From: Yang Weijiang <weijiang.yang@intel.com>
To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org,
john.allen@amd.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com,
binbin.wu@linux.intel.com, weijiang.yang@intel.com,
Zhang Yi Z <yi.z.zhang@linux.intel.com>
Subject: [PATCH v5 10/19] KVM:VMX: Introduce CET VMCS fields and control bits
Date: Thu, 3 Aug 2023 00:27:23 -0400 [thread overview]
Message-ID: <20230803042732.88515-11-weijiang.yang@intel.com> (raw)
In-Reply-To: <20230803042732.88515-1-weijiang.yang@intel.com>
Control-flow Enforcement Technology (CET) is a kind of CPU feature used
to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks.
It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP
style control-flow subversion attacks.
Shadow Stack (SHSTK):
A shadow stack is a second stack used exclusively for control transfer
operations. The shadow stack is separate from the data/normal stack and
can be enabled individually in user and kernel mode. When shadow stack
is enabled, CALL pushes the return address on both the data and shadow
stack. RET pops the return address from both stacks and compares them.
If the return addresses from the two stacks do not match, the processor
generates a #CP.
Indirect Branch Tracking (IBT):
IBT introduces new instruction(ENDBRANCH)to mark valid target addresses of
indirect branches (CALL, JMP etc...). If an indirect branch is executed
and the next instruction is _not_ an ENDBRANCH, the processor generates a
#CP. These instruction behaves as a NOP on platforms that doesn't support
CET.
Several new CET MSRs are defined to support CET:
MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} mode respectively.
MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}.
MSR_IA32_INT_SSP_TAB: Linear address of SHSTK table,the entry is indexed
by IST of interrupt gate desc.
Two XSAVES state bits are introduced for CET:
IA32_XSS:[bit 11]: Control saving/restoring user mode CET states
IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states.
Six VMCS fields are introduced for CET:
{HOST,GUEST}_S_CET: Stores CET settings for kernel mode.
{HOST,GUEST}_SSP: Stores shadow stack pointer of current active task/thread.
{HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB.
On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY
control fields:
If VM_EXIT_LOAD_CET_STATE = 1, the host CET states are restored from
the following VMCS fields at VM-Exit:
HOST_S_CET
HOST_SSP
HOST_INTR_SSP_TABLE
If VM_ENTRY_LOAD_CET_STATE = 1, the guest CET states are loaded from
the following VMCS fields at VM-Entry:
GUEST_S_CET
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
---
arch/x86/include/asm/vmx.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 0d02c4aafa6f..db7f93307349 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -104,6 +104,7 @@
#define VM_EXIT_CLEAR_BNDCFGS 0x00800000
#define VM_EXIT_PT_CONCEAL_PIP 0x01000000
#define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000
+#define VM_EXIT_LOAD_CET_STATE 0x10000000
#define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff
@@ -117,6 +118,7 @@
#define VM_ENTRY_LOAD_BNDCFGS 0x00010000
#define VM_ENTRY_PT_CONCEAL_PIP 0x00020000
#define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000
+#define VM_ENTRY_LOAD_CET_STATE 0x00100000
#define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff
@@ -345,6 +347,9 @@ enum vmcs_field {
GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822,
GUEST_SYSENTER_ESP = 0x00006824,
GUEST_SYSENTER_EIP = 0x00006826,
+ GUEST_S_CET = 0x00006828,
+ GUEST_SSP = 0x0000682a,
+ GUEST_INTR_SSP_TABLE = 0x0000682c,
HOST_CR0 = 0x00006c00,
HOST_CR3 = 0x00006c02,
HOST_CR4 = 0x00006c04,
@@ -357,6 +362,9 @@ enum vmcs_field {
HOST_IA32_SYSENTER_EIP = 0x00006c12,
HOST_RSP = 0x00006c14,
HOST_RIP = 0x00006c16,
+ HOST_S_CET = 0x00006c18,
+ HOST_SSP = 0x00006c1a,
+ HOST_INTR_SSP_TABLE = 0x00006c1c
};
/*
--
2.27.0
next prev parent reply other threads:[~2023-08-03 7:37 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 4:27 [PATCH v5 00/19] Enable CET Virtualization Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 01/19] x86/cpufeatures: Add CPU feature flags for shadow stacks Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 02/19] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 03/19] KVM:x86: Report XSS as to-be-saved if there are supported features Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 04/19] KVM:x86: Refresh CPUID on write to guest MSR_IA32_XSS Yang Weijiang
2023-08-04 16:02 ` Sean Christopherson
2023-08-04 21:43 ` Paolo Bonzini
2023-08-09 3:11 ` Yang, Weijiang
2023-08-08 14:20 ` Yang, Weijiang
2023-08-04 18:27 ` Sean Christopherson
2023-08-07 6:55 ` Paolo Bonzini
2023-08-09 8:56 ` Yang, Weijiang
2023-08-10 0:01 ` Paolo Bonzini
2023-08-10 1:12 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 05/19] KVM:x86: Initialize kvm_caps.supported_xss Yang Weijiang
2023-08-04 18:45 ` Sean Christopherson
2023-08-08 15:08 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 06/19] KVM:x86: Load guest FPU state when access XSAVE-managed MSRs Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 07/19] KVM:x86: Add fault checks for guest CR4.CET setting Yang Weijiang
2023-08-03 9:07 ` Chao Gao
2023-08-03 4:27 ` [PATCH v5 08/19] KVM:x86: Report KVM supported CET MSRs as to-be-saved Yang Weijiang
2023-08-03 10:39 ` Chao Gao
2023-08-04 3:13 ` Yang, Weijiang
2023-08-04 5:51 ` Chao Gao
2023-08-04 18:51 ` Sean Christopherson
2023-08-04 22:01 ` Paolo Bonzini
2023-08-08 15:16 ` Yang, Weijiang
2023-08-06 8:54 ` Yang, Weijiang
2023-08-04 18:55 ` Sean Christopherson
2023-08-08 15:26 ` Yang, Weijiang
2023-08-04 21:47 ` Paolo Bonzini
2023-08-09 3:14 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 09/19] KVM:x86: Make guest supervisor states as non-XSAVE managed Yang Weijiang
2023-08-03 11:15 ` Chao Gao
2023-08-04 3:26 ` Yang, Weijiang
2023-08-04 20:45 ` Sean Christopherson
2023-08-04 20:59 ` Peter Zijlstra
2023-08-04 21:32 ` Paolo Bonzini
2023-08-09 2:51 ` Yang, Weijiang
2023-08-09 2:39 ` Yang, Weijiang
2023-08-10 9:29 ` Yang, Weijiang
2023-08-10 14:29 ` Dave Hansen
2023-08-10 15:15 ` Paolo Bonzini
2023-08-10 15:37 ` Sean Christopherson
2023-08-11 3:03 ` Yang, Weijiang
2023-08-28 21:00 ` Dave Hansen
2023-08-29 7:05 ` Yang, Weijiang
2023-08-03 4:27 ` Yang Weijiang [this message]
2023-08-03 4:27 ` [PATCH v5 11/19] KVM:VMX: Emulate read and write to CET MSRs Yang Weijiang
2023-08-04 5:14 ` Chao Gao
2023-08-04 21:27 ` Sean Christopherson
2023-08-04 21:45 ` Paolo Bonzini
2023-08-04 22:21 ` Sean Christopherson
2023-08-07 7:03 ` Paolo Bonzini
2023-08-06 8:44 ` Yang, Weijiang
2023-08-07 7:00 ` Paolo Bonzini
2023-08-04 8:28 ` Chao Gao
2023-08-09 7:12 ` Yang, Weijiang
2023-08-04 21:40 ` Paolo Bonzini
2023-08-09 3:05 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 12/19] KVM:x86: Save and reload SSP to/from SMRAM Yang Weijiang
2023-08-04 7:53 ` Chao Gao
2023-08-04 15:25 ` Sean Christopherson
2023-08-06 9:14 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 13/19] KVM:VMX: Set up interception for CET MSRs Yang Weijiang
2023-08-04 8:16 ` Chao Gao
2023-08-06 9:22 ` Yang, Weijiang
2023-08-07 1:16 ` Chao Gao
2023-08-09 6:11 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 14/19] KVM:VMX: Set host constant supervisor states to VMCS fields Yang Weijiang
2023-08-04 8:23 ` Chao Gao
2023-08-03 4:27 ` [PATCH v5 15/19] KVM:x86: Optimize CET supervisor SSP save/reload Yang Weijiang
2023-08-04 8:43 ` Chao Gao
2023-08-09 9:00 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 16/19] KVM:x86: Enable CET virtualization for VMX and advertise to userspace Yang Weijiang
2023-08-03 4:27 ` [PATCH v5 17/19] KVM:x86: Enable guest CET supervisor xstate bit support Yang Weijiang
2023-08-04 22:02 ` Paolo Bonzini
2023-08-09 6:07 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 18/19] KVM:nVMX: Refine error code injection to nested VM Yang Weijiang
2023-08-04 21:38 ` Sean Christopherson
2023-08-09 3:00 ` Yang, Weijiang
2023-08-03 4:27 ` [PATCH v5 19/19] KVM:nVMX: Enable CET support for " Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230803042732.88515-11-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=yi.z.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).