Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp299849rdb;
        Fri, 5 Jan 2024 10:10:04 -0800 (PST)
X-Google-Smtp-Source: AGHT+IED3E1jCFQ2HG39YfH0n+XHttUktshnh6NA1o79HPPezEFR6cyBqz1A9M/IxrWm548/l3zh
X-Received: by 2002:aa7:8a02:0:b0:6d9:bd61:95fe with SMTP id m2-20020aa78a02000000b006d9bd6195femr2007622pfa.38.1704478204720;
        Fri, 05 Jan 2024 10:10:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704478204; cv=none;
        d=google.com; s=arc-20160816;
        b=siKVDypPg3DgswUm6ffDvX7vqVFFB3b1xgYfraVdNJ/2KzFgbUDG2ODCdZt6F4DQS9
         YcT/MkdVENI7FXgf4MgyfnLMKg1whD20Q8G6OsIBqiIuhCVnBF4cd4eISYuq1B8Y/QEZ
         1EhHNOvAFfXZy8PKSCiHtHtSJF1B+cZDCEtN0PSNRfqZjZIMJm//BA5etm43jl60UzGQ
         u3qJSfVcsFG6dnmzl1msYrUHMb4vrgAkPBGoqxRtsrtSXEEYN1v/NAiKob6ib2gCjFda
         Y1OPmcXWuLzUpBgtGgsqsvYwd7DNvIXfXRmND3pp6FdlnHuhrpz6m3RkQYJLh51vHBMq
         /IKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=;
        fh=k+BvJGZKmjEZHd0YNlP4fcrB9DJ7/16a6ryAgQFIONM=;
        b=MgcHwnwYC3+016wGqrUmOPerKVNnEYTPDBGcS7CgpRjlW81bVuKLoWdZP4XJXdwmuK
         mI88rLiuPNQpqywp0ziAD9ZqtEjuLetWhtNKnirNWR7/VC/2xKhxoaEjKJditRA0nvxz
         dAvyAtgF7gmv/eNFRFn+2UHtX4Xugc9Ot1ToORT1haovfBG0jQm6tx195n6faQJskiq0
         M6Y79MYb56Cb97z4bbcZeHQo8ZD//VHaxSWO34ZwGszU9/kcz+dz2xseu5sD9SkvxX3/
         gz2QNMspbJtb+FiBCMEp0z9UkKFpQNkXFMJINRJKvkopDHeAuiVKg+RZ8kHdmw0cmI2j
         kxmQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=TpPm8D0T;
       spf=pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id m63-20020a632642000000b005ce0b38a6dbsi1720254pgm.580.2024.01.05.10.10.04
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 05 Jan 2024 10:10:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=TpPm8D0T;
       spf=pass (google.com: domain of linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18177-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id C6CE5281E52
	for <linux.lists.archive@gmail.com>; Fri,  5 Jan 2024 18:09:52 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id CC51A34CF4;
	Fri,  5 Jan 2024 18:09:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TpPm8D0T"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B7153455D
	for <linux-kernel@vger.kernel.org>; Fri,  5 Jan 2024 18:09:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-54744e66d27so573a12.0
        for <linux-kernel@vger.kernel.org>; Fri, 05 Jan 2024 10:09:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1704478184; x=1705082984; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=;
        b=TpPm8D0THuXi1FIq5R2hjCd3gktkbRxgejfrMp++MLooGXYzZA01kS0+Wc7dtCjoz0
         xhiyzFtIoOrMYwNdmnerp7LsEmkFjLIY6yC2di5xCp5JaAhpEWZc4MzBUyPn/x5t6lpo
         rvr++SARtWwMaYh+wnamWHdTci5CWluRl/weiyNtre3mocFsERTZcCsXma9LgMKhHhwh
         U6YLzRNarlBw/inS6Lx6V66uaZpGNqMzzT0YZZ5J/w50MPNcw3Thbt5hQ8OmktAx5caT
         TbfGYbTjdWt552vsItQPz3PyOtfu6eoCIMAm3QGh7EMUGDrolUJ6sg3UGgrK6p3a4AzS
         /7lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704478184; x=1705082984;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=3BigxxSzpNvAGoQIBfaV1OAOS4EMsVFO9Hy0woPRhdQ=;
        b=fKQXVaK9ckzL4adnsm3SqTDrQyZRCR2+nKuitXlokcVpIifOmVHKCbog6ruwkwcEc7
         lVnh52ArHvys0uZwIrbMHZfDDKsjjo3tSjS+bF7IRMR/988peOjzrWS8wC1OUR0Outhk
         KvicnbJYXf2tTZZw+JrdBbaQp0ruwGcbh5L+RGXrERK1LZ1/GUBiFZ9Wv3sDcjHJR98a
         V17hDWc8hYCMJKzn8dZ4H+SshtdoMmX7/pZMMdqpTcThU+TkaoIn5ztAnDrm4Sd6S+GA
         GTffJdn+h/873+f57urgEkkCXMj5AgheAUh+f2fEbKUPkpMlZHPYL4mvurd83MF0P3J6
         +2Nw==
X-Gm-Message-State: AOJu0YwDma30yOovz+/OtCSa/JsD5emGJ+bySvN6+JFtl5Nlwy78RUwo
	aOH2E5xjGxMJt320eJkREc/8CjJPfvuivW9hIFFcSIzu6aQ/
X-Received: by 2002:a50:9f4a:0:b0:555:6529:3bfe with SMTP id
 b68-20020a509f4a000000b0055565293bfemr6452edf.1.1704478183815; Fri, 05 Jan
 2024 10:09:43 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20231221140239.4349-1-weijiang.yang@intel.com>
 <93f118670137933980e9ed263d01afdb532010ed.camel@intel.com>
 <5f57ce03-9568-4739-b02d-e9fac6ed381a@intel.com> <6179ddcb25c683bd178e74e7e2455cee63ba74de.camel@intel.com>
 <ZZdLG5W5u19PsnTo@google.com> <a2344e2143ef2b9eca0d153c86091e58e596709d.camel@intel.com>
 <ZZdSSzCqvd-3sdBL@google.com> <8f070910-2b2e-425d-995e-dfa03a7695de@intel.com>
 <ZZgsipXoXTKyvCZT@google.com> <9abd8400d25835dd2a6fd41b0104e3c666ee8a13.camel@intel.com>
In-Reply-To: <9abd8400d25835dd2a6fd41b0104e3c666ee8a13.camel@intel.com>
From: Jim Mattson <jmattson@google.com>
Date: Fri, 5 Jan 2024 10:09:28 -0800
Message-ID: <CALMp9eRMoWOS5oAywQCdEsCuTkDqmsVG=Do11FkthD5amr96WA@mail.gmail.com>
Subject: Re: [PATCH v8 00/26] Enable CET Virtualization
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "Yang, Weijiang" <weijiang.yang@intel.com>, "seanjc@google.com" <seanjc@google.com>, 
	"Gao, Chao" <chao.gao@intel.com>, "Hansen, Dave" <dave.hansen@intel.com>, 
	"peterz@infradead.org" <peterz@infradead.org>, "john.allen@amd.com" <john.allen@amd.com>, 
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "mlevitsk@redhat.com" <mlevitsk@redhat.com>, 
	"pbonzini@redhat.com" <pbonzini@redhat.com>, "kvm@vger.kernel.org" <kvm@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 5, 2024 at 9:53=E2=80=AFAM Edgecombe, Rick P
<rick.p.edgecombe@intel.com> wrote:
>
> On Fri, 2024-01-05 at 08:21 -0800, Sean Christopherson wrote:
> > No, do not inject #UD or do anything else that deviates from
> > architecturally
> > defined behavior.
>
> Here is a, at least partial, list of CET touch points I just created by
> searching the SDM:
> 1. The emulator SW fetch with TRACKER=3D1
> 2. CALL, RET, JMP, IRET, INT, SYSCALL, SYSENTER, SYSEXIT, SYSRET
> 3. Task switching

Sigh. KVM is forced to emulate task switch, because the hardware is
incapable of virtualizing it. How hard would it be to make KVM's
task-switch emulation CET-aware?

> 4. The new CET instructions (which I guess should be handled by
> default): CLRSSBSY, INCSSPD, RSTORSSP, SAVEPREVSSP, SETSSBSYY, WRSS,
> WRUSS
>
> Not all of those are security checks, but would have some functional
> implications. It's still not clear to me if this could happen naturally
> (the TDP shadowing stuff), or only via strange attacker behavior. If we
> only care about the attacker case, then we could have a smaller list.
>
> It also sounds like the instructions in 2 could maybe be filtered by
> mode instead of caring about CET being enabled. But maybe it's not good
> to mix the CET problem with the bigger emulator issues. Don't know.