| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230817181820.15315-1-john.allen@amd.com>
Date: Thu, 17 Aug 2023 18:18:12 +0000
From: John Allen <john.allen@....com>
To: <kvm@...r.kernel.org>
CC: <linux-kernel@...r.kernel.org>, <pbonzini@...hat.com>,
<weijiang.yang@...el.com>, <rick.p.edgecombe@...el.com>,
<seanjc@...gle.com>, <x86@...nel.org>, <thomas.lendacky@....com>,
<bp@...en8.de>, John Allen <john.allen@....com>
Subject: [RFC PATCH v3 0/8] SVM guest shadow stack support
AMD Zen3 and newer processors support shadow stack, a feature designed to
protect against ROP (return-oriented programming) attacks in which an attacker
manipulates return addresses on the call stack in order to execute arbitrary
code. To prevent this, shadow stacks can be allocated that are only used by
control transfer and return instructions. When a CALL instruction is issued, it
writes the return address to both the program stack and the shadow stack. When
the subsequent RET instruction is issued, it pops the return address from both
stacks and compares them. If the addresses don't match, a control-protection
exception is raised.
Shadow stack and a related feature, Indirect Branch Tracking (IBT), are
collectively referred to as Control-flow Enforcement Technology (CET). However,
current AMD processors only support shadow stack and not IBT.
This series adds support for shadow stack in SVM guests and builds upon
the support added in the CET guest support patch series [1]. Additional
patches are required to support shadow stack enabled guests in qemu [2]
and glibc [3].
[1]: CET guest support patches (v5)
https://lore.kernel.org/all/20230803042732.88515-1-weijiang.yang@intel.com/
[2]: CET qemu patches
https://patchwork.ozlabs.org/project/qemu-devel/patch/20201013051935.6052-2-weijiang.yang@intel.com/
[3]: glibc tree containing necessary updates
https://gitlab.com/x86-glibc/glibc/-/tree/users/hjl/cet/master/
---
v2:
- Rebased on v3 of the Intel CET virtualization series, dropping the
patch that moved cet_is_msr_accessible to common code as that has
been pulled into the Intel series.
- Minor change removing curly brackets around if statement introduced
in patch 6/6.
v3:
- Rebased on v5 of the Intel CET virtualization series.
- Add patch changing the name of vmplX_ssp SEV-ES save area fields to
plX_ssp.
- Merge this series intended for KVM with the separate guest kernel
patch (now patch 7/8).
- Update MSR passthrough code to conditionally pass through shadow
stack MSRS based on both host and guest support.
- Don't save PL0_SSP, PL1_SSP, and PL2_SSP MSRs on SEV-ES VMRUN as
these are currently unused.
John Allen (8):
KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs
KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions
KVM: x86: SVM: Pass through shadow stack MSRs
KVM: SVM: Rename vmplX_ssp -> plX_ssp
KVM: SVM: Save shadow stack host state on VMRUN
KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
x86/sev-es: Include XSS value in GHCB CPUID request
KVM: SVM: Add CET features to supported_xss
arch/x86/include/asm/svm.h | 9 +++---
arch/x86/kernel/sev-shared.c | 15 ++++++++++
arch/x86/kvm/svm/sev.c | 21 ++++++++++++--
arch/x86/kvm/svm/svm.c | 53 ++++++++++++++++++++++++++++++++++++
arch/x86/kvm/svm/svm.h | 2 +-
5 files changed, 93 insertions(+), 7 deletions(-)
--
2.39.1
Powered by blists - more mailing lists