1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
From 5857cc632b884711c172c5766b8fbba59f990b47 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 3 Mar 2023 08:12:24 +0100
Subject: [PATCH 26/61] x86/shskt: Disable CET-SS on parts susceptible to
fractured updates
Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack
Token".
Architecturally, an event delivery which starts in CPL<3 and switches shadow
stack will first validate the Supervisor Shadow Stack Token (setting the busy
bit), then pushes CS/LIP/SSP. One example of this is an NMI interrupting Xen.
Some CPUs suffer from an issue called fracturing, whereby a fault/vmexit/etc
between setting the busy bit and completing the event injection renders the
action non-restartable, because when it comes time to restart, the busy bit is
found to be already set.
This is far more easily encountered under virt, yet it is not the fault of the
hypervisor, nor the fault of the guest kernel. The fault lies somewhere
between the architectural specification, and the uarch behaviour.
Intel have allocated CPUID.7[1].ecx[18] CET_SSS to enumerate that supervisor
shadow stacks are safe to use. Because of how Xen lays out its shadow stacks,
fracturing is not expected to be a problem on native.
Detect this case on boot and default to not using shstk if virtualised.
Specifying `cet=shstk` on the command line will override this heuristic and
enable shadow stacks irrespective.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit: 01e7477d1b081cff4288ff9f51ec59ee94c03ee0
master date: 2023-02-09 18:26:17 +0000
---
docs/misc/xen-command-line.pandoc | 7 +++-
tools/libs/light/libxl_cpuid.c | 2 +
tools/misc/xen-cpuid.c | 1 +
xen/arch/x86/cpu/common.c | 8 +++-
xen/arch/x86/setup.c | 46 +++++++++++++++++----
xen/include/public/arch-x86/cpufeatureset.h | 1 +
6 files changed, 55 insertions(+), 10 deletions(-)
diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
index b3f60cd923..a6018fd5c3 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -287,10 +287,15 @@ can be maintained with the pv-shim mechanism.
protection.
The option is available when `CONFIG_XEN_SHSTK` is compiled in, and
- defaults to `true` on hardware supporting CET-SS. Specifying
+ generally defaults to `true` on hardware supporting CET-SS. Specifying
`cet=no-shstk` will cause Xen not to use Shadow Stacks even when support
is available in hardware.
+ Some hardware suffers from an issue known as Supervisor Shadow Stack
+ Fracturing. On such hardware, Xen will default to not using Shadow Stacks
+ when virtualised. Specifying `cet=shstk` will override this heuristic and
+ enable Shadow Stacks unilaterally.
+
* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for
its own protection.
diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c
index 691d5c6b2a..b4eacc2bd5 100644
--- a/tools/libs/light/libxl_cpuid.c
+++ b/tools/libs/light/libxl_cpuid.c
@@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
{"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1},
{"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1},
+ {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1},
+
{"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1},
{"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1},
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index 3cfbbf043f..db9c4ed8fc 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -204,6 +204,7 @@ static const char *const str_7c1[32] =
static const char *const str_7d1[32] =
{
+ [18] = "cet-sss",
};
static const char *const str_7d2[32] =
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index 8222de6461..e1fc034ce6 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -344,9 +344,15 @@ void __init early_cpu_init(void)
c->x86_model, c->x86_model, c->x86_mask, eax);
if (c->cpuid_level >= 7) {
- cpuid_count(7, 0, &eax, &ebx, &ecx, &edx);
+ uint32_t max_subleaf;
+
+ cpuid_count(7, 0, &max_subleaf, &ebx, &ecx, &edx);
c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx;
c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx;
+
+ if (max_subleaf >= 1)
+ cpuid_count(7, 1, &eax, &ebx, &ecx,
+ &c->x86_capability[FEATURESET_7d1]);
}
eax = cpuid_eax(0x80000000);
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 70b37d8afe..f0de805780 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -98,11 +98,7 @@ unsigned long __initdata highmem_start;
size_param("highmem-start", highmem_start);
#endif
-#ifdef CONFIG_XEN_SHSTK
-static bool __initdata opt_xen_shstk = true;
-#else
-#define opt_xen_shstk false
-#endif
+static int8_t __initdata opt_xen_shstk = -IS_ENABLED(CONFIG_XEN_SHSTK);
#ifdef CONFIG_XEN_IBT
static bool __initdata opt_xen_ibt = true;
@@ -1113,11 +1109,45 @@ void __init noreturn __start_xen(unsigned long mbi_p)
early_cpu_init();
/* Choose shadow stack early, to set infrastructure up appropriately. */
- if ( opt_xen_shstk && boot_cpu_has(X86_FEATURE_CET_SS) )
+ if ( !boot_cpu_has(X86_FEATURE_CET_SS) )
+ opt_xen_shstk = 0;
+
+ if ( opt_xen_shstk )
{
- printk("Enabling Supervisor Shadow Stacks\n");
+ /*
+ * Some CPUs suffer from Shadow Stack Fracturing, an issue whereby a
+ * fault/VMExit/etc between setting a Supervisor Busy bit and the
+ * event delivery completing renders the operation non-restartable.
+ * On restart, event delivery will find the Busy bit already set.
+ *
+ * This is a problem on bare metal, but outside of synthetic cases or
+ * a very badly timed #MC, it's not believed to be a problem. It is a
+ * much bigger problem under virt, because we can VMExit for a number
+ * of legitimate reasons and tickle this bug.
+ *
+ * CPUs with this addressed enumerate CET-SSS to indicate that
+ * supervisor shadow stacks are now safe to use.
+ */
+ bool cpu_has_bug_shstk_fracture =
+ boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+ !boot_cpu_has(X86_FEATURE_CET_SSS);
- setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK);
+ /*
+ * On bare metal, assume that Xen won't be impacted by shstk
+ * fracturing problems. Under virt, be more conservative and disable
+ * shstk by default.
+ */
+ if ( opt_xen_shstk == -1 )
+ opt_xen_shstk =
+ cpu_has_hypervisor ? !cpu_has_bug_shstk_fracture
+ : true;
+
+ if ( opt_xen_shstk )
+ {
+ printk("Enabling Supervisor Shadow Stacks\n");
+
+ setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK);
+ }
}
if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) )
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index 0b01ca5e8f..4832ad09df 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -307,6 +307,7 @@ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */
/* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */
/* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */
+XEN_CPUFEATURE(CET_SSS, 15*32+18) /* CET Supervisor Shadow Stacks safe to use */
#endif /* XEN_CPUFEATURE */
--
2.40.0
|
GitWeb