lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f6f8cedf-26ce-70b4-2906-02806698d81b@redhat.com>
Date:   Mon, 27 Apr 2020 16:04:28 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Yang Weijiang <weijiang.yang@...el.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        sean.j.christopherson@...el.com, jmattson@...gle.com,
        yu.c.zhang@...ux.intel.com
Subject: Re: [PATCH v11 7/9] KVM: X86: Add userspace access interface for CET
 MSRs

On 26/04/20 17:23, Yang Weijiang wrote:
> What's the purpose of the selftest? Is it just for Shadow Stack SSP
> state transitions in various cases? e.g., L0 SSP<--->L3 SSP,
> L0 SSP1<--->L0 SSP2?

No, it checks that the whole state can be extracted and restored from a
running VM.  For example, it would have caught immediately that the
current SSP could not be saved and restored.

> We now have the KVM unit-test for CET functionalities,
> i.e., Shadow Stack and Indirect Branch Tracking for user-mode, I can put the
> state test app into the todo list as current patchset is mainly for user-mode
> protection, the supervisor-mode CET protection is the next step.

What are the limitations?  Or are you referring to the unit test?

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ