Xen project Mailing List

[PATCH v2 09/23] x86/traps: Skip Supervisor Shadow Stack tokens in FRED mode

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 28 Aug 2025 16:03:55 +0100

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 28 Aug 2025 15:11:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

FRED doesn't use Supervisor Shadow Stack tokens. Skip setting them up. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> v2: * New --- xen/arch/x86/mm.c | 12 +++++++++--- xen/arch/x86/setup.c | 8 ++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b929d15d0050..043e6aa9d73a 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -129,6 +129,7 @@ #include <asm/shadow.h> #include <asm/shared.h> #include <asm/trampoline.h> +#include <asm/traps.h> #include <asm/x86_emulate.h> #include <public/memory.h> @@ -6441,8 +6442,13 @@ static void write_sss_token(unsigned long *ptr) void memguard_guard_stack(void *p) { - /* IST Shadow stacks. 4x 1k in stack page 0. */ - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + /* + * IST Shadow stacks. 4x 1k in stack page 0. + * + * With IDT delivery, we need Supervisor Shadow Stack tokens at the base + * of each stack. With FRED delivery, these no longer exist. + */ + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) { write_sss_token(p + (IST_MCE * IST_SHSTK_SIZE) - 8); write_sss_token(p + (IST_NMI * IST_SHSTK_SIZE) - 8); @@ -6453,7 +6459,7 @@ void memguard_guard_stack(void *p) /* Primary Shadow Stack. 1x 4k in stack page 5. */ p += PRIMARY_SHSTK_SLOT * PAGE_SIZE; - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) write_sss_token(p + PAGE_SIZE - 8); map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, PAGE_HYPERVISOR_SHSTK); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 73799fcc684c..c767d0451574 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1920,10 +1920,6 @@ void asmlinkage __init noreturn __start_xen(void) system_state = SYS_STATE_boot; - bsp_stack = cpu_alloc_stack(0); - if ( !bsp_stack ) - panic("No memory for BSP stack\n"); - console_init_ring(); vesa_init(); @@ -2077,6 +2073,10 @@ void asmlinkage __init noreturn __start_xen(void) traps_init(); /* Needs stubs allocated. */ + bsp_stack = cpu_alloc_stack(0); /* Needs to know IDT vs FRED */ + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + cpu_init(); rcu_init(); -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.