[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 7/7] coroutine-x86: add CET shadow stack support
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH 7/7] coroutine-x86: add CET shadow stack support |
Date: |
Thu, 14 Mar 2019 11:55:46 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
On 14/03/19 01:04, Richard Henderson wrote:
> On 3/13/19 5:40 AM, Paolo Bonzini wrote:
>> +static bool have_cet(void)
>> +{
>> +#if defined CONFIG_CET
>> + uint64_t ssp;
>> + asm ("xor %0, %0; rdsspq %0\n" : "=rm" (ssp));
>
> The xor is incompatible with a memory output.
> I don't think you really wanted that in the first place.
> Just use "=r".
>
> The rest is hard to review because of ARCH_X86_CET_ALLOC_SHSTK.
> I'm surprised that a prctl actually allocates memory...
Yeah, it allocates memory and writes the top 8 bytes so that the address
can be passed to RSTORSSP.
Shadow stacks are not writable by user space, which is also why I'm
using an explicit jmp (which will be a call in the next version) in
qemu_coroutine_new. Pushing the return address on the new coroutine's
stack, and doing a "ret" there, would fail because the return address is
not matched on the shadow stack!
Paolo
[Qemu-devel] [PATCH 7/7] coroutine-x86: add CET shadow stack support, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 4/7] tcg: add tcg_out_start, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 6/7] linux-user: add IBT support to x86 safe-syscall.S, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 5/7] tcg/i386: add support for IBT, Paolo Bonzini, 2019/03/13