From: Ross Lagerwall <ross.lagerwall@citrix.com>
To: Bjoern Doebel <doebel@amazon.de>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Michael Kurth <mku@amazon.de>,
Martin Pohlack <mpohlack@amazon.de>,
"Roger Pau Monne" <roger.pau@citrix.com>,
Andrew Cooper <Andrew.Cooper3@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functions
Date: Wed, 9 Mar 2022 17:12:05 +0000 [thread overview]
Message-ID: <PH0PR03MB6382E2AD10AEF1BC48C55093F00A9@PH0PR03MB6382.namprd03.prod.outlook.com> (raw)
In-Reply-To: <5cdd27addcec926eb48fdeab08ad3371e7c3fd7c.1646837462.git.doebel@amazon.de>
> From: Bjoern Doebel <doebel@amazon.de>
> Sent: Wednesday, March 9, 2022 2:53 PM
> To: xen-devel@lists.xenproject.org <xen-devel@lists.xenproject.org>
> Cc: Michael Kurth <mku@amazon.de>; Martin Pohlack <mpohlack@amazon.de>; Roger Pau Monne <roger.pau@citrix.com>; Andrew Cooper <Andrew.Cooper3@citrix.com>; Bjoern Doebel <doebel@amazon.de>; Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>; Ross Lagerwall <ross.lagerwall@citrix.com>
> Subject: [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functions
>
> Xen enabled CET for supporting architectures. The control flow aspect of
> CET expects functions that can be called indirectly (i.e., via function
> pointers) to start with an ENDBR64 instruction. Otherwise a control flow
> exception is raised.
>
> This expectation breaks livepatching flows because we patch functions by
> overwriting their first 5 bytes with a JMP + <offset>, thus breaking the
> ENDBR64. We fix this by checking the start of a patched function for
> being ENDBR64. In the positive case we move the livepatch JMP to start
> behind the ENDBR64 instruction.
>
> To avoid having to guess the ENDBR64 offset again on patch reversal
> (which might race with other mechanisms adding/removing ENDBR
> dynamically), use the livepatch metadata to store the computed offset
> along with the saved bytes of the overwritten function.
>
> Signed-off-by: Bjoern Doebel <doebel@amazon.de>
> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
next prev parent reply other threads:[~2022-03-09 17:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 14:52 [PATCH v5 1/2] Livepatch: resolve old address before function verification Bjoern Doebel
2022-03-09 14:53 ` [PATCH v5 2/2] xen/x86: Livepatch: support patching CET-enhanced functions Bjoern Doebel
2022-03-09 15:14 ` Jan Beulich
2022-03-09 17:12 ` Ross Lagerwall [this message]
2022-03-17 9:17 ` Jiamei Xie
2022-03-17 10:00 ` Jiamei Xie
2022-03-17 10:11 ` Jan Beulich
2022-03-17 13:10 ` Doebel, Bjoern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR03MB6382E2AD10AEF1BC48C55093F00A9@PH0PR03MB6382.namprd03.prod.outlook.com \
--to=ross.lagerwall@citrix.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=doebel@amazon.de \
--cc=konrad.wilk@oracle.com \
--cc=mku@amazon.de \
--cc=mpohlack@amazon.de \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.