lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Jan 2019 04:59:08 +0800
From:   Yang Weijiang <weijiang.yang@...el.com>
To:     pbonzini@...hat.com, rkrcmar@...hat.com,
        sean.j.christopherson@...el.com, jmattson@...gle.com,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org, mst@...hat.com,
        yu-cheng.yu@...el.com, yi.z.zhang@...el.com, hjl.tools@...il.com
Cc:     weijiang.yang@...el.com, Zhang Yi Z <yi.z.zhang@...ux.intel.com>
Subject: [PATCH v2 6/7] KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest

"Load Guest CET state" bit controls whether guest CET states
will be loaded on Guest entry. Before doing that, KVM needs
to check if CET feature is exposed to Guest.

Signed-off-by: Zhang Yi Z <yi.z.zhang@...ux.intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@...el.com>
---
 arch/x86/kvm/vmx.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 68c0e5e41cb1..9c8cecac80ea 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -55,6 +55,7 @@
 #include <asm/mmu_context.h>
 #include <asm/spec-ctrl.h>
 #include <asm/mshyperv.h>
+#include <asm/cet.h>
 
 #include "trace.h"
 #include "pmu.h"
@@ -4065,6 +4066,18 @@ static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu,
 	return !(val & ~valid_bits);
 }
 
+static int vmx_guest_cet_cap(struct kvm_vcpu *vcpu)
+{
+	struct kvm_cpuid_entry2 *best;
+	int r = 0;
+
+	best = kvm_find_cpuid_entry(vcpu, 7, 0);
+	if (best && best->function == 0x7)
+		r = (best->ecx & bit(X86_FEATURE_SHSTK)) |
+		    (best->edx & bit(X86_FEATURE_IBT)) ? 1 : 0;
+	return r;
+}
+
 static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
 {
 	switch (msr->index) {
@@ -5409,6 +5422,26 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 			return 1;
 	}
 
+	/*
+	 * To enable Guest CET, first check if Guest CET feature is
+	 * available, if it's not available but its CR4.CET is being set,
+	 * return a fault to Guest; then check if Host CET is enabled and
+	 * CR4.CET is toggled, if they are, then enable loading CET state
+	 * bit in entry control, otherwise, clear the bit to
+	 * disable guest CET state loading.
+	 */
+	if (vmx_guest_cet_cap(vcpu)) {
+		if (hw_cr4 & cr4 & X86_CR4_CET) {
+			vmcs_set_bits(VM_ENTRY_CONTROLS,
+				      VM_ENTRY_LOAD_GUEST_CET_STATE);
+		} else {
+			vmcs_clear_bits(VM_ENTRY_CONTROLS,
+					VM_ENTRY_LOAD_GUEST_CET_STATE);
+		}
+	} else if (cr4 & X86_CR4_CET) {
+		return 1;
+	}
+
 	if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4))
 		return 1;
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ