lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <496a337d-a20d-4122-93a9-1520779c6d2d@zytor.com>
Date: Wed, 25 Sep 2024 15:13:22 -0700
From: Xin Li <xin@...or.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Chao Gao <chao.gao@...el.com>, Xin Li <xin3.li@...el.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org,
        pbonzini@...hat.com, corbet@....net, tglx@...utronix.de,
        mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
        x86@...nel.org, hpa@...or.com, shuah@...nel.org, vkuznets@...hat.com,
        peterz@...radead.org, ravi.v.shankar@...el.com
Subject: Re: [PATCH v2 07/25] KVM: VMX: Set intercept for FRED MSRs

On 9/25/2024 7:12 AM, Sean Christopherson wrote:
> On Wed, Sep 18, 2024, Xin Li wrote:
>> You mean the following patch set, right?
> 
> Yep, and presumably the KVM support as well:

I assume it's close to KVM upstreaming criteria :)

> 
> https://lore.kernel.org/all/20240219074733.122080-1-weijiang.yang@intel.com
> 
>> https://lore.kernel.org/kvm/20240531090331.13713-1-weijiang.yang@intel.com/
> 
...
>>
>> When FRED is advertised to a guest, KVM should allow FRED SSP MSRs
>> accesses through disabling FRED SSP MSRs interception no matter whether
>> supervisor shadow stacks are enabled or not.
> 
> KVM doesn't necessarily need to disabling MSR interception, e.g. if the expectation
> is that the guest will rarely/never access the MSRs when CET is unsupported, then
> we're likely better off going with a trap-and-emulate model.  KVM needs to emulate
> RDMSR and WRMSR no matter what, e.g. in case the guest triggers a WRMSR when KVM
> is emulating, and so that userspace can get/set MSR values.
> 
> And this means that yes, FRED virtualization needs to land after CET virtualization,
> otherwise managing the conflicts/dependencies will be a nightmare.
> 

No argument.

Thanks!
     Xin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ