Building the Linux kernel with Clang and LLVM
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: sedat.dilek@gmail.com
Cc: Juergen Gross <jgross@suse.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Sami Tolvanen <samitolvanen@google.com>,
	Jan Beulich <jbeulich@suse.com>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Sasha Levin <sashal@kernel.org>,
	linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	Kees Cook <kees@kernel.org>,
	Nathan Chancellor <nathan@kernel.org>,
	llvm@lists.linux.dev
Subject: Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI
Date: Thu, 19 Dec 2024 23:26:30 +0000	[thread overview]
Message-ID: <90640a5d-ff17-4555-adc6-ae9e21e24ebd@citrix.com> (raw)
In-Reply-To: <CA+icZUW-i53boHBPt+8zh-D921XFbPb_Kc=dzdgCK1QvkOgCsw@mail.gmail.com>

On 19/12/2024 11:10 pm, Sedat Dilek wrote:
> On Thu, Dec 19, 2024 at 6:07 PM Sedat Dilek <sedat.dilek@gmail.com> wrote:
>> On Thu, Dec 19, 2024 at 5:44 PM Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>>> On 19/12/2024 4:14 pm, Sedat Dilek wrote:
>>>> Hi,
>>>>
>>>> Linux v6.12.6 will include XEN CVE fixes from mainline.
>>>>
>>>> Here, I use Debian/unstable AMD64 and the SLIM LLVM toolchain 19.1.x
>>>> from kernel.org.
>>>>
>>>> What does it mean in ISSUE DESCRIPTION...
>>>>
>>>> Furthermore, the hypercall page has no provision for Control-flow
>>>> Integrity schemes (e.g. kCFI/CET-IBT/FineIBT), and will simply
>>>> malfunction in such configurations.
>>>>
>>>> ...when someone uses Clang-kCFI?
>>> The hypercall page has functions of the form:
>>>
>>>     MOV $x, %eax
>>>     VMCALL / VMMCALL / SYSCALL
>>>     RET
>>>
>>> There are no ENDBR instructions, and no prologue/epilogue for hash-based
>>> CFI schemes.
>>>
>>> This is because it's code provided by Xen, not code provided by Linux.
>>>
>>> The absence of ENDBR instructions will yield #CP when CET-IBT is active,
>>> and the absence of hash prologue/epilogue lets the function be used in a
>>> type-confused manor that CFI should have caught.
>>>
>>> ~Andrew
>> Thanks for the technical explanation, Andrew.
>>
>> Hope that helps the folks of "CLANG CONTROL FLOW INTEGRITY SUPPORT".
>>
>> I am not an active user of XEN in the Linux-kernel but I am willing to
>> test when Linux v6.12.6 is officially released and give feedback.
>>
> https://wiki.xenproject.org/wiki/Testing_Xen#Presence_test
> https://wiki.xenproject.org/wiki/Testing_Xen#Commands_for_presence_testing
>
> # apt install -t unstable xen-utils-4.17 -y
>
> # xl list
> Name                                        ID   Mem VCPUs      State   Time(s)
> Domain-0                                     0  7872     4     r-----     398.2
>
> Some basic tests LGTM - see also attached stuff.
>
> If you have any tests to recommend, let me know.

That itself is good enough as a smoke test.  Thankyou for trying it out.

If you want something a bit more thorough, try
https://xenbits.xen.org/docs/xtf/  (Xen's self-tests)

Grab and build it, and `./xtf-runner -aqq --host` will run a variety of
extra codepaths in dom0, without the effort of making/running full guests.

~Andrew

  reply	other threads:[~2024-12-19 23:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-19 16:14 [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI Sedat Dilek
2024-12-19 16:36 ` Greg Kroah-Hartman
2024-12-19 16:44 ` Andrew Cooper
2024-12-19 17:07   ` Sedat Dilek
2024-12-19 23:10     ` Sedat Dilek
2024-12-19 23:26       ` Andrew Cooper [this message]
2024-12-20  0:27         ` Sedat Dilek
2024-12-20  1:39           ` Andrew Cooper
2024-12-21 17:06             ` Sedat Dilek
2024-12-21 18:17             ` Sedat Dilek
2024-12-21 18:25               ` Sedat Dilek
2024-12-21 19:09                 ` Sedat Dilek
2024-12-21 21:31                 ` Andrew Cooper
2024-12-22 10:37                   ` Sedat Dilek
2024-12-24 16:23                     ` Sedat Dilek
2024-12-24 21:56                       ` Sedat Dilek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=90640a5d-ff17-4555-adc6-ae9e21e24ebd@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=jpoimboe@redhat.com \
    --cc=kees@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=nathan@kernel.org \
    --cc=peterz@infradead.org \
    --cc=samitolvanen@google.com \
    --cc=sashal@kernel.org \
    --cc=sedat.dilek@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox