On 14/03/19 01:04, Richard Henderson wrote:
> On 3/13/19 5:40 AM, Paolo Bonzini wrote:
>> +static bool have_cet(void)
>> +{
>> +#if defined CONFIG_CET
>> + uint64_t ssp;
>> + asm ("xor %0, %0; rdsspq %0\n" : "=rm" (ssp));
>
> The xor is incompatible with a memory output.
> I don't think you really wanted that in the first place.
> Just use "=r".
>
> The rest is hard to review because of ARCH_X86_CET_ALLOC_SHSTK.
> I'm surprised that a prctl actually allocates memory...
Yeah, it allocates memory and writes the top 8 bytes so that the address
can be passed to RSTORSSP.
Shadow stacks are not writable by user space, which is also why I'm
using an explicit jmp (which will be a call in the next version) in
qemu_coroutine_new. Pushing the return address on the new coroutine's
stack, and doing a "ret" there, would fail because the return address is
not matched on the shadow stack!
Paolo
