| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Apr 2020 07:55:29 -0700
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Yang Weijiang <weijiang.yang@...el.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
pbonzini@...hat.com, jmattson@...gle.com,
yu.c.zhang@...ux.intel.com
Subject: Re: [PATCH v11 2/9] KVM: VMX: Set guest CET MSRs per KVM and host
configuration
On Fri, Apr 24, 2020 at 10:07:51PM +0800, Yang Weijiang wrote:
> On Thu, Apr 23, 2020 at 09:27:49AM -0700, Sean Christopherson wrote:
> > On Thu, Mar 26, 2020 at 04:18:39PM +0800, Yang Weijiang wrote:
> > > @@ -7102,6 +7138,10 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
> > > vmx_set_guest_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE);
> > > }
> > > }
> > > +
> > > + if (guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) ||
> > > + guest_cpuid_has(vcpu, X86_FEATURE_IBT))
> > > + vmx_update_intercept_for_cet_msr(vcpu);
> >
> > This is wrong, it will miss the case where userspace double configures CPUID
> > and goes from CET=1 to CET=0. This should instead be:
> >
> > if (supported_xss & (XFEATURE_MASK_CET_KERNEL | XFEATURE_MASK_CET_USER))
> > vmx_update_intercept_for_cet_msr(vcpu);
> >
> > > }
> Here CET=1/0, did you mean the CET bit in XSS or CR4.CET? If it's the
> former, then it's OK for me.
The former, i.e. update the CET MSRs if KVM supports CET virtualization and
the guest's CPUID configuration is changing.
Powered by blists - more mailing lists