To support CET Shadow Stacks, guard pages changed from being holes to being
read-only. As such, they can be read.
Moreover, they should be included in the integrity check.
Fixes: 60016604739b ("x86/shstk: Rework the stack layout to support shadow stacks")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
---
xen/arch/x86/tboot.c | 33 +--------------------------------
1 file changed, 1 insertion(+), 32 deletions(-)
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index fe1abfdf08ff..03098450f788 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -242,29 +242,6 @@ static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE],
memset(&ctx, 0, sizeof(ctx));
}
-/*
- * For stack overflow detection in debug build, a guard page is set up.
- * This fn is used to detect whether a page is in the guarded pages for
- * the above reason.
- */
-static int mfn_in_guarded_stack(unsigned long mfn)
-{
- void *p;
- int i;
-
- for ( i = 0; i < nr_cpu_ids; i++ )
- {
- if ( !stack_base[i] )
- continue;
- p = (void *)((unsigned long)stack_base[i] + STACK_SIZE -
- PRIMARY_STACK_SIZE - PAGE_SIZE);
- if ( mfn == virt_to_mfn(p) )
- return -1;
- }
-
- return 0;
-}
-
static void tboot_gen_xenheap_integrity(const uint8_t key[TB_KEY_SIZE],
vmac_t *mac)
{
@@ -288,15 +265,7 @@ static void tboot_gen_xenheap_integrity(const uint8_t key[TB_KEY_SIZE],
continue; /* skip tboot and its page tables */
if ( is_page_in_use(page) && is_special_page(page) )
- {
- void *pg;
-
- if ( mfn_in_guarded_stack(mfn) )
- continue; /* skip guard stack, see memguard_guard_stack() in mm.c */
-
- pg = mfn_to_virt(mfn);
- vmac_update((uint8_t *)pg, PAGE_SIZE, &ctx);
- }
+ vmac_update(mfn_to_virt(mfn), PAGE_SIZE, &ctx);
}
*mac = vmac(NULL, 0, nonce, NULL, &ctx);
--
2.11.0