On 29.05.2020 21:35, Andrew Cooper wrote:
> On 28/05/2020 13:50, Jan Beulich wrote:
>> On 27.05.2020 21:18, Andrew Cooper wrote:
>>> +/* Primary Shadow Stack. 1x 4k in stack page 5. */
>>> p += PRIMARY_SHSTK_SLOT * PAGE_SIZE;
>>> -map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1,
On 29.05.2020 23:45, Andrew Cooper wrote:
> On 29/05/2020 20:35, Andrew Cooper wrote:
+}
+map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1,
PAGE_HYPERVISOR_SHSTK);
>>> As already hinted at in reply to the previous patch, I think this wants
>>> to remain _PAGE_NONE when w
On 29/05/2020 20:35, Andrew Cooper wrote:
>>> +}
>>> +map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1,
>>> PAGE_HYPERVISOR_SHSTK);
>> As already hinted at in reply to the previous patch, I think this wants
>> to remain _PAGE_NONE when we don't use CET-SS.
> The commit message discusse
On 28/05/2020 13:50, Jan Beulich wrote:
> On 27.05.2020 21:18, Andrew Cooper wrote:
>> --- a/xen/arch/x86/cpu/common.c
>> +++ b/xen/arch/x86/cpu/common.c
>> @@ -769,6 +769,30 @@ void load_system_tables(void)
>> tss->rsp1 = 0x8600ul;
>> tss->rsp2 = 0x8600ul;
>>
>>
On 27.05.2020 21:18, Andrew Cooper wrote:
> --- a/xen/arch/x86/cpu/common.c
> +++ b/xen/arch/x86/cpu/common.c
> @@ -769,6 +769,30 @@ void load_system_tables(void)
> tss->rsp1 = 0x8600ul;
> tss->rsp2 = 0x8600ul;
>
> + /* Set up the shadow stack IST. */
> +
Introduce HYPERVISOR_SHSTK pagetable constants, which are Read-Only + Dirty.
Use these in place of _PAGE_NONE for memguard_guard_stack().
Supervisor shadow stacks need a token written at the top, which is most easily
done before making the frame read only.
Allocate the shadow IST stack block in s
