Re: [PATCH 2/2] x86/shskt: Disable CET-SS on parts succeptable to fractured updates

2023-01-03 Thread Andrew Cooper
On 01/01/2023 3:10 pm, Marek Marczykowski-Górecki wrote: > On Sat, Dec 31, 2022 at 12:30:07AM +, Andrew Cooper wrote: >> diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c >> index b3fcf4680f3a..d962f384a995 100644 >> --- a/xen/arch/x86/cpu/common.c >> +++ b/xen/arch/x86/cpu/com

Re: [PATCH 2/2] x86/shskt: Disable CET-SS on parts succeptable to fractured updates

2023-01-01 Thread Marek Marczykowski-Górecki
On Sat, Dec 31, 2022 at 12:30:07AM +, Andrew Cooper wrote: > Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack > Token". > > Architecturally, an event delivery which starts in CPL>3 and switches shadow > stack will first validate the Supervisor Shstk Token and set the

[PATCH 2/2] x86/shskt: Disable CET-SS on parts succeptable to fractured updates

2022-12-30 Thread Andrew Cooper
Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack Token". Architecturally, an event delivery which starts in CPL>3 and switches shadow stack will first validate the Supervisor Shstk Token and set the busy bit, then pushes LIP/CS/SSP. One example of this is an NMI interrup