Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Doebel, Bjoern
; xen-devel@lists.xenproject.org Cc: Michael Kurth ; Martin Pohlack ; Roger Pau Monne ; Andrew Cooper ; Konrad Rzeszutek Wilk Subject: Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions On 08.03.22 16:25, Ross Lagerwall wrote: CAUTION: This email originated from

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Ross Lagerwall
> From: Doebel, Bjoern > Sent: Tuesday, March 8, 2022 3:41 PM > To: Ross Lagerwall ; > xen-devel@lists.xenproject.org > Cc: Michael Kurth ; Martin Pohlack ; > Roger Pau Monne ; Andrew Cooper > ; Konrad Rzeszutek Wilk > Subject: Re: [PATCH v3 2/2] xen/x86: Livepat

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Doebel, Bjoern
@lists.xenproject.org Cc: Michael Kurth ; Martin Pohlack ; Roger Pau Monne ; Andrew Cooper ; Bjoern Doebel ; Konrad Rzeszutek Wilk ; Ross Lagerwall Subject: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Ross Lagerwall
> From: Bjoern Doebel > Sent: Tuesday, March 8, 2022 10:29 AM > To: xen-devel@lists.xenproject.org > Cc: Michael Kurth ; Martin Pohlack ; > Roger Pau Monne ; Andrew Cooper > ; Bjoern Doebel ; Konrad > Rzeszutek Wilk ; Ross Lagerwall > > Subject: [PATCH v3 2/2]

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Doebel, Bjoern
On 08.03.22 14:06, Konrad Rzeszutek Wilk wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. On Tue, Mar 08, 2022 at 12:44:54PM +, Andrew Cooper wrote: On 08/03/2

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Doebel, Bjoern
On 08.03.22 13:44, Andrew Cooper wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. On 08/03/2022 10:29, Bjoern Doebel wrote: @@ -104,18 +122,34 @@ void noinline arc

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Konrad Rzeszutek Wilk
On Tue, Mar 08, 2022 at 12:44:54PM +, Andrew Cooper wrote: > On 08/03/2022 10:29, Bjoern Doebel wrote: > > @@ -104,18 +122,34 @@ void noinline arch_livepatch_revive(void) > > > > int arch_livepatch_verify_func(const struct livepatch_func *func) > > { > > +BUILD_BUG_ON(sizeof(struct x86_

Re: [PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Andrew Cooper
On 08/03/2022 10:29, Bjoern Doebel wrote: > @@ -104,18 +122,34 @@ void noinline arch_livepatch_revive(void) > > int arch_livepatch_verify_func(const struct livepatch_func *func) > { > +BUILD_BUG_ON(sizeof(struct x86_livepatch_meta) != LIVEPATCH_OPAQUE_SIZE); > + > /* If NOPing.. */ >

[PATCH v3 2/2] xen/x86: Livepatch: support patching CET-enhanced functions

2022-03-08 Thread Bjoern Doebel
Xen enabled CET for supporting architectures. The control flow aspect of CET expects functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch