lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 28 Feb 2019 16:10:32 +0800
From:   Yang Weijiang <weijiang.yang@...el.com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     pbonzini@...hat.com, rkrcmar@...hat.com, jmattson@...gle.com,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org, mst@...hat.com,
        yu-cheng.yu@...el.com, Zhang Yi Z <yi.z.zhang@...ux.intel.com>,
        weijiang.yang@...el.com
Subject: Re: [PATCH v3 2/8] KVM:CPUID: Define CET CPUID bits and CR4.CET
 master enable bit.

On Thu, Feb 28, 2019 at 08:04:22AM -0800, Sean Christopherson wrote:
> On Mon, Feb 25, 2019 at 09:27:10PM +0800, Yang Weijiang wrote:
> > Guest queries CET SHSTK and IBT support by CPUID.(EAX=0x7,ECX=0),
> > in return, ECX[bit 7] corresponds to SHSTK feature, and EDX[bit 20]
> > corresponds to IBT feature.
> > CR4.CET[bit 23] is CET master enable bit, it controls CET feature
> > availability in guest OS.
> > 
> > Note: Although SHSTK or IBT can be enabled independently,
> >       either of the features is controlled by CR4.CET.
> 
> This patch effectively allows the guest to set CR4, it should be the
> last patch in the series to actually "enable" CET in the guest, i.e.
> once KVM actually virtualizes CET.
>
Thanks Sean. I'll change the patch sequence in next version.
> > 
> > Signed-off-by: Zhang Yi Z <yi.z.zhang@...ux.intel.com>
> > Signed-off-by: Yang Weijiang <weijiang.yang@...el.com>
> > ---
> >  arch/x86/include/asm/kvm_host.h | 3 ++-
> >  arch/x86/kvm/cpuid.c            | 4 ++--
> >  2 files changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> > index 55e51ff7e421..df002936088f 100644
> > --- a/arch/x86/include/asm/kvm_host.h
> > +++ b/arch/x86/include/asm/kvm_host.h
> > @@ -90,7 +90,8 @@
> >  			  | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \
> >  			  | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \
> >  			  | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \
> > -			  | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP))
> > +			  | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \
> > +			  | X86_CR4_CET))
> 
> This macro doesn't define CR4 bits, it defines which bits should be
> treated as reserved when the guest writes CR4.
> 
> >  
> >  #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR)
> >  
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index 7bcfa61375c0..cb1aece25b17 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -406,12 +406,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
> >  		F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ |
> >  		F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
> >  		F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
> > -		F(CLDEMOTE);
> > +		F(CLDEMOTE) | F(SHSTK);
> >  
> >  	/* cpuid 7.0.edx*/
> >  	const u32 kvm_cpuid_7_0_edx_x86_features =
> >  		F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) |
> > -		F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES);
> > +		F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(IBT);
> 
> Again, these masks don't "define" the feature bits, rather they specify
> which feature bits can be exposed to the guest.
> 
> >  
> >  	/* all calls to cpuid_count() should be made on the same cpu */
> >  	get_cpu();
> > -- 
> > 2.17.1
> > 

Powered by blists - more mailing lists