From nobody Sun Apr 28 00:26:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1637944496; cv=none; d=zohomail.com; s=zohoarc; b=Ynm3plCOb8BtoZgJynJuXiZnf2TlojSuVthLp5gXkSOm2saGoFmUQoUw0cLpZL0Cter5ODwcLYUCruC0pXLgjEpQKbgC4i0vXjQz8d+IYnzcUnTPUBY2nW1gqPMr9N3ZKi8CbSWq8Piiesyd+5kTGP5kMna834ykxpVQ3KSDEGk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1637944496; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=frMeDydFPTrP4ylXwdBvI5+cz5TyWQ85aUDis2vr1rc=; b=L+jQjoK5cj1MDZDhjfugAlD4vShTJc2V9CrlA6U33goY9UdDhTF7l5TJS6qegVG1B3o9tl+Qyq8a94U7I3lXQ93eDN8mFW4VIB9NFSWXjUxH2Bpc9QQg7dnqINEOwOsBJdBQHg/8/DI9LtNnh9KCi+Igxol5xq0oxAvfAvn9DEs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1637944496794451.6038139343608; Fri, 26 Nov 2021 08:34:56 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.233235.404581 (Exim 4.92) (envelope-from ) id 1mqeAi-0000Rr-8Z; Fri, 26 Nov 2021 16:34:00 +0000 Received: by outflank-mailman (output) from mailman id 233235.404581; Fri, 26 Nov 2021 16:34:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mqeAi-0000Rk-5X; Fri, 26 Nov 2021 16:34:00 +0000 Received: by outflank-mailman (input) for mailman id 233235; Fri, 26 Nov 2021 16:33:59 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mqeAh-0000Re-23 for xen-devel@lists.xenproject.org; Fri, 26 Nov 2021 16:33:59 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a5d49001-4ed6-11ec-9787-a32c541c8605; Fri, 26 Nov 2021 17:33:57 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a5d49001-4ed6-11ec-9787-a32c541c8605 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1637944437; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KYEz55HYjAYxPEm8qBYCpFw4y6kWRbV6ztRd7oOqaJA=; b=WvrHmTftpGN6Q0ezAqdAE5VQf5Au5teR5yIHGwhNywysZ2Wku57IIwD6 NIRBmzh7AF660Xxgkzes19jnYDFA61wEOi/8W2YLTU8xARw4B8Lm3rRGl qIMpszfoIwgjNApKgK3NucbsALw8tXIEDM3AnTOhTjGG8LhjnVgL3kw7t E=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: Y3N6KCa5Nnq1a+ynvFHrqGW7zFkGMYUyORd1SouRYf6P6YfSS0dqUsh0PvczSSi+w+BvSZ9zF1 UdhgQyi5KUYgxgyeoZKdAv+ZOPtq9jtM7VuSh6RQPOcvdInld8pgLpHE0s+6CNYHm/wT7jqiG7 uBO852vbK1lQoyrubqOW0W9lVuHsm6GN4FRrrd12BNRQINHAYuTjQZlwkTq/KUwrFf3ugVAuVI ijkbVChwhyHbNDg/wPI28wOKo2XLN+SiRkPeYFAyoGG6eBAc0th2XLRVv39e3dl/QcU9hQZLSp Z6LFkUWskjABUo1oPMgW3LEu X-SBRS: 5.1 X-MesageID: 58206538 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:7q3XoKu1xEsXix5Y31QeXi/FsufnVJtZMUV32f8akzHdYApBsoF/q tZmKW6GbPaONjGjethwPdnl80IFv8fRz9FgTQdsqig2Ri9H+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZQP0VOZigHtIQMsadUsxKbVIiGHhJZS5LwbZj29cx24bhWWthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ NplqLKgEioqN7b1h+kZcTt2NityYbdJ9+qSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DFYUToHx/ixreCu4rW8vrSKTW/95Imjw3g6iiGN6DN 5BBN2c0PHwsZTUXFFQIDrcDmtyUuTq8MB9jkG2/hvsOtj27IAtZj+G2bYu9lsaxbdpRtlaVo CTB5WuRKjMwOcGbyDGF2mmxneKJliT+MKoCGbv9+vN0jVm7wm0IFAZQRVa9ueO+iEO1R5RYM UN8x8Y1hfFsrgrxFIC7BkDm5i7f1vIBZzZOO/AU+FqgyaPP2hmUAkomYBtLZIA8u8BjEFTGy WS1t9/uADVutpicRnSc6qqYoFuOBMQFEYMRTXRaFFVYurEPtKl210uSFYg7TMZZm/WsQWmoq w1muhTSkFn6YSQj86ygtW7KjDu3znQiZl5kv16HNo5JA+4QWWJEW2BKwQSEhRqjBNzAJrVkg JTis5PFhAzpJcvQ/BFhuM1XQNmUCw+taVUwe2JHEZg77CiK8HW+Z41W6zwWDB43aZlUJ2K2M RON5Vg5CHpv0J2CNvQfj2WZUZlC8EQdPY69CqC8giRmPvCdizNrDAkxPBXNjggBYWAnkL0lO IfzTCpfJS1yNEiT9xLvH711+eZynkgWnDqPLbimn0XP+efPPxa9FOZaWGZim8hktctoVi2Oq I0BXyZLoj0CONDDjt7/rdROcAtUdCdjXvgbaaV/L4a+H+avI0l5Y9e5/F/rU9YNc319mria8 3ejdFVfzVaj13TLJR/TMiJoaa/1XIY5pnU+ZHR+MVGt0nklQICu8KZAKMdnIeh5rLRunaxuU v0IW8ScGfATGD7JzCsQMMvmp4t4eRX12Q/XZ3i5YCIydoJLThDS/oO2ZRPm8SQDV3LltcY3r 7C6+BncRJ4PG1ZrAMrMMar9xFKtp3kN3ul1WhKQcNVUfUzt9qlsKjDw0aBrc51dd02by2LDh QiMABoeqe3cmKMP8YHE1fKesoOkM+piBU4GTWPV2qm7aHvB9W25zI4eDOvRJWLBVHn58bmJb PlOy62uK+UOmVtHvtYuE7tvyq5itdLjq6UDk1ZhFXTPKV+qFqlhMj+N2swW7v9BwbpQuA2XX EOT+4YFZeXVaZ29SFNBdhA4aumj1O0PnmiA5Ps4F0z2+Str8efVSk5VJRSN1HRQIbYd3FnJG gv9VBr6MzCCtyc= IronPort-HdrOrdr: A9a23:5W/Pm6w9dTxYf486RQubKrPwFr1zdoMgy1knxilNoRw8SK2lfq eV7YwmPH7P+U8ssR4b6LO90cW7Lk80sKQFhbX5Xo3SOjUO2lHYTr2KhLGKq1aLdkHDH6xmpM BdmsBFeabN5DNB7foSjjPXLz9Z+qjjzJyV X-IronPort-AV: E=Sophos;i="5.87,266,1631592000"; d="scan'208";a="58206538" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 59.5/65] x86: Introduce helpers/checks for endbr64 instructions Date: Fri, 26 Nov 2021 16:33:40 +0000 Message-ID: <20211126163340.26714-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20211126123446.32324-1-andrew.cooper3@citrix.com> References: <20211126123446.32324-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1637944498522100001 ... to prevent the optimiser creating unsafe code. See the code comment for full details. Also add a build time check for endbr64 embedded in imm32 operands, which catches the obvious cases where the optimiser has done an unsafe thing. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/arch/x86/Makefile | 4 ++++ xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 59 insertions(+) create mode 100644 xen/include/asm-x86/endbr.h diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 69b6cfaded25..64a5c0d20018 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -190,6 +190,10 @@ $(TARGET)-syms: prelink.o xen.lds $(MAKE) -f $(BASEDIR)/Rules.mk efi-y=3D $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ +ifeq ($(CONFIG_XEN_IBT),y) + $(OBJDUMP) -d $@ | grep 0xfa1e0ff3 >/dev/null && \ + { echo "Found embedded endbr64 instructions" >&2; false; } || : +endif $(NM) -pa --format=3Dsysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 000000000000..47f766024c12 --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/*************************************************************************= ***** + * include/asm-x86/endbr.h + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsa= fely + * by placing 0xfa1e0ff3 in an imm32 operand, which marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand,= and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=3Dr" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr =3D=3D gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr =3D gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ --=20 2.11.0