lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZjLO8FsnJ7NgED0G@google.com>
Date: Wed, 1 May 2024 16:23:28 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Yang Weijiang <weijiang.yang@...el.com>
Cc: pbonzini@...hat.com, dave.hansen@...el.com, x86@...nel.org, 
	kvm@...r.kernel.org, linux-kernel@...r.kernel.org, peterz@...radead.org, 
	chao.gao@...el.com, rick.p.edgecombe@...el.com, mlevitsk@...hat.com, 
	john.allen@....com
Subject: Re: [PATCH v10 26/27] KVM: nVMX: Enable CET support for nested guest

On Sun, Feb 18, 2024, Yang Weijiang wrote:
> @@ -2438,6 +2460,30 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0
>  	}
>  }
>  
> +static inline void cet_vmcs_fields_get(struct kvm_vcpu *vcpu, u64 *ssp,
> +				       u64 *s_cet, u64 *ssp_tbl)
> +{
> +	if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) {
> +		*ssp = vmcs_readl(GUEST_SSP);
> +		*s_cet = vmcs_readl(GUEST_S_CET);
> +		*ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
> +	} else if (guest_can_use(vcpu, X86_FEATURE_IBT)) {
> +		*s_cet = vmcs_readl(GUEST_S_CET);
> +	}

Same comments about accessing S_CET, please do so in a dedicated path.

> +}
> +
> +static inline void cet_vmcs_fields_put(struct kvm_vcpu *vcpu, u64 ssp,
> +				       u64 s_cet, u64 ssp_tbl)

This should probably use "set" instead of "put".  I can't think of a single case
where KVM uses "put" to describe writing state, e.g. "put" is always used when
putting a reference or unloading state.

> +{
> +	if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) {
> +		vmcs_writel(GUEST_SSP, ssp);
> +		vmcs_writel(GUEST_S_CET, s_cet);
> +		vmcs_writel(GUEST_INTR_SSP_TABLE, ssp_tbl);
> +	} else if (guest_can_use(vcpu, X86_FEATURE_IBT)) {
> +		vmcs_writel(GUEST_S_CET, s_cet);
> +	}

And here.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ