Re: [kvm-unit-tests PATCH v3 15/17] x86/cet: Run SHSTK and IBT tests as appropriate if either feature is supported

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Mathias Krause <minipli@grsecurity.net>
To: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org, Chao Gao <chao.gao@intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [kvm-unit-tests PATCH v3 15/17] x86/cet: Run SHSTK and IBT tests as appropriate if either feature is supported
Date: Fri, 14 Nov 2025 09:59:53 +0100	[thread overview]
Message-ID: <e3a82783-efff-445f-bc79-99e7ee7d34d5@grsecurity.net> (raw)
In-Reply-To: <20251114001258.1717007-16-seanjc@google.com>

On 14.11.25 01:12, Sean Christopherson wrote:
> Run the SHSTK and IBT tests if their respective feature is supported, as
> nothing in the architecture requires both features to be supported.
> Decoupling the two features allows running the SHSTK test on AMD CPUs,
> which support SHSTK but not IBT.
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>  x86/cet.c | 50 +++++++++++++++++++++++++++++++++-----------------
>  1 file changed, 33 insertions(+), 17 deletions(-)
> 
> diff --git a/x86/cet.c b/x86/cet.c
> index eeab5901..26cd1c9b 100644
> --- a/x86/cet.c
> +++ b/x86/cet.c
> @@ -85,7 +85,7 @@ static uint64_t cet_ibt_func(void)
>  #define ENABLE_SHSTK_BIT 0x1
>  #define ENABLE_IBT_BIT   0x4
>  
> -int main(int ac, char **av)
> +static void test_shstk(void)
>  {
>  	char *shstk_virt;
>  	unsigned long shstk_phys;
> @@ -94,17 +94,10 @@ int main(int ac, char **av)
>  	bool rvc;
>  
>  	if (!this_cpu_has(X86_FEATURE_SHSTK)) {
> -		report_skip("SHSTK not enabled");
> -		return report_summary();
> +		report_skip("SHSTK not supported");
> +		return;
>  	}
>  
> -	if (!this_cpu_has(X86_FEATURE_IBT)) {
> -		report_skip("IBT not enabled");
> -		return report_summary();
> -	}
> -
> -	setup_vm();
> -
>  	/* Allocate one page for shadow-stack. */
>  	shstk_virt = alloc_vpage();
>  	shstk_phys = (unsigned long)virt_to_phys(alloc_page());
> @@ -124,9 +117,6 @@ int main(int ac, char **av)
>  	/* Store shadow-stack pointer. */
>  	wrmsr(MSR_IA32_PL3_SSP, (u64)(shstk_virt + 0x1000));
>  
> -	/* Enable CET master control bit in CR4. */
> -	write_cr4(read_cr4() | X86_CR4_CET);
> -
>  	printf("Unit tests for CET user mode...\n");
>  	run_in_user(cet_shstk_func, CP_VECTOR, 0, 0, 0, 0, &rvc);
>  	report(rvc && exception_error_code() == CP_ERR_NEAR_RET,
> @@ -136,19 +126,45 @@ int main(int ac, char **av)
>  	report(rvc && exception_error_code() == CP_ERR_FAR_RET,
>  	       "FAR RET shadow-stack protection test");
>  
> +	/* SSP should be 4-Byte aligned */
> +	vector = wrmsr_safe(MSR_IA32_PL3_SSP, 0x1);
> +	report(vector == GP_VECTOR, "MSR_IA32_PL3_SSP alignment test.");
> +}
> +
> +static void test_ibt(void)
> +{
> +	bool rvc;
> +
> +	if (!this_cpu_has(X86_FEATURE_IBT)) {
> +		report_skip("IBT not supported");
> +		return;
> +	}
> +
>  	/* Enable indirect-branch tracking */
>  	wrmsr(MSR_IA32_U_CET, ENABLE_IBT_BIT);
>  
>  	run_in_user(cet_ibt_func, CP_VECTOR, 0, 0, 0, 0, &rvc);
>  	report(rvc && exception_error_code() == CP_ERR_ENDBR,
>  	       "Indirect-branch tracking test");
> +}
> +
> +int main(int ac, char **av)
> +{
> +	if (!this_cpu_has(X86_FEATURE_SHSTK) && !this_cpu_has(X86_FEATURE_IBT)) {
> +		report_skip("No CET features supported");
> +		return report_summary();
> +	}
> +
> +	setup_vm();
> +
> +	/* Enable CET global control bit in CR4. */
> +	write_cr4(read_cr4() | X86_CR4_CET);
> +
> +	test_shstk();
> +	test_ibt();
>  
>  	write_cr4(read_cr4() & ~X86_CR4_CET);
>  	wrmsr(MSR_IA32_U_CET, 0);
>  
> -	/* SSP should be 4-Byte aligned */
> -	vector = wrmsr_safe(MSR_IA32_PL3_SSP, 0x1);
> -	report(vector == GP_VECTOR, "MSR_IA32_PL3_SSP alignment test.");
> -
>  	return report_summary();
>  }

Looks good to me!

Successfully tested on Intel ADL, selectively disabling IBT (-cpu
host,-ibt), shadow stacks (-cpu host,-shstk) or both (-cpu
host,-ibt,-shstk), each doing "The Right Thing," therefore:

Reviewed-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: Mathias Krause <minipli@grsecurity.net>

Thanks,
Mathias

next prev parent reply	other threads:[~2025-11-14  8:59 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-14  0:12 [kvm-unit-tests PATCH v3 00/17] x86: Improve CET tests Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 01/17] x86/run_in_user: Add an "end branch" marker on the user_mode destination Sean Christopherson
2025-11-14 15:51   ` Mathias Krause
2025-11-14 20:46     ` Sean Christopherson
2025-11-15  5:09       ` Mathias Krause
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 02/17] x86: cet: Pass virtual addresses to invlpg Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 03/17] x86: cet: Remove unnecessary memory zeroing for shadow stack Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 04/17] x86: cet: Directly check for #CP exception in run_in_user() Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 05/17] x86: cet: Validate #CP error code Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 06/17] x86: cet: Use report_skip() Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 07/17] x86: cet: Drop unnecessary casting Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 08/17] x86: cet: Validate writing unaligned values to SSP MSR causes #GP Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 09/17] x86: cet: Validate CET states during VMX transitions Sean Christopherson
2025-11-14  8:10   ` Mathias Krause
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 10/17] x86: cet: Make shadow stack less fragile Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 11/17] x86: cet: Simplify IBT test Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 12/17] x86: cet: Use symbolic values for the #CP error codes Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 13/17] x86: cet: Test far returns too Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 14/17] x86: Avoid top-most page for vmalloc on x86-64 Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 15/17] x86/cet: Run SHSTK and IBT tests as appropriate if either feature is supported Sean Christopherson
2025-11-14  8:59   ` Mathias Krause [this message]
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 16/17] x86/cet: Drop the "intel_" prefix from the CET testcase Sean Christopherson
2025-11-14  0:12 ` [kvm-unit-tests PATCH v3 17/17] x86/cet: Add testcases to verify KVM rejects emulation of CET instructions Sean Christopherson
2025-11-14 15:19   ` Mathias Krause
2025-11-14 20:42     ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e3a82783-efff-445f-bc79-99e7ee7d34d5@grsecurity.net \
    --to=minipli@grsecurity.net \
    --cc=chao.gao@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox