From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9DD9C433EA for ; Thu, 23 Jul 2020 16:25:42 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A904C206D8 for ; Thu, 23 Jul 2020 16:25:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A904C206D8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 40DF56B000D; Thu, 23 Jul 2020 12:25:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 398866B0027; Thu, 23 Jul 2020 12:25:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 25F418D0001; Thu, 23 Jul 2020 12:25:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0243.hostedemail.com [216.40.44.243]) by kanga.kvack.org (Postfix) with ESMTP id 0CF556B000D for ; Thu, 23 Jul 2020 12:25:42 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 9B01618017BD7 for ; Thu, 23 Jul 2020 16:25:41 +0000 (UTC) X-FDA: 77069866482.17.twist86_191381d26f40 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin17.hostedemail.com (Postfix) with ESMTP id 568FC180D01A3 for ; Thu, 23 Jul 2020 16:25:40 +0000 (UTC) X-HE-Tag: twist86_191381d26f40 X-Filterd-Recvd-Size: 3887 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by imf36.hostedemail.com (Postfix) with ESMTP for ; Thu, 23 Jul 2020 16:25:38 +0000 (UTC) IronPort-SDR: R0LdhIukdUGKmVYTw3byT+/v9ixM3xCrVmdChUSsDCg8MwZAc2czeadYi2Rf31tvY1STIJXVcq ymVy4xmiuKBw== X-IronPort-AV: E=McAfee;i="6000,8403,9691"; a="235441447" X-IronPort-AV: E=Sophos;i="5.75,387,1589266800"; d="scan'208";a="235441447" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jul 2020 09:25:36 -0700 IronPort-SDR: 7SNQbhgfLF8y+Ls0u3O0LezOL/4DKnkZUziPl6WdpxFftOFptAKIedxZcyo2AanJGfyBajYaF7 F/KSAtvgmIzA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,387,1589266800"; d="scan'208";a="488426080" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by fmsmga006.fm.intel.com with ESMTP; 23 Jul 2020 09:25:31 -0700 Date: Thu, 23 Jul 2020 09:25:31 -0700 From: Sean Christopherson To: Yu-cheng Yu Cc: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Subject: Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack Message-ID: <20200723162531.GF21891@linux.intel.com> References: <20200429220732.31602-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200429220732.31602-1-yu-cheng.yu@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Rspamd-Queue-Id: 568FC180D01A3 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam04 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Apr 29, 2020 at 03:07:06PM -0700, Yu-cheng Yu wrote: > Control-flow Enforcement (CET) is a new Intel processor feature that blocks > return/jump-oriented programming attacks. Details can be found in "Intel > 64 and IA-32 Architectures Software Developer's Manual" [1]. > > This series depends on the XSAVES supervisor state series that was split > out and submitted earlier [2]. ... > Yu-cheng Yu (25): > x86/cpufeatures: Add CET CPU feature flags for Control-flow > Enforcement Technology (CET) > x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states How would people feel about taking the above two patches (02 and 03 in the series) through the KVM tree to enable KVM virtualization of CET before the kernel itself gains CET support? I.e. add the MSR and feature bits, along with the XSAVES context switching. The feature definitons could use "" to suppress displaying them in /proc/cpuinfo to avoid falsely advertising CET to userspace. AIUI, there are ABI issues that need to be sorted out, and that is likely going to drag on for some time. Is this a "hell no" sort of idea, or something that would be feasible if we can show that there are no negative impacts to the kernel?