| Message ID | 20220309123936.16991-3-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | XSA-398 Followup | expand |
On 09.03.2022 13:39, Andrew Cooper wrote: > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > > ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD > > +### Added > + - __ro_after_init support on x86, for marking data as immutable after boot. I'm not sure something like this (being an implementation detail) belongs here. > + - Support for Xen using x86 Control Flow Enforcement technology for its own > + protection. Both Shadow Stacks (ROP protection) and Indirect Branch > + Tracking (COP/JOP protection). This, of course, does. Jan
On 09/03/2022 13:03, Jan Beulich wrote: > On 09.03.2022 13:39, Andrew Cooper wrote: >> --- a/CHANGELOG.md >> +++ b/CHANGELOG.md >> @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >> >> ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD >> >> +### Added >> + - __ro_after_init support on x86, for marking data as immutable after boot. > I'm not sure something like this (being an implementation detail) belongs > here. Having things immutable after boot is not an implementation detail. It is an important security hardening property, and deserves to be here. ~Andrew
On Wed, Mar 09, 2022 at 12:39:36PM +0000, Andrew Cooper wrote: > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Thanks.
On Fri, Mar 25, 2022 at 04:39:30PM +0000, Andrew Cooper wrote: > On 09/03/2022 13:03, Jan Beulich wrote: > > On 09.03.2022 13:39, Andrew Cooper wrote: > >> --- a/CHANGELOG.md > >> +++ b/CHANGELOG.md > >> @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > >> > >> ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD > >> > >> +### Added > >> + - __ro_after_init support on x86, for marking data as immutable after boot. > > I'm not sure something like this (being an implementation detail) belongs > > here. > > Having things immutable after boot is not an implementation detail. It > is an important security hardening property, and deserves to be here. The release/couuminity manager will collate the changelog and pick which entries it finds worth adding to the release notes. I think it's fine having this here as it might also serve for developers to be aware of the feature and use it. Thanks, Roger.
On 25.03.2022 17:39, Andrew Cooper wrote: > On 09/03/2022 13:03, Jan Beulich wrote: >> On 09.03.2022 13:39, Andrew Cooper wrote: >>> --- a/CHANGELOG.md >>> +++ b/CHANGELOG.md >>> @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >>> >>> ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD >>> >>> +### Added >>> + - __ro_after_init support on x86, for marking data as immutable after boot. >> I'm not sure something like this (being an implementation detail) belongs >> here. > > Having things immutable after boot is not an implementation detail. It > is an important security hardening property, and deserves to be here. Well. Are you suggesting that we repeat this statement for every release where at least one variable was converted to use __ro_after_init? The mere introduction of the new section has no hardening effect at all; every use of it is a single small step. Jan
Hi Andrew, On 09/03/2022 12:39, Andrew Cooper wrote: > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > CC: Jan Beulich <JBeulich@suse.com> > CC: Roger Pau Monné <roger.pau@citrix.com> > CC: Wei Liu <wl@xen.org> > --- > CHANGELOG.md | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/CHANGELOG.md b/CHANGELOG.md > index 83d85fad5bbc..577517383ec9 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > > ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD > > +### Added > + - __ro_after_init support on x86, for marking data as immutable after boot. This is also supported by Arm (see commit ace403022358 "xen/arm: Support properly __ro_after_init on Arm"). Cheers, > + - Support for Xen using x86 Control Flow Enforcement technology for its own > + protection. Both Shadow Stacks (ROP protection) and Indirect Branch > + Tracking (COP/JOP protection). > + > ### Removed / support downgraded > - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options >
On 22/11/2022 08:49, Julien Grall wrote: > Hi Andrew, > > On 09/03/2022 12:39, Andrew Cooper wrote: >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> >> --- >> CC: Jan Beulich <JBeulich@suse.com> >> CC: Roger Pau Monné <roger.pau@citrix.com> >> CC: Wei Liu <wl@xen.org> >> --- >> CHANGELOG.md | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/CHANGELOG.md b/CHANGELOG.md >> index 83d85fad5bbc..577517383ec9 100644 >> --- a/CHANGELOG.md >> +++ b/CHANGELOG.md >> @@ -6,6 +6,12 @@ The format is based on [Keep a >> Changelog](https://keepachangelog.com/en/1.0.0/) >> ## [unstable >> UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) >> - TBD >> +### Added >> + - __ro_after_init support on x86, for marking data as immutable >> after boot. > > This is also supported by Arm (see commit ace403022358 "xen/arm: > Support properly __ro_after_init on Arm"). Yes, I know. Check the date on this email. ~Andrew
Hi Both, > -----Original Message----- > Subject: Re: [PATCH 2/2] Changelog: Add __ro_after_init and CET > > On 22/11/2022 08:49, Julien Grall wrote: > > Hi Andrew, > > > > On 09/03/2022 12:39, Andrew Cooper wrote: > >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > >> --- > >> CC: Jan Beulich <JBeulich@suse.com> > >> CC: Roger Pau Monné <roger.pau@citrix.com> > >> CC: Wei Liu <wl@xen.org> > >> --- > >> CHANGELOG.md | 6 ++++++ > >> 1 file changed, 6 insertions(+) > >> > >> diff --git a/CHANGELOG.md b/CHANGELOG.md > >> index 83d85fad5bbc..577517383ec9 100644 > >> --- a/CHANGELOG.md > >> +++ b/CHANGELOG.md > >> @@ -6,6 +6,12 @@ The format is based on [Keep a > >> Changelog](https://keepachangelog.com/en/1.0.0/) > >> ## [unstable > >> > UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=stagin > g) > >> - TBD > >> +### Added > >> + - __ro_after_init support on x86, for marking data as immutable > >> after boot. > > > > This is also supported by Arm (see commit ace403022358 "xen/arm: > > Support properly __ro_after_init on Arm"). > > Yes, I know. Check the date on this email. Thanks Julien very much for pointing this out :) I will correct this to "- __ro_after_init support, for marking data as immutable after boot." in v3 when I respin the series, since Jan also provided some comments about patch #3 and I guess Andrew won't mind if I do the respin (?). Kind regards, Henry > > ~Andrew
diff --git a/CHANGELOG.md b/CHANGELOG.md index 83d85fad5bbc..577517383ec9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD +### Added + - __ro_after_init support on x86, for marking data as immutable after boot. + - Support for Xen using x86 Control Flow Enforcement technology for its own + protection. Both Shadow Stacks (ROP protection) and Indirect Branch + Tracking (COP/JOP protection). + ### Removed / support downgraded - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Wei Liu <wl@xen.org> --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+)