Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1463259ybh; Thu, 23 Jul 2020 09:26:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxFbMvg1F7YRff0EGskGBzj53WwCxF0Z4utRf52r+qjZoifpdz26BUfVruHsIyx80+/ZdyA X-Received: by 2002:a17:906:cd19:: with SMTP id oz25mr5089972ejb.36.1595521616991; Thu, 23 Jul 2020 09:26:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595521616; cv=none; d=google.com; s=arc-20160816; b=RNPDrhIG74RzrRMSf10WHGF22jNLfpfONKgNrBWmiyh9jZ8NXuHqf53SzOgCsTcphN B/MhLevbidEXD+P6mw6YHnh2WWtztBFIEmTZqjH1KzfbS6l/sO7tegVONnUIDJcbwqdF kXSHE3O9wQOSNEr2KkyQc4OJt/Q9/1u293X70dTFzx4igP1rodf+iPFdqVVGuU2B+J5A 6XAqgWXrPI6qv1uWk0ZeDA/HRib0FpKexyNnqTueQxQz2uau6wxUgC/SXNg8vQfoKowZ rqd28BiwZKM9Pr6bIrPUcYNgneNQo2mMyJwyQzv7OSV6j0SzERlhYQRQCl2xMkGdzLgg ZvCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=JgypO7riwhLdAo4caWDf1KBge9MM1ELYDDpD46hNyhs=; b=l15YzMRAgNyVTidP1JR+/ueO0aAEF8CUiz4s9fAzn8Y6Prh7vphh34ISBMIfhBoSs5 IZKpYyTv43UQJ7KmcvHUUivQ/DW8yZVtF6646iX2Tt6QhUJDtqb5I+V7h571cCS6hDyg hBmzsoBKm9WKd92TiJTLstcvritsO2hrdXOEhQLo6XAyC/hX/1y6YmhHASzjKdZXzqi5 5AqNsRE65cXzUuMWn/0UD4wxR8ObgYDF457hwUATs40qLqMOkPPmuSDl7m93njcDuHXQ +XWomElKn8uAPE67IR6UJrQT3xZD6bVBYUJTa3NAuZ7KJdWzTjgHmuV5LhnfKh7GdKQp icDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bq6si2254530ejb.108.2020.07.23.09.26.34; Thu, 23 Jul 2020 09:26:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729813AbgGWQZh (ORCPT + 99 others); Thu, 23 Jul 2020 12:25:37 -0400 Received: from mga05.intel.com ([192.55.52.43]:65237 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726632AbgGWQZh (ORCPT ); Thu, 23 Jul 2020 12:25:37 -0400 IronPort-SDR: 2AZZtCpMRl6rdpflwQT/go8rG8nf0ll4r3ufYmO3Wvfdw+L1LDo1pNskbbwXkv9BwgZGA6L3We SY7rTGw1WBvQ== X-IronPort-AV: E=McAfee;i="6000,8403,9691"; a="235441446" X-IronPort-AV: E=Sophos;i="5.75,387,1589266800"; d="scan'208";a="235441446" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jul 2020 09:25:36 -0700 IronPort-SDR: 7SNQbhgfLF8y+Ls0u3O0LezOL/4DKnkZUziPl6WdpxFftOFptAKIedxZcyo2AanJGfyBajYaF7 F/KSAtvgmIzA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,387,1589266800"; d="scan'208";a="488426080" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by fmsmga006.fm.intel.com with ESMTP; 23 Jul 2020 09:25:31 -0700 Date: Thu, 23 Jul 2020 09:25:31 -0700 From: Sean Christopherson To: Yu-cheng Yu Cc: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Subject: Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack Message-ID: <20200723162531.GF21891@linux.intel.com> References: <20200429220732.31602-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200429220732.31602-1-yu-cheng.yu@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 29, 2020 at 03:07:06PM -0700, Yu-cheng Yu wrote: > Control-flow Enforcement (CET) is a new Intel processor feature that blocks > return/jump-oriented programming attacks. Details can be found in "Intel > 64 and IA-32 Architectures Software Developer's Manual" [1]. > > This series depends on the XSAVES supervisor state series that was split > out and submitted earlier [2]. ... > Yu-cheng Yu (25): > x86/cpufeatures: Add CET CPU feature flags for Control-flow > Enforcement Technology (CET) > x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states How would people feel about taking the above two patches (02 and 03 in the series) through the KVM tree to enable KVM virtualization of CET before the kernel itself gains CET support? I.e. add the MSR and feature bits, along with the XSAVES context switching. The feature definitons could use "" to suppress displaying them in /proc/cpuinfo to avoid falsely advertising CET to userspace. AIUI, there are ABI issues that need to be sorted out, and that is likely going to drag on for some time. Is this a "hell no" sort of idea, or something that would be feasible if we can show that there are no negative impacts to the kernel?