From: Mathias Krause <minipli@grsecurity.net>
To: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org, Chao Gao <chao.gao@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [kvm-unit-tests PATCH v4 16/18] x86: cet: Enable NOTRACK handling for IBT tests
Date: Sat, 15 Nov 2025 06:30:43 +0100 [thread overview]
Message-ID: <817ee8ef-a912-4e5d-b381-885429f13e7b@grsecurity.net> (raw)
In-Reply-To: <20251114205100.1873640-17-seanjc@google.com>
On 14.11.25 21:50, Sean Christopherson wrote:
> gcc's jump table handling makes use of 'notrack' indirect jumps, causing
> spurious #CP(3) exceptions.
>
Missing a "From: Mathias Krause <minipli@grsecurity.net>", maybe?
> Enable 'notrack' handling for the IBT tests instead of disabling jump
> tables as we may want to make use of 'notrack' ourselves in future
> tests. This will allow using report() in IBT tests, as gcc likes to
> generate a small jump table for exception_mnemonic():
>
> 000000000040707c <exception_mnemonic>:
> 40707c: endbr64
> 407080: cmp $0x1e,%edi
> 407083: ja 407117 <exception_mnemonic+0x9b>
> 407089: mov %edi,%edi
> 40708b: notrack jmp *0x4107e0(,%rdi,8)
> ::
> 4070b1: mov $0x411c7c,%eax # <-- #CP(3) here
>
> Link: https://lore.kernel.org/all/fc886a22-49f3-4627-8ba6-933099e7640d@grsecurity.net
> Signed-off-by: Mathias Krause <minipli@grsecurity.net>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> x86/cet.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/x86/cet.c b/x86/cet.c
> index 26cd1c9b..74d3f701 100644
> --- a/x86/cet.c
> +++ b/x86/cet.c
> @@ -82,8 +82,9 @@ static uint64_t cet_ibt_func(void)
> #define CP_ERR_SETSSBSY 0x0005
> #define CP_ERR_ENCL BIT(15)
>
> -#define ENABLE_SHSTK_BIT 0x1
> -#define ENABLE_IBT_BIT 0x4
> +#define CET_ENABLE_SHSTK BIT(0)
> +#define CET_ENABLE_IBT BIT(2)
> +#define CET_ENABLE_NOTRACK BIT(4)
>
> static void test_shstk(void)
> {
> @@ -112,7 +113,7 @@ static void test_shstk(void)
> install_pte(current_page_table(), 1, shstk_virt, pte, 0);
>
> /* Enable shadow-stack protection */
> - wrmsr(MSR_IA32_U_CET, ENABLE_SHSTK_BIT);
> + wrmsr(MSR_IA32_U_CET, CET_ENABLE_SHSTK);
>
> /* Store shadow-stack pointer. */
> wrmsr(MSR_IA32_PL3_SSP, (u64)(shstk_virt + 0x1000));
> @@ -140,8 +141,8 @@ static void test_ibt(void)
> return;
> }
>
> - /* Enable indirect-branch tracking */
> - wrmsr(MSR_IA32_U_CET, ENABLE_IBT_BIT);
> + /* Enable indirect-branch tracking (notrack handling for jump tables) */
> + wrmsr(MSR_IA32_U_CET, CET_ENABLE_IBT | CET_ENABLE_NOTRACK);
>
> run_in_user(cet_ibt_func, CP_VECTOR, 0, 0, 0, 0, &rvc);
> report(rvc && exception_error_code() == CP_ERR_ENDBR,
Otherwise, LGTM!
Thanks,
Mathias
next prev parent reply other threads:[~2025-11-15 5:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 20:50 [kvm-unit-tests PATCH v4 00/18] x86: Improve CET tests Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 01/18] x86: cet: Pass virtual addresses to invlpg Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 02/18] x86: cet: Remove unnecessary memory zeroing for shadow stack Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 03/18] x86: cet: Directly check for #CP exception in run_in_user() Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 04/18] x86: cet: Validate #CP error code Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 05/18] x86: cet: Use report_skip() Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 06/18] x86: cet: Drop unnecessary casting Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 07/18] x86: cet: Validate writing unaligned values to SSP MSR causes #GP Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 08/18] x86: cet: Validate CET states during VMX transitions Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 09/18] x86: cet: Make shadow stack less fragile Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 10/18] x86: cet: Simplify IBT test Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 11/18] x86: cet: Use symbolic values for the #CP error codes Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 12/18] x86: cet: Test far returns too Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 13/18] x86: Avoid top-most page for vmalloc on x86-64 Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 14/18] x86: cet: Run SHSTK and IBT tests as appropriate if either feature is supported Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 15/18] x86: cet: Drop the "intel_" prefix from the CET testcase Sean Christopherson
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 16/18] x86: cet: Enable NOTRACK handling for IBT tests Sean Christopherson
2025-11-15 5:30 ` Mathias Krause [this message]
2025-11-14 20:50 ` [kvm-unit-tests PATCH v4 17/18] x86: cet: Reset IBT tracker state on #CP violations Sean Christopherson
2025-11-15 5:40 ` Mathias Krause
2025-11-14 20:51 ` [kvm-unit-tests PATCH v4 18/18] x86: cet: Add testcases to verify KVM rejects emulation of CET instructions Sean Christopherson
2025-11-15 6:15 ` Mathias Krause
2025-11-17 7:32 ` Mathias Krause
2025-11-18 22:26 ` [kvm-unit-tests PATCH v4 00/18] x86: Improve CET tests Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=817ee8ef-a912-4e5d-b381-885429f13e7b@grsecurity.net \
--to=minipli@grsecurity.net \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox