On the BSP, shadow stacks are enabled only relatively late in the
booting process. They in particular aren't active yet when initcalls are
run. Keep the testing there, but invoke that testing a 2nd time when
shadow stacks are active, to make sure we won't regress that case after
addressing XSA-451.
While touching this code, switch the guard from NDEBUG to CONFIG_DEBUG,
such that IS_ENABLED() can validly be used at the new call site.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit:
cfe3ad67127b86e1b1c06993b86422673a51b050
master date: 2024-02-27 13:49:52 +0100
return 0;
}
-#ifndef NDEBUG
+#ifdef CONFIG_DEBUG
+#include <asm/setup.h>
#include <asm/traps.h>
-static int __init cf_check stub_selftest(void)
+int __init cf_check stub_selftest(void)
{
static const struct {
uint8_t opc[8];
unsigned int i;
bool fail = false;
- printk("Running stub recovery selftests...\n");
+ printk("%s stub recovery selftests...\n",
+ system_state < SYS_STATE_active ? "Running" : "Re-running");
for ( i = 0; i < ARRAY_SIZE(tests); ++i )
{
void microcode_grab_module(
unsigned long *, const multiboot_info_t *);
+int cf_check stub_selftest(void);
+
extern uint8_t kbd_shift_flags;
#ifdef NDEBUG
system_state = SYS_STATE_active;
+ /* Re-run stub recovery self-tests with CET-SS active. */
+ if ( IS_ENABLED(CONFIG_DEBUG) && cpu_has_xen_shstk )
+ stub_selftest();
+
domain_unpause_by_systemcontroller(dom0);
/* MUST be done prior to removing .init data. */
projects / people / andrewcoop / xen.git / commitdiff