lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aLissKgzL8fX+tXr@AUSJOHALLEN.amd.com>
Date: Wed, 3 Sep 2025 16:01:36 -0500
From: John Allen <john.allen@....com>
To: Chao Gao <chao.gao@...el.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, x86@...nel.org,
	seanjc@...gle.com, pbonzini@...hat.com, dave.hansen@...el.com,
	rick.p.edgecombe@...el.com, mlevitsk@...hat.com,
	weijiang.yang@...el.com, bp@...en8.de, dave.hansen@...ux.intel.com,
	hpa@...or.com, mingo@...hat.com, tglx@...utronix.de,
	thomas.lendacky@....com
Subject: Re: [PATCH v3 5/5] KVM: SVM: Enable shadow stack virtualization for
 SVM

On Mon, Aug 25, 2025 at 09:33:09AM +0800, Chao Gao wrote:
> On Wed, Aug 06, 2025 at 08:45:10PM +0000, John Allen wrote:
> >Remove the explicit clearing of shadow stack CPU capabilities.
> >
> >Signed-off-by: John Allen <john.allen@....com>
> >---
> >v3:
> >  - New in v3.
> >---
> > arch/x86/kvm/svm/svm.c | 5 -----
> > 1 file changed, 5 deletions(-)
> >
> >diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> >index 82cde3578c96..b67aa546d8f4 100644
> >--- a/arch/x86/kvm/svm/svm.c
> >+++ b/arch/x86/kvm/svm/svm.c
> >@@ -5255,11 +5255,6 @@ static __init void svm_set_cpu_caps(void)
> > 	kvm_set_cpu_caps();
> > 
> > 	kvm_caps.supported_perf_cap = 0;
> >-	kvm_caps.supported_xss = 0;
> >-
> >-	/* KVM doesn't yet support CET virtualization for SVM. */
> >-	kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
> >-	kvm_cpu_cap_clear(X86_FEATURE_IBT);
> 
> IIUC, IBT should be cleared because KVM doesn't support IBT for SVM.

Yeah, I wondered about this. The reason I chose to not clear this is
because we don't explicitly clear other features that are not supported
on AMD hardware AFAICT. Is there a reason we should clear this and not
other unsupported features?

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ