[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/3] x86: Initial pieces for guest CET support


  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 26 Apr 2021 18:54:18 +0100
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>
  • Delivery-date: Mon, 26 Apr 2021 17:54:51 +0000
  • Ironport-hdrordr: A9a23:1B65kq3E0qULAibdA6WiVAqjBFYkLtp033Aq2lEZdDV+WKWj+f yGtvIdyBPylXItQ3kmg9+NI+2tRnnb+J5z7+AqTNCfdSPhv3alK5wn0Jv6z1TbaknD38NUyK sISchDIfLqC1wSt6rHyS2ZN/pl/9Wd6qCvgo7lvhJQZCVncbtp4Qs8KivzKDwUeCB8CZA0FI WR66N8zlLKExkqR/+2G2UfWKz7r8DL/aiWByIuPQIt6wWFkFqTiYLSLh7w5HgjegIK5b8j9G Tf+jaJhJmejw==
  • Ironport-sdr: iBVDQd1bj29weW1h2hyFJpLX+LSdPxMwZhebu2gV/b4NzPFZDILW+53yVsyIDPXEP5vDljUuIz 8waaCfxSHBO4kx+JUjjz0tJJCeIM1B4nYLvu0DN4DWSOXxKNyceXO2g/SzOgTBgXjH/PuPHx2F zk1671X6cCQ/lJ8LN3/oi0/l0Hw/DyE8C+Am5kHS6xxvU+UcyZcxus1sjge/psEjiihQIBOcc7 AHHHKRZX8e7oc4h0LydwmYBDlV73goNZUk6LzeSo0mE1JzknLY78sewhcDqGYA/aDChz542qbS 2YI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Some initial pieces for guest support.  Everything will currently malfunction
for VMs which explicitly opt in to CET_SS/IBT.

Still TODO as a minimum:
 * Teach the pagewalk logic about shadow stack accesses and errors.
 * Emulator support for the new instructions.  WRUSS is an irritating corner
   case, requiring a change to how we express pagewalk inputs, as
   user/supervisor is no longer dependent on CPL.
 * Context switching of U/S_CET state.  Recommended way is with XSAVES, except
   the S_CET has broken sematics - it ends up as a mix of host and guest
   state, and isn't safe to XRSTOR without editing what the CPU wrote out.

The above ought to suffice for getting some XTF testing in place.  For general
guest support:
 * In-guest XSAVES support.  Windows is the only OS to support CET at the time
   of writing, and it cross-checks for XSAVES.  Linux expected to perform the
   same cross-check in due course.

Stretch features (not for initial support):
  * Adding EPT/NPT Supervisor Shadow Stack protections into mem_access, so
    introspection can block aliasing attacks.

Andrew Cooper (3):
  x86/hvm: Introduce experimental guest CET support
  x86/svm: Enumeration for CET
  x86/VT-x: Enumeration for CET

 xen/arch/x86/hvm/hvm.c                      | 18 ++++++++++++++++--
 xen/arch/x86/hvm/svm/svm.c                  |  1 +
 xen/arch/x86/hvm/svm/svmdebug.c             |  2 ++
 xen/arch/x86/hvm/vmx/vmcs.c                 |  6 ++++++
 xen/include/asm-x86/hvm/svm/svm.h           |  2 ++
 xen/include/asm-x86/hvm/svm/vmcb.h          | 10 ++++++++--
 xen/include/asm-x86/hvm/vmx/vmcs.h          | 11 ++++++++++-
 xen/include/public/arch-x86/cpufeatureset.h |  4 ++--
 8 files changed, 47 insertions(+), 7 deletions(-)

-- 
2.11.0




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.