[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190325204533.GA12253@local-michael-cet-test.sh.intel.com>
Date: Tue, 26 Mar 2019 04:45:34 +0800
From: Yang Weijiang <weijiang.yang@...el.com>
To: pbonzini@...hat.com, kvm@...r.kernel.org, mst@...hat.com,
rkrcmar@...hat.com, jmattson@...gle.com,
linux-kernel@...r.kernel.org, yu-cheng.yu@...el.com
Subject: Re: [RFC PATCH v4 0/8] This patch-set is to enable Guest CET support
On Mon, Mar 18, 2019 at 11:03:43PM +0800, Yang Weijiang wrote:
> Control-flow Enforcement Technology (CET) provides protection against
> return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own
> the capability, this patch-set is required. It enables CET related CPUID
> report, xsaves/xrstors, vmx entry configuration etc. for Guest OS.
>
> PATCH 1 : Define CET VMCS fields and bits.
> PATCH 2/3 : Report CET feature support in CPUID.
> PATCH 4 : Fix xsaves size calculation issue.
> PATCH 5 : Pass through CET MSRs to Guest.
> PATCH 6 : Set Guest CET state auto loading bit.
> PATCH 7 : Load Guest fpu state when accessing CET XSAVES managed MSRs.
> PATCH 8 : Add CET MSR user space access interface.
>
> Changelog:
>
> v4:
> - Add Sean's patch for loading Guest fpu state before access XSAVES
> managed CET MSRs.
> - Melt down CET bits setting into CPUID configuration patch.
> - Add VMX interface to query Host XSS.
> - Check Host and Guest XSS support bits before set Guest XSS.
> - Make Guest SHSTK and IBT feature enabling independent.
> - Do not report CET support to Guest when Host CET feature is
> Disabled.
>
> v3:
> - Modified patches to make Guest CET independent to Host enabling.
> - Added patch 8 to add user space access for Guest CET MSR access.
> - Modified code comments and patch description to reflect changes.
>
> v2:
> - Re-ordered patch sequence, combined one patch.
> - Added more description for CET related VMCS fields.
> - Added Host CET capability check while enabling Guest CET loading bit.
> - Added Host CET capability check while reporting Guest CPUID(EAX=7,
> EXC=0).
> - Modified code in reporting Guest CPUID(EAX=D,ECX>=1), make it clearer.
> - Added Host and Guest XSS mask check while setting bits for Guest XSS.
>
>
> Sean Christopherson (1):
> KVM:x86: load guest fpu state when accessing MSRs managed by XSAVES
>
> Yang Weijiang (7):
> KVM:VMX: Define CET VMCS fields and bits
> KVM:CPUID: Add CET CPUID support for Guest
> KVM:CPUID: Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1).
> KVM:VMX: Pass through host CET related MSRs to Guest.
> KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest
> KVM:x86: Allow Guest to set supported bits in XSS
> KVM:x86: Add user-space read/write interface for CET MSRs
>
> arch/x86/include/asm/kvm_host.h | 5 +-
> arch/x86/include/asm/msr-index.h | 2 +
> arch/x86/include/asm/vmx.h | 8 +++
> arch/x86/kvm/cpuid.c | 53 ++++++++++++++------
> arch/x86/kvm/vmx.c | 86 ++++++++++++++++++++++++++++++--
> arch/x86/kvm/x86.c | 32 +++++++++++-
> arch/x86/kvm/x86.h | 4 ++
> 7 files changed, 167 insertions(+), 23 deletions(-)
>
> --
> 2.17.1
Hi, Paolo and Sean,
Do you have any comments on v4 patches?
Powered by blists - more mailing lists