From: Yang Weijiang <weijiang.yang@intel.com>
To: pbonzini@redhat.com, mtosatti@redhat.com, rth@twiddle.net,
ehabkost@redhat.com, sean.j.christopherson@intel.com,
qemu-devel@nongnu.org
Cc: Yang Weijiang <weijiang.yang@intel.com>, hao.wu@intel.com
Subject: [Qemu-devel][PATCH v6 0/6] Enable CET support for guest
Date: Tue, 13 Oct 2020 13:19:29 +0800 [thread overview]
Message-ID: <20201013051935.6052-1-weijiang.yang@intel.com> (raw)
Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP). It includes two sub-features:
Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT).
This patchset is for guest CET enabling. It enclosed patches for
XSS feature report and CET CPUID enumeration, XSAVE support and MSR
access interface etc.
Related patch series:
CET KVM patches v14:
https://github.com/sean-jc/linux/releases/tag/kvm-cet-v14-rc1
Intel 64 and IA-32 Architectures Software Developer's Manual:
https://software.intel.com/en-us/download/intel-64-and-ia-32-
architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4
CET Shadow Stack patches v14:
https://lkml.kernel.org/r/20201012153850.26996-1-yu-cheng.yu@intel.com/
[3] Indirect Branch Tracking patches v14.
https://lkml.kernel.org/r/20201012154530.28382-1-yu-cheng.yu@intel.com/
v6:
- Cleaned up XSAVE related naming for adding XSS features.
- Refactored patches based on new QEMU code base.
v5:
- Checked CET states before access related MSRs.
- Added new MSR MSR_KVM_GUEST_SSP for live-migration.
- Refactored patches to make them more structured.
v4:
- Added MSR read/write interface for PL1_SSP/PL2_SSP.
- Removed CET structures from X86XSaveArea.
- Cleared ebx in return of CPUID.(EAX=d, ECX=1).
v3:
- Add CET MSR save/restore support for live-migration.
v2:
- In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds
to a bit in MSR_IA32_XSS.
- In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds
to a bit in MSR_IA32_XSS.
- Skip Supervisor mode xsave component when calculate User mode
xave component size in xsave_area_size() and x86_cpu_reset().
Yang Weijiang (6):
x86/cpu: Rename XSAVE related feature words.
x86/cpuid: Enable XSS feature enumeration for CPUID
x86/cpu: Enable CET components support for XSAVE
x86/cpu: Add user-space MSR access interface for CET
x86/cpu: Add CET state support for guest migration
x86/cpu: Advise CET bits in CPU/MSR feature words
target/i386/cpu.c | 132 +++++++++++++++++++++++---------
target/i386/cpu.h | 57 +++++++++++++-
target/i386/fpu_helper.c | 2 +-
target/i386/kvm.c | 73 ++++++++++++++++++
target/i386/machine.c | 161 +++++++++++++++++++++++++++++++++++++++
target/i386/translate.c | 2 +-
6 files changed, 384 insertions(+), 43 deletions(-)
--
2.26.2
next reply other threads:[~2020-10-13 5:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-13 5:19 Yang Weijiang [this message]
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 1/6] x86/cpu: Rename XSAVE related feature words Yang Weijiang
2020-10-14 0:08 ` Sean Christopherson
2020-10-15 2:20 ` Yang Weijiang
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 2/6] x86/cpuid: Enable XSS feature enumeration for CPUID Yang Weijiang
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 3/6] x86/cpu: Enable CET components support for XSAVE Yang Weijiang
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 4/6] x86/cpu: Add user-space MSR access interface for CET Yang Weijiang
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 5/6] x86/cpu: Add CET state support for guest migration Yang Weijiang
2020-10-13 5:19 ` [Qemu-devel][PATCH v6 6/6] x86/cpu: Advise CET bits in CPU/MSR feature words Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201013051935.6052-1-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=ehabkost@redhat.com \
--cc=hao.wu@intel.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=sean.j.christopherson@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).