lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200519060614.GA5189@linux.intel.com>
Date:   Mon, 18 May 2020 23:06:14 -0700
From:   Sean Christopherson <sean.j.christopherson@...el.com>
To:     Yang Weijiang <weijiang.yang@...el.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        pbonzini@...hat.com, jmattson@...gle.com,
        yu.c.zhang@...ux.intel.com
Subject: Re: [PATCH v12 00/10] Introduce support for guest CET feature

On Mon, May 18, 2020 at 04:42:32PM +0800, Yang Weijiang wrote:
> On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote:
> > Control-flow Enforcement Technology (CET) provides protection against
> > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
> > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
> > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming.
> > 
> > Several parts in KVM have been updated to provide VM CET support, including:
> > CPUID/XSAVES config, MSR pass-through, user space MSR access interface, 
> > vmentry/vmexit config, nested VM etc. These patches have dependency on CET
> > kernel patches for xsaves support and CET definitions, e.g., MSR and related
> > feature flags.
> > 
> > CET kernel patches are here:
> > https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng.yu@intel.com
> > 
> > v12:
> > - Fixed a few issues per Sean and Paolo's review feeback.
> > - Refactored patches to make them properly arranged.
> > - Removed unnecessary hard-coded CET states for host/guest.
> > - Added compile-time assertions for vmcs_field_to_offset_table to detect
> >   mismatch of the field type and field encoding number.
> > - Added a custom MSR MSR_KVM_GUEST_SSP for guest active SSP save/restore.
> > - Rebased patches to 5.7-rc3.
> > 
> ping...
> 
> Sean and Paolo,
> Could you review v12 at your convenience? Thank you!

Through no fault of your own, it'll probably be a few weeks before I get back
to your CET series.  The kernel enabling doesn't seem like it's going to be
merged anytime soon, certainly not for 5.8, so unfortunately your series got
put on the backburner.  Sorry :-(.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ