| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200424143621.GI24039@local-michael-cet-test>
Date: Fri, 24 Apr 2020 22:36:21 +0800
From: Yang Weijiang <weijiang.yang@...el.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: Yang Weijiang <weijiang.yang@...el.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, pbonzini@...hat.com,
jmattson@...gle.com, yu.c.zhang@...ux.intel.com
Subject: Re: [PATCH v11 4/9] KVM: VMX: Check CET dependencies on CR settings
On Thu, Apr 23, 2020 at 10:20:32AM -0700, Sean Christopherson wrote:
> On Thu, Mar 26, 2020 at 04:18:41PM +0800, Yang Weijiang wrote:
> > CR4.CET is master control bit for CET function.
> > There're mutual constrains between CR0.WP and CR4.CET, so need
> > to check the dependent bit while changing the control registers.
> >
> > Note:
> > 1)The processor does not allow CR4.CET to be set if CR0.WP = 0,
> > similarly, it does not allow CR0.WP to be cleared while
> > CR4.CET = 1. In either case, KVM would inject #GP to guest.
>
> Nit: the CET vs. WP dependency and #GP belongs in the "main" part of the
> changelog, as it's the crux of the patch. Item (2) below is more along
> the lines of "note" material.
>
OK, will change it, thank you!
> >
> > 2)SHSTK and IBT features share one control MSR:
> > MSR_IA32_{U,S}_CET, which means it's difficult to hide
> > one feature from another in the case of SHSTK != IBT,
> > after discussed in community, it's agreed to allow guest
> > control two features independently as it won't introduce
> > security hole.
> >
>
Powered by blists - more mailing lists