| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Feb 2019 16:10:32 +0800
From: Yang Weijiang <weijiang.yang@...el.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: pbonzini@...hat.com, rkrcmar@...hat.com, jmattson@...gle.com,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org, mst@...hat.com,
yu-cheng.yu@...el.com, Zhang Yi Z <yi.z.zhang@...ux.intel.com>,
weijiang.yang@...el.com
Subject: Re: [PATCH v3 2/8] KVM:CPUID: Define CET CPUID bits and CR4.CET
master enable bit.
On Thu, Feb 28, 2019 at 08:04:22AM -0800, Sean Christopherson wrote:
> On Mon, Feb 25, 2019 at 09:27:10PM +0800, Yang Weijiang wrote:
> > Guest queries CET SHSTK and IBT support by CPUID.(EAX=0x7,ECX=0),
> > in return, ECX[bit 7] corresponds to SHSTK feature, and EDX[bit 20]
> > corresponds to IBT feature.
> > CR4.CET[bit 23] is CET master enable bit, it controls CET feature
> > availability in guest OS.
> >
> > Note: Although SHSTK or IBT can be enabled independently,
> > either of the features is controlled by CR4.CET.
>
> This patch effectively allows the guest to set CR4, it should be the
> last patch in the series to actually "enable" CET in the guest, i.e.
> once KVM actually virtualizes CET.
>
Thanks Sean. I'll change the patch sequence in next version.
> >
> > Signed-off-by: Zhang Yi Z <yi.z.zhang@...ux.intel.com>
> > Signed-off-by: Yang Weijiang <weijiang.yang@...el.com>
> > ---
> > arch/x86/include/asm/kvm_host.h | 3 ++-
> > arch/x86/kvm/cpuid.c | 4 ++--
> > 2 files changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> > index 55e51ff7e421..df002936088f 100644
> > --- a/arch/x86/include/asm/kvm_host.h
> > +++ b/arch/x86/include/asm/kvm_host.h
> > @@ -90,7 +90,8 @@
> > | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \
> > | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \
> > | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \
> > - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP))
> > + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \
> > + | X86_CR4_CET))
>
> This macro doesn't define CR4 bits, it defines which bits should be
> treated as reserved when the guest writes CR4.
>
> >
> > #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR)
> >
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index 7bcfa61375c0..cb1aece25b17 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -406,12 +406,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
> > F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ |
> > F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
> > F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
> > - F(CLDEMOTE);
> > + F(CLDEMOTE) | F(SHSTK);
> >
> > /* cpuid 7.0.edx*/
> > const u32 kvm_cpuid_7_0_edx_x86_features =
> > F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) |
> > - F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES);
> > + F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(IBT);
>
> Again, these masks don't "define" the feature bits, rather they specify
> which feature bits can be exposed to the guest.
>
> >
> > /* all calls to cpuid_count() should be made on the same cpu */
> > get_cpu();
> > --
> > 2.17.1
> >
Powered by blists - more mailing lists