On 04/05/2020 15:55, Jan Beulich wrote:
>> +/* Poision unused entries. */
>> +for ( i = IST_MAX;
>> + i < ARRAY_SIZE(this_cpu(tss_page).ist_ssp); ++i )
>> +ist_ssp[i] = 0x8600ul;
> IST_MAX == IST_DF, so you're overwriting one
On 02.05.2020 00:58, Andrew Cooper wrote:
> --- a/xen/arch/x86/cpu/common.c
> +++ b/xen/arch/x86/cpu/common.c
> @@ -748,6 +748,25 @@ void load_system_tables(void)
> .bitmap = IOBMP_INVALID_OFFSET,
> };
>
> + /* Set up the shadow stack IST. */
> + if ( cpu_has_xen_shstk
Introduce HYPERVISOR_SHSTK pagetable constants, which are Read-Only + Dirty.
Use these in place of _PAGE_NONE for memguard_guard_stack().
Supervisor shadow stacks need a token written at the top, which is most easily
done before making the frame read only.
Allocate the shadow IST stack block in s
