v1, and concluded not for v2.
> 
> There is nowhere appropriate for it to live, anywhere in this block. 
> And it is an artefact of me bootstrapping SHSTK to start with.
> 
> The truth is that nothing about MSR_ISST_TABLE matters until
> load_system_table sets up both this and the TSS IST fields together. 
> IST exceptions are already fatal at this point for non-SHSTK reasons.

Well, okay. To me, not being as familiar with this code as you
are, the comments was quite helpful ...

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.