AMD Zen3 and newer processors support shadow stack, a feature designed to
protect against ROP (return-oriented programming) attacks in which an attacker
manipulates return addresses on the call stack in order to execute arbitrary
code. To prevent this, shadow stacks can be allocated that are only used by
control transfer and return instructions. When a CALL instruction is issued, it
writes the return address to both the program stack and the shadow stack. When
the subsequent RET instruction is issued, it pops the return address from both
stacks and compares them. If the addresses don't match, a control-protection
exception is raised.
Shadow stack and a related feature, Indirect Branch Tracking (IBT), are
collectively referred to as Control-flow Enforcement Technology (CET). However,
current AMD processors only support shadow stack and not IBT.
This series adds support for shadow stack in SVM guests and builds upon the
support added in the CET guest support patch series [1] and the CET kernel
patch series [2]. Additional patches are required to support shadow stack
enabled guests in qemu [3] and glibc [4].
[1]: CET guest support patches
https://lore.kernel.org/all/[email protected]/
[2]: Latest CET kernel patches
https://lore.kernel.org/all/[email protected]/
[3]: CET qemu patches
https://patchwork.ozlabs.org/project/qemu-devel/patch/[email protected]/
[4]: glibc tree containing necessary updates
https://gitlab.com/x86-glibc/glibc/-/tree/users/hjl/cet/master/
John Allen (7):
KVM: x86: Move shared CET routine to common x86 kvm code
KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs
KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions
KVM: x86: SVM: Pass through shadow stack MSRs
KVM: SVM: Save shadow stack host state on VMRUN
KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
KVM: SVM: Add CET features to supported_xss
arch/x86/include/asm/svm.h | 1 +
arch/x86/kvm/svm/sev.c | 25 ++++++++++-
arch/x86/kvm/svm/svm.c | 85 ++++++++++++++++++++++++++++++++++++++
arch/x86/kvm/svm/svm.h | 2 +-
arch/x86/kvm/vmx/vmx.c | 32 ++------------
arch/x86/kvm/x86.c | 26 ++++++++++++
arch/x86/kvm/x86.h | 2 +
7 files changed, 141 insertions(+), 32 deletions(-)
--
2.34.3
cet_is_msr_accessible can also by used for shadow stack support in SVM.
Move this to common x86 kvm code.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/kvm/vmx/vmx.c | 32 +++-----------------------------
arch/x86/kvm/x86.c | 26 ++++++++++++++++++++++++++
arch/x86/kvm/x86.h | 2 ++
3 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 4558b13d0610..8b79a727b29c 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1845,32 +1845,6 @@ static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
}
}
-static bool cet_is_msr_accessible(struct kvm_vcpu *vcpu,
- struct msr_data *msr)
-{
- if (!kvm_cet_user_supported() &&
- !cet_kernel_ibt_supported())
- return false;
-
- if (msr->host_initiated)
- return true;
-
- if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
- !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
- return false;
-
- if (msr->index == MSR_IA32_S_CET &&
- guest_cpuid_has(vcpu, X86_FEATURE_IBT))
- return true;
-
- if ((msr->index == MSR_IA32_PL3_SSP ||
- msr->index == MSR_KVM_GUEST_SSP) &&
- !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
- return false;
-
- return true;
-}
-
/*
* Reads an msr value (of 'msr_info->index') into 'msr_info->data'.
* Returns 0 on success, non-0 otherwise.
@@ -2014,7 +1988,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
case MSR_IA32_PL3_SSP:
case MSR_KVM_GUEST_SSP:
case MSR_IA32_S_CET:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if (msr_info->index == MSR_KVM_GUEST_SSP)
msr_info->data = vmcs_readl(GUEST_SSP);
@@ -2363,7 +2337,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
break;
case MSR_IA32_U_CET:
case MSR_IA32_S_CET:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if ((data & GENMASK(9, 6)) ||
is_noncanonical_address(data, vcpu))
@@ -2375,7 +2349,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
break;
case MSR_IA32_PL3_SSP:
case MSR_KVM_GUEST_SSP:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if ((data & GENMASK(2, 0)) ||
is_noncanonical_address(data, vcpu))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5786225c0dfa..486e91f4a538 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -13475,6 +13475,32 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
}
EXPORT_SYMBOL_GPL(kvm_sev_es_string_io);
+bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr)
+{
+ if (!kvm_cet_user_supported() &&
+ !cet_kernel_ibt_supported())
+ return false;
+
+ if (msr->host_initiated)
+ return true;
+
+ if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+ return false;
+
+ if (msr->index == MSR_IA32_S_CET &&
+ guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+ return true;
+
+ if ((msr->index == MSR_IA32_PL3_SSP ||
+ msr->index == MSR_KVM_GUEST_SSP) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
+ return false;
+
+ return true;
+}
+EXPORT_SYMBOL_GPL(kvm_cet_is_msr_accessible);
+
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_entry);
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio);
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index a55f262d1e61..fb871be7131e 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -502,6 +502,8 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
unsigned int port, void *data, unsigned int count,
int in);
+bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr);
+
/*
* We've already loaded guest MSRs in __msr_io() when check the MSR index.
* In case vcpu has been preempted, we need to disable preemption, check
--
2.34.3
Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET,
SSP, and ISST_ADDR. Since there currently isn't support to decrypt and
dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and
U_CET which are only inlcuded in the SEV-ES save area.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/kvm/svm/svm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 1f31a991c745..411c815d2d91 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3372,6 +3372,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu)
"rip:", save->rip, "rflags:", save->rflags);
pr_err("%-15s %016llx %-13s %016llx\n",
"rsp:", save->rsp, "rax:", save->rax);
+ pr_err("%-15s %016llx %-13s %016llx\n",
+ "s_cet:", save->s_cet, "ssp:", save->ssp);
+ pr_err("%-15s %016llx\n",
+ "isst_addr:", save->isst_addr);
pr_err("%-15s %016llx %-13s %016llx\n",
"star:", save01->star, "lstar:", save01->lstar);
pr_err("%-15s %016llx %-13s %016llx\n",
--
2.34.3
If kvm supports shadow stack, pass through shadow stack MSRs to improve
guest performance.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++
arch/x86/kvm/svm/svm.h | 2 +-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 411c815d2d91..f40d3df2c1be 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -134,6 +134,13 @@ static const struct svm_direct_access_msrs {
{ .index = X2APIC_MSR(APIC_TMICT), .always = false },
{ .index = X2APIC_MSR(APIC_TMCCT), .always = false },
{ .index = X2APIC_MSR(APIC_TDCR), .always = false },
+ { .index = MSR_IA32_U_CET, .always = false },
+ { .index = MSR_IA32_S_CET, .always = false },
+ { .index = MSR_IA32_INT_SSP_TAB, .always = false },
+ { .index = MSR_IA32_PL0_SSP, .always = false },
+ { .index = MSR_IA32_PL1_SSP, .always = false },
+ { .index = MSR_IA32_PL2_SSP, .always = false },
+ { .index = MSR_IA32_PL3_SSP, .always = false },
{ .index = MSR_INVALID, .always = false },
};
@@ -1174,6 +1181,16 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
}
+
+ if (kvm_cet_user_supported() && guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) {
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, 1, 1);
+ }
}
static void init_vmcb(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 6a7686bf6900..c1c3e090ff9d 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -29,7 +29,7 @@
#define IOPM_SIZE PAGE_SIZE * 3
#define MSRPM_SIZE PAGE_SIZE * 2
-#define MAX_DIRECT_ACCESS_MSRS 46
+#define MAX_DIRECT_ACCESS_MSRS 53
#define MSRPM_OFFSETS 32
extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
extern bool npt_enabled;
--
2.34.3
If the CPU supports CET, add CET XSAVES feature bits to the
supported_xss mask.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/kvm/svm/svm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index b474c7e57139..b815865ad0fb 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5026,6 +5026,11 @@ static __init void svm_set_cpu_caps(void)
boot_cpu_has(X86_FEATURE_AMD_SSBD))
kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
+ if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {
+ kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER |
+ XFEATURE_MASK_CET_KERNEL;
+ }
+
/* AMD PMU PERFCTR_CORE CPUID */
if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE))
kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);
--
2.34.3
When a guest issues a cpuid instruction for Fn0000000D_x0B
(CetUserOffset), KVM will intercept and need to access the guest
MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be
included in the GHCB to be visible to the hypervisor.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/include/asm/svm.h | 1 +
arch/x86/kvm/svm/sev.c | 12 ++++++++++--
arch/x86/kvm/svm/svm.c | 1 +
arch/x86/kvm/svm/svm.h | 2 +-
4 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 0361626841bc..b98c2a1087c0 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -625,5 +625,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1)
DEFINE_GHCB_ACCESSORS(sw_exit_info_2)
DEFINE_GHCB_ACCESSORS(sw_scratch)
DEFINE_GHCB_ACCESSORS(xcr0)
+DEFINE_GHCB_ACCESSORS(xss)
#endif
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index a5e72b2c94aa..55730055ee4c 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2418,8 +2418,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm)
svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb);
- if (ghcb_xcr0_is_valid(ghcb)) {
- vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
+ if (ghcb_xcr0_is_valid(ghcb) || ghcb_xss_is_valid(ghcb)) {
+ if (ghcb_xcr0_is_valid(ghcb))
+ vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
+
+ if (ghcb_xss_is_valid(ghcb))
+ vcpu->arch.ia32_xss = ghcb_get_xss(ghcb);
+
kvm_update_cpuid_runtime(vcpu);
}
@@ -2988,6 +2993,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP))
svm_clr_intercept(svm, INTERCEPT_RDTSCP);
}
+
+ if (kvm_caps.supported_xss)
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1);
}
void sev_init_vmcb(struct vcpu_svm *svm)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index f40d3df2c1be..b474c7e57139 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -141,6 +141,7 @@ static const struct svm_direct_access_msrs {
{ .index = MSR_IA32_PL1_SSP, .always = false },
{ .index = MSR_IA32_PL2_SSP, .always = false },
{ .index = MSR_IA32_PL3_SSP, .always = false },
+ { .index = MSR_IA32_XSS, .always = false },
{ .index = MSR_INVALID, .always = false },
};
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index c1c3e090ff9d..ad89b1dbe62d 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -29,7 +29,7 @@
#define IOPM_SIZE PAGE_SIZE * 3
#define MSRPM_SIZE PAGE_SIZE * 2
-#define MAX_DIRECT_ACCESS_MSRS 53
+#define MAX_DIRECT_ACCESS_MSRS 54
#define MSRPM_OFFSETS 32
extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
extern bool npt_enabled;
--
2.34.3
When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP,
and U_CET fields in the VMCB save area are type B, meaning the host
state is automatically loaded on a VMEXIT, but is not saved on a VMRUN.
The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A,
meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the
type B host MSR values before VMRUN.
Signed-off-by: John Allen <[email protected]>
---
arch/x86/kvm/svm/sev.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 28064060413a..a5e72b2c94aa 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3027,6 +3027,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
/* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */
hostsa->xss = host_xss;
+
+ if (boot_cpu_has(X86_FEATURE_SHSTK)) {
+ /*
+ * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP,
+ * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on
+ * VMEXIT, save the current host values.
+ */
+ rdmsrl(MSR_IA32_U_CET, hostsa->u_cet);
+ rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp);
+ rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp);
+ rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp);
+ rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp);
+ }
}
void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
--
2.34.3
Set up interception of shadow stack MSRs. In the event that shadow stack
is unsupported on the host or the MSRs are otherwise inaccessible, the
interception code will return an error. In certain circumstances such as
host initiated MSR reads or writes, the interception code will get or
set the requested MSR value.
Signed-off-by: John Allen <[email protected]>
---
Adapted from: https://lore.kernel.org/all/[email protected]/
---
arch/x86/kvm/svm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index f3813dbacb9f..1f31a991c745 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2764,6 +2764,31 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
if (guest_cpuid_is_intel(vcpu))
msr_info->data |= (u64)svm->sysenter_esp_hi << 32;
break;
+ case MSR_IA32_S_CET:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ msr_info->data = svm->vmcb->save.s_cet;
+ break;
+ case MSR_IA32_U_CET:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ kvm_get_xsave_msr(msr_info);
+ break;
+ case MSR_IA32_INT_SSP_TAB:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ msr_info->data = svm->vmcb->save.isst_addr;
+ break;
+ case MSR_KVM_GUEST_SSP:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ msr_info->data = svm->vmcb->save.ssp;
+ break;
+ case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ kvm_get_xsave_msr(msr_info);
+ break;
case MSR_TSC_AUX:
msr_info->data = svm->tsc_aux;
break;
@@ -2995,6 +3020,39 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
svm->vmcb01.ptr->save.sysenter_esp = (u32)data;
svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
break;
+ case MSR_IA32_S_CET:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr))
+ return 1;
+ svm->vmcb->save.s_cet = data;
+ break;
+ case MSR_IA32_U_CET:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr))
+ return 1;
+ kvm_set_xsave_msr(msr);
+ break;
+ case MSR_IA32_INT_SSP_TAB:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr))
+ return 1;
+ if (is_noncanonical_address(data, vcpu))
+ return 1;
+ svm->vmcb->save.isst_addr = data;
+ break;
+ case MSR_KVM_GUEST_SSP:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr))
+ return 1;
+ /* SSP MSR values should be a 4-byte aligned canonical addresses */
+ if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu))
+ return 1;
+ svm->vmcb->save.ssp = data;
+ break;
+ case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+ if (!kvm_cet_is_msr_accessible(vcpu, msr))
+ return 1;
+ /* SSP MSR values should be a 4-byte aligned canonical addresses */
+ if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu))
+ return 1;
+ kvm_set_xsave_msr(msr);
+ break;
case MSR_TSC_AUX:
/*
* TSC_AUX is usually changed only during boot and never read
--
2.34.3
On Wed, Oct 12, 2022, John Allen wrote:
> If the CPU supports CET, add CET XSAVES feature bits to the
> supported_xss mask.
>
> Signed-off-by: John Allen <[email protected]>
> ---
> arch/x86/kvm/svm/svm.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index b474c7e57139..b815865ad0fb 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -5026,6 +5026,11 @@ static __init void svm_set_cpu_caps(void)
> boot_cpu_has(X86_FEATURE_AMD_SSBD))
> kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
>
> + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {
No need for curly braces.
> + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER |
> + XFEATURE_MASK_CET_KERNEL;
> + }
> +
> /* AMD PMU PERFCTR_CORE CPUID */
> if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE))
> kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);
> --
> 2.34.3
>
On Wed, Oct 12, 2022, John Allen wrote:
> AMD Zen3 and newer processors support shadow stack, a feature designed to
> protect against ROP (return-oriented programming) attacks in which an attacker
> manipulates return addresses on the call stack in order to execute arbitrary
> code. To prevent this, shadow stacks can be allocated that are only used by
> control transfer and return instructions. When a CALL instruction is issued, it
> writes the return address to both the program stack and the shadow stack. When
> the subsequent RET instruction is issued, it pops the return address from both
> stacks and compares them. If the addresses don't match, a control-protection
> exception is raised.
>
> Shadow stack and a related feature, Indirect Branch Tracking (IBT), are
> collectively referred to as Control-flow Enforcement Technology (CET). However,
> current AMD processors only support shadow stack and not IBT.
>
> This series adds support for shadow stack in SVM guests and builds upon the
> support added in the CET guest support patch series [1] and the CET kernel
> patch series [2]. Additional patches are required to support shadow stack
> enabled guests in qemu [3] and glibc [4].
>
> [1]: CET guest support patches
> https://lore.kernel.org/all/[email protected]/
>
> [2]: Latest CET kernel patches
> https://lore.kernel.org/all/[email protected]/
That dependency chain makes me sad.
Outside of a very shallow comment on the last patch, I don't plan on reviewing
this until the kernel side of things gets out of our way. When that finally
does happen, I'll definitely prioritize reviewing and merging this and the KVM
Intel series. I'd love to see this land.
Sorry :-(
On Wed, 2023-01-25 at 00:55 +0000, Sean Christopherson wrote:
> On Wed, Oct 12, 2022, John Allen wrote:
> > AMD Zen3 and newer processors support shadow stack, a feature
> > designed to
> > protect against ROP (return-oriented programming) attacks in which
> > an attacker
> > manipulates return addresses on the call stack in order to execute
> > arbitrary
> > code. To prevent this, shadow stacks can be allocated that are only
> > used by
> > control transfer and return instructions. When a CALL instruction
> > is issued, it
> > writes the return address to both the program stack and the shadow
> > stack. When
> > the subsequent RET instruction is issued, it pops the return
> > address from both
> > stacks and compares them. If the addresses don't match, a control-
> > protection
> > exception is raised.
> >
> > Shadow stack and a related feature, Indirect Branch Tracking (IBT),
> > are
> > collectively referred to as Control-flow Enforcement Technology
> > (CET). However,
> > current AMD processors only support shadow stack and not IBT.
> >
> > This series adds support for shadow stack in SVM guests and builds
> > upon the
> > support added in the CET guest support patch series [1] and the CET
> > kernel
> > patch series [2]. Additional patches are required to support shadow
> > stack
> > enabled guests in qemu [3] and glibc [4].
> >
> > [1]: CET guest support patches
> >
https://lore.kernel.org/all/[email protected]/
> >
> > [2]: Latest CET kernel patches
> >
https://lore.kernel.org/all/[email protected]/
>
> That dependency chain makes me sad.
>
> Outside of a very shallow comment on the last patch, I don't plan on
> reviewing
> this until the kernel side of things gets out of our way. When that
> finally
> does happen, I'll definitely prioritize reviewing and merging this
> and the KVM
> Intel series. I'd love to see this land.
I think all KVM needs is a few patches from the beginning of the host
series (the FPU stuff). At one point Weijiang and I had discussed with
Paolo and x86 folks that those few could go up with the KVM series if
desired.
On 1/24/23 6:55 PM, Sean Christopherson wrote:
> On Wed, Oct 12, 2022, John Allen wrote:
>> AMD Zen3 and newer processors support shadow stack, a feature designed to
>> protect against ROP (return-oriented programming) attacks in which an attacker
>> manipulates return addresses on the call stack in order to execute arbitrary
>> code. To prevent this, shadow stacks can be allocated that are only used by
>> control transfer and return instructions. When a CALL instruction is issued, it
>> writes the return address to both the program stack and the shadow stack. When
>> the subsequent RET instruction is issued, it pops the return address from both
>> stacks and compares them. If the addresses don't match, a control-protection
>> exception is raised.
>>
>> Shadow stack and a related feature, Indirect Branch Tracking (IBT), are
>> collectively referred to as Control-flow Enforcement Technology (CET). However,
>> current AMD processors only support shadow stack and not IBT.
>>
>> This series adds support for shadow stack in SVM guests and builds upon the
>> support added in the CET guest support patch series [1] and the CET kernel
>> patch series [2]. Additional patches are required to support shadow stack
>> enabled guests in qemu [3] and glibc [4].
>>
>> [1]: CET guest support patches
>> https://lore.kernel.org/all/[email protected]/
>>
>> [2]: Latest CET kernel patches
>> https://lore.kernel.org/all/[email protected]/
>
> That dependency chain makes me sad.
>
> Outside of a very shallow comment on the last patch, I don't plan on reviewing
> this until the kernel side of things gets out of our way. When that finally
> does happen, I'll definitely prioritize reviewing and merging this and the KVM
> Intel series. I'd love to see this land.
>
> Sorry :-(
Thanks Sean, understood. This submission is mainly for community awareness,
but any feedback we can get now prior to the main kernel series getting
merged is much appreciated. This would give us a longer lead on addressing
any concerns that the community might have and potentially allow us to get
this in more quickly when the kernel series has been merged.
Thanks,
John
On Wed, Jan 25, 2023 at 01:11:44AM +0000, Edgecombe, Rick P wrote:
> On Wed, 2023-01-25 at 00:55 +0000, Sean Christopherson wrote:
> > On Wed, Oct 12, 2022, John Allen wrote:
> > > AMD Zen3 and newer processors support shadow stack, a feature
> > > designed to
> > > protect against ROP (return-oriented programming) attacks in which
> > > an attacker
> > > manipulates return addresses on the call stack in order to execute
> > > arbitrary
> > > code. To prevent this, shadow stacks can be allocated that are only
> > > used by
> > > control transfer and return instructions. When a CALL instruction
> > > is issued, it
> > > writes the return address to both the program stack and the shadow
> > > stack. When
> > > the subsequent RET instruction is issued, it pops the return
> > > address from both
> > > stacks and compares them. If the addresses don't match, a control-
> > > protection
> > > exception is raised.
> > >
> > > Shadow stack and a related feature, Indirect Branch Tracking (IBT),
> > > are
> > > collectively referred to as Control-flow Enforcement Technology
> > > (CET). However,
> > > current AMD processors only support shadow stack and not IBT.
> > >
> > > This series adds support for shadow stack in SVM guests and builds
> > > upon the
> > > support added in the CET guest support patch series [1] and the CET
> > > kernel
> > > patch series [2]. Additional patches are required to support shadow
> > > stack
> > > enabled guests in qemu [3] and glibc [4].
> > >
> > > [1]: CET guest support patches
> > >
> https://lore.kernel.org/all/[email protected]/
> > >
> > > [2]: Latest CET kernel patches
> > >
> https://lore.kernel.org/all/[email protected]/
> >
> > That dependency chain makes me sad.
> >
> > Outside of a very shallow comment on the last patch, I don't plan on
> > reviewing
> > this until the kernel side of things gets out of our way. When that
> > finally
> > does happen, I'll definitely prioritize reviewing and merging this
> > and the KVM
> > Intel series. I'd love to see this land.
>
> I think all KVM needs is a few patches from the beginning of the host
> series (the FPU stuff). At one point Weijiang and I had discussed with
> Paolo and x86 folks that those few could go up with the KVM series if
> desired.
Now that the baremetal series has been accepted, how do we want to
proceed? I think I'd like to send a refreshed version based on the
version that was accpeted, but I'd want to wait to base it on a new
version of Weijiang's kvm/vmx series (if one is planned).
Weijiang and Rick,
Are you planning on sending a new version of the kvm/vmx series?
Thanks,
John
On 3/29/2023 1:51 AM, John Allen wrote:
> On Wed, Jan 25, 2023 at 01:11:44AM +0000, Edgecombe, Rick P wrote:
>> On Wed, 2023-01-25 at 00:55 +0000, Sean Christopherson wrote:
>>> On Wed, Oct 12, 2022, John Allen wrote:
>>>> AMD Zen3 and newer processors support shadow stack, a feature
>>>> designed to
>>>> protect against ROP (return-oriented programming) attacks in which
>>>> an attacker
>>>> manipulates return addresses on the call stack in order to execute
>>>> arbitrary
>>>> code. To prevent this, shadow stacks can be allocated that are only
>>>> used by
>>>> control transfer and return instructions. When a CALL instruction
>>>> is issued, it
>>>> writes the return address to both the program stack and the shadow
>>>> stack. When
>>>> the subsequent RET instruction is issued, it pops the return
>>>> address from both
>>>> stacks and compares them. If the addresses don't match, a control-
>>>> protection
>>>> exception is raised.
>>>>
>>>> Shadow stack and a related feature, Indirect Branch Tracking (IBT),
>>>> are
>>>> collectively referred to as Control-flow Enforcement Technology
>>>> (CET). However,
>>>> current AMD processors only support shadow stack and not IBT.
>>>>
>>>> This series adds support for shadow stack in SVM guests and builds
>>>> upon the
>>>> support added in the CET guest support patch series [1] and the CET
>>>> kernel
>>>> patch series [2]. Additional patches are required to support shadow
>>>> stack
>>>> enabled guests in qemu [3] and glibc [4].
>>>>
>>>> [1]: CET guest support patches
>>>>
>> https://lore.kernel.org/all/[email protected]/
>>>> [2]: Latest CET kernel patches
>>>>
>> https://lore.kernel.org/all/[email protected]/
>>> That dependency chain makes me sad.
>>>
>>> Outside of a very shallow comment on the last patch, I don't plan on
>>> reviewing
>>> this until the kernel side of things gets out of our way. When that
>>> finally
>>> does happen, I'll definitely prioritize reviewing and merging this
>>> and the KVM
>>> Intel series. I'd love to see this land.
>> I think all KVM needs is a few patches from the beginning of the host
>> series (the FPU stuff). At one point Weijiang and I had discussed with
>> Paolo and x86 folks that those few could go up with the KVM series if
>> desired.
> Now that the baremetal series has been accepted, how do we want to
> proceed? I think I'd like to send a refreshed version based on the
> version that was accpeted, but I'd want to wait to base it on a new
> version of Weijiang's kvm/vmx series (if one is planned).
>
> Weijiang and Rick,
>
> Are you planning on sending a new version of the kvm/vmx series?
Hi, Allen,
Yes, I'm working on the new version of kvm/vmx series, will cc you when
send it to community.
>
> Thanks,
> John
On 3/29/2023 8:16 AM, Yang, Weijiang wrote:
>
> On 3/29/2023 1:51 AM, John Allen wrote:
>> On Wed, Jan 25, 2023 at 01:11:44AM +0000, Edgecombe, Rick P wrote:
>>> On Wed, 2023-01-25 at 00:55 +0000, Sean Christopherson wrote:
>>>> On Wed, Oct 12, 2022, John Allen wrote:
>>>>> AMD Zen3 and newer processors support shadow stack, a feature
>>>>> designed to
>>>>> protect against ROP (return-oriented programming) attacks in which
>>>>> an attacker
>>>>> manipulates return addresses on the call stack in order to execute
>>>>> arbitrary
>>>>> code. To prevent this, shadow stacks can be allocated that are only
>>>>> used by
>>>>> control transfer and return instructions. When a CALL instruction
>>>>> is issued, it
>>>>> writes the return address to both the program stack and the shadow
>>>>> stack. When
>>>>> the subsequent RET instruction is issued, it pops the return
>>>>> address from both
>>>>> stacks and compares them. If the addresses don't match, a control-
>>>>> protection
>>>>> exception is raised.
>>>>>
>>>>> Shadow stack and a related feature, Indirect Branch Tracking (IBT),
>>>>> are
>>>>> collectively referred to as Control-flow Enforcement Technology
>>>>> (CET). However,
>>>>> current AMD processors only support shadow stack and not IBT.
>>>>>
>>>>> This series adds support for shadow stack in SVM guests and builds
>>>>> upon the
>>>>> support added in the CET guest support patch series [1] and the CET
>>>>> kernel
>>>>> patch series [2]. Additional patches are required to support shadow
>>>>> stack
>>>>> enabled guests in qemu [3] and glibc [4].
>>>>>
>>>>> [1]: CET guest support patches
>>>>>
>>> https://lore.kernel.org/all/[email protected]/
>>>
>>>>> [2]: Latest CET kernel patches
>>>>>
>>> https://lore.kernel.org/all/[email protected]/
>>>
>>>> That dependency chain makes me sad.
>>>>
>>>> Outside of a very shallow comment on the last patch, I don't plan on
>>>> reviewing
>>>> this until the kernel side of things gets out of our way. When that
>>>> finally
>>>> does happen, I'll definitely prioritize reviewing and merging this
>>>> and the KVM
>>>> Intel series. I'd love to see this land.
>>> I think all KVM needs is a few patches from the beginning of the host
>>> series (the FPU stuff). At one point Weijiang and I had discussed with
>>> Paolo and x86 folks that those few could go up with the KVM series if
>>> desired.
>> Now that the baremetal series has been accepted, how do we want to
>> proceed? I think I'd like to send a refreshed version based on the
>> version that was accpeted, but I'd want to wait to base it on a new
>> version of Weijiang's kvm/vmx series (if one is planned).
>>
>> Weijiang and Rick,
>>
>> Are you planning on sending a new version of the kvm/vmx series?
>
> Hi, Allen,
>
> Yes, I'm working on the new version of kvm/vmx series, will cc you when
>
> send it to community.
Patch 1/7 did what I wanted to implement to support AMD SHSTK, my next
version
will continue refactoring them in vmx scope, then your series may pick
up the helper
and modify accordingly.
Please note, in my series, I removed check for MSR_IA32_PL{0,1,2}_SSP
since they're
not supported right now, but your series supports for the MSRs, so you
have to change
the helper a bit to adapt to your patches.
>
>
>>
>> Thanks,
>> John
On Thu, Mar 30, 2023 at 01:37:38PM +0800, Yang, Weijiang wrote:
>
> On 3/29/2023 8:16 AM, Yang, Weijiang wrote:
> >
> > On 3/29/2023 1:51 AM, John Allen wrote:
> > > On Wed, Jan 25, 2023 at 01:11:44AM +0000, Edgecombe, Rick P wrote:
> > > > On Wed, 2023-01-25 at 00:55 +0000, Sean Christopherson wrote:
> > > > > On Wed, Oct 12, 2022, John Allen wrote:
> > > > > > AMD Zen3 and newer processors support shadow stack, a feature
> > > > > > designed to
> > > > > > protect against ROP (return-oriented programming) attacks in which
> > > > > > an attacker
> > > > > > manipulates return addresses on the call stack in order to execute
> > > > > > arbitrary
> > > > > > code. To prevent this, shadow stacks can be allocated that are only
> > > > > > used by
> > > > > > control transfer and return instructions. When a CALL instruction
> > > > > > is issued, it
> > > > > > writes the return address to both the program stack and the shadow
> > > > > > stack. When
> > > > > > the subsequent RET instruction is issued, it pops the return
> > > > > > address from both
> > > > > > stacks and compares them. If the addresses don't match, a control-
> > > > > > protection
> > > > > > exception is raised.
> > > > > >
> > > > > > Shadow stack and a related feature, Indirect Branch Tracking (IBT),
> > > > > > are
> > > > > > collectively referred to as Control-flow Enforcement Technology
> > > > > > (CET). However,
> > > > > > current AMD processors only support shadow stack and not IBT.
> > > > > >
> > > > > > This series adds support for shadow stack in SVM guests and builds
> > > > > > upon the
> > > > > > support added in the CET guest support patch series [1] and the CET
> > > > > > kernel
> > > > > > patch series [2]. Additional patches are required to support shadow
> > > > > > stack
> > > > > > enabled guests in qemu [3] and glibc [4].
> > > > > >
> > > > > > [1]: CET guest support patches
> > > > > >
> > > > https://lore.kernel.org/all/[email protected]/
> > > >
> > > > > > [2]: Latest CET kernel patches
> > > > > >
> > > > https://lore.kernel.org/all/[email protected]/
> > > >
> > > > > That dependency chain makes me sad.
> > > > >
> > > > > Outside of a very shallow comment on the last patch, I don't plan on
> > > > > reviewing
> > > > > this until the kernel side of things gets out of our way. When that
> > > > > finally
> > > > > does happen, I'll definitely prioritize reviewing and merging this
> > > > > and the KVM
> > > > > Intel series.? I'd love to see this land.
> > > > I think all KVM needs is a few patches from the beginning of the host
> > > > series (the FPU stuff). At one point Weijiang and I had discussed with
> > > > Paolo and x86 folks that those few could go up with the KVM series if
> > > > desired.
> > > Now that the baremetal series has been accepted, how do we want to
> > > proceed? I think I'd like to send a refreshed version based on the
> > > version that was accpeted, but I'd want to wait to base it on a new
> > > version of Weijiang's kvm/vmx series (if one is planned).
> > >
> > > Weijiang and Rick,
> > >
> > > Are you planning on sending a new version of the kvm/vmx series?
> >
> > Hi, Allen,
> >
> > Yes, I'm working on the new version of kvm/vmx series, will cc you when
> >
> > send it to community.
>
> Patch 1/7 did what I wanted to implement to support AMD SHSTK, my next
> version
>
> will continue refactoring them in vmx scope, then? your series may pick up
> the helper
>
> and modify accordingly.
>
> Please note, in my series, I removed check for MSR_IA32_PL{0,1,2}_SSP since
> they're
>
> not supported right now, but your series supports for the MSRs, so you have
> to change
>
> the helper a bit to adapt to your patches.
The reason we decided to include the PL{0,1,2}_SSP MSRs is that even
though linux doesn't support supervisor shadow stack, a non-linux guest
OS might support it and could make use of the MSRs. It could be
something the vmx patches might want to account for as well
Thanks,
John
On Thu, Mar 30, 2023, John Allen wrote:
> On Thu, Mar 30, 2023 at 01:37:38PM +0800, Yang, Weijiang wrote:
> >
> > On 3/29/2023 8:16 AM, Yang, Weijiang wrote:
> > > > Now that the baremetal series has been accepted, how do we want to
> > > > proceed? I think I'd like to send a refreshed version based on the
> > > > version that was accpeted, but I'd want to wait to base it on a new
> > > > version of Weijiang's kvm/vmx series (if one is planned).
> >
> > Patch 1/7 did what I wanted to implement to support AMD SHSTK, my next
> > version will continue refactoring them in vmx scope, then� your series may
> > pick up the helper and modify accordingly.
> >
> > Please note, in my series, I removed check for MSR_IA32_PL{0,1,2}_SSP since
> > they're not supported right now, but your series supports for the MSRs, so
> > you have to change the helper a bit to adapt to your patches.
>
> The reason we decided to include the PL{0,1,2}_SSP MSRs is that even
> though linux doesn't support supervisor shadow stack, a non-linux guest
> OS might support it and could make use of the MSRs. It could be
> something the vmx patches might want to account for as well
And emulating/virtualizing those MSRs is mandatory unless KVM can hide those MSRs
without violating the architecture (been a while since I looked at CET). If the
architecture does allow enumerating support for userspace but not supervisor, then
ideally the two would be enabled separately in KVM, e.g. so that that if one is
completely busted, we might be able to precisely revert only the broken code.
On 3/31/2023 4:05 AM, Sean Christopherson wrote:
> On Thu, Mar 30, 2023, John Allen wrote:
>> On Thu, Mar 30, 2023 at 01:37:38PM +0800, Yang, Weijiang wrote:
>>> On 3/29/2023 8:16 AM, Yang, Weijiang wrote:
>>>>> Now that the baremetal series has been accepted, how do we want to
>>>>> proceed? I think I'd like to send a refreshed version based on the
>>>>> version that was accpeted, but I'd want to wait to base it on a new
>>>>> version of Weijiang's kvm/vmx series (if one is planned).
>>> Patch 1/7 did what I wanted to implement to support AMD SHSTK, my next
>>> version will continue refactoring them in vmx scope, then� your series may
>>> pick up the helper and modify accordingly.
>>>
>>> Please note, in my series, I removed check for MSR_IA32_PL{0,1,2}_SSP since
>>> they're not supported right now, but your series supports for the MSRs, so
>>> you have to change the helper a bit to adapt to your patches.
>> The reason we decided to include the PL{0,1,2}_SSP MSRs is that even
>> though linux doesn't support supervisor shadow stack, a non-linux guest
>> OS might support it and could make use of the MSRs. It could be
>> something the vmx patches might want to account for as well
> And emulating/virtualizing those MSRs is mandatory unless KVM can hide those MSRs
> without violating the architecture (been a while since I looked at CET). If the
> architecture does allow enumerating support for userspace but not supervisor, then
> ideally the two would be enabled separately in KVM, e.g. so that that if one is
> completely busted, we might be able to precisely revert only the broken code.
OK, I'll add a separate patch to expose these supervisor MSRs but they
are not accessible on Intel
platform right now, i.e., resulting into #GP.
Meanwhile CPUID(7,1).EDX.bit 18 is always cleared to tell guest
supervisor SHSTK is not supported.
Allen can modify per AMD needs.