From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Yang Weijiang <weijiang.yang@intel.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, jmattson@google.com,
yu.c.zhang@linux.intel.com, yu-cheng.yu@intel.com
Subject: Re: [PATCH v8 2/7] KVM: VMX: Define CET VMCS fields and #CP flag
Date: Tue, 10 Dec 2019 13:00:44 -0800 [thread overview]
Message-ID: <20191210210044.GK15758@linux.intel.com> (raw)
In-Reply-To: <20191101085222.27997-3-weijiang.yang@intel.com>
On Fri, Nov 01, 2019 at 04:52:17PM +0800, Yang Weijiang wrote:
> CET(Control-flow Enforcement Technology) is an upcoming Intel(R)
> processor feature that blocks Return/Jump-Oriented Programming(ROP)
> attacks. It provides the following capabilities to defend
> against ROP/JOP style control-flow subversion attacks:
>
> Shadow Stack (SHSTK):
> A second stack for program which is used exclusively for
> control transfer operations.
>
> Indirect Branch Tracking (IBT):
> Code branching protection to defend against jump/call oriented
> programming.
>
> Several new CET MSRs are defined in kernel to support CET:
> MSR_IA32_{U,S}_CET: Controls the CET settings for user
> mode and suervisor mode respectively.
>
> MSR_IA32_PL{0,1,2,3}_SSP: Stores shadow stack pointers for
> CPL-0,1,2,3 level respectively.
>
> MSR_IA32_INT_SSP_TAB: Stores base address of shadow stack
> pointer table.
>
> Two XSAVES state bits are introduced for CET:
> IA32_XSS:[bit 11]: For saving/restoring user mode CET states
> IA32_XSS:[bit 12]: For saving/restoring supervisor mode CET states.
>
> Six VMCS fields are introduced for CET:
> {HOST,GUEST}_S_CET: Stores CET settings for supervisor mode.
> {HOST,GUEST}_SSP: Stores shadow stack pointer for supervisor mode.
> {HOST,GUEST}_INTR_SSP_TABLE: Stores base address of shadow stack pointer
> table.
>
> If VM_EXIT_LOAD_HOST_CET_STATE = 1, the host's CET MSRs are restored
> from below VMCS fields at VM-Exit:
> HOST_S_CET
> HOST_SSP
> HOST_INTR_SSP_TABLE
>
> If VM_ENTRY_LOAD_GUEST_CET_STATE = 1, the guest's CET MSRs are loaded
> from below VMCS fields at VM-Entry:
> GUEST_S_CET
> GUEST_SSP
> GUEST_INTR_SSP_TABLE
>
> Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
> Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> ---
> arch/x86/include/asm/vmx.h | 8 ++++++++
> arch/x86/include/uapi/asm/kvm.h | 1 +
> arch/x86/kvm/x86.c | 1 +
> arch/x86/kvm/x86.h | 5 +++--
> 4 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index a39136b0d509..68bca290a203 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -90,6 +90,7 @@
> #define VM_EXIT_CLEAR_BNDCFGS 0x00800000
> #define VM_EXIT_PT_CONCEAL_PIP 0x01000000
> #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000
> +#define VM_EXIT_LOAD_HOST_CET_STATE 0x10000000
>
> #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff
>
> @@ -103,6 +104,7 @@
> #define VM_ENTRY_LOAD_BNDCFGS 0x00010000
> #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000
> #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000
> +#define VM_ENTRY_LOAD_GUEST_CET_STATE 0x00100000
>
> #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff
>
> @@ -321,6 +323,9 @@ enum vmcs_field {
> GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822,
> GUEST_SYSENTER_ESP = 0x00006824,
> GUEST_SYSENTER_EIP = 0x00006826,
> + GUEST_S_CET = 0x00006828,
> + GUEST_SSP = 0x0000682a,
> + GUEST_INTR_SSP_TABLE = 0x0000682c,
> HOST_CR0 = 0x00006c00,
> HOST_CR3 = 0x00006c02,
> HOST_CR4 = 0x00006c04,
> @@ -333,6 +338,9 @@ enum vmcs_field {
> HOST_IA32_SYSENTER_EIP = 0x00006c12,
> HOST_RSP = 0x00006c14,
> HOST_RIP = 0x00006c16,
> + HOST_S_CET = 0x00006c18,
> + HOST_SSP = 0x00006c1a,
> + HOST_INTR_SSP_TABLE = 0x00006c1c
> };
>
> /*
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 503d3f42da16..e68d6b448730 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -31,6 +31,7 @@
> #define MC_VECTOR 18
> #define XM_VECTOR 19
> #define VE_VECTOR 20
> +#define CP_VECTOR 21
>
> /* Select x86 specific features in <linux/kvm.h> */
> #define __KVM_HAVE_PIT
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 290c3c3efb87..540490d5385f 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -378,6 +378,7 @@ static int exception_class(int vector)
> case NP_VECTOR:
> case SS_VECTOR:
> case GP_VECTOR:
> + case CP_VECTOR:
> return EXCPT_CONTRIBUTORY;
> default:
> break;
> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> index f10c12b5197d..7e7b5b5cc956 100644
> --- a/arch/x86/kvm/x86.h
> +++ b/arch/x86/kvm/x86.h
> @@ -114,7 +114,7 @@ static inline bool x86_exception_has_error_code(unsigned int vector)
> {
> static u32 exception_has_error_code = BIT(DF_VECTOR) | BIT(TS_VECTOR) |
> BIT(NP_VECTOR) | BIT(SS_VECTOR) | BIT(GP_VECTOR) |
> - BIT(PF_VECTOR) | BIT(AC_VECTOR);
> + BIT(PF_VECTOR) | BIT(AC_VECTOR) | BIT(CP_VECTOR);
>
> return (1U << vector) & exception_has_error_code;
> }
> @@ -298,7 +298,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
> * Right now, no XSS states are used on x86 platform,
> * expand the macro for new features.
I assume this comment needs to be updated?
> */
> -#define KVM_SUPPORTED_XSS 0
> +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER \
> + | XFEATURE_MASK_CET_KERNEL)
>
> extern u64 host_xcr0;
>
> --
> 2.17.2
>
next prev parent reply other threads:[~2019-12-10 21:00 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-01 8:52 [PATCH v8 0/7] Introduce support for guest CET feature Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 1/7] KVM: CPUID: Fix IA32_XSS support in CPUID(0xd,i) enumeration Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 2/7] KVM: VMX: Define CET VMCS fields and #CP flag Yang Weijiang
2019-12-10 21:00 ` Sean Christopherson [this message]
2019-12-11 1:45 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 3/7] KVM: VMX: Pass through CET related MSRs Yang Weijiang
2019-12-10 21:18 ` Sean Christopherson
2019-12-11 1:32 ` Yang Weijiang
2019-12-11 1:50 ` Sean Christopherson
2019-12-11 2:27 ` Yang Weijiang
2019-12-16 2:18 ` Yang Weijiang
2019-12-18 0:34 ` Sean Christopherson
2019-12-18 13:55 ` Yang Weijiang
2019-12-18 16:02 ` Sean Christopherson
2019-11-01 8:52 ` [PATCH v8 4/7] KVM: VMX: Load CET states on vmentry/vmexit Yang Weijiang
2019-12-10 21:23 ` Sean Christopherson
2019-12-11 1:54 ` Yang Weijiang
2019-12-11 16:35 ` Sean Christopherson
2019-12-12 1:04 ` Yang Weijiang
2019-12-18 0:30 ` Sean Christopherson
2019-12-18 13:20 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 5/7] KVM: X86: Enable CET bits update in IA32_XSS Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 6/7] KVM: X86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang
2019-12-10 21:27 ` Sean Christopherson
2019-12-11 2:03 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 7/7] KVM: X86: Add user-space access interface for CET MSRs Yang Weijiang
2019-12-10 21:58 ` Sean Christopherson
2019-12-11 2:19 ` Yang Weijiang
2019-12-11 16:27 ` Sean Christopherson
2019-12-12 0:42 ` Yang Weijiang
2019-12-12 16:03 ` [PATCH v8 0/7] Introduce support for guest CET feature Konrad Rzeszutek Wilk
2019-12-13 0:44 ` Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191210210044.GK15758@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=weijiang.yang@intel.com \
--cc=yu-cheng.yu@intel.com \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.