From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, Chao Gao <chao.gao@intel.com>,
Mathias Krause <minipli@grsecurity.net>,
Sean Christopherson <seanjc@google.com>
Subject: [kvm-unit-tests PATCH v4 16/18] x86: cet: Enable NOTRACK handling for IBT tests
Date: Fri, 14 Nov 2025 12:50:58 -0800 [thread overview]
Message-ID: <20251114205100.1873640-17-seanjc@google.com> (raw)
In-Reply-To: <20251114205100.1873640-1-seanjc@google.com>
gcc's jump table handling makes use of 'notrack' indirect jumps, causing
spurious #CP(3) exceptions.
Enable 'notrack' handling for the IBT tests instead of disabling jump
tables as we may want to make use of 'notrack' ourselves in future
tests. This will allow using report() in IBT tests, as gcc likes to
generate a small jump table for exception_mnemonic():
000000000040707c <exception_mnemonic>:
40707c: endbr64
407080: cmp $0x1e,%edi
407083: ja 407117 <exception_mnemonic+0x9b>
407089: mov %edi,%edi
40708b: notrack jmp *0x4107e0(,%rdi,8)
::
4070b1: mov $0x411c7c,%eax # <-- #CP(3) here
Link: https://lore.kernel.org/all/fc886a22-49f3-4627-8ba6-933099e7640d@grsecurity.net
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
x86/cet.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/x86/cet.c b/x86/cet.c
index 26cd1c9b..74d3f701 100644
--- a/x86/cet.c
+++ b/x86/cet.c
@@ -82,8 +82,9 @@ static uint64_t cet_ibt_func(void)
#define CP_ERR_SETSSBSY 0x0005
#define CP_ERR_ENCL BIT(15)
-#define ENABLE_SHSTK_BIT 0x1
-#define ENABLE_IBT_BIT 0x4
+#define CET_ENABLE_SHSTK BIT(0)
+#define CET_ENABLE_IBT BIT(2)
+#define CET_ENABLE_NOTRACK BIT(4)
static void test_shstk(void)
{
@@ -112,7 +113,7 @@ static void test_shstk(void)
install_pte(current_page_table(), 1, shstk_virt, pte, 0);
/* Enable shadow-stack protection */
- wrmsr(MSR_IA32_U_CET, ENABLE_SHSTK_BIT);
+ wrmsr(MSR_IA32_U_CET, CET_ENABLE_SHSTK);
/* Store shadow-stack pointer. */
wrmsr(MSR_IA32_PL3_SSP, (u64)(shstk_virt + 0x1000));
@@ -140,8 +141,8 @@ static void test_ibt(void)
return;
}
- /* Enable indirect-branch tracking */
- wrmsr(MSR_IA32_U_CET, ENABLE_IBT_BIT);
+ /* Enable indirect-branch tracking (notrack handling for jump tables) */
+ wrmsr(MSR_IA32_U_CET, CET_ENABLE_IBT | CET_ENABLE_NOTRACK);
run_in_user(cet_ibt_func, CP_VECTOR, 0, 0, 0, 0, &rvc);
report(rvc && exception_error_code() == CP_ERR_ENDBR,
--
2.52.0.rc1.455.g30608eb744-goog
next prev parent reply other threads:[~2025-11-14 20:51 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 20:50 [kvm-unit-tests PATCH v4 00/18] x86: Improve CET tests Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 01/18] x86: cet: Pass virtual addresses to invlpg Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 02/18] x86: cet: Remove unnecessary memory zeroing for shadow stack Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 03/18] x86: cet: Directly check for #CP exception in run_in_user() Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 04/18] x86: cet: Validate #CP error code Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 05/18] x86: cet: Use report_skip() Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 06/18] x86: cet: Drop unnecessary casting Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 07/18] x86: cet: Validate writing unaligned values to SSP MSR causes #GP Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 08/18] x86: cet: Validate CET states during VMX transitions Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 09/18] x86: cet: Make shadow stack less fragile Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 10/18] x86: cet: Simplify IBT test Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 11/18] x86: cet: Use symbolic values for the #CP error codes Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 12/18] x86: cet: Test far returns too Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 13/18] x86: Avoid top-most page for vmalloc on x86-64 Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 14/18] x86: cet: Run SHSTK and IBT tests as appropriate if either feature is supported Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 15/18] x86: cet: Drop the "intel_" prefix from the CET testcase Sean Christopherson
2025-11-14 20:50 ` Sean Christopherson [this message]
2025-11-15 5:30 ` [kvm-unit-tests PATCH v4 16/18] x86: cet: Enable NOTRACK handling for IBT tests Mathias Krause
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 17/18] x86: cet: Reset IBT tracker state on #CP violations Sean Christopherson
2025-11-15 5:40 ` Mathias Krause
2025-11-14 20:51 ` [kvm-unit-tests PATCH v4 18/18] x86: cet: Add testcases to verify KVM rejects emulation of CET instructions Sean Christopherson
2025-11-15 6:15 ` Mathias Krause
2025-11-17 7:32 ` Mathias Krause
2025-11-18 22:26 ` [kvm-unit-tests PATCH v4 00/18] x86: Improve CET tests Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114205100.1873640-17-seanjc@google.com \
--to=seanjc@google.com \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox