From: Yang Weijiang <weijiang.yang@intel.com>
To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: peterz@infradead.org, chao.gao@intel.com,
rick.p.edgecombe@intel.com, mlevitsk@redhat.com,
john.allen@amd.com, weijiang.yang@intel.com,
Zhang Yi Z <yi.z.zhang@linux.intel.com>
Subject: [PATCH v7 18/26] KVM: VMX: Introduce CET VMCS fields and control bits
Date: Fri, 24 Nov 2023 00:53:22 -0500 [thread overview]
Message-ID: <20231124055330.138870-19-weijiang.yang@intel.com> (raw)
In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com>
Control-flow Enforcement Technology (CET) is a kind of CPU feature used
to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks.
It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP
style control-flow subversion attacks.
Shadow Stack (SHSTK):
A shadow stack is a second stack used exclusively for control transfer
operations. The shadow stack is separate from the data/normal stack and
can be enabled individually in user and kernel mode. When shadow stack
is enabled, CALL pushes the return address on both the data and shadow
stack. RET pops the return address from both stacks and compares them.
If the return addresses from the two stacks do not match, the processor
generates a #CP.
Indirect Branch Tracking (IBT):
IBT introduces instruction(ENDBRANCH)to mark valid target addresses of
indirect branches (CALL, JMP etc...). If an indirect branch is executed
and the next instruction is _not_ an ENDBRANCH, the processor generates
a #CP. These instruction behaves as a NOP on platforms that have no CET.
Several new CET MSRs are defined to support CET:
MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively.
MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}.
MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry
is indexed by IST of interrupt gate desc.
Two XSAVES state bits are introduced for CET:
IA32_XSS:[bit 11]: Control saving/restoring user mode CET states
IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states.
Six VMCS fields are introduced for CET:
{HOST,GUEST}_S_CET: Stores CET settings for kernel mode.
{HOST,GUEST}_SSP: Stores current active SSP.
{HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB.
On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY
control fields:
If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following
VMCS fields at VM-Exit:
HOST_S_CET
HOST_SSP
HOST_INTR_SSP_TABLE
If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following
VMCS fields at VM-Entry:
GUEST_S_CET
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
---
arch/x86/include/asm/vmx.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 0e73616b82f3..451fd4f4fedc 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -104,6 +104,7 @@
#define VM_EXIT_CLEAR_BNDCFGS 0x00800000
#define VM_EXIT_PT_CONCEAL_PIP 0x01000000
#define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000
+#define VM_EXIT_LOAD_CET_STATE 0x10000000
#define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff
@@ -117,6 +118,7 @@
#define VM_ENTRY_LOAD_BNDCFGS 0x00010000
#define VM_ENTRY_PT_CONCEAL_PIP 0x00020000
#define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000
+#define VM_ENTRY_LOAD_CET_STATE 0x00100000
#define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff
@@ -345,6 +347,9 @@ enum vmcs_field {
GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822,
GUEST_SYSENTER_ESP = 0x00006824,
GUEST_SYSENTER_EIP = 0x00006826,
+ GUEST_S_CET = 0x00006828,
+ GUEST_SSP = 0x0000682a,
+ GUEST_INTR_SSP_TABLE = 0x0000682c,
HOST_CR0 = 0x00006c00,
HOST_CR3 = 0x00006c02,
HOST_CR4 = 0x00006c04,
@@ -357,6 +362,9 @@ enum vmcs_field {
HOST_IA32_SYSENTER_EIP = 0x00006c12,
HOST_RSP = 0x00006c14,
HOST_RIP = 0x00006c16,
+ HOST_S_CET = 0x00006c18,
+ HOST_SSP = 0x00006c1a,
+ HOST_INTR_SSP_TABLE = 0x00006c1c
};
/*
--
2.27.0
next prev parent reply other threads:[~2023-11-24 8:00 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 5:53 [PATCH v7 00/26] Enable CET Virtualization Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 01/26] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Yang Weijiang
2023-11-30 17:24 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 02/26] x86/fpu/xstate: Refine CET user xstate bit enabling Yang Weijiang
2023-11-24 9:40 ` Peter Zijlstra
2023-11-27 2:55 ` Yang, Weijiang
2023-11-28 1:31 ` Edgecombe, Rick P
2023-11-28 8:50 ` Peter Zijlstra
2023-11-28 1:31 ` Edgecombe, Rick P
2023-11-28 7:52 ` Yang, Weijiang
2023-11-30 17:26 ` Maxim Levitsky
2023-12-01 6:51 ` Yang, Weijiang
2023-12-05 9:53 ` Maxim Levitsky
2023-12-06 1:03 ` Yang, Weijiang
2023-12-06 15:57 ` Maxim Levitsky
2023-12-08 14:57 ` Yang, Weijiang
2023-12-08 15:15 ` Maxim Levitsky
2023-12-13 9:30 ` Yang, Weijiang
2023-12-13 13:31 ` Maxim Levitsky
2023-12-13 17:01 ` Chang S. Bae
2023-12-14 3:12 ` Yang, Weijiang
2023-11-24 5:53 ` [PATCH v7 03/26] x86/fpu/xstate: Add CET supervisor mode state support Yang Weijiang
2023-11-24 9:45 ` Peter Zijlstra
2023-11-27 4:06 ` Yang, Weijiang
2023-11-28 1:34 ` Edgecombe, Rick P
2023-11-30 17:27 ` Maxim Levitsky
2023-12-01 7:01 ` Yang, Weijiang
2023-12-05 9:53 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 04/26] x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set Yang Weijiang
2023-11-28 1:46 ` Edgecombe, Rick P
2023-11-28 8:00 ` Yang, Weijiang
2023-11-30 17:33 ` Maxim Levitsky
2023-12-01 7:49 ` Yang, Weijiang
2023-12-05 9:55 ` Maxim Levitsky
2023-12-06 3:00 ` Yang, Weijiang
2023-12-06 16:11 ` Maxim Levitsky
2023-12-08 15:57 ` Yang, Weijiang
2023-11-24 5:53 ` [PATCH v7 05/26] x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration Yang Weijiang
2023-11-28 14:58 ` Edgecombe, Rick P
2023-11-29 14:12 ` Yang, Weijiang
2023-11-29 17:08 ` Edgecombe, Rick P
2023-11-30 13:28 ` Yang, Weijiang
2023-11-30 17:29 ` Maxim Levitsky
2023-11-30 18:02 ` Edgecombe, Rick P
2023-11-30 17:29 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 06/26] x86/fpu/xstate: Create guest fpstate with guest specific config Yang Weijiang
2023-11-28 15:19 ` Edgecombe, Rick P
2023-11-29 14:16 ` Yang, Weijiang
2023-11-30 17:36 ` Maxim Levitsky
2023-12-01 8:36 ` Yang, Weijiang
2023-12-05 9:57 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 07/26] x86/fpu/xstate: Warn if kernel dynamic xfeatures detected in normal fpstate Yang Weijiang
2023-11-28 15:25 ` Edgecombe, Rick P
2023-11-29 14:18 ` Yang, Weijiang
2023-11-24 5:53 ` [PATCH v7 08/26] KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 09/26] KVM: x86: Rename kvm_{g,s}et_msr() to menifest emulation operations Yang Weijiang
2023-11-30 17:36 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 10/26] KVM: x86: Refine xsave-managed guest register/MSR reset handling Yang Weijiang
2023-11-30 17:36 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 11/26] KVM: x86: Add kvm_msr_{read,write}() helpers Yang Weijiang
2023-11-30 17:37 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 12/26] KVM: x86: Report XSS as to-be-saved if there are supported features Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 13/26] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Yang Weijiang
2023-11-30 17:37 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 14/26] KVM: x86: Initialize kvm_caps.supported_xss Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 15/26] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Yang Weijiang
2023-11-30 17:38 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 16/26] KVM: x86: Add fault checks for guest CR4.CET setting Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 17/26] KVM: x86: Report KVM supported CET MSRs as to-be-saved Yang Weijiang
2023-11-30 17:40 ` Maxim Levitsky
2023-11-24 5:53 ` Yang Weijiang [this message]
2023-11-24 5:53 ` [PATCH v7 19/26] KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT enabled" Yang Weijiang
2023-11-30 17:40 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 20/26] KVM: VMX: Emulate read and write to CET MSRs Yang Weijiang
2023-11-30 17:41 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 21/26] KVM: x86: Save and reload SSP to/from SMRAM Yang Weijiang
2023-11-30 17:42 ` Maxim Levitsky
2023-12-01 2:23 ` Chao Gao
2023-12-04 0:45 ` Yang, Weijiang
2023-12-05 10:02 ` Maxim Levitsky
2023-12-01 8:55 ` Yang, Weijiang
2023-11-24 5:53 ` [PATCH v7 22/26] KVM: VMX: Set up interception for CET MSRs Yang Weijiang
2023-11-30 17:44 ` Maxim Levitsky
2023-12-01 6:33 ` Chao Gao
2023-12-05 10:04 ` Maxim Levitsky
2023-12-01 9:45 ` Yang, Weijiang
2023-12-05 10:07 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 23/26] KVM: VMX: Set host constant supervisor states to VMCS fields Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 24/26] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Yang Weijiang
2023-11-30 17:46 ` Maxim Levitsky
2023-12-01 16:15 ` Yang, Weijiang
2023-12-05 10:07 ` Maxim Levitsky
2023-11-24 5:53 ` [PATCH v7 25/26] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Yang Weijiang
2023-11-24 5:53 ` [PATCH v7 26/26] KVM: nVMX: Enable CET support for nested guest Yang Weijiang
2023-11-30 17:53 ` Maxim Levitsky
2023-12-04 8:50 ` Yang, Weijiang
2023-12-05 10:12 ` Maxim Levitsky
2023-12-06 9:22 ` Yang, Weijiang
2023-12-06 17:24 ` Maxim Levitsky
2023-12-08 15:15 ` Yang, Weijiang
2023-12-08 15:22 ` Maxim Levitsky
2023-12-12 8:56 ` Yang, Weijiang
2023-12-12 11:09 ` Maxim Levitsky
2023-12-15 2:29 ` [PATCH v7 00/26] Enable CET Virtualization Yang, Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231124055330.138870-19-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=chao.gao@intel.com \
--cc=dave.hansen@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=yi.z.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).