[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <da8692bd-b0a7-4f53-8600-ac3fb277b3a1@redhat.com>
Date: Mon, 7 Aug 2023 09:00:03 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: "Yang, Weijiang" <weijiang.yang@...el.com>,
Sean Christopherson <seanjc@...gle.com>,
Chao Gao <chao.gao@...el.com>
Cc: peterz@...radead.org, john.allen@....com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, rick.p.edgecombe@...el.com,
binbin.wu@...ux.intel.com
Subject: Re: [PATCH v5 11/19] KVM:VMX: Emulate read and write to CET MSRs
On 8/6/23 10:44, Yang, Weijiang wrote:
>> Similar to my suggestsion for XSS, I think we drop the waiver for
>> host_initiated
>> accesses, i.e. require the feature to be enabled and exposed to the
>> guest, even
>> for the host.
>
> I saw Paolo shares different opinion on this, so would hold on for a
> while...
It's not *so* different: the host initiated access should be allowed,
but it should only allow writing zero. So, something like:
> +static bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu,
> + struct msr_data *msr)
> +{
bool host_msr_reset =
msr->host_initiated && msr->data == 0;
and then below you use host_msr_reset instead of msr->host_initiated.
> + if (msr->index == MSR_KVM_GUEST_SSP)
> + return msr->host_initiated;
> +
> + return msr->host_initiated ||
> + guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
This can be unified like this:
return
(host_msr_reset || guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) &&
(msr->index != MSR_KVM_GUEST_SSP || msr->host_initiated);
> + }
> +
> + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) &&
> + !kvm_cpu_cap_has(X86_FEATURE_IBT))
> + return false;
> +
> + return msr->host_initiated ||
> + guest_cpuid_has(vcpu, X86_FEATURE_IBT) ||
> + guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
while this can simply use host_msr_reset.
Paolo
Powered by blists - more mailing lists