Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp3249581ybk; Mon, 18 May 2020 23:08:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgK8QezVeO9ztZpHo277e693RTe0XH/Otlc5gS/cORPZGXfctl1gQ3YnrTR6CNUPqVkmBd X-Received: by 2002:a17:906:8cf:: with SMTP id o15mr17982531eje.351.1589868491475; Mon, 18 May 2020 23:08:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589868491; cv=none; d=google.com; s=arc-20160816; b=lL5knI3uaJbX964nOdXGn96sliQaXXZ0Xd5pmYLQv8jV5n9prCMx2MF1nVIR+nHfMh TckJ0su0owv3M0CMVtJf7dZs0rHctRem3BQm7LABoT/kZwWWEvfC5E/A84HP0uIT7f2U sB8y+/4nYUd7Jst76eXdVom4+W6Zx33hXqUeK3XjpNUKhTTw4vOxpBhy27weXbffPtey mOWSP0ER+CbWGmsO1MFfwD9KKvlxR0KO6JYmKGrYgreN3hnshyrJigf8GOsTyrSryZqe bpoigsI9rieYAhUwmeBKj3aHLgGTlAcciMwHHfyWi68ylNJt0bzDGoFoABuvO2HI47/i QzRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=1tQAYA3WuFnyezWhyO5A5ku10VYQDIYq5UviXXH+NRo=; b=K8S9Rk5nnZPmUerdjZCtmSfzRUL9DmUJ02wkgvLmStusFFBFkVy/M20l9F+ERSuNQz DPEp6MLWCeQKbNrgCgOVr2WbrQIc7QuC1eOuUCFoNz22lMwypeWXVQ1RlWf8gdfDgecn 3I4ODLWnkcR2C9OgLkDQsT+/EEsUjRSITuWpYHUagNJ2ZZAMc8ISwchDWG4HKO1h2IkM T2eeBQE7ygs1ooz99O8svJSloQZPGSumN4DSB+nx91nwzKz56WoHt+tSSWg4dpKrnbc3 u2BrlegV2sUgk4ZC2NrpXHJutyuJIEOTW8gyMlTC747mMIa9GGrhqeW15wdWRV9aXavi 01rg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d60si7499410edc.337.2020.05.18.23.07.47; Mon, 18 May 2020 23:08:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728279AbgESGGP (ORCPT + 99 others); Tue, 19 May 2020 02:06:15 -0400 Received: from mga05.intel.com ([192.55.52.43]:19881 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726605AbgESGGP (ORCPT ); Tue, 19 May 2020 02:06:15 -0400 IronPort-SDR: vgEorDNoi6Nbn44uOkqwltHRrBPOj03/cXoXtY5L7DpbcETJqfu3OI5a6Z/pAXc23QKYuqz8z5 1l6S9Th36e3w== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2020 23:06:15 -0700 IronPort-SDR: RP62tTAecEamVpolBpqzmO51l5w3dtNgXpC9k5/YiqlCJu1w90hrKR+VIZM6kHhE0ChmhGuaSl 4BrZ6K7wx+gA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,409,1583222400"; d="scan'208";a="308313067" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by FMSMGA003.fm.intel.com with ESMTP; 18 May 2020 23:06:14 -0700 Date: Mon, 18 May 2020 23:06:14 -0700 From: Sean Christopherson To: Yang Weijiang Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com, jmattson@google.com, yu.c.zhang@linux.intel.com Subject: Re: [PATCH v12 00/10] Introduce support for guest CET feature Message-ID: <20200519060614.GA5189@linux.intel.com> References: <20200506082110.25441-1-weijiang.yang@intel.com> <20200518084232.GA11265@local-michael-cet-test> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200518084232.GA11265@local-michael-cet-test> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 18, 2020 at 04:42:32PM +0800, Yang Weijiang wrote: > On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET > > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming. > > > > Several parts in KVM have been updated to provide VM CET support, including: > > CPUID/XSAVES config, MSR pass-through, user space MSR access interface, > > vmentry/vmexit config, nested VM etc. These patches have dependency on CET > > kernel patches for xsaves support and CET definitions, e.g., MSR and related > > feature flags. > > > > CET kernel patches are here: > > https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng.yu@intel.com > > > > v12: > > - Fixed a few issues per Sean and Paolo's review feeback. > > - Refactored patches to make them properly arranged. > > - Removed unnecessary hard-coded CET states for host/guest. > > - Added compile-time assertions for vmcs_field_to_offset_table to detect > > mismatch of the field type and field encoding number. > > - Added a custom MSR MSR_KVM_GUEST_SSP for guest active SSP save/restore. > > - Rebased patches to 5.7-rc3. > > > ping... > > Sean and Paolo, > Could you review v12 at your convenience? Thank you! Through no fault of your own, it'll probably be a few weeks before I get back to your CET series. The kernel enabling doesn't seem like it's going to be merged anytime soon, certainly not for 5.8, so unfortunately your series got put on the backburner. Sorry :-(.