[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] x86/livepatch: Fix livepatch application when CET is active

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 19 Apr 2023 15:53:02 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h70u+VLgZRoQxgBmEQPvknYZq19eftvXA1PiiZMl9Lw=; b=d+6W18auxZ7nbqKB7bXwHyxtPAhVzBUNEkLOSYo4CI4LmuPEMXgnKsxAHaJ7adZWkQvJES76fpr01MOcrY0trQRtu4xBfRaf1tExpqLVTVcW6Fjz1lakwoUFBBMwGTaDDjN2fr7d95MfqVkPZYHmBpFg4oGq3KyCWL9LjLex5C8HTZQEYZhNAqGVWBrwFE3Kzm1A09hxBGlsLBbsdLlueh75aBzjbiziyf8iJpjiG58cLwRgAd+UDv5FzQlS9+0XlYgT99ivOaJ4REAOEZ5hDBqzl66BZ603EQ2kYzE3RjEC6S13UlcagbzvWGUwDzRDn5Bp8p80kPJGKR2RFjt9fA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bGiZ0TSar0WaTJQG40V+jqU9MMIQwWQCmaALvVZjHoCt0NnfeTcQ/kLi6CGWN76sqA7/BquGmVxSOQi5iIB4qoSwabtEHUXZ3JvUEn6+rmR9vnWtt6deuiLRhRpJ37XNNyQ8wIHhpIzICV1r25EptBiyl1CkDJ0WNmcexdrgDY8B++unATVTJY/gPhu6wJD8cqaYTulWoaEqZUiBzdolAW5MNWguo7PAVY/VVvR5yFigGVKUFLF8JHwO8YReXL9CLvz9iH0mYfQqEclIF3dnklD6fwNG5ijGK3hIVe/ufgNjs684+GrIToZ+JLp/AlAlnLIW4d1wFCGXTWwWEANPRQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 19 Apr 2023 14:53:32 +0000
  • Ironport-data: A9a23:LUbaCayoc2nmoh89QCt6t+fyxyrEfRIJ4+MujC+fZmUNrF6WrkUFn 2EdWzzVb/eMYmCgLohzPoiy8RtTsJTTmoNjTFM/+CAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UIHUMja4mtC5QRiPKET5TcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KXhSy vMXFhdSVTvdruXv6aO2SMJAoMt2eaEHPKtH0p1h5RfwKK56BLX8GeDN79Ie2yosjMdTG/qYf 9AedTdkcBXHZVtIJ0sTD5U92uyvgxETcRUB8A7T+fVxvDOVlVMuuFTuGIO9ltiibMNZhEuH4 EnB+Hz0GEoyP92D0zuVtHmrg4cjmAuiANxKTeTgqaICbFu74DIWOCUERQCA+7qf02exZYt6N mEO5X97xUQ13AnxJjXnZDW6qnOZuh8XW/JLDvY3rgqKz8L8/AKxFmUCCDlbZ7QOt8gwXzUmk ECIm9DBAiZmu7mYD3ma89+8vT60fCQYM2IGTSsFVhcepcnuppkpiRDCRcolF7S65uAZAhn1y jGO6S0h3bMaiJZX073hpA+YxTWxupLOUwg5oB3NWX6o5R94Y4jjYJG07V/c7rBLK4PxokS9g UXoUvO2tIgmZaxhXgTUKAnRNNlFP8q4DQA=
  • Ironport-hdrordr: A9a23:2LfDEKhBhc2sqgRhvr49CyIJG3BQXssji2hC6mlwRA09TyX4ra 2TdZEgvnXJYVkqKRIdcK+7Scu9qB/nm6KdgrN8AV7BZmnbUQKTRelfBODZrAEIdReeygdV79 YET5RD
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 19/04/2023 7:41 am, Jan Beulich wrote:
> On 18.04.2023 19:54, Andrew Cooper wrote:
>> On 18/04/2023 6:30 pm, Andrew Cooper wrote:
>>> On 18/04/2023 12:10 pm, Andrew Cooper wrote:
>>>> diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
>>>> index 36a07ef77eae..98529215ddec 100644
>>>> @@ -5879,6 +5880,75 @@ int destroy_xen_mappings(unsigned long s, unsigned 
>>>> long e)
>>>>      return modify_xen_mappings(s, e, _PAGE_NONE);
>>>>  }
>>>>  
>>>> +/*
>>>> + * Similar to modify_xen_mappings(), but used by the alternatives and
>>>> + * livepatch in weird contexts.  All synchronization, TLB flushing, etc 
>>>> is the
>>>> + * responsibility of the caller, and *MUST* not be introduced here.
>>>> + *
>>>> + * Must be limited to XEN_VIRT_{START,END}, i.e. over l2_xenmap[].
>>>> + * Must be called with present flags, and over present mappings.
>>>> + * Must be called on leaf page boundaries, i.e. s and e must not be in the
>>>> + * middle of a superpage.
>>>> + */
>>>> +void init_or_livepatch modify_xen_mappings_lite(
>>>> +    unsigned long s, unsigned long e, unsigned int _nf)
>>>> +{
>>>> +    unsigned long v = s, fm, nf;
>>>> +
>>>> +    /* Set of valid PTE bits which may be altered. */
>>>> +#define FLAGS_MASK 
>>>> (_PAGE_NX|_PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_RW|_PAGE_PRESENT)
>>>> +    fm = put_pte_flags(FLAGS_MASK);
>>>> +    nf = put_pte_flags(_nf & FLAGS_MASK);
>>>> +#undef FLAGS_MASK
>>>> +
>>>> +    ASSERT(nf & _PAGE_PRESENT);
>>>> +    ASSERT(IS_ALIGNED(s, PAGE_SIZE) && s >= XEN_VIRT_START);
>>>> +    ASSERT(IS_ALIGNED(e, PAGE_SIZE) && e <= XEN_VIRT_END);
>>>> +
>>>> +    while ( v < e )
>>>> +    {
>>>> +        l2_pgentry_t *pl2e = &l2_xenmap[l2_table_offset(v)];
>>>> +        l2_pgentry_t l2e = l2e_read_atomic(pl2e);
>>>> +        unsigned int l2f = l2e_get_flags(l2e);
>>>> +
>>>> +        ASSERT(l2f & _PAGE_PRESENT);
>>>> +
>>>> +        if ( l2e_get_flags(l2e) & _PAGE_PSE )
>>>> +        {
>>>> +            ASSERT(l1_table_offset(v) == 0);
>>>> +            ASSERT(e - v >= (1UL << L2_PAGETABLE_SHIFT));
>>> On second thoughts, no.  This has just triggered in my final sanity
>>> testing before pushing.
>>>
>>> Currently debugging.
>> (XEN) livepatch: lp: Applying 1 functions
>> (XEN) *** ML (ffff82d040200000, ffff82d0403b4000, 0x163)
>> (XEN)   l2t[001] SP: 000000009f4001a1->000000009f4001e3  (v
>> ffff82d040200000, e ffff82d0403b4000)
>> (XEN) hi_func: Hi! (called 1 times)
>> (XEN) Hook executing.
>> (XEN) *** ML (ffff82d040200000, ffff82d0403b4000, 0x121)
>> (XEN)   l2t[001] SP: 000000009f4001e3->000000009f4001a1  (v
>> ffff82d040200000, e ffff82d0403b4000)
>> (XEN) livepatch: module metadata:
>>
>> When Xen is using forced 2M alignment, the virtual_region entry for
>> .text isn't aligned up to the end of the region.
>>
>> So the final bullet point is actually wrong.  I'm going to relax it to
>> say that it is the callers responsibility to make sure that bad things
>> don't happen if s or e are in the middle of a superpage, because I'm not
>> changing how virtual_region works to satisfy this assert.
> I.e. you'll drop both assertions, not just the one added recently?

Yes, I dropped both.  I didn't think it was reasonable to keep one but
not the other.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.