| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5f11dda2-76bd-b238-e9b8-9c9833960c7b@intel.com>
Date: Wed, 9 Aug 2023 14:07:29 +0800
From: "Yang, Weijiang" <weijiang.yang@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>
CC: <rick.p.edgecombe@...el.com>, <chao.gao@...el.com>,
<binbin.wu@...ux.intel.com>, <seanjc@...gle.com>,
<peterz@...radead.org>, <john.allen@....com>,
<kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 17/19] KVM:x86: Enable guest CET supervisor xstate bit
support
On 8/5/2023 6:02 AM, Paolo Bonzini wrote:
> On 8/3/23 06:27, Yang Weijiang wrote:
>> if (boot_cpu_has(X86_FEATURE_XSAVES)) {
>> + u32 eax, ebx, ecx, edx;
>> +
>> + cpuid_count(0xd, 1, &eax, &ebx, &ecx, &edx);
>> rdmsrl(MSR_IA32_XSS, host_xss);
>> kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS;
>> + if (ecx & XFEATURE_MASK_CET_KERNEL)
>> + kvm_caps.supported_xss |= XFEATURE_MASK_CET_KERNEL;
>> }
>
> This is a bit hackish and makes me lean more towards adding support for XFEATURE_MASK_CET_KERNEL in host MSR_IA32_XSS (and then possibly hide it in the actual calls to XSAVE/XRSTORS for non-guest FPU).
Yes, if kernel can support CET_U/S bits in XSS, things would be much easier.
But if CET_S bit cannot be enabled for somehow, we may have KVM emulation
for it.
> Paolo
>
Powered by blists - more mailing lists