| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Jun 2023 14:01:45 +0800
From: "Yang, Weijiang" <weijiang.yang@...el.com>
To: Chao Gao <chao.gao@...el.com>
CC: <seanjc@...gle.com>, <pbonzini@...hat.com>, <kvm@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <peterz@...radead.org>,
<rppt@...nel.org>, <binbin.wu@...ux.intel.com>,
<rick.p.edgecombe@...el.com>, <john.allen@....com>
Subject: Re: [PATCH v3 10/21] KVM:x86: Add #CP support in guest exception
classification
On 6/6/2023 5:08 PM, Chao Gao wrote:
> On Thu, May 11, 2023 at 12:08:46AM -0400, Yang Weijiang wrote:
>> Add handling for Control Protection (#CP) exceptions(vector 21).
>> The new vector is introduced for Intel's Control-Flow Enforcement
>> Technology (CET) relevant violation cases.
>>
>> Although #CP belongs contributory exception class, but the actual
>> effect is conditional on CET being exposed to guest. If CET is not
>> available to guest, #CP falls back to non-contributory and doesn't
>> have an error code.
> This sounds weird. is this the hardware behavior? If yes, could you
> point us to where this behavior is documented?
It's not SDM documented behavior.
The original description is provided by Sean here:
Re: [PATCH v15 04/14] KVM: x86: Add #CP support in guest exception
dispatch - Sean Christopherson (kernel.org)
<https://lore.kernel.org/all/YBsZwvwhshw+s7yQ@google.com/>
I also verified the issue on my side. If the KVM CET patches are there
in L1 but CET is not enabled, and running some unit test can
trigger unit test failure although the #CP induced one has been fixed in
KVM unit tests.
Powered by blists - more mailing lists