Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch
diff options
context:
space:
mode:
Diffstat (limited to '0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch')
-rw-r--r--0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch84
1 files changed, 84 insertions, 0 deletions
diff --git a/0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch b/0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch
new file mode 100644
index 0000000..a552e9c
--- /dev/null
+++ b/0036-x86-re-run-exception-from-stub-recovery-selftests-wi.patch
@@ -0,0 +1,84 @@
+From 5ac3cbbf83e1f955aeaf5d0f503099f5249b5c25 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Thu, 4 Jul 2024 14:06:19 +0200
+Subject: [PATCH 36/56] x86: re-run exception-from-stub recovery selftests with
+ CET-SS enabled
+
+On the BSP, shadow stacks are enabled only relatively late in the
+booting process. They in particular aren't active yet when initcalls are
+run. Keep the testing there, but invoke that testing a 2nd time when
+shadow stacks are active, to make sure we won't regress that case after
+addressing XSA-451.
+
+While touching this code, switch the guard from NDEBUG to CONFIG_DEBUG,
+such that IS_ENABLED() can validly be used at the new call site.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
+master commit: cfe3ad67127b86e1b1c06993b86422673a51b050
+master date: 2024-02-27 13:49:52 +0100
+---
+ xen/arch/x86/extable.c | 8 +++++---
+ xen/arch/x86/include/asm/setup.h | 2 ++
+ xen/arch/x86/setup.c | 4 ++++
+ 3 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c
+index 8ffcd346d7..12cc9935d8 100644
+--- a/xen/arch/x86/extable.c
++++ b/xen/arch/x86/extable.c
+@@ -128,10 +128,11 @@ search_exception_table(const struct cpu_user_regs *regs, unsigned long *stub_ra)
+ return 0;
+ }
+
+-#ifndef NDEBUG
++#ifdef CONFIG_DEBUG
++#include <asm/setup.h>
+ #include <asm/traps.h>
+
+-static int __init cf_check stub_selftest(void)
++int __init cf_check stub_selftest(void)
+ {
+ static const struct {
+ uint8_t opc[8];
+@@ -155,7 +156,8 @@ static int __init cf_check stub_selftest(void)
+ unsigned int i;
+ bool fail = false;
+
+- printk("Running stub recovery selftests...\n");
++ printk("%s stub recovery selftests...\n",
++ system_state < SYS_STATE_active ? "Running" : "Re-running");
+
+ for ( i = 0; i < ARRAY_SIZE(tests); ++i )
+ {
+diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h
+index 9a460e4db8..14d15048eb 100644
+--- a/xen/arch/x86/include/asm/setup.h
++++ b/xen/arch/x86/include/asm/setup.h
+@@ -38,6 +38,8 @@ void *bootstrap_map(const module_t *mod);
+
+ int xen_in_range(unsigned long mfn);
+
++int cf_check stub_selftest(void);
++
+ extern uint8_t kbd_shift_flags;
+
+ #ifdef NDEBUG
+diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
+index 25017b5d96..f2592c3dc9 100644
+--- a/xen/arch/x86/setup.c
++++ b/xen/arch/x86/setup.c
+@@ -738,6 +738,10 @@ static void noreturn init_done(void)
+
+ system_state = SYS_STATE_active;
+
++ /* Re-run stub recovery self-tests with CET-SS active. */
++ if ( IS_ENABLED(CONFIG_DEBUG) && cpu_has_xen_shstk )
++ stub_selftest();
++
+ domain_unpause_by_systemcontroller(dom0);
+
+ /* MUST be done prior to removing .init data. */
+--
+2.45.2
+