> -----Original Message-----
> From: Jan Beulich <jbeul...@suse.com>
> Sent: 26 June 2020 14:15
> To: Andrew Cooper <andrew.coop...@citrix.com>
> Cc: Xen-devel <xen-devel@lists.xenproject.org>; Wei Liu <w...@xen.org>; Roger
> Pau Monné
> <roger....@citrix.com>; Konrad Rzeszutek Wilk <konrad.w...@oracle.com>; Ross
> Lagerwall
> <ross.lagerw...@citrix.com>; Pawel Wieczorkiewicz <wipa...@amazon.de>; Paul
> Durrant <p...@xen.org>
> Subject: Re: [PATCH v2 for-4.14] x86/livepatch: Make livepatching compatible
> with CET Shadow Stacks
>
> On 26.06.2020 14:24, Andrew Cooper wrote:
> > Just like the alternatives infrastructure, the livepatch infrastructure
> > disables CR0.WP to perform patching, which is not permitted with CET active.
> >
> > Modify arch_livepatch_{quiesce,revive}() to disable CET before disabling WP,
> > and reset the dirty bits on all virtual regions before re-enabling CET.
> >
> > One complication is that arch_livepatch_revive() has to fix up the top of
> > the
> > shadow stack. This depends on the functions not being inlined, even under
> > LTO. Another limitation is that reset_virtual_region_perms() may shatter
> > the
> > final superpage of .text depending on alignment.
> >
> > This logic, and its downsides, are temporary until the patching
> > infrastructure
> > can be adjusted to not use CR0.WP.
>
> In particular on this basis ...
>
> > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
>
> Reviewed-by: Jan Beulich <jbeul...@suse.com>
Release-acked-by: Paul Durrant <p...@xen.org>
>
> Jan
