From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD01CC4338F for ; Thu, 12 Aug 2021 18:17:16 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8F2626103A for ; Thu, 12 Aug 2021 18:17:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8F2626103A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=invisiblethingslab.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.166549.303979 (Exim 4.92) (envelope-from ) id 1mEFGH-0007Ms-Q3; Thu, 12 Aug 2021 18:17:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166549.303979; Thu, 12 Aug 2021 18:17:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEFGH-0007Ml-Mz; Thu, 12 Aug 2021 18:17:01 +0000 Received: by outflank-mailman (input) for mailman id 166549; Thu, 12 Aug 2021 18:17:01 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEFGG-0007Me-V5 for xen-devel@lists.xenproject.org; Thu, 12 Aug 2021 18:17:01 +0000 Received: from out4-smtp.messagingengine.com (unknown [66.111.4.28]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 7c48db28-fb99-11eb-a1f6-12813bfff9fa; Thu, 12 Aug 2021 18:16:59 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id A3AA05C006F; Thu, 12 Aug 2021 14:16:59 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Thu, 12 Aug 2021 14:16:59 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 12 Aug 2021 14:16:58 -0400 (EDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7c48db28-fb99-11eb-a1f6-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qbz+nu Dfc54vSIjdJZhDygAZiZbGMDMrw5j49nmRxWo=; b=rcpSdXnjaYDvZrbmrOEFDR tmI4KwEYcRTUSUvLufyQnFQnuhw01FMsawH0YRTDz9EX9eXv3QjHSerKB+ShPFFI 7rxDVeMIkDYXE9DeiTMnY/PMl75RGHRThkWrAS1dFODyBrBktrguked4L7Me3GDm /4tfWKYER+cQNfKKUqlmHMe3YC60MAT42QYfuMN2TFRNfGzFpRQ5B7C5O4HGifKZ juE5D6nK+2sH2uLXJM4XpLhCH9C8LYkhJC7zIwh2JTFHznYUGT568UsAlMINXMTq dL+gysSlomc7HqPiHB/iD35IRnZt/qcakd3QzvZ7Zx6IuG4JeGbwWDq40/OFE/fA == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrkeefgdduvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttdejnecuhfhrohhmpeforghrvghk ucforghrtgiihihkohifshhkihdqifpkrhgvtghkihcuoehmrghrmhgrrhgvkhesihhnvh hishhisghlvghthhhinhhgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeetveff iefghfekhffggeeffffhgeevieektedthfehveeiheeiiedtudegfeetffenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmrghrmhgrrhgvkhes ihhnvhhishhisghlvghthhhinhhgshhlrggsrdgtohhm X-ME-Proxy: Date: Thu, 12 Aug 2021 20:16:53 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Andrew Cooper Cc: Xen-devel , Jan Beulich , Roger Pau =?utf-8?B?TW9ubsOp?= , Wei Liu Subject: Re: [PATCH] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-ID: References: <20210812170350.23543-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zZ9X58O/aGMGCIb8" Content-Disposition: inline In-Reply-To: <20210812170350.23543-1-andrew.cooper3@citrix.com> --zZ9X58O/aGMGCIb8 Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Thu, 12 Aug 2021 20:16:53 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Andrew Cooper Cc: Xen-devel , Jan Beulich , Roger Pau =?utf-8?B?TW9ubsOp?= , Wei Liu Subject: Re: [PATCH] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} On Thu, Aug 12, 2021 at 06:03:50PM +0100, Andrew Cooper wrote: > This was a clear oversight in the original CET work. The BUGFRAME_run_fn= and > BUGFRAME_warn paths update regs->rip without an equivlenet adjustment to = the > shadow stack, causes IRET to suffer #CP due to the mismatch. >=20 > One subtle, and therefore fragile, aspect of extable_shstk_fixup() was th= at it > required regs->rip to have its old value as a cross-check that the correct > word in the shadow stack was being adjusted. >=20 > Rework extable_shstk_fixup() into fixup_exception_return() which takes > ownership of the update to both the regular and shadow stacks, ensuring t= hat > the regs->rip update is ordered suitably. >=20 > Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_war= n to > ensure that the shadow stack is updated too. >=20 > Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow s= tack compatible") > Reported-by: Marek Marczykowski-G=C3=B3recki > Signed-off-by: Andrew Cooper With this path, I don't observe the crash anymore. Thanks! Tested-by: Marek Marczykowski-G=C3=B3recki --=20 Best Regards, Marek Marczykowski-G=C3=B3recki Invisible Things Lab --zZ9X58O/aGMGCIb8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmEVZZUACgkQ24/THMrX 1yydKwgAjpzXEY+YiPmk5nvhO51Ilw8OrTVzfaG4u02M5DQeude7nOvtf2NT+g9R HXlWJsDyfyhbV01dki/mrzuot9kP8ZeJm7BZBTRi/Mxjg4Vm6+8I2LFUYEUifeho pp7ekJZcRt8x1i+t/6lhYIC1KP8FPAGEANkQKp6hBqxdr8bO3KVygIXokomZpubt 7LnqyFPzWfkKwuMJ3nnlBlHCcKce1FRO0IbtR736cAOt36/HLkIVz6G8gqNj5rZw IdJJdUClcOhKnchwF5yhHpnrz8Xf/dqQa+bU+xE07KKqp8ncyLePjyn2PUun2m3B pI3P8SR7tdJ4gZsckVpXNl2brt2SCg== =XshT -----END PGP SIGNATURE----- --zZ9X58O/aGMGCIb8--