| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <175873602866.2143908.7929679883637280070.b4-ty@google.com>
Date: Wed, 24 Sep 2025 11:07:39 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>, Mathias Krause <minipli@...ecurity.net>,
John Allen <john.allen@....com>, Rick Edgecombe <rick.p.edgecombe@...el.com>,
Chao Gao <chao.gao@...el.com>, Binbin Wu <binbin.wu@...ux.intel.com>,
Xiaoyao Li <xiaoyao.li@...el.com>, Maxim Levitsky <mlevitsk@...hat.com>,
Zhang Yi Z <yi.z.zhang@...ux.intel.com>, Xin Li <xin@...or.com>
Subject: Re: [PATCH v16 00/51] KVM: x86: Super Mega CET
On Fri, 19 Sep 2025 15:32:07 -0700, Sean Christopherson wrote:
> As the subject suggests, this series continues to grow, as there an absolutely
> stupid number of edge cases and interactions.
>
> There are (a lot) more changes between v15 and v16 than I was hoping for, but
> there all fairly "minor" in the sense that it's things like disabling SHSTK
> when using the shadow MMU. I.e. it's mostly "configuration" fixes, and very
> few logical changes (outside of msrs_test.c, which has non-trivial changes due
> to ignore_msrs, argh).
>
> [...]
Unless someone finds a truly egregious bug, the hashes are now frozen. Please
post any fixups as standalone patches based on kvm-x86/next, and I'll apply on
top as appropriate.
Thanks everyone!
Applied 1-3 to kvm-x86 svm:
[01/51] KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code()
https://github.com/kvm-x86/linux/commit/e0ff302b79c5
[02/51] KVM: SEV: Read save fields from GHCB exactly once
https://github.com/kvm-x86/linux/commit/bd5f500d2317
[03/51] KVM: SEV: Validate XCR0 provided by guest in GHCB
https://github.com/kvm-x86/linux/commit/4135a9a8ccba
The ex_str() selftest patch to kvm-x86 selftests:
[44/51] KVM: selftests: Add ex_str() to print human friendly name of exception vectors
https://github.com/kvm-x86/linux/commit/df1f294013da
And the rest to kvm-x86 cet (including patch "26.5"):
[04/51] KVM: x86: Introduce KVM_{G,S}ET_ONE_REG uAPIs support
https://github.com/kvm-x86/linux/commit/06f2969c6a12
[05/51] KVM: x86: Report XSS as to-be-saved if there are supported features
https://github.com/kvm-x86/linux/commit/c0a5f2989122
[06/51] KVM: x86: Check XSS validity against guest CPUIDs
https://github.com/kvm-x86/linux/commit/338543cbe033
[07/51] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS
https://github.com/kvm-x86/linux/commit/9622e116d0d2
[08/51] KVM: x86: Initialize kvm_caps.supported_xss
https://github.com/kvm-x86/linux/commit/779ed05511f2
[09/51] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs
https://github.com/kvm-x86/linux/commit/e44eb58334bb
[10/51] KVM: x86: Add fault checks for guest CR4.CET setting
https://github.com/kvm-x86/linux/commit/586ef9dcbb28
[11/51] KVM: x86: Report KVM supported CET MSRs as to-be-saved
https://github.com/kvm-x86/linux/commit/6a11c860d8a4
[12/51] KVM: VMX: Introduce CET VMCS fields and control bits
https://github.com/kvm-x86/linux/commit/d6c387fc396b
[13/51] KVM: x86: Enable guest SSP read/write interface with new uAPIs
https://github.com/kvm-x86/linux/commit/9d6812d41535
[14/51] KVM: VMX: Emulate read and write to CET MSRs
https://github.com/kvm-x86/linux/commit/8b59d0275c96
[15/51] KVM: x86: Save and reload SSP to/from SMRAM
https://github.com/kvm-x86/linux/commit/1a61bd0d126a
[16/51] KVM: VMX: Set up interception for CET MSRs
https://github.com/kvm-x86/linux/commit/25f3840483e6
[17/51] KVM: VMX: Set host constant supervisor states to VMCS fields
https://github.com/kvm-x86/linux/commit/584ba3ffb984
[18/51] KVM: x86: Don't emulate instructions affected by CET features
https://github.com/kvm-x86/linux/commit/57c3db7e2e26
[19/51] KVM: x86: Don't emulate task switches when IBT or SHSTK is enabled
https://github.com/kvm-x86/linux/commit/82c0ec028258
[20/51] KVM: x86: Emulate SSP[63:32]!=0 #GP(0) for FAR JMP to 32-bit mode
https://github.com/kvm-x86/linux/commit/d4c03f63957c
[21/51] KVM: x86/mmu: WARN on attempt to check permissions for Shadow Stack #PF
https://github.com/kvm-x86/linux/commit/296599346c67
[22/51] KVM: x86/mmu: Pretty print PK, SS, and SGX flags in MMU tracepoints
https://github.com/kvm-x86/linux/commit/843af0f2e461
[23/51] KVM: x86: Allow setting CR4.CET if IBT or SHSTK is supported
https://github.com/kvm-x86/linux/commit/b3744c59ebc5
[24/51] KVM: nVMX: Always forward XSAVES/XRSTORS exits from L2 to L1
https://github.com/kvm-x86/linux/commit/19e6e083f3f9
[25/51] KVM: x86: Add XSS support for CET_KERNEL and CET_USER
https://github.com/kvm-x86/linux/commit/69cc3e886582
[26/51] KVM: x86: Disable support for Shadow Stacks if TDP is disabled
https://github.com/kvm-x86/linux/commit/1f6f68fcfe43
[26.5/51] KVM: x86: Initialize allow_smaller_maxphyaddr earlier in setup
https://github.com/kvm-x86/linux/commit/f705de12a22c
[27/51] KVM: x86: Disable support for IBT and SHSTK if allow_smaller_maxphyaddr is true
https://github.com/kvm-x86/linux/commit/343acdd158a5
[28/51] KVM: x86: Enable CET virtualization for VMX and advertise to userspace
https://github.com/kvm-x86/linux/commit/e140467bbdaf
[29/51] KVM: VMX: Configure nested capabilities after CPU capabilities
https://github.com/kvm-x86/linux/commit/f7336d47be53
[30/51] KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2
https://github.com/kvm-x86/linux/commit/033cc166f029
[31/51] KVM: nVMX: Prepare for enabling CET support for nested guest
https://github.com/kvm-x86/linux/commit/625884996bff
[32/51] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET
https://github.com/kvm-x86/linux/commit/8060b2bd2dd0
[33/51] KVM: nVMX: Add consistency checks for CET states
https://github.com/kvm-x86/linux/commit/62f7533a6b3a
[34/51] KVM: nVMX: Advertise new VM-Entry/Exit control bits for CET state
https://github.com/kvm-x86/linux/commit/42ae6448531b
[35/51] KVM: SVM: Emulate reads and writes to shadow stack MSRs
https://github.com/kvm-x86/linux/commit/48b2ec0d540c
[36/51] KVM: nSVM: Save/load CET Shadow Stack state to/from vmcb12/vmcb02
https://github.com/kvm-x86/linux/commit/c5ba49458513
[37/51] KVM: SVM: Update dump_vmcb with shadow stack save area additions
https://github.com/kvm-x86/linux/commit/c7586aa3bed4
[38/51] KVM: SVM: Pass through shadow stack MSRs as appropriate
https://github.com/kvm-x86/linux/commit/38c46bdbf998
[39/51] KVM: SEV: Synchronize MSR_IA32_XSS from the GHCB when it's valid
https://github.com/kvm-x86/linux/commit/b5fa221f7b08
[40/51] KVM: SVM: Enable shadow stack virtualization for SVM
https://github.com/kvm-x86/linux/commit/8db428fd5229
[41/51] KVM: x86: Add human friendly formatting for #XM, and #VE
https://github.com/kvm-x86/linux/commit/d37cc4819a48
[42/51] KVM: x86: Define Control Protection Exception (#CP) vector
https://github.com/kvm-x86/linux/commit/f2f5519aa4e3
[43/51] KVM: x86: Define AMD's #HV, #VC, and #SX exception vectors
https://github.com/kvm-x86/linux/commit/fddd07626baa
[45/51] KVM: selftests: Add an MSR test to exercise guest/host and read/write
https://github.com/kvm-x86/linux/commit/9c38ddb3df94
[46/51] KVM: selftests: Add support for MSR_IA32_{S,U}_CET to MSRs test
https://github.com/kvm-x86/linux/commit/27c41353064f
[47/51] KVM: selftests: Extend MSRs test to validate vCPUs without supported features
https://github.com/kvm-x86/linux/commit/a8b9cca99cf4
[48/51] KVM: selftests: Add KVM_{G,S}ET_ONE_REG coverage to MSRs test
https://github.com/kvm-x86/linux/commit/80c2b6d8e7bb
[49/51] KVM: selftests: Add coverage for KVM-defined registers in MSRs test
https://github.com/kvm-x86/linux/commit/3469fd203bac
[50/51] KVM: selftests: Verify MSRs are (not) in save/restore list when (un)supported
https://github.com/kvm-x86/linux/commit/947ab90c9198
[51/51] KVM: VMX: Make CR4.CET a guest owned bit
https://github.com/kvm-x86/linux/commit/d292035fb5d2
--
https://github.com/kvm-x86/linux/tree/next
Powered by blists - more mailing lists