lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZzSFD3OTjApdUp9w@intel.com>
Date: Wed, 13 Nov 2024 18:53:03 +0800
From: Chao Gao <chao.gao@...el.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
CC: "seanjc@...gle.com" <seanjc@...gle.com>, "Yang, Weijiang"
	<weijiang.yang@...el.com>, "Hansen, Dave" <dave.hansen@...el.com>,
	"x86@...nel.org" <x86@...nel.org>, "peterz@...radead.org"
	<peterz@...radead.org>, "john.allen@....com" <john.allen@....com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"mlevitsk@...hat.com" <mlevitsk@...hat.com>, "kvm@...r.kernel.org"
	<kvm@...r.kernel.org>, "pbonzini@...hat.com" <pbonzini@...hat.com>
Subject: Re: [PATCH v10 00/27] Enable CET Virtualization

On Wed, Nov 13, 2024 at 04:03:11AM +0800, Edgecombe, Rick P wrote:
>On Tue, 2024-11-12 at 08:33 +0800, Chao Gao wrote:
>> > 
>> > Or me, if Intel can't conjure up the resource.  I have spent way, way too
>> > much
>> > time and effort on CET virtualization to let it die on the vine :-)
>> 
>> Just FYI, I will take it over; I plan to submit v11 after x86 fpu changes [*]
>> are settled.
>> 
>> [*]:
>> https://lore.kernel.org/kvm/67c5a358-0e40-4b2f-b679-33dd0dfe73fb@intel.com/
>
>This series has some CET intersection:
>https://lore.kernel.org/kvm/20241001050110.3643764-13-xin@zytor.com/
>
>Have you checked if there needs to be any changes to either?

The intersection was already discussed at
https://lore.kernel.org/kvm/496a337d-a20d-4122-93a9-1520779c6d2d@zytor.com/

The plan is to merge the CET KVM series first. Then, the FRED KVM series will
address the intersection by:

1. Allowing guest access to the IA32_FRED_SSP0 MSR if either FRED or CET is
   exposed to the guest.

2. Intercepting the IA32_FRED_SSP0 MSR if CET is not exposed to the guest. This
   way, every access to that MSR is trapped and emulated by KVM when only FRED
   is exposed. Then KVM needn't manually save that MSR or save it through the
   CET_S XSAVE state when the vCPU is being scheduled out.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ