[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tboot: Disable CET at shutdown
- To: Jason Andryuk <jandryuk@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Tue, 15 Aug 2023 17:24:04 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dn+xj7b0Q1Bd8AmbdnUntun8VRaZs0xVnCmRmJe1gZo=; b=FTVdU/9eyxMuhDJbCKKNs3wEfoW7PRIC4bhP/JKXxvzJ2085ILrW6MNKwlNuDtAWZom/yh8YczPz4tBPm0/mhWgq9ifrqxmMNpPSWtMxOBhkpOSoMR81QrTmrrGlmdTs9ctJIPV5W8+SclicELB/0rW+n99xck4bI7JalIrB713UQgEjXprg0wdhgem6cFvUlstdOCouHopTtHlXx6pWMH4iUQdBnP5eZJgUGKXQ7rzO29b0lu+EOUfoqrHbdNoo7h8Nab78rbVg7I1hkxSUIeMXRJQvytmh39/+2dpKBbaZF5GCcz6DKluZCnaBGxQlUMozfl+0GUDvzw6/Qiciyw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PREP67LCP3R19+89Zj0Na9vCo1SEAEckDkd+xWpRJoER9SC0OSzhAJZ938tSlBZ+ALleZcNjOP6PNSUrx9jdNJUeVGYD8xYv1I+nUhSrdiYH86dr/yYtLfiAdRJbj3T8m5m5KfMJi0AZbOcYwX8MjebQoBhaMVC5QkhsVx9nKe+DMIkzOL9wpefTCRS/W5n4cs1Ln2ZpWJQ84fL+0yO52FrzTrI43+D7R4V8kKIxsyOeoTQH0YNkLXLV+oz8E95TuX06Tle5pHN1+4MfYwbujcuTloICUITC7jJHbIY5N6VJH3bXKTx725+htTP80T3105leAVujNlJB2qcLuQN2WQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Lukasz Hawrylko <lukasz@xxxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Mateusz Mówka <mateusz.mowka@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Tue, 15 Aug 2023 16:24:31 +0000
- Ironport-data: A9a23:S6nREqsTG2/IGnJ381+3ERwVi+fnVNRfMUV32f8akzHdYApBsoF/q tZmKT/Xb/ePYDfzLtF/bIrlp0IGsJXUmtFiTgE4+yg3FykT+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4rKq4Vv0gnRkPaoQ5A+HyiFPZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwGDECUwqlwMaKkfGlSshcuMoaHND1I9ZK0p1g5Wmx4fcOZ7nmGv2Pz/kHmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0ouiP60aIu9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOThpq4w0AfJmgT/DjUrbAuer+O/q3KHUuxPK 2c+wDIiv6ILoRnDot7VGkfQTGS/lhwVXdZKAvA5wA6Iw6vQpQ2eAwAsXjNHLdArqsIybTgrz UOS2cPkAyR1t7+YQm7b8a2bxRu2JCscNn0qZSYbVxoB4N6luIVbph7XVdNiDK6dh8X4Ay3t2 CuNqDUihrIVlogA0KDT1VXOnz+xvYqPSwkq5Qz/X2S54wc/b4mgD6Sq41XG6fdLLK6CU0KM+ nMDnqC28+QmHZyL0iuXT40w8KqB4v+ENHjWhwFpFpx4rzC1oSf7LMZX/S10I1pvPoAcYzj1b UTPuARXophOIH+taqwxaIW0Yyg38ZXd+R3efqi8RrJzjlJZLWdrIAkGiZas4l3Q
- Ironport-hdrordr: A9a23:uLnh5aqPKxSU7iNsyP/FKx0aV5oCeYIsimQD101hICG9E/bo9f xG+c5w6faaslsssR0b9exoQZPwJ080lqQFgrX5X43CYOCOggLBEGgF1+TfKlbbexEWmNQy6U 5WSdkaNDShNzNHZB7BkXGF+gwbsb66GX2T9IPjJqtWPHhXgn9bnnxENjo=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 15/08/2023 5:11 pm, Jason Andryuk wrote:
> tboot_shutdown() calls into tboot to perform the actual system shutdown.
> tboot isn't built with endbr annotations, and Xen has CET-IBT enabled on
> newer hardware. shutdown_entry isn't annotated with endbr and Xen
> faults:
>
> Panic on CPU 0:
> CONTROL-FLOW PROTECTION FAULT: #CP[0003] endbranch
>
> And Xen hangs at this point.
>
> Disabling CET-IBT let Xen and tboot power off, but reboot was
> perfoming a poweroff instead of a warm reboot. Disabling all of CET,
> i.e. shadow stacks as well, lets tboot reboot properly.
>
> Fixes: cdbe2b0a1aec ("x86: Enable CET Indirect Branch Tracking")
> Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
:sadpanda:
I guess this is the least bad option going.
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
|
