lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aDnXXpm9Ioj0cZlX@AUSJOHALLEN.amd.com>
Date: Fri, 30 May 2025 11:05:50 -0500
From: John Allen <john.allen@....com>
To: Chao Gao <chao.gao@...el.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	tglx@...utronix.de, dave.hansen@...el.com, seanjc@...gle.com,
	pbonzini@...hat.com, peterz@...radead.org,
	rick.p.edgecombe@...el.com, weijiang.yang@...el.com, bp@...en8.de,
	chang.seok.bae@...el.com, xin3.li@...el.com,
	Maxim Levitsky <mlevitsk@...hat.com>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Mitchell Levy <levymitchell0@...il.com>,
	Vignesh Balasubramanian <vigbalas@....com>
Subject: Re: [PATCH v8 6/6] x86/fpu/xstate: Add CET supervisor xfeature
 support as a guest-only feature

On Thu, May 22, 2025 at 08:10:09AM -0700, Chao Gao wrote:
> From: Yang Weijiang <weijiang.yang@...el.com>
> 
> == Background ==
> 
> CET defines two register states: CET user, which includes user-mode control
> registers, and CET supervisor, which consists of shadow-stack pointers for
> privilege levels 0-2.
> 
> Current kernels disable shadow stacks in kernel mode, making the CET
> supervisor state unused and eliminating the need for context switching.
> 
> == Problem ==
> 
> To virtualize CET for guests, KVM must accurately emulate hardware
> behavior. A key challenge arises because there is no CPUID flag to indicate
> that shadow stack is supported only in user mode. Therefore, KVM cannot
> assume guests will not enable shadow stacks in kernel mode and must
> preserve the CET supervisor state of vCPUs.
> 
> == Solution ==
> 
> An initial proposal to manually save and restore CET supervisor states
> using raw RDMSR/WRMSR in KVM was rejected due to performance concerns and
> its impact on KVM's ABI. Instead, leveraging the kernel's FPU
> infrastructure for context switching was favored [1].
> 
> The main question then became whether to enable the CET supervisor state
> globally for all processes or restrict it to vCPU processes. This decision
> involves a trade-off between a 24-byte XSTATE buffer waste for all non-vCPU
> processes and approximately 100 lines of code complexity in the kernel [2].
> The agreed approach is to first try this optimal solution [3], i.e.,
> restricting the CET supervisor state to guest FPUs only and eliminating
> unnecessary space waste.
> 
> The guest-only xfeature infrastructure has already been added. Now,
> introduce CET supervisor xstate support as the first guest-only feature
> to prepare for the upcoming CET virtualization in KVM.
> 
> Signed-off-by: Yang Weijiang <weijiang.yang@...el.com>
> Signed-off-by: Chao Gao <chao.gao@...el.com>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
> Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>

Reviewed-by: John Allen <john.allen@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ