On Sat, Dec 31, 2022 at 12:30:07AM +0000, Andrew Cooper wrote: > Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack > Token". > > Architecturally, an event delivery which starts in CPL>3 and switches shadow > stack will first validate the Supervisor Shstk Token and set the busy bit, > then pushes LIP/CS/SSP. One example of this is an NMI interrupting Xen. > > Some CPUs suffer from an issue called fracturing, whereby a fault/vmexit/etc > between setting the busy bit and completing the event injection renders the > action non-restartable, because when it comes time to restart, the busy bit is > found to be already set. > > This is far more easily encountered under virt, yet it is not the fault of the > hypervisor, nor the fault of the guest kernel. The fault lies somewhere > between the architectural specification, and the uarch behaviour. > > Intel have allocated CPUID.7[1].ecx[18] CET_SSS to enumerate that supervisor > shadow stacks are safe to use. Because of how Xen lays out its shadow stacks, > fracturing is not expected to be a problem on native. > > Detect this case on boot and default to not using shstk if virtualised. > Specifying `cet=shstk` on the command line will override this heurstic and > enable shadow stacks irrespective. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > CC: Jan Beulich <jbeul...@suse.com> > CC: Roger Pau Monné <roger....@citrix.com> > CC: Wei Liu <w...@xen.org> > > I've got a query out with AMD, but so far it is only Intel CPUs known to be > impacted. > > This ideally wants backporting to Xen 4.14. I have no idea how likely it is > to need to backport the prerequisite patch for new feature words, but we've > already had to do that once for security patches... > --- > docs/misc/xen-command-line.pandoc | 7 +++++- > tools/libs/light/libxl_cpuid.c | 2 ++ > tools/misc/xen-cpuid.c | 1 + > xen/arch/x86/cpu/common.c | 11 +++++++-- > xen/arch/x86/setup.c | 37 > ++++++++++++++++++++++++++--- > xen/include/public/arch-x86/cpufeatureset.h | 1 + > 6 files changed, 53 insertions(+), 6 deletions(-) > > diff --git a/docs/misc/xen-command-line.pandoc > b/docs/misc/xen-command-line.pandoc > index 923910f553c5..19d4d815bdee 100644 > --- a/docs/misc/xen-command-line.pandoc > +++ b/docs/misc/xen-command-line.pandoc > @@ -287,10 +287,15 @@ can be maintained with the pv-shim mechanism. > protection. > > The option is available when `CONFIG_XEN_SHSTK` is compiled in, and > - defaults to `true` on hardware supporting CET-SS. Specifying > + generally defaults to `true` on hardware supporting CET-SS. Specifying > `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support > is available in hardware. > > + Some hardware suffers from an issue known as Supervisor Shadow Stack > + Fracturing. On such hardware, Xen will default to not using Shadow > Stacks > + when virtualised. Specifying `cet=shstk` will override this heuristic > and > + enable Shadow Stacks unilaterally. > + > * The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for > its own protection. > > diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c > index 2aa23225f42c..d97a2f3338bc 100644 > --- a/tools/libs/light/libxl_cpuid.c > +++ b/tools/libs/light/libxl_cpuid.c > @@ -235,6 +235,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list > *cpuid, const char* str) > {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, > {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, > > + {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1}, > + > {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, > {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, > > diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c > index 0091a11a67bc..ea33b587665d 100644 > --- a/tools/misc/xen-cpuid.c > +++ b/tools/misc/xen-cpuid.c > @@ -208,6 +208,7 @@ static const char *const str_7c1[32] = > > static const char *const str_7d1[32] = > { > + [18] = "cet-sss", > }; > > static const char *const str_7d2[32] = > diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c > index b3fcf4680f3a..d962f384a995 100644 > --- a/xen/arch/x86/cpu/common.c > +++ b/xen/arch/x86/cpu/common.c > @@ -346,11 +346,18 @@ void __init early_cpu_init(void) > x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86, > c->x86_model, c->x86_model, c->x86_mask, eax); > > - if (c->cpuid_level >= 7) > - cpuid_count(7, 0, &eax, &ebx, > + if (c->cpuid_level >= 7) { > + uint32_t max_subleaf; > + > + cpuid_count(7, 0, &max_subleaf, &ebx, > &c->x86_capability[FEATURESET_7c0], > &c->x86_capability[FEATURESET_7d0]); > > + if (max_subleaf >= 1)
tabs vs spaces ... Is this file imported from Linux? It uses tabs for indentation, contrary to the rest of the Xen code base. > + cpuid_count(7, 1, &eax, &ebx, &ecx, > + &c->x86_capability[FEATURESET_7d1]); > + } > + > eax = cpuid_eax(0x80000000); > if ((eax >> 16) == 0x8000 && eax >= 0x80000008) { > ebx = eax >= 0x8000001f ? cpuid_ebx(0x8000001f) : 0; > diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c > index 566422600d94..e052b7b748fa 100644 > --- a/xen/arch/x86/setup.c > +++ b/xen/arch/x86/setup.c > @@ -96,7 +96,7 @@ size_param("highmem-start", highmem_start); > #endif > > #ifdef CONFIG_XEN_SHSTK > -static bool __initdata opt_xen_shstk = true; > +static int8_t __initdata opt_xen_shstk = -1; > #else > #define opt_xen_shstk false > #endif > @@ -1101,9 +1101,40 @@ void __init noreturn __start_xen(unsigned long mbi_p) > /* Choose shadow stack early, to set infrastructure up appropriately. */ > if ( opt_xen_shstk && boot_cpu_has(X86_FEATURE_CET_SS) ) > { > - printk("Enabling Supervisor Shadow Stacks\n"); > + /* > + * Some CPUs suffer from Shadow Stack Fracturing, an issue whereby a > + * fault/VMExit/etc between setting a Supervisor Busy bit and the > + * event delivery completing renders the operation non-restartable. > + * On restart, event delivery will find the Busy bit already set. > + * > + * This is a problem on native, but outside of synthetic cases, only > + * with #MC against a stack access (in which case we're dead anyway). > + * It is a much bigger problem under virt, because we can VMExit for > a > + * number of legitimate reasons and tickle this bug. > + * > + * CPUs with this addressed enumerate CET-SSS to indicate that > + * supervisor shadow stacks are now safe to use. > + */ > + bool cpu_has_bug_shstk_fracture = > + boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && > + !boot_cpu_has(X86_FEATURE_CET_SSS); > + > + /* > + * On native, assume that Xen won't be impacted by shstk fracturing > + * problems. Under virt, be more conservative and disable shstk by > + * default. > + */ > + if ( opt_xen_shstk == -1 ) > + opt_xen_shstk = > + cpu_has_hypervisor ? !cpu_has_bug_shstk_fracture > + : true; > + > + if ( opt_xen_shstk ) > + { > + printk("Enabling Supervisor Shadow Stacks\n"); > > - setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); > + setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); > + } > } > > if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) > diff --git a/xen/include/public/arch-x86/cpufeatureset.h > b/xen/include/public/arch-x86/cpufeatureset.h > index 7a896f0e2d92..f6a46f62a549 100644 > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -290,6 +290,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* > Protected Processor Inventory > > /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ > /* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */ > +XEN_CPUFEATURE(CET_SSS, 15*32+18) /* CET Supervisor Shadow > Stacks safe to use */ > > /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ > XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ > -- > 2.11.0 > > -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
signature.asc
Description: PGP signature