| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Jan 2024 17:52:20 +0000 From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> To: "Yang, Weijiang" <weijiang.yang@...el.com>, "seanjc@...gle.com" <seanjc@...gle.com> CC: "Gao, Chao" <chao.gao@...el.com>, "Hansen, Dave" <dave.hansen@...el.com>, "peterz@...radead.org" <peterz@...radead.org>, "john.allen@....com" <john.allen@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mlevitsk@...hat.com" <mlevitsk@...hat.com>, "pbonzini@...hat.com" <pbonzini@...hat.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org> Subject: Re: [PATCH v8 00/26] Enable CET Virtualization On Fri, 2024-01-05 at 08:21 -0800, Sean Christopherson wrote: > No, do not inject #UD or do anything else that deviates from > architecturally > defined behavior. Here is a, at least partial, list of CET touch points I just created by searching the SDM: 1. The emulator SW fetch with TRACKER=1 2. CALL, RET, JMP, IRET, INT, SYSCALL, SYSENTER, SYSEXIT, SYSRET 3. Task switching 4. The new CET instructions (which I guess should be handled by default): CLRSSBSY, INCSSPD, RSTORSSP, SAVEPREVSSP, SETSSBSYY, WRSS, WRUSS Not all of those are security checks, but would have some functional implications. It's still not clear to me if this could happen naturally (the TDP shadowing stuff), or only via strange attacker behavior. If we only care about the attacker case, then we could have a smaller list. It also sounds like the instructions in 2 could maybe be filtered by mode instead of caring about CET being enabled. But maybe it's not good to mix the CET problem with the bigger emulator issues. Don't know.
Powered by blists - more mailing lists