| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200428134107.GA23937@local-michael-cet-test>
Date: Tue, 28 Apr 2020 21:41:07 +0800
From: Yang Weijiang <weijiang.yang@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Yang Weijiang <weijiang.yang@...el.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, sean.j.christopherson@...el.com,
jmattson@...gle.com, yu.c.zhang@...ux.intel.com
Subject: Re: [PATCH v11 7/9] KVM: X86: Add userspace access interface for CET
MSRs
On Mon, Apr 27, 2020 at 04:04:28PM +0200, Paolo Bonzini wrote:
> On 26/04/20 17:23, Yang Weijiang wrote:
> > What's the purpose of the selftest? Is it just for Shadow Stack SSP
> > state transitions in various cases? e.g., L0 SSP<--->L3 SSP,
> > L0 SSP1<--->L0 SSP2?
>
> No, it checks that the whole state can be extracted and restored from a
> running VM. For example, it would have caught immediately that the
> current SSP could not be saved and restored.
>
> > We now have the KVM unit-test for CET functionalities,
> > i.e., Shadow Stack and Indirect Branch Tracking for user-mode, I can put the
> > state test app into the todo list as current patchset is mainly for user-mode
> > protection, the supervisor-mode CET protection is the next step.
>
> What are the limitations? Or are you referring to the unit test?
>
I'm referring to the unit test, I enabled basic CET function test to verify
if SHSTK/IBT is supported with current platform and KVM, but didn't cover
what you mentioned above. OK, I put the state
self-test to my todo list. Thank you for the reminder.
> Paolo
Powered by blists - more mailing lists