| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191211014536.GB12845@local-michael-cet-test>
Date: Wed, 11 Dec 2019 09:45:36 +0800
From: Yang Weijiang <weijiang.yang@...el.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: Yang Weijiang <weijiang.yang@...el.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, pbonzini@...hat.com,
jmattson@...gle.com, yu.c.zhang@...ux.intel.com,
yu-cheng.yu@...el.com
Subject: Re: [PATCH v8 2/7] KVM: VMX: Define CET VMCS fields and #CP flag
On Tue, Dec 10, 2019 at 01:00:44PM -0800, Sean Christopherson wrote:
> On Fri, Nov 01, 2019 at 04:52:17PM +0800, Yang Weijiang wrote:
> > CET(Control-flow Enforcement Technology) is an upcoming Intel(R)
> > processor feature that blocks Return/Jump-Oriented Programming(ROP)
> > attacks. It provides the following capabilities to defend
> > against ROP/JOP style control-flow subversion attacks:
> >
> > return (1U << vector) & exception_has_error_code;
> > }
> > @@ -298,7 +298,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
> > * Right now, no XSS states are used on x86 platform,
> > * expand the macro for new features.
>
> I assume this comment needs to be updated?
>
I'm not sure which features in upstream code are using xsaves bits,
should I go like this:
In future, other XSS state bits can be added here to make them available
to guest?
> > */
> > -#define KVM_SUPPORTED_XSS 0
> > +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER \
> > + | XFEATURE_MASK_CET_KERNEL)
> >
> > extern u64 host_xcr0;
> >
> > --
> > 2.17.2
> >
Powered by blists - more mailing lists