Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp299849rdb; Fri, 5 Jan 2024 10:10:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IED3E1jCFQ2HG39YfH0n+XHttUktshnh6NA1o79HPPezEFR6cyBqz1A9M/IxrWm548/l3zh X-Received: by 2002:aa7:8a02:0:b0:6d9:bd61:95fe with SMTP id m2-20020aa78a02000000b006d9bd6195femr2007622pfa.38.1704478204720; Fri, 05 Jan 2024 10:10:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704478204; cv=none; d=google.com; s=arc-20160816; b=siKVDypPg3DgswUm6ffDvX7vqVFFB3b1xgYfraVdNJ/2KzFgbUDG2ODCdZt6F4DQS9 YcT/MkdVENI7FXgf4MgyfnLMKg1whD20Q8G6OsIBqiIuhCVnBF4cd4eISYuq1B8Y/QEZ 1EhHNOvAFfXZy8PKSCiHtHtSJF1B+cZDCEtN0PSNRfqZjZIMJm//BA5etm43jl60UzGQ u3qJSfVcsFG6dnmzl1msYrUHMb4vrgAkPBGoqxRtsrtSXEEYN1v/NAiKob6ib2gCjFda Y1OPmcXWuLzUpBgtGgsqsvYwd7DNvIXfXRmND3pp6FdlnHuhrpz6m3RkQYJLh51vHBMq /IKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=; fh=k+BvJGZKmjEZHd0YNlP4fcrB9DJ7/16a6ryAgQFIONM=; b=MgcHwnwYC3+016wGqrUmOPerKVNnEYTPDBGcS7CgpRjlW81bVuKLoWdZP4XJXdwmuK mI88rLiuPNQpqywp0ziAD9ZqtEjuLetWhtNKnirNWR7/VC/2xKhxoaEjKJditRA0nvxz dAvyAtgF7gmv/eNFRFn+2UHtX4Xugc9Ot1ToORT1haovfBG0jQm6tx195n6faQJskiq0 M6Y79MYb56Cb97z4bbcZeHQo8ZD//VHaxSWO34ZwGszU9/kcz+dz2xseu5sD9SkvxX3/ gz2QNMspbJtb+FiBCMEp0z9UkKFpQNkXFMJINRJKvkopDHeAuiVKg+RZ8kHdmw0cmI2j kxmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=TpPm8D0T; spf=pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id m63-20020a632642000000b005ce0b38a6dbsi1720254pgm.580.2024.01.05.10.10.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jan 2024 10:10:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=TpPm8D0T; spf=pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C6CE5281E52 for ; Fri, 5 Jan 2024 18:09:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CC51A34CF4; Fri, 5 Jan 2024 18:09:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TpPm8D0T" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B7153455D for ; Fri, 5 Jan 2024 18:09:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-54744e66d27so573a12.0 for ; Fri, 05 Jan 2024 10:09:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704478184; x=1705082984; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=; b=TpPm8D0THuXi1FIq5R2hjCd3gktkbRxgejfrMp++MLooGXYzZA01kS0+Wc7dtCjoz0 xhiyzFtIoOrMYwNdmnerp7LsEmkFjLIY6yC2di5xCp5JaAhpEWZc4MzBUyPn/x5t6lpo rvr++SARtWwMaYh+wnamWHdTci5CWluRl/weiyNtre3mocFsERTZcCsXma9LgMKhHhwh U6YLzRNarlBw/inS6Lx6V66uaZpGNqMzzT0YZZ5J/w50MPNcw3Thbt5hQ8OmktAx5caT TbfGYbTjdWt552vsItQPz3PyOtfu6eoCIMAm3QGh7EMUGDrolUJ6sg3UGgrK6p3a4AzS /7lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704478184; x=1705082984; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=; b=fKQXVaK9ckzL4adnsm3SqTDrQyZRCR2+nKuitXlokcVpIifOmVHKCbog6ruwkwcEc7 lVnh52ArHvys0uZwIrbMHZfDDKsjjo3tSjS+bF7IRMR/988peOjzrWS8wC1OUR0Outhk KvicnbJYXf2tTZZw+JrdBbaQp0ruwGcbh5L+RGXrERK1LZ1/GUBiFZ9Wv3sDcjHJR98a V17hDWc8hYCMJKzn8dZ4H+SshtdoMmX7/pZMMdqpTcThU+TkaoIn5ztAnDrm4Sd6S+GA GTffJdn+h/873+f57urgEkkCXMj5AgheAUh+f2fEbKUPkpMlZHPYL4mvurd83MF0P3J6 +2Nw== X-Gm-Message-State: AOJu0YwDma30yOovz+/OtCSa/JsD5emGJ+bySvN6+JFtl5Nlwy78RUwo aOH2E5xjGxMJt320eJkREc/8CjJPfvuivW9hIFFcSIzu6aQ/ X-Received: by 2002:a50:9f4a:0:b0:555:6529:3bfe with SMTP id b68-20020a509f4a000000b0055565293bfemr6452edf.1.1704478183815; Fri, 05 Jan 2024 10:09:43 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231221140239.4349-1-weijiang.yang@intel.com> <93f118670137933980e9ed263d01afdb532010ed.camel@intel.com> <5f57ce03-9568-4739-b02d-e9fac6ed381a@intel.com> <6179ddcb25c683bd178e74e7e2455cee63ba74de.camel@intel.com> <8f070910-2b2e-425d-995e-dfa03a7695de@intel.com> <9abd8400d25835dd2a6fd41b0104e3c666ee8a13.camel@intel.com> In-Reply-To: <9abd8400d25835dd2a6fd41b0104e3c666ee8a13.camel@intel.com> From: Jim Mattson Date: Fri, 5 Jan 2024 10:09:28 -0800 Message-ID: Subject: Re: [PATCH v8 00/26] Enable CET Virtualization To: "Edgecombe, Rick P" Cc: "Yang, Weijiang" , "seanjc@google.com" , "Gao, Chao" , "Hansen, Dave" , "peterz@infradead.org" , "john.allen@amd.com" , "linux-kernel@vger.kernel.org" , "mlevitsk@redhat.com" , "pbonzini@redhat.com" , "kvm@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 5, 2024 at 9:53=E2=80=AFAM Edgecombe, Rick P wrote: > > On Fri, 2024-01-05 at 08:21 -0800, Sean Christopherson wrote: > > No, do not inject #UD or do anything else that deviates from > > architecturally > > defined behavior. > > Here is a, at least partial, list of CET touch points I just created by > searching the SDM: > 1. The emulator SW fetch with TRACKER=3D1 > 2. CALL, RET, JMP, IRET, INT, SYSCALL, SYSENTER, SYSEXIT, SYSRET > 3. Task switching Sigh. KVM is forced to emulate task switch, because the hardware is incapable of virtualizing it. How hard would it be to make KVM's task-switch emulation CET-aware? > 4. The new CET instructions (which I guess should be handled by > default): CLRSSBSY, INCSSPD, RSTORSSP, SAVEPREVSSP, SETSSBSYY, WRSS, > WRUSS > > Not all of those are security checks, but would have some functional > implications. It's still not clear to me if this could happen naturally > (the TDP shadowing stuff), or only via strange attacker behavior. If we > only care about the attacker case, then we could have a smaller list. > > It also sounds like the instructions in 2 could maybe be filtered by > mode instead of caring about CET being enabled. But maybe it's not good > to mix the CET problem with the bigger emulator issues. Don't know.