projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6001660) | patch
x86/shstk: Create shadow stacks
authorAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 23 Apr 2020 19:20:59 +0000 (20:20 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 29 May 2020 22:09:46 +0000 (23:09 +0100)
commit91d26ed304ff562f341824be12bf49bd78c39e39
tree139cd8bfeb718619220139228a2181349d068f35tree | snapshot
parent60016604739be61faf7196637739763d01a88a48commit | diff
x86/shstk: Create shadow stacks

Introduce HYPERVISOR_SHSTK pagetable constants, which are Read-Only + Dirty.
Use these in place of _PAGE_RW for memguard_guard_stack(), to create real
shadow stacks on capable hardware.

Supervisor shadow stacks need a token written at the top, which is most easily
done before making the frame read only.

Allocate the shadow IST stack block in struct tss_page.  It doesn't strictly
need to live here, but it is a convenient location (and XPTI-safe, for testing
purposes), and placing it ahead of the TSS doesn't risk colliding with a bad
IO Bitmap offset and turning into some IO port permissions.

Have load_system_tables() set up the shadow IST stack table when setting up
the regular IST in the TSS.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen/arch/x86/cpu/common.c diff | blob | history
xen/arch/x86/mm.c diff | blob | history
xen/include/asm-x86/config.h diff | blob | history
xen/include/asm-x86/page.h diff | blob | history
xen/include/asm-x86/processor.h diff | blob | history
xen/include/asm-x86/x86_64/page.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.