From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Wei Liu" <wl@xen.org>, "Jan Beulich" <JBeulich@suse.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH 15/16] x86/entry: Adjust guest paths to be shadow stack compatible
Date: Fri, 1 May 2020 23:58:37 +0100 [thread overview]
Message-ID: <20200501225838.9866-16-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <20200501225838.9866-1-andrew.cooper3@citrix.com>
The SYSCALL/SYSEXIT paths need to use {SET,CLR}SSBSY. The IRET to guest paths
must not, which forces us to spill a register to the stack.
The IST switch onto the primary stack is not great as we have an instruction
boundary with no shadow stack. This is the least bad option available.
These paths are not used before shadow stacks are properly established, so can
use alternatives to avoid extra runtime CET detection logic.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
---
xen/arch/x86/x86_64/compat/entry.S | 2 +-
xen/arch/x86/x86_64/entry.S | 19 ++++++++++++++++++-
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
index 3cd375bd48..7816d0d4ac 100644
--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -198,7 +198,7 @@ ENTRY(cr4_pv32_restore)
/* See lstar_enter for entry register state. */
ENTRY(cstar_enter)
- /* sti could live here when we don't switch page tables below. */
+ ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK
CR4_PV32_RESTORE
movq 8(%rsp),%rax /* Restore %rax. */
movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */
diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index 06da350ba0..91cd8f94fd 100644
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -194,6 +194,15 @@ restore_all_guest:
movq 8(%rsp),%rcx # RIP
ja iret_exit_to_guest
+ /* Clear the supervisor shadow stack token busy bit. */
+.macro rag_clrssbsy
+ push %rax
+ rdsspq %rax
+ clrssbsy (%rax)
+ pop %rax
+.endm
+ ALTERNATIVE "", rag_clrssbsy, X86_FEATURE_XEN_SHSTK
+
cmpw $FLAT_USER_CS32,16(%rsp)# CS
movq 32(%rsp),%rsp # RSP
je 1f
@@ -226,7 +235,7 @@ iret_exit_to_guest:
* %ss must be saved into the space left by the trampoline.
*/
ENTRY(lstar_enter)
- /* sti could live here when we don't switch page tables below. */
+ ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK
movq 8(%rsp),%rax /* Restore %rax. */
movq $FLAT_KERNEL_SS,8(%rsp)
pushq %r11
@@ -877,6 +886,14 @@ handle_ist_exception:
movl $UREGS_kernel_sizeof/8,%ecx
movq %rdi,%rsp
rep movsq
+
+ /* Switch Shadow Stacks */
+.macro ist_switch_shstk
+ rdsspq %rdi
+ clrssbsy (%rdi)
+ setssbsy
+.endm
+ ALTERNATIVE "", ist_switch_shstk, X86_FEATURE_XEN_SHSTK
1:
#else
ASSERT_CONTEXT_IS_XEN
--
2.11.0
next prev parent reply other threads:[~2020-05-01 23:04 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-01 22:58 [PATCH 00/16] x86: Support for CET Supervisor Shadow Stacks Andrew Cooper
2020-05-01 22:58 ` [PATCH 01/16] x86/traps: Drop last_extable_addr Andrew Cooper
2020-05-04 12:44 ` Jan Beulich
2020-05-11 14:53 ` Andrew Cooper
2020-05-11 15:00 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 02/16] x86/traps: Clean up printing in do_reserved_trap()/fatal_trap() Andrew Cooper
2020-05-04 13:08 ` Jan Beulich
2020-05-11 15:01 ` Andrew Cooper
2020-05-11 15:09 ` Jan Beulich
2020-05-18 16:54 ` Andrew Cooper
2020-05-19 8:50 ` Jan Beulich
2020-05-26 15:38 ` Andrew Cooper
2020-05-27 6:54 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 03/16] x86/traps: Factor out exception_fixup() and make printing consistent Andrew Cooper
2020-05-04 13:20 ` Jan Beulich
2020-05-11 15:14 ` Andrew Cooper
2020-05-12 13:05 ` Jan Beulich
2020-05-26 18:06 ` Andrew Cooper
2020-05-27 7:01 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 04/16] x86/smpboot: Write the top-of-stack block in cpu_smpboot_alloc() Andrew Cooper
2020-05-04 13:22 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 05/16] x86/shstk: Introduce Supervisor Shadow Stack support Andrew Cooper
2020-05-04 13:52 ` Jan Beulich
2020-05-11 15:46 ` Andrew Cooper
2020-05-12 13:54 ` Jan Beulich
2020-05-15 16:21 ` Anthony PERARD
2020-05-01 22:58 ` [PATCH 06/16] x86/traps: Implement #CP handler and extend #PF for shadow stacks Andrew Cooper
2020-05-04 14:10 ` Jan Beulich
2020-05-11 17:20 ` Andrew Cooper
2020-05-12 13:58 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 07/16] x86/shstk: Re-layout the stack block " Andrew Cooper
2020-05-04 14:24 ` Jan Beulich
2020-05-11 17:48 ` Andrew Cooper
2020-05-12 14:07 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 08/16] x86/shstk: Create " Andrew Cooper
2020-05-04 14:55 ` Jan Beulich
2020-05-04 15:08 ` Andrew Cooper
2020-05-01 22:58 ` [PATCH 09/16] x86/cpu: Adjust enable_nmis() to be shadow stack compatible Andrew Cooper
2020-05-05 14:48 ` Jan Beulich
2020-05-11 18:48 ` Andrew Cooper
2020-05-01 22:58 ` [PATCH 10/16] x86/cpu: Adjust reset_stack_and_jump() " Andrew Cooper
2020-05-07 13:17 ` Jan Beulich
2020-05-11 20:07 ` Andrew Cooper
2020-05-01 22:58 ` [PATCH 11/16] x86/spec-ctrl: Adjust DO_OVERWRITE_RSB " Andrew Cooper
2020-05-07 13:22 ` Jan Beulich
2020-05-07 13:25 ` Andrew Cooper
2020-05-07 13:38 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 12/16] x86/extable: Adjust extable handling " Andrew Cooper
2020-05-07 13:35 ` Jan Beulich
2020-05-11 21:09 ` Andrew Cooper
2020-05-12 14:31 ` Jan Beulich
2020-05-12 16:14 ` Andrew Cooper
2020-05-13 9:22 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 13/16] x86/ioemul: Rewrite stub generation " Andrew Cooper
2020-05-07 13:46 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 14/16] x86/alt: Adjust _alternative_instructions() to not create shadow stacks Andrew Cooper
2020-05-07 13:49 ` Jan Beulich
2020-05-01 22:58 ` Andrew Cooper [this message]
2020-05-07 14:12 ` [PATCH 15/16] x86/entry: Adjust guest paths to be shadow stack compatible Jan Beulich
2020-05-07 15:50 ` Andrew Cooper
2020-05-07 16:15 ` Jan Beulich
2020-05-11 21:45 ` Andrew Cooper
2020-05-12 14:56 ` Jan Beulich
2020-05-01 22:58 ` [PATCH 16/16] x86/shstk: Activate Supervisor Shadow Stacks Andrew Cooper
2020-05-07 14:54 ` Jan Beulich
2020-05-11 23:46 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200501225838.9866-16-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.