Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp2547077ybk; Mon, 18 May 2020 01:43:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyU4zahXeBMmIna4zcmxSgEXMztV7G6eNh1a4ZfCgZ3XBeHTb/IE92iQz0WuiaPRrcsxj8J X-Received: by 2002:a05:6402:b70:: with SMTP id cb16mr12996526edb.234.1589791389122; Mon, 18 May 2020 01:43:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589791389; cv=none; d=google.com; s=arc-20160816; b=PKcfds73c8850yFdGVlMcNs+8QIyOcfbpTC0nZD/MFijlddCAT8HsdWCp61OpGCy+Z raoGCx4ZxAszxCHnbdpSeMYqHbZXSf5GK0+62YY0jchR4FUhVOFakPkZSE70Ef9drc4H 3scDiJxYo9yHHvVenJzKQ8aiv396NCsXurvDsQDPFo8vYzzXggVa/I36cdktlUd/j+7Y ZmGQ//0gQEjB2uQD6UOnujQXYPNffIBZ5MmXci928ESp2Ea9xoCvO9yJ6BpsirZM+0Ki zshCp5yoH9EelPR8HK2HgqtiJotLo13pDJjavixGsnRMVUe5CslS8t65EhdX1mnZ2c19 /Irg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=U46WQNcTfid2NR7OKuI9K2SSdpkfwvLhp0ve2eepB5w=; b=Hz13vYMrXWbRVlmndVIB2Xf27eEyhvxwH02CFaltd1icE+PHL+qxNRYj/nhKC2z6fB T5agyLFY9yQ2smq77e0v+QuPYPOXuNbTorQufRZr/T9JVGq7nsUHIC72/knidn4JLgDi /YXA5eX2XtOfAtmjsZdyZNp5z9OPJUsYIcpClnvZFUJ7n+Z0GYzzdfeLjnyl+MGgbwFb KsJdpKX8aknqPigEWSinATKhqIvlu3rA0yRhXd2PgAZLuvykVS00DtGpg3CpF4aQkGOL krjcy7ydQjFmphjaLAO92h7+Y6vmiib+brNuI4l7b34qWhoF9Pv2DI/n4Lsc245D94Qp +izA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id si3si5973013ejb.5.2020.05.18.01.42.44; Mon, 18 May 2020 01:43:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726448AbgERIlP (ORCPT + 99 others); Mon, 18 May 2020 04:41:15 -0400 Received: from mga02.intel.com ([134.134.136.20]:59436 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726040AbgERIlP (ORCPT ); Mon, 18 May 2020 04:41:15 -0400 IronPort-SDR: 45lCtwdkknttbCEbGhuKVhokEPny8GoaN4m3VZ0p8FPH7U6iU/YS0DxVvjs5X8VfR2UElZ3Ucl 0JkcDy032pIg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2020 01:41:14 -0700 IronPort-SDR: j0MWgoLCtz6uuAyAgUAAmFGrwHZ5VdZVmXTVkgD0kTeuO69jqkqjF4UwBgQboBVR7NDyfq7VI6 j7JZDlKHWhVQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,406,1583222400"; d="scan'208";a="252824707" Received: from local-michael-cet-test.sh.intel.com (HELO localhost) ([10.239.159.128]) by orsmga007.jf.intel.com with ESMTP; 18 May 2020 01:41:12 -0700 Date: Mon, 18 May 2020 16:42:32 +0800 From: Yang Weijiang To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com Cc: yu.c.zhang@linux.intel.com, Yang Weijiang Subject: Re: [PATCH v12 00/10] Introduce support for guest CET feature Message-ID: <20200518084232.GA11265@local-michael-cet-test> References: <20200506082110.25441-1-weijiang.yang@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200506082110.25441-1-weijiang.yang@intel.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote: > Control-flow Enforcement Technology (CET) provides protection against > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming. > > Several parts in KVM have been updated to provide VM CET support, including: > CPUID/XSAVES config, MSR pass-through, user space MSR access interface, > vmentry/vmexit config, nested VM etc. These patches have dependency on CET > kernel patches for xsaves support and CET definitions, e.g., MSR and related > feature flags. > > CET kernel patches are here: > https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng.yu@intel.com > > v12: > - Fixed a few issues per Sean and Paolo's review feeback. > - Refactored patches to make them properly arranged. > - Removed unnecessary hard-coded CET states for host/guest. > - Added compile-time assertions for vmcs_field_to_offset_table to detect > mismatch of the field type and field encoding number. > - Added a custom MSR MSR_KVM_GUEST_SSP for guest active SSP save/restore. > - Rebased patches to 5.7-rc3. > ping... Sean and Paolo, Could you review v12 at your convenience? Thank you!