lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aMiDOGwZXWbl9OEm@AUSJOHALLEN.amd.com>
Date: Mon, 15 Sep 2025 16:20:56 -0500
From: John Allen <john.allen@....com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Tom Lendacky <thomas.lendacky@....com>,
	Mathias Krause <minipli@...ecurity.net>,
	Rick Edgecombe <rick.p.edgecombe@...el.com>,
	Chao Gao <chao.gao@...el.com>, Maxim Levitsky <mlevitsk@...hat.com>,
	Xiaoyao Li <xiaoyao.li@...el.com>,
	Zhang Yi Z <yi.z.zhang@...ux.intel.com>
Subject: Re: [PATCH v15 00/41] KVM: x86: Mega-CET

On Fri, Sep 12, 2025 at 04:22:38PM -0700, Sean Christopherson wrote:
> This series is (hopefully) all of the in-flight CET virtualization patches
> in one big bundle.  Please holler if I missed a patch or three as this is what
> I am planning on applying for 6.18 (modulo fixups and whatnot), i.e. if there's
> something else that's needed to enable CET virtualization, now's the time...
> 
> Patches 1-3 probably need the most attention, as they are new in v15 and I
> don't have a fully working SEV-ES setup (don't have the right guest firmware,
> ugh).  Though testing on everything would be much appreciated.

It looks like there may be regressions with SEV-ES here. Running the
test_shadow_stack_64 selftest in the guest now hangs in the gup write.
Skipping the gup test seems to indicate there are some other issues as
well.

This reminded me that with the last version of the series, I noted an
issue with test_32bit selftest and sev-es on the guest. This would
segfault in sigaction32 and seemed to indicate some incompatibility
between the test and sev-es as it could be reproduced with a stripped
down version of the test without shadow stack enabled. I'm still
investigating this as well, but the above failures seem to be new.

I'll have some time to investigate further tomorrow.

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ