All of lore.kernel.org
 help / color / mirror / Atom feed
From: Yang Weijiang <weijiang.yang@intel.com>
To: pbonzini@redhat.com, rkrcmar@redhat.com,
	sean.j.christopherson@intel.com, jmattson@google.com,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	mst@redhat.com, yu-cheng.yu@intel.com, yi.z.zhang@intel.com,
	hjl.tools@gmail.com
Cc: weijiang.yang@intel.com
Subject: [PATCH v2 0/7] This patch-set is to enable Guest CET support
Date: Wed, 23 Jan 2019 04:59:02 +0800	[thread overview]
Message-ID: <20190122205909.24165-1-weijiang.yang@intel.com> (raw)

Control-flow Enforcement Technology (CET) provides protection against
return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own
the capability, this patch-set is required. It enables CET related CPUID
report, xsaves/xrstors, vmx entry configuration etc. for Guest OS.

PATCH 1    : Define CET VMCS fields and bits.
PATCH 2/3  : Report CET feature support in CPUID.
PATCH 4    : Fix xsaves size calculation issue.
PATCH 5    : Pass through CET MSRs to Guest.
PATCH 6    : Set Guest CET state auto loading bit.
PATCH 7    : Enable CET xsaves bits support in XSS.

Changelog:
 v2:
 - Re-ordered patch sequence, combined one patch.
 - Added more description for CET related VMCS fields.
 - Added Host CET capability check while enabling Guest CET loading bit.
 - Added Host CET capability check while reporting Guest CPUID(EAX=7,
   EXC=0).
 - Modified code in reporting Guest CPUID(EAX=D,ECX>=1), make it clearer.
 - Added Host and Guest XSS mask check while setting bits for Guest XSS.


Yang Weijiang (7):
  KVM:VMX: Define CET VMCS fields and bits
  KVM:CPUID: Define CET CPUID bits and CR4.CET master enable bit.
  KVM:CPUID: Add CPUID support for CET xsaves component query.
  KVM:CPUID: Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1).
  KVM:VMX: Pass through host CET related MSRs to Guest.
  KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest
  KVM:X86: Enable MSR_IA32_XSS bit 11 and 12 for CET xsaves/xrstors.

 arch/x86/include/asm/kvm_host.h |  3 +-
 arch/x86/include/asm/vmx.h      |  8 ++++
 arch/x86/kvm/cpuid.c            | 67 ++++++++++++++++++++++++---------
 arch/x86/kvm/vmx.c              | 60 +++++++++++++++++++++++++++--
 arch/x86/kvm/x86.c              |  4 ++
 arch/x86/kvm/x86.h              |  4 ++
 6 files changed, 125 insertions(+), 21 deletions(-)

-- 
2.17.1


             reply	other threads:[~2019-01-23 14:06 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-22 20:59 Yang Weijiang [this message]
2019-01-22 20:59 ` [PATCH v2 1/7] KVM:VMX: Define CET VMCS fields and bits Yang Weijiang
2019-01-25 18:02   ` Paolo Bonzini
2019-01-28 10:33     ` Yang Weijiang
2019-01-29 15:19       ` Paolo Bonzini
2019-01-29  8:29         ` Yang Weijiang
2019-01-30  8:32           ` Paolo Bonzini
2019-03-04 18:56         ` Sean Christopherson
2019-03-08  9:15           ` Paolo Bonzini
2019-03-08 15:50             ` Sean Christopherson
2019-03-08 16:34               ` Paolo Bonzini
2019-01-25 22:30   ` Sean Christopherson
2019-01-29 17:47   ` Jim Mattson
2019-01-29 18:01     ` Jim Mattson
     [not found]       ` <20190129182750.GB8156@linux.intel.com>
2019-01-29  8:34         ` Yang Weijiang
2019-01-22 20:59 ` [PATCH v2 2/7] KVM:CPUID: Define CET CPUID bits and CR4.CET master enable bit Yang Weijiang
2019-01-22 20:59 ` [PATCH v2 3/7] KVM:CPUID: Add CPUID support for CET xsaves component query Yang Weijiang
2019-01-25 17:57   ` Paolo Bonzini
2019-01-25 22:40   ` Sean Christopherson
2019-01-22 20:59 ` [PATCH v2 4/7] KVM:CPUID: Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1) Yang Weijiang
2019-01-25 22:47   ` Sean Christopherson
2019-01-22 20:59 ` [PATCH v2 5/7] KVM:VMX: Pass through host CET related MSRs to Guest Yang Weijiang
2019-01-25 22:50   ` Sean Christopherson
2019-01-22 20:59 ` [PATCH v2 6/7] KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest Yang Weijiang
2019-01-25 22:56   ` Sean Christopherson
2019-01-30 15:16     ` Yang Weijiang
2019-01-22 20:59 ` [PATCH v2 7/7] KVM:X86: Enable MSR_IA32_XSS bit 11 and 12 for CET xsaves/xrstors Yang Weijiang
2019-01-25 23:03   ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190122205909.24165-1-weijiang.yang@intel.com \
    --to=weijiang.yang@intel.com \
    --cc=hjl.tools@gmail.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=yi.z.zhang@intel.com \
    --cc=yu-cheng.yu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.