RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET

From: Schimpe, Christina
Date: Thu Nov 17 2022 - 07:25:37 EST

Next message: Tomi Valkeinen: "[PATCH v1 0/8] Renesas V4H DSI & DP output support"
Previous message: Ilpo Järvinen: "Re: [PATCH v5 tty-next 3/4] 8250: microchip: pci1xxxx: Add RS485 support to quad-uart driver"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> + Christina
>
> On Tue, 2022-11-15 at 15:43 +0100, Peter Zijlstra wrote:
> > On Fri, Nov 04, 2022 at 03:36:02PM -0700, Rick Edgecombe wrote:
> > > From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > >
> > > Some applications (like GDB and CRIU) would like to tweak CET state
> > > via ptrace. This allows for existing functionality to continue to
> > > work for seized CET applications. Provide an interface based on the
> > > xsave buffer format of CET, but filter unneeded states to make the
> > > kernel’s job easier.
> > >
> > > There is already ptrace functionality for accessing xstate, but this
> > > does not include supervisor xfeatures. So there is not a completely
> > > clear place for where to put the CET state. Adding it to the user
> > > xfeatures regset would complicate that code, as it currently shares
> > > logic with signals which should not have supervisor features.
> > >
> > > Don’t add a general supervisor xfeature regset like the user one,
> > > because it is better to maintain flexibility for other supervisor
> > > xfeatures to define their own interface. For example, an xfeature
> > > may decide not to expose all of it’s state to userspace. A lot of
> > > enum values remain to be used, so just put it in dedicated CET
> > > regset.
> > >
> > > The only downside to not having a generic supervisor xfeature
> > > regset, is that apps need to be enlightened of any new supervisor
> > > xfeature exposed this way (i.e. they can’t try to have generic
> > > save/restore logic). But maybe that is a good thing, because they
> > > have to think through each new xfeature instead of encountering
> > > issues when new a new supervisor xfeature was added.
> >
> > Per this argument this should not use the CET XSAVE format and CET
> > name at all, because that conflates the situation vs IBT. Enabling
> > that might not want to follow this precedent.
>
> Hmm, we definitely need to be able to set the SSP. Christina, does GDB need
> anything else? I thought maybe toggling SHSTK_EN?

In addition to the SSP, we want to write the CET state. For instance for inferior calls,
we want to reset the IBT bits.
However, we won't write states that are disallowed by HW.
Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de>
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

Next message: Tomi Valkeinen: "[PATCH v1 0/8] Renesas V4H DSI & DP output support"
Previous message: Ilpo Järvinen: "Re: [PATCH v5 tty-next 3/4] 8250: microchip: pci1xxxx: Add RS485 support to quad-uart driver"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]