From: Sean Christopherson <seanjc@google.com>
To: Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: "john.allen@amd.com" <john.allen@amd.com>,
Weijiang Yang <weijiang.yang@intel.com>,
"bp@alien8.de" <bp@alien8.de>, "x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>
Subject: Re: [RFC PATCH v2 6/6] KVM: SVM: Add CET features to supported_xss
Date: Fri, 23 Jun 2023 15:18:29 -0700 [thread overview]
Message-ID: <ZJYaNSzup+yuYxNy@google.com> (raw)
In-Reply-To: <9ef2faeaa38e667bd4daa8ee338d4cade452c76c.camel@intel.com>
On Fri, Jun 09, 2023, Rick P Edgecombe wrote:
> On Fri, 2023-06-09 at 10:34 -0500, John Allen wrote:
> > > Is setting XFEATURE_MASK_CET_KERNEL here ok? The host kernel will not
> > > support XFEATURE_MASK_CET_KERNEL. I guess after this there is a small
> > > window of time where host IA32_XSS could have non-host supported
> > > supervisor state.
> > >
> > > Sort of separately, how does SVM work with respect to saving and
> > > restoring guest supervisor CET state (I mean the CET_S stuff)?
> >
> > Apart from a minor exception involving SEV-ES, we are piggybacking on the
> > state saving/restoring in Yang Weijiang's x86/VMX series. So by inspection,
> > it looks like guest supervisor support is broken as the supervisor XSAVES
> > state and MSRs are not included in that series. I currently don't have a
> > way to test this case, but I think there are operating systems that support
> > it. I'll work on getting a guest set up that can actually test this and
> > hopefully have working guest supervisor support in the next version of the
> > series.
>
> Hmm, interesting. VMX has some separate non-xsaves thing to save and
> restore the guests supervisor CET state, so Weijiang's series doesn't
> use the xsaves supervisor CET support.
Heh, that and Weijiang's series is a wee bit incomplete.
> Also, since the host might have CR4.CET set for its own reasons, if the host
> handled an exit with the the guests MSR_IA32_S_CET set it could suddenly be
> subjected to CET enforcement that it doesn't expect. Waiting to restore it
> until returning to the guest is too late.
>
> At least that's the reasoning on the VMX side as I understand it
The APM doesn't come right out and say it, but I assume/hope that S_CET is saved
on VMRUN and loaded on #VMEXIT, i.e. is the same as VMX for all intents and
purposes.
The host save state definitely has a field for S_CET, and VMRUN documents that the
guest values are loaded, I just can't find anything in the APM that explicitly states
how host S_CET and friends are handled. E.g. in theory, they could have been
shoved into VMSAVE+VMLOAD, though I very much doubt that's the case.
John?
next prev parent reply other threads:[~2023-06-23 22:18 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 15:53 [RFC PATCH v2 0/6] SVM guest shadow stack support John Allen
2023-05-24 15:53 ` [RFC PATCH v2 1/6] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2023-05-24 15:53 ` [RFC PATCH v2 2/6] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2023-05-24 15:53 ` [RFC PATCH v2 3/6] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2023-06-24 0:05 ` Sean Christopherson
2023-08-01 15:25 ` John Allen
2023-08-01 16:42 ` Sean Christopherson
2023-08-01 16:51 ` John Allen
2023-05-24 15:53 ` [RFC PATCH v2 4/6] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2023-06-23 21:11 ` Sean Christopherson
2023-08-01 15:19 ` John Allen
2023-08-01 16:28 ` Sean Christopherson
2023-08-01 17:03 ` John Allen
2023-08-02 2:18 ` Yang, Weijiang
2023-08-02 16:38 ` Sean Christopherson
2023-08-03 5:11 ` Yang, Weijiang
2023-05-24 15:53 ` [RFC PATCH v2 5/6] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2023-05-24 15:53 ` [RFC PATCH v2 6/6] KVM: SVM: Add CET features to supported_xss John Allen
2023-05-24 17:24 ` Edgecombe, Rick P
2023-06-09 15:34 ` John Allen
2023-06-09 16:46 ` Edgecombe, Rick P
2023-06-23 22:18 ` Sean Christopherson [this message]
2023-06-26 15:57 ` Tom Lendacky
2023-06-26 16:28 ` Sean Christopherson
2023-06-26 16:45 ` Tom Lendacky
2023-06-26 18:22 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJYaNSzup+yuYxNy@google.com \
--to=seanjc@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.