From nobody Sat Jul 4 21:04:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782989720; cv=none; d=zohomail.com; s=zohoarc; b=oAPdUSepD242Fmujc7tPBAjA8cmRnvATf8UarPGO/WBArlE0P0Xz2WVz+UiNiL10XYO1yfDanOtJ4+35UmWp6Nl++qhWa+0Ak8vgd2cnns4c5DV6rGu56X7Uxe4p0TJ31HJK52hX2/5SzAZHKCd2M1ADfOqDEz7l39vjEKuAv8U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782989720; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ilPQpTG0pa/hptnKJjw2or04R0MiCz+VtMpqPju/z7U=; b=TWpfUm2uVoBgduqcaioEGv7K4+2tiuXcooZqKGPDQ3keWiSm+noIeaxbOLGkZwiSHiVAqfB3oIlvdm2nFRCAFScIvsUlKRLFqIspDhNPvENdkKsQlA8gqWiqX+2MKwv2GJhInW9Clh+gMDN2QXPKJ/l1BVsKJNL2vKUPd9BFPbU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782989720064436.3125967819809; Thu, 2 Jul 2026 03:55:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1351640.1608744 (Exim 4.92) (envelope-from ) id 1wfF4U-0004Ob-SN; Thu, 02 Jul 2026 10:55:06 +0000 Received: by outflank-mailman (output) from mailman id 1351640.1608744; Thu, 02 Jul 2026 10:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF4U-0004OU-PF; Thu, 02 Jul 2026 10:55:06 +0000 Received: by outflank-mailman (input) for mailman id 1351640; Thu, 02 Jul 2026 10:55:05 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF4T-0004OJ-8T for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 10:55:05 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wfF4S-00DX1f-LM for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 12:55:04 +0200 Received: from [10.42.69.1] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a46437d-5cb7-0a2a0a5109dd-0a2a45019694-16 for ; Thu, 02 Jul 2026 12:55:04 +0200 Received: from [209.85.128.46] (helo=mail-wm1-f46.google.com) by tlsNG-d62444.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a464388-400f-0a2a45010019-d155802eb435-3 for ; Thu, 02 Jul 2026 12:55:04 +0200 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-493c733f15aso3068285e9.0 for ; Thu, 02 Jul 2026 03:55:04 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493c63648d7sm38769855e9.7.2026.07.02.03.55.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jul 2026 03:55:03 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782989704; x=1783594504; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=ilPQpTG0pa/hptnKJjw2or04R0MiCz+VtMpqPju/z7U=; b=MzfErFCR1KZYRbAUzlKUhQAM0yXaLQObwtOc+bf2+v83c3Ha6Ae8XM1bcJIVHBxk21 1Q7NGb7M0rCNTncidw4TfIadmZvtbWR+utHk5uMYf8S03IxCJE/bOuiYRi938KkZ/XcV X7Yn7/qKwZyM/pQt86FOwuvOg26DC+NmuIBxp+6HWV9SlQb/Lf00sXOy+Ecs9NWiCccJ bC2Z4OS7xB04k+dYCif7gpsp41TgS2gEzDendTKFdapgz0HwkZSUK8Ei+rUmW5YR5qpN h2UOF1ycRg74fUbKR/BkVQ1BmgGePwv/oR+MXHX3SWQgYb9VobNRs2k2rXPRbtih/dN0 i/rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782989704; x=1783594504; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ilPQpTG0pa/hptnKJjw2or04R0MiCz+VtMpqPju/z7U=; b=R/gZai3fNVLow6ATnXWg8ysR40SFRp7CKZl2B0QW66xJr/w2NPtwo7WDFJlodUgFSF HEat85efDSgOoAZAmfx641trTLfKrft8n4bfeRh86FO+KzLrdp1yUFvjfnS12430jmr2 WLBidvu3cT50vkrnc0xybvTumlVsfW8a0UFBHP16gse0beQ5+MIx9HGvKBOpsx59Nm9q Fj5FFVAu/CvdiG2X9ZBBgGhoih1py9bNYtPptx3F7P4lPHNXcrF8Wun10FY+8e2bHaKN 5WADvzIOJ3QtXGV70TNalNe+H/6IJauQPle1qha1PdCrcS9kiDhlZvSz47WrNajSmIR0 8eUQ== X-Gm-Message-State: AOJu0Yy31TK1OfjEv4S9vYZ5rTiJom068rDXGHT27TRHPt3JbvfUKJBQ V/067eFpXmBeIhaDXOFR72/5ZCKeIhJtnm6I6r2kHWcaDLICkvUKER5PheKs5yyjNgSyHpBbK39 QcOBHuA== X-Gm-Gg: AfdE7cl49xZs/R4OBYanJILRwLBj9Mt7teveHn4OYMQrbk7sD4iGzouY1R+Fwb160R7 OFI/q8DKLYYwbN78mCKg+YELUVynVZWvPX2aG5SHYV59ST45eTfxFLbe+6CBe7NRnHi3INKOdJJ RSD2MrhbB3EDzSeVlxjaUW95S4kicR7rT6uK1l3DnQyjr8Rw/TY5S7YLf0zREwGcEq1Q4iVQ5Y2 7YWonuUVD62ZVo47TG0s79jHz64m4D6Iv7kWJynMcEClU2fFlp93ECTEsJdIe91ZSUmeL6BdC2p N2A/Xqh1Dbq+BmK5Y78wSjXTq1QSCUhWABSdeje02Msk0yffmpG24i75ZA5izaoOwLVadTsm+oO 00twBSD+n0K+VL6qET0OBJH8CK/DGg8u91xrO1yowkytF05HnWHthXYrHcgvvefPlDazZyjTU70 tP0GVpJoXEFUzCT6bBS4QnbkTlhrW0hqHLIdJkIbzl8M/D31QgBng9e8JZaovXD+aF5S3juc4st bVK X-Received: by 2002:a05:600c:19cd:b0:493:bcba:3d5f with SMTP id 5b1f17b1804b1-493c63ab8e9mr26066305e9.13.1782989703898; Thu, 02 Jul 2026 03:55:03 -0700 (PDT) Message-ID: Date: Thu, 2 Jul 2026 12:55:03 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v3 1/4] x86/HVM: don't (almost) open-code POP_GPRS From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= References: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-d62444/1782989704-D06D61E0-A81DC4AA/0/0 X-purgate-type: clean X-purgate-size: 2268 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782989722288158500 Content-Type: text/plain; charset="utf-8" It can be used as-is for VMX. For SVM the special treatment of %rax needs accounting for. Signed-off-by: Jan Beulich --- This is the minimum required as a prereq to the next patch (to avoid the need for custom adjustments in the two places). We could go further and switch to using PUSH_AND_CLEAR_GPRS at the same time. --- v3: New. --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -82,22 +82,8 @@ __UNLIKELY_END(nsvm_hap) */ sti =20 - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp mov VCPU_svm_vmcb_pa(%rbx),%rax - pop %rbx - pop %r11 - pop %r10 - pop %r9 - pop %r8 - pop %rcx /* Skip %rax: restored by VMRUN. */ - pop %rcx - pop %rdx - pop %rsi - pop %rdi + POP_GPRS skip_rax=3D1 /* %rax restored by VMRUN. */ =20 SPEC_CTRL_COND_VERW /* Req: %rsp=3Deframe C= lob: efl */ =20 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -139,21 +139,7 @@ UNLIKELY_END(realmode) and $SCF_verw, %eax or %eax, %ecx =20 - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %r11 - pop %r10 - pop %r9 - pop %r8 - pop %rax - pop %rcx - pop %rdx - pop %rsi - pop %rdi + POP_GPRS /* Preserves flags. */ =20 jpe .L_skip_verw /* VERW clobbers ZF, but preserves all others, including SF. */ --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -357,7 +357,7 @@ static always_inline void stac(void) /* * POP GPRs from a UREGS_* frame on the stack. Does not modify flags. */ -.macro POP_GPRS +.macro POP_GPRS skip_rax=3D0 pop %r15 pop %r14 pop %r13 @@ -368,7 +368,11 @@ static always_inline void stac(void) pop %r10 pop %r9 pop %r8 + .if \skip_rax + pop %rcx + .else pop %rax + .endif pop %rcx pop %rdx pop %rsi From nobody Sat Jul 4 21:04:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782989746; cv=none; d=zohomail.com; s=zohoarc; b=J/dQvofUUcTjrP0AQI/JLa2/wQPi47wkwz+w/WSb4Yh2XF9KuJuNoP4wOr9gNF2ZpyxXFbARnMNTyX5EP3h+FghKwJ1DONPFrCnxWyIQvvASpPEpAYH84HGaBZDr75CkeOsXVaYta3s6b7dAzey4mqE1+GbIuywPDO3nIbVHtHk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782989746; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LVZ9L1TPFh7mEp2xecv7V5O5RSUvEp2Ng8R7qCS66ME=; b=FqiRMH7tWA3hPQWYFNcAybRt8q8Lo7BnilPHEayegIauAv6C7BXAC80pq4qFkrE5I9nt6si6lPEnYXF1j9aZRk43K/kCDPTqMN7tTp1/TYP1XgXxc+6QrCrx+poLe7IT/luYnZ7YodH6kpSs4SBr/tGx4zC8X1NRpSvBKhnxKFM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782989746560761.2843382079263; Thu, 2 Jul 2026 03:55:46 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1351643.1608753 (Exim 4.92) (envelope-from ) id 1wfF4o-0004lp-4D; Thu, 02 Jul 2026 10:55:26 +0000 Received: by outflank-mailman (output) from mailman id 1351643.1608753; Thu, 02 Jul 2026 10:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF4o-0004li-0v; Thu, 02 Jul 2026 10:55:26 +0000 Received: by outflank-mailman (input) for mailman id 1351643; Thu, 02 Jul 2026 10:55:24 +0000 Received: from mx.expurgate.net ([195.190.135.20]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF4l-0004id-Vd for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 10:55:24 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wfF4l-005SNi-Bz for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 12:55:23 +0200 Received: from [10.42.69.7] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a464398-bab6-0a2a0a5309dd-0a2a4507b412-24 for ; Thu, 02 Jul 2026 12:55:23 +0200 Received: from [209.85.221.45] (helo=mail-wr1-f45.google.com) by tlsNG-ef75cf.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a46439b-9c8e-0a2a45070019-d155dd2dace7-3 for ; Thu, 02 Jul 2026 12:55:23 +0200 Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-47122683cf3so1234215f8f.0 for ; Thu, 02 Jul 2026 03:55:23 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477ddf0f310sm7709053f8f.31.2026.07.02.03.55.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jul 2026 03:55:22 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782989722; x=1783594522; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=LVZ9L1TPFh7mEp2xecv7V5O5RSUvEp2Ng8R7qCS66ME=; b=PmLNavicnZHp8i3D+d8nIzbEowiVuG2MUXaJiMrxQtk7cuWHYWWXkpvHH4BUgN9dW7 Kx23DbEk+wq91PGnjxwYLos+biErTJa91Kb4psDd7GM4NHk0GB9wF4dtxCe7FjR3bd0I OH6uFLfWB26eb+lEUbTxH7ocpeYu1GG2QFpV3w4s6cy6mVmYAcLGXLx0GjUNGKaoHLEm ZeJNrB3mcc3pYmdKryyWany7OfX26vS8wAnBjXe1zS+f9/rrCYKwd9QHVjNHJKhI+Zjj BmI7kPRbSq+M/U8PLfetVLVRiGBiVgkedGpaHek+lw28RehDL6HO85stcRP78AcNbCD8 ksdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782989722; x=1783594522; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LVZ9L1TPFh7mEp2xecv7V5O5RSUvEp2Ng8R7qCS66ME=; b=cyahNBXJv6Abm+x+64YIL8+7fnDX5S1pOrFe+WTOAe7L+ZbUH4ya9zIunSWtRLIt9D XPNQ0PL7jMYQ4ie6Cwxj57SJXneY3U0VaIs4GYrUkUlEczpe2PxNgHx6NhYoEQJ6Vcdk qa3p3slzmJT0Is67GVmjdfWTJP8awr6zEX9h5i1QWA2YEjApv5o5JeJTSay/ri3rVlm5 siEg7FtydwWTYAL1Sv2LN6UFH1EE+9x0xLSJMQ7CCSAn+O2zJUmLgsZMDqtB+k5yTwvZ nge/c1FE7tf2Ot8IJoEI/dEMR/BH/U5Rpbz+ems+E6PA9mp0eA3WRGMj9j8pdtCyEVRU CrnQ== X-Gm-Message-State: AOJu0YxyNCq/1Ncoc7VRW3v0DdenPDGDAgOKIgNf0y8qXF1H+iM7GPOv gpsEuzIqu1GnaGPwbAaD2xcltOEX7pWBgkLXk3bbD01T1erzqYsCajzYJp+etT0m0a/Q9SM8jEe diJX/vA== X-Gm-Gg: AfdE7cmXcJBstqcssbxGTDzKIdoNN3nCdJdaOkOIFlF4/KqaEPucmPzsWoKeLNMtSNO w6FTXaw4LMFKKCWgu17PiLHwFmlzGN/kLRyLZOCzCFuxyK8coOZXJN0tscZ9P4fsW2SH2zDyiNL mfb+1nL/gkGy9xewWB8HlA8zjyUboONTD/C8v7iZzVvI1d4qyYuFoxNdWv6zBOR1PxSzaLvwtjy YOuU7L4YKieXlef/OX9lPxSqDCP1OJJqjJb2VGehK+6Jhh72F7U9fMeekS9ObAfpS8Qxuuxl+8B 94YzEVuQpw+VcIRUvTpJOrG5aQtmeSG52WeaO3ROPK2njyWnoSCqtmMzir0G+zmOwfo4jAFnM/c ow0keIrbgXe1Nz/kw3TplNfgzZ3I1f+PuBT/KiP9ZEl3Ni/an8gAJKA5q0jR+nwXEtKBVQeRqje 6pjJigJk+0PiJ80zUmnH9O0FC+XrkdeVWCDVEFD6KCCU5uZfu5bx/C/jF/155/RhIoVAARXZloV x1v X-Received: by 2002:a05:6000:240c:b0:46e:6210:ad4a with SMTP id ffacd0b85a97d-47757e57e77mr8219284f8f.5.1782989722576; Thu, 02 Jul 2026 03:55:22 -0700 (PDT) Message-ID: Date: Thu, 2 Jul 2026 12:55:21 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v3 2/4] x86: record SSP at non-guest entry points From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= References: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-ef75cf/1782989723-FDB2325E-7A3E1B2E/0/0 X-purgate-type: clean X-purgate-size: 6838 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782989748339158500 Content-Type: text/plain; charset="utf-8" We will want to use that value for call trace generation, and likely also to eliminate the somewhat fragile shadow stack searching done in fixup_exception_return(). For those purposes, guest-only entry points do not need to record that value. To keep the saving code simple, record our own SSP that corresponds to an exception frame, pointing to the top of the shadow stack counterpart of what the CPU has saved on the regular stack. Consuming code can then work its way from there. In SAVE_ALL / RESTORE_ALL simply drop the use of UREGS_r15. We want the full size in all cases, so what exactly the top-of-stack field is going to be (whose UREGS_* is 0 anyway) doesn't matter this much there. This way we don't need to distinguish between XEN_SHSTK=3Dy and XEN_SHSTK=3Dn. Signed-off-by: Jan Beulich --- v3: Put new field at the front of struct cpu_user_regs. v2: Add comment ahead of SAVE_ALL. Add comma between its parameters. Re-base. --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -89,7 +89,7 @@ __UNLIKELY_END(nsvm_hap) =20 vmrun =20 - SAVE_ALL + SAVE_ALL ssp=3D0 =20 GET_CURRENT(bx) =20 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -22,7 +22,7 @@ #include =20 FUNC(vmx_asm_vmexit_handler) - SAVE_ALL + SAVE_ALL ssp=3D0 =20 mov %cr2,%rax GET_CURRENT(bx) @@ -157,7 +157,7 @@ UNLIKELY_END(realmode) =20 .Lvmx_vmentry_fail: sti - SAVE_ALL + SAVE_ALL ssp=3D0 =20 /* * SPEC_CTRL_ENTRY notes --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -219,8 +219,12 @@ static always_inline void stac(void) #endif =20 #ifdef __ASSEMBLER__ -.macro SAVE_ALL compat=3D0 - addq $-(UREGS_error_code-UREGS_r15), %rsp +/* + * Use sites may override ssp to 0. It should never be overridden to 1. + * NB: compat=3D1 implies ssp=3D0. + */ +.macro SAVE_ALL compat=3D0, ssp=3DIS_ENABLED(CONFIG_XEN_SHSTK) + addq $-UREGS_error_code, %rsp cld movq %rdi,UREGS_rdi(%rsp) xor %edi, %edi @@ -233,6 +237,9 @@ static always_inline void stac(void) movq %rax,UREGS_rax(%rsp) xor %eax, %eax .if !\compat +.if \ssp + rdsspq %rcx +.endif movq %r8,UREGS_r8(%rsp) movq %r9,UREGS_r9(%rsp) movq %r10,UREGS_r10(%rsp) @@ -262,6 +269,9 @@ static always_inline void stac(void) xor %r13d, %r13d xor %r14d, %r14d xor %r15d, %r15d +#ifdef CONFIG_XEN_SHSTK + mov %rcx, UREGS_entry_ssp(%rsp) +#endif .endm =20 #define LOAD_ONE_REG(reg, compat) \ @@ -309,13 +319,15 @@ static always_inline void stac(void) LOAD_ONE_REG(dx, \compat) LOAD_ONE_REG(si, \compat) LOAD_ONE_REG(di, \compat) - subq $-(UREGS_error_code-UREGS_r15+\adj), %rsp + subq $-(UREGS_error_code + \adj), %rsp .endm =20 /* - * Push and clear GPRs + * Push and clear GPRs. + * + * Use sites may override ssp to 0. It should never be overridden to 1. */ -.macro PUSH_AND_CLEAR_GPRS +.macro PUSH_AND_CLEAR_GPRS ssp=3DIS_ENABLED(CONFIG_XEN_SHSTK) push %rdi xor %edi, %edi push %rsi @@ -326,6 +338,9 @@ static always_inline void stac(void) xor %ecx, %ecx push %rax xor %eax, %eax + .if \ssp + rdsspq %rcx + .endif push %r8 xor %r8d, %r8d push %r9 @@ -352,12 +367,18 @@ static always_inline void stac(void) xor %r14d, %r14d push %r15 xor %r15d, %r15d +#ifdef CONFIG_XEN_SHSTK + push %rcx +#endif .endm =20 /* * POP GPRs from a UREGS_* frame on the stack. Does not modify flags. */ .macro POP_GPRS skip_rax=3D0 +#ifdef CONFIG_XEN_SHSTK + pop %rcx +#endif pop %r15 pop %r14 pop %r13 --- a/xen/arch/x86/include/asm/cpu-user-regs.h +++ b/xen/arch/x86/include/asm/cpu-user-regs.h @@ -11,6 +11,15 @@ */ struct cpu_user_regs { +#ifdef CONFIG_XEN_SHSTK + /* + * This points _at_ the corresponding shadow stack frame; it is _not_ = the + * outer context's SSP. That, if the outer context has CET-SS enabled, + * is stored in the top slot of the pointed to shadow stack. + */ + uint64_t entry_ssp; +#endif + union { uint64_t r15; uint32_t r15d; uint16_t r15w; uint8_t r15b= ; }; union { uint64_t r14; uint32_t r14d; uint16_t r14w; uint8_t r14b= ; }; union { uint64_t r13; uint32_t r13d; uint16_t r13w; uint8_t r13b= ; }; --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -53,6 +53,9 @@ void __dummy__(void) OFFSET(UREGS_eflags, struct cpu_user_regs, rflags); OFFSET(UREGS_rsp, struct cpu_user_regs, rsp); OFFSET(UREGS_ss, struct cpu_user_regs, ss); +#ifdef CONFIG_XEN_SHSTK + OFFSET(UREGS_entry_ssp, struct cpu_user_regs, entry_ssp); +#endif DEFINE(UREGS_kernel_sizeof, sizeof(struct cpu_user_regs)); BLANK(); =20 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -304,7 +304,7 @@ FUNC(lstar_enter) pushq $0 BUILD_BUG_ON(TRAP_syscall & 0xff) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) - SAVE_ALL + SAVE_ALL ssp=3D0 =20 GET_STACK_END(14) =20 @@ -344,7 +344,7 @@ FUNC(cstar_enter) pushq $0 BUILD_BUG_ON(TRAP_syscall & 0xff) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) - SAVE_ALL + SAVE_ALL ssp=3D0 =20 GET_STACK_END(14) =20 @@ -388,7 +388,7 @@ LABEL(sysenter_eflags_saved, 0) pushq $0 BUILD_BUG_ON(TRAP_syscall & 0xff) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) - SAVE_ALL + SAVE_ALL ssp=3D0 =20 GET_STACK_END(14) =20 @@ -444,7 +444,7 @@ FUNC(entry_int80) ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movb $0x80, EFRAME_entry_vector(%rsp) - SAVE_ALL + SAVE_ALL ssp=3D0 =20 GET_STACK_END(14) =20 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -11,7 +11,7 @@ /* The Ring3 entry point is required to be 4k aligned. */ =20 FUNC(entry_FRED_R3, 4096) - PUSH_AND_CLEAR_GPRS + PUSH_AND_CLEAR_GPRS ssp=3D0 =20 mov %rsp, %rdi call entry_from_pv @@ -54,7 +54,7 @@ LABEL(eretu, 0) END(eretu_exit_to_guest) =20 FUNC(eretu_error_dom_crash) - PUSH_AND_CLEAR_GPRS + PUSH_AND_CLEAR_GPRS ssp=3D0 sti call asm_domain_crash_synchronous /* Does not return */ END(eretu_error_dom_crash) From nobody Sat Jul 4 21:04:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782989756; cv=none; d=zohomail.com; s=zohoarc; b=OyqUIk80DNL1TEhN9nev6JKehM+DdsyjXjTavBLRwEERTjTB16kabaP9u4EQ2y6iA+CtM4TXr2yCXkGw+BDG6KNzUIilu2BcBc1Bvt2ldUAMw3sbb2yZEcOz/biHWm6wn7btuWPUW0DzghSHwSiDZwhbF25zSyv6q5+XUOwEtTc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782989756; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=v/oOuLNsb9sp/2KN0lUVF17VXE209vMr5egGnhDKc+8=; b=Z6WszSj+C1iB0LmVv5U71eFzFLMKKINZlUp/D1pOxrdHrndV5FiChSBgZDtpmk0c4Gwo4WDFmSdBrZDSVfvKfnEvFwx21jbVu+TO0xarD6kiRGiOOPUJJGPBXpvr/3a1Uk0srnTq9qnNpSbUPN66GV+0NXtlR5WNXw4ZsiDNCjc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782989756703385.148920472309; Thu, 2 Jul 2026 03:55:56 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1351652.1608763 (Exim 4.92) (envelope-from ) id 1wfF55-0005GB-Cw; Thu, 02 Jul 2026 10:55:43 +0000 Received: by outflank-mailman (output) from mailman id 1351652.1608763; Thu, 02 Jul 2026 10:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF55-0005G4-8n; Thu, 02 Jul 2026 10:55:43 +0000 Received: by outflank-mailman (input) for mailman id 1351652; Thu, 02 Jul 2026 10:55:42 +0000 Received: from mx.expurgate.net ([195.190.135.20]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF53-0005Cy-U6 for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 10:55:42 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wfF53-005SQm-Ai for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 12:55:41 +0200 Received: from [10.42.69.7] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a4643a0-bab6-0a2a0a5309dd-0a2a45078f00-16 for ; Thu, 02 Jul 2026 12:55:41 +0200 Received: from [209.85.221.46] (helo=mail-wr1-f46.google.com) by tlsNG-ef75cf.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a4643ad-9c8e-0a2a45070019-d155dd2eec47-3 for ; Thu, 02 Jul 2026 12:55:41 +0200 Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-476a130c138so1548930f8f.0 for ; Thu, 02 Jul 2026 03:55:41 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477de3dcf59sm8095181f8f.34.2026.07.02.03.55.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jul 2026 03:55:40 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:Content-Type:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782989741; x=1783594541; darn=lists.xenproject.org; h=content-transfer-encoding:content-type:in-reply-to:autocrypt :content-language:references:cc:to:from:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to:content-type; bh=v/oOuLNsb9sp/2KN0lUVF17VXE209vMr5egGnhDKc+8=; b=QSciwZm4Sqjo8HcN3GFTnHote/Ra7qMd14YkrQLee5zAAvkTv82OUXgeuLQ7rJRHdL wUzmOc4bZu7wXpak+iKvRv7vFFt/f5gcX5I10PdQx3spqrw4nD/JVIk8XRHiwF3iSzQS BBu4ocYe4Su66/CnKhVx7C196L+lW03Odk9QkIaUpCpfRnd3oBUWBeFEPELmrbDtT1CW GHnALswW+tO5gYU8pOiYr6OtMU1A+a7/qw/YZ6Bi4565lVRn18Qo0vqTKYA4qT0bk1s1 ZRSLPzjrXwQGCNTaXmiso6n0LTwtkn3vQQ6p2h3pI1s6F65X0YOsV1Hos1sPwVph5XAs BkbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782989741; x=1783594541; h=content-transfer-encoding:content-type:in-reply-to:autocrypt :content-language:references:cc:to:from:subject:user-agent :mime-version:date:message-id:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to:content-type; bh=v/oOuLNsb9sp/2KN0lUVF17VXE209vMr5egGnhDKc+8=; b=gvr4Hf0JcZl53EqtnnMm8PZdWITNe6ntjQkHYK6U6AZpJNxJg0qOWY677X7Uj7HrOM PXK0bF0zWyIYNWmEewFZN7tS1qiG9/Q5Jz27mJEou6oZXdLzrK5YeExndehv1Og7pclu ggVWkLyGA0GSiooPK7KF1s/gZj2C0S5Ecfj0X4LJcT4VvvEbjHZW2KgW4dXg/8Con5xC 7ll0upuzLT9uf4JBpimxtupEUvIrl83GhrswjbMhS5xaJJAVJ4kz4Zkp+lD7FvTaZJhy 56iJ72hjimYsAcuGaLP4N6Tohi2tbMbuQlMsGZSul2lvmBGemIIidM7wNliO9PJKOPTe 1fEw== X-Gm-Message-State: AOJu0YwjR8Xyi2+PlTIaRlRAMf72VHAwlqca1pR1y5CG8V7QVvySYdkU Jm0ZYHLahvisDz0TiMOZK46JoD2+L9s5KOgm/h90nik8DWXeBXcfC2uEZw3imJV8DKX/iHqa4Jm lIczSqA== X-Gm-Gg: AfdE7ckIJ0u3oeQGE8y8wA/Ot2DGrvWEHuwWdf36xjjSqZFYBBpAN7jjaaGM+qSmMyM QAn+8yveSYSsALb7UZ5fyr6E9TrCh1UVLjFFWdfx4vro304ru3vOJFcGpoRwyFF8GCBMATEnq2N QqaWaSDxHKZ0AqkUJfSN0buj9v/xk4Yh86Uzk9inc6DuLftCKz3HygVCl+o1Eq/MFiFp6LqF11A 5J8MrZXVSplfuRUFn0E15Gzk1oAIlH+9zeVMq0Y6NY+Sr5+1AnAwoFyQQZBKON6ut/UirrPGInD vQ8piYhM/FjkniS71UzdVLJlZHia6fSqSoIjrPE1RA0Z6+VpEE7TjhYUBuhQ+72w7XE3mZv6dkI DPXTXtxjy361IybuyiLFmhfCLGiCmqPiK/L9SYbYXSKufS8RsVluCZeRM7BdNUvKyEOj65cQRLj +wc5twcX1TYLzXbdas6jawumAyIwoXXmcB9jJYhuRlur96pTqwaIwbDKlG9wnqiqThtCKmXD7yO j5c X-Received: by 2002:a5d:5f56:0:b0:470:390c:1e73 with SMTP id ffacd0b85a97d-477b39839cbmr7299589f8f.18.1782989740669; Thu, 02 Jul 2026 03:55:40 -0700 (PDT) Message-ID: <8af61c08-71f9-4d18-ba9c-952b7894c44d@suse.com> Date: Thu, 2 Jul 2026 12:55:39 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v3 3/4] x86/traps: use entry_ssp in fixup_exception_return() From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= References: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-ef75cf/1782989741-7DB2325E-58462B72/0/0 X-purgate-type: clean X-purgate-size: 5876 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782989758240158500 Content-Type: text/plain; charset="utf-8" With the value recorded on entry there's no need anymore to go hunt for the respective exception frame on the shadow stack. By deriving "ptr" from that field (without any offset), it then ends up pointing one slot lower than before. Therefore all array indexes need incrementing, nicely doing away with all the negative ones. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- Indentation of the prior inner (but not innermost) if()'s body is deliberately left untouched, to aid review. It'll be adjusted in a separate follow-on patch. --- v3: Relax the first BUG_ON(). v2: IS_ENABLED() -> #ifdef. Re-base. --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -690,19 +690,6 @@ unsigned long get_stack_trace_bottom(uns } } =20 -static unsigned long get_shstk_bottom(unsigned long sp) -{ - /* SAF-11-safe */ - switch ( get_stack_page(sp) ) - { -#ifdef CONFIG_XEN_SHSTK - case 0: return ROUNDUP(sp, IST_SHSTK_SIZE) - sizeof(unsigned long); - case 5: return ROUNDUP(sp, PAGE_SIZE) - sizeof(unsigned long); -#endif - default: return sp - sizeof(unsigned long); - } -} - unsigned long get_stack_dump_bottom(unsigned long sp) { switch ( get_stack_page(sp) ) @@ -1187,26 +1174,29 @@ void asmlinkage noreturn do_unhandled_tr static void fixup_exception_return(struct cpu_user_regs *regs, unsigned long fixup, unsigned long stub= _ra) { - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) +#ifdef CONFIG_XEN_SHSTK { - unsigned long ssp, *ptr, *base; + unsigned long ssp =3D rdssp(); =20 - if ( (ssp =3D rdssp()) =3D=3D SSP_NO_SHSTK ) - goto shstk_done; + if ( ssp !=3D SSP_NO_SHSTK ) + { + unsigned long *ptr =3D _p(regs->entry_ssp); + unsigned long primary_shstk =3D + (ssp & ~(STACK_SIZE - 1)) + + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8; =20 - ptr =3D _p(ssp); - base =3D _p(get_shstk_bottom(ssp)); + BUG_ON((regs->entry_ssp ^ primary_shstk) >> + (PAGE_SHIFT + STACK_ORDER)); =20 - for ( ; ptr < base; ++ptr ) - { /* - * Search for %rip. The shstk currently looks like this: + * The shstk currently looks like this: * * tok [Supervisor token, =3D=3D &tok | BUSY, only with FRE= D inactive] * ... [Pointed to by SSP for most exceptions, empty in IST= cases] * %cs [=3D=3D regs->cs] * %rip [=3D=3D regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] + * SSP [Pointed to by entry_ssp; Likely points to 3 slots + * higher, above %cs] * ... [call tree to this function, likely 2/3 slots] * * and we want to overwrite %rip with fixup. There are two @@ -1219,13 +1209,10 @@ static void fixup_exception_return(struc * * Check for both regs->rip and regs->cs matching. */ - if ( ptr[0] =3D=3D regs->rip && ptr[1] =3D=3D regs->cs ) - { - unsigned long primary_shstk =3D - (ssp & ~(STACK_SIZE - 1)) + - (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8; + BUG_ON(ptr[1] !=3D regs->rip || ptr[2] !=3D regs->cs); =20 - wrss(fixup, ptr); + { + wrss(fixup, &ptr[1]); =20 if ( !stub_ra ) goto shstk_done; @@ -1242,7 +1229,7 @@ static void fixup_exception_return(struc * - if we're on an IST stack, we need to increment the * original SSP. */ - BUG_ON((ptr[-1] ^ primary_shstk) >> PAGE_SHIFT); + BUG_ON((ptr[0] ^ primary_shstk) >> PAGE_SHIFT); =20 if ( (ssp ^ primary_shstk) >> PAGE_SHIFT ) { @@ -1251,39 +1238,30 @@ static void fixup_exception_return(struc * addresses actually match. Then increment the inter= rupted * context's SSP. */ - BUG_ON(stub_ra !=3D *(unsigned long*)ptr[-1]); - wrss(ptr[-1] + 8, &ptr[-1]); + BUG_ON(stub_ra !=3D *(unsigned long*)ptr[0]); + wrss(ptr[0] + 8, &ptr[0]); goto shstk_done; } =20 /* Make sure the two return addresses actually match. */ - BUG_ON(stub_ra !=3D ptr[2]); + BUG_ON(stub_ra !=3D ptr[3]); =20 /* Move exception frame, updating SSP there. */ - wrss(ptr[1], &ptr[2]); /* %cs */ - wrss(ptr[0], &ptr[1]); /* %rip */ - wrss(ptr[-1] + 8, &ptr[0]); /* SSP */ + wrss(ptr[2], &ptr[3]); /* %cs */ + wrss(ptr[1], &ptr[2]); /* %rip */ + wrss(ptr[0] + 8, &ptr[1]); /* SSP */ =20 /* Move all newer entries. */ - while ( --ptr !=3D _p(ssp) ) - wrss(ptr[-1], &ptr[0]); + while ( ptr-- !=3D _p(ssp) ) + wrss(ptr[0], &ptr[1]); =20 /* Finally account for our own stack having shifted up. */ asm volatile ( "incsspd %0" :: "r" (2) ); - - goto shstk_done; } } - - /* - * We failed to locate and fix up the shadow IRET frame. This cou= ld - * be due to shadow stack corruption, or bad logic above. We cann= ot - * continue executing the interrupted context. - */ - BUG(); - } shstk_done: +#endif /* CONFIG_XEN_SHSTK */ =20 /* Fixup the regular stack. */ regs->rip =3D fixup; From nobody Sat Jul 4 21:04:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782989777; cv=none; d=zohomail.com; s=zohoarc; b=e3O+F2OjT7GcgusaFswDIvXW39sxslHW0Svy7wDtf/hM0RFos3R/fYUTHZKCK9ioIsbScnSIp0tnQwJYQ9FdB63Js9LXvzcWdo3r2C/beRZ5zBbr5M4XRAVxu2CQAKOjFi6cT77ntsBfBq1+4haXMd26yaCTBS+r7T/g9aUgKL4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782989777; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=y40rikzKdW41I0gcKC+jqL54qXX/dn+hAUR30HB1xyE=; b=QSBqLBQQXrBY4Nr+UdgUa4/zNN0a9BLwKJxtfVm+RE62oWNq8tku2Ahy5n4w+wuAX4VR6SLXA/6Cl5bYEcyMLItvrseZwkTKPyu1Wo8uoGp/a5vUBXHwaXqRDKqcdixPiwea7858ijEGjFyb4TZ/wuy2MzNbzIbu0ru+9KA+xqo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782989777729283.5479723025628; Thu, 2 Jul 2026 03:56:17 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1351659.1608770 (Exim 4.92) (envelope-from ) id 1wfF5N-0005lO-Md; Thu, 02 Jul 2026 10:56:01 +0000 Received: by outflank-mailman (output) from mailman id 1351659.1608770; Thu, 02 Jul 2026 10:56:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF5N-0005lF-K6; Thu, 02 Jul 2026 10:56:01 +0000 Received: by outflank-mailman (input) for mailman id 1351659; Thu, 02 Jul 2026 10:56:00 +0000 Received: from mx.expurgate.net ([195.190.135.20]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wfF5M-0005jW-6p for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 10:56:00 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wfF5L-005SZh-J2 for xen-devel@lists.xenproject.org; Thu, 02 Jul 2026 12:55:59 +0200 Received: from [10.42.69.11] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a4643ae-5cb7-0a2a0a5109dd-0a2a450bcd14-28 for ; Thu, 02 Jul 2026 12:55:59 +0200 Received: from [209.85.128.48] (helo=mail-wm1-f48.google.com) by tlsNG-42698a.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a4643bf-ac48-0a2a450b0019-d1558030b18d-3 for ; Thu, 02 Jul 2026 12:55:59 +0200 Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-493b7612475so13560495e9.3 for ; Thu, 02 Jul 2026 03:55:59 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477dbe617b1sm7898518f8f.16.2026.07.02.03.55.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jul 2026 03:55:58 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782989759; x=1783594559; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=y40rikzKdW41I0gcKC+jqL54qXX/dn+hAUR30HB1xyE=; b=eh7Q7K2qOy6U8kyHHoMlBLcaCpYUYEXasesUO+v22GXrh85ks2gWvTGrJxszC4uFXL U2yQm+v31PYfsVhlmRVOGTlkKnHGvWWcF9v26fatcEF+6XFeI9CNcgMHVhMELU3YXWfW 0p8kQPLzvoTQVqtcwUHOb8y2OHfcGI3EyAJI5jx7w67SxBvPACpQGKYqP7wEErXjF0Uq pG21wNG6ZcR2fD6WMdW5U1a1QT84NBYPX6Jh1JZ8Gk6BPBa/yLHwV2gOlKHamqeWEySJ JbA0hlHxHweXO9f6IKEpKGkt+c423OahOmHPFZp0dKIGK6kUf1b7NLbyPM2iDDz8HOwM wncg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782989759; x=1783594559; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=y40rikzKdW41I0gcKC+jqL54qXX/dn+hAUR30HB1xyE=; b=Os6dZxCuPeBPM2L5BHEiYDkNgy1rtkRsQy1xnvSFRW7CEmTsIuQue+fIh6NCzqNjkH xfjfsGQIh39T3x/O1+SAwSrHSgu94bwRSZ0RIgJvNLdI3xk7txG2ji0YAlhT6hP/iM6b Qeq+oEa3iICAPyWGnUauD6veyr6cH+zq35OWBzoNxpdjsPe7G3Vheqc2IxzVrNYYXWsM KBrs7lpP+s87sn0WhoVYwK9rMmLWc8Pict9lTn+a80CwqYAUyr4OvwPj/TfkfW1uQV0h /vTndmDHYM/3Mtx2ojg45wnanyy2+ZyDqzWwZoied/CqImBsD7bFAmy1wioU2KHz4wjo lspQ== X-Gm-Message-State: AOJu0Yyl/uTkwoLs4XJod1M43mCnEVXc1dF6LcoUtFylQFaaew0fwroJ s1jsRfLqefNkN2vmTHCJPDGxBsEg8eWjjIEaFVkK3VNCSjL7z3vN3Wg9qxSYOqNGFLlZKoXDYe4 PpmK0zg== X-Gm-Gg: AfdE7ckQhybl4zb0k61r51PansW7a85LEtgvIS2drbL1tN8dkKeYsfe0+jmjBNWkdTN letBbw5XLYgoPkrKFyNKpW2vUy+xvAYWtsL4U6h1SstVPvNBMYopaeA+C5FDflyLjHtMqqCkdRJ b9gq5u4O8JzdWdpfwyoaN1AhnNNN/VZxkIrTmm34eSZtsfq0HenTK4u2chvfNcb4DpEA3PhUf+o KcM8yAGobIiSx62CvzJxQxYn1umFcxEPsAUy4SjroUnt4HXfcp3i916OAWuLwjrZfTP2fne5ntb Mk61JYOxGDl9m7sQo82T576ffhOobjhAwbusgQ1DIkSsTV0iBvpASbNdC4QZlWKlaUQCr+uRlps b/gA+n3b3KQFlVdOJurVuI2Olo5FOt3A4rmc/gxfqcJqejtzs3r942QeSYG5OkYamwVZcQqWfM+ 3/vV6SukEB8a3avIRldWJ53/olpBJdtdJV8k0Ueu/b3AH1R9FQYoZskOtsOha2wi+0A30oenQ54 hSh X-Received: by 2002:a05:600d:c:b0:493:aa28:38ad with SMTP id 5b1f17b1804b1-493c2b4442emr58140175e9.10.1782989758979; Thu, 02 Jul 2026 03:55:58 -0700 (PDT) Message-ID: <3ed270eb-4417-4340-a3da-f06704b27047@suse.com> Date: Thu, 2 Jul 2026 12:55:58 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v3 4/4] x86: prefer shadow stack for producing call traces From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= References: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: <7ba5ecff-af64-49c0-abf9-23963ca56aa6@suse.com> Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-42698a/1782989759-A6939220-6047AE3A/0/0 X-purgate-type: clean X-purgate-size: 4605 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782989780388158501 Content-Type: text/plain; charset="utf-8" Shadow stacks contain little more than return addresses, and they in particular allow precise call traces also with FRAME_POINTER=3Dn: (XEN) Xen call trace: (XEN) [] R extable.c#search_one_extable+0x70/0x73 (XEN) [] C search_exception_table+0xc2/0x177 (XEN) [] C traps.c#extable_fixup.isra.0+0x18/0x6c (XEN) [] C do_invalid_op+0xab/0x106 (XEN) [] C x86_64/entry.S#handle_exception_saved+0x88/= 0xf4 (XEN) [] E ffff82d07fffe044 (XEN) [] C stub_selftest+0xd0/0x168 (XEN) [] C setup.c#init_done+0x116/0x15a as opposed to this counterpart (earlier during the same boot, before CET is enabled): (XEN) Xen call trace: (XEN) [] R extable.c#search_one_extable+0x70/0x73 (XEN) [] S search_exception_table+0xc2/0x177 (XEN) [] S traps.c#extable_fixup.isra.0+0x18/0x6c (XEN) [] S do_invalid_op+0xab/0x106 (XEN) [] S x86_64/entry.S#handle_exception_saved+0x88/= 0xf4 (XEN) [] S stub_selftest+0xd0/0x168 (XEN) [] S do_initcalls+0x29/0x38 (XEN) [] S __start_xen+0x1c72/0x2235 (XEN) [] S __high_start+0xb7/0xc0 (note the entirely missing entry for the stub itself [1]; sadly there are no stray entries there). [1] Arguably we could teach FRAME_POINTER=3Dn traces to recognize stubs as well. But not FRAME_POINTER=3Dy ones. In fact, what's missing there isn't the stub itself, but (of course) its immediate caller. Signed-off-by: Jan Beulich --- While the 'E' for exception frames is probably okay, I'm not overly happy with the 'C' (for CET). I would have preferred 'S' (for shadow), but we use that character already. As an alternative to suppressing output for the top level exception frame, adding the new code ahead of the 'R' output line (and then also ahead of the stack top read) could be considered. Quite likely a number of other uses of is_active_kernel_text() also want amending with in_stub(). --- v3: Correct "link to other shadow stack" check. Don't log a line for the (impossible) PV case. Add example stack trace to description. v2: IS_ENABLED() -> #ifdef. Re-base. --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -705,6 +706,13 @@ unsigned long get_stack_dump_bottom(unsi } } =20 +#ifdef CONFIG_XEN_SHSTK +static bool in_stub(unsigned long addr) +{ + return !((this_cpu(stubs.addr) ^ addr) >> STUB_BUF_SHIFT); +} +#endif + #if !defined(CONFIG_FRAME_POINTER) =20 /* @@ -797,6 +805,49 @@ static void show_trace(const struct cpu_ !is_active_kernel_text(tos) ) printk(" [<%p>] R %pS\n", _p(regs->rip), _p(regs->rip)); =20 +#ifdef CONFIG_XEN_SHSTK + if ( rdssp() !=3D SSP_NO_SHSTK ) + { + const unsigned long *ptr =3D _p(regs->entry_ssp); + unsigned int n; + + for ( n =3D 0; (unsigned long)ptr & (PAGE_SIZE - sizeof(*ptr)); ++= n ) + { + unsigned long val =3D *ptr; + + if ( is_active_kernel_text(val) || in_stub(val) ) + { + /* Normal return address entry. */ + printk(" [<%p>] C %pS\n", _p(val), _p(val)); + ++ptr; + } + else if ( !((val ^ (unsigned long)ptr) >> + (PAGE_SHIFT + STACK_ORDER)) ) + { + if ( val & (sizeof(val) - 1) ) + { + /* Most likely a supervisor token. */ + break; + } + + /* + * Ought to be a hypervisor interruption frame. But don't + * (re)log the current frame's %rip. + */ + if ( n || ptr[1] !=3D regs->rip ) + printk(" [<%p>] E %pS\n", _p(ptr[1]), _p(ptr[1])); + ptr =3D _p(val); + } + else /* Bogus. */ + break; + } + + /* Fall back to legacy stack trace if nothing was logged at all. */ + if ( n ) + return; + } +#endif /* CONFIG_XEN_SHSTK */ + if ( fault ) { printk(" [Fault on access]\n");