lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ac7eb055-a3a2-479c-8d21-4ebc262be93b@intel.com>
Date: Fri, 12 Sep 2025 14:23:38 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Chao Gao <chao.gao@...el.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, acme@...hat.com,
 bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
 john.allen@....com, mingo@...nel.org, mingo@...hat.com,
 minipli@...ecurity.net, mlevitsk@...hat.com, namhyung@...nel.org,
 pbonzini@...hat.com, prsampat@....com, rick.p.edgecombe@...el.com,
 seanjc@...gle.com, shuah@...nel.org, tglx@...utronix.de,
 weijiang.yang@...el.com, x86@...nel.org, xin@...or.com
Subject: Re: [PATCH v14 15/22] KVM: x86: Don't emulate instructions guarded by
 CET

On 9/11/2025 6:42 PM, Chao Gao wrote:
>>> @@ -4941,6 +4947,24 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len, int
>>>    	if (ctxt->d == 0)
>>>    		return EMULATION_FAILED;
>>> +	if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_CET) {
>>> +		u64 u_cet, s_cet;
>>> +		bool stop_em;
>>> +
>>> +		if (ctxt->ops->get_msr(ctxt, MSR_IA32_U_CET, &u_cet) ||
>>> +		    ctxt->ops->get_msr(ctxt, MSR_IA32_S_CET, &s_cet))
>>> +			return EMULATION_FAILED;
>>> +
>>> +		stop_em = ((u_cet & CET_SHSTK_EN) || (s_cet & CET_SHSTK_EN)) &&
>>> +			  (opcode.flags & ShadowStack);
>>> +
>>> +		stop_em |= ((u_cet & CET_ENDBR_EN) || (s_cet & CET_ENDBR_EN)) &&
>>> +			   (opcode.flags & IndirBrnTrk);
>>
>> Why don't check CPL here? Just for simplicity?
> 
> I think so. This is a corner case and we don't want to make it very precise
> (and thus complex). The reason is that no one had a strong opinion on whether
> to do the CPL check or not. I asked the same question before [*], but I don't
> have a strong opinion on this either.

I'm OK with it.

But I think we should at least mention it in the change log. So people 
will know that CPL check is skipped intentionally and maintainers are OK 
with it so the patch was merged, when they dig the history.

> [*]: https://lore.kernel.org/kvm/ZaSQn7RCRTaBK1bc@chao-email/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ