mbox series

[v15,00/14] Introduce support for guest CET feature

Message ID 20210203113421.5759-1-weijiang.yang@intel.com (mailing list archive)
Headers show
Series Introduce support for guest CET feature | expand

Message

Yang Weijiang Feb. 3, 2021, 11:34 a.m. UTC
Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
subfeatures: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
SHSTK is to prevent ROP and IBT is to prevent JOP.

Several parts in KVM have been updated to provide guest CET support, including:
CPUID/XSAVES settings, MSR passthrough, user-space MSR access interface, 
vmentry/vmexit config, nested VM etc. These patches are dependent on CET
kernel patches for XSAVES support and CET definitions, e.g., MSR and related
feature flags.

CET kernel patches: refer to [1], [2].

Previous CET KVM patches: refer to [3].

CET QEMU patches: refer to [4].

CET KVM unit-test patch: refer to [5].

[1]: CET Shadow Stack patches v18:
https://lkml.kernel.org/linux-api/20210127212524.10188-1-yu-cheng.yu@intel.com/

[2]: Indirect Branch Tracking patches v18:
https://lkml.kernel.org/linux-api/20210127213028.11362-1-yu-cheng.yu@intel.com/

[3]: CET KVM patches v14:
https://lkml.kernel.org/kvm/20201106011637.14289-1-weijiang.yang@intel.com/

[4]: CET QEMU patches:
https://patchwork.ozlabs.org/project/qemu-devel/patch/20201013051935.6052-2-weijiang.yang@intel.com/

[5]: CET KVM unit-test patch:
https://patchwork.kernel.org/project/kvm/patch/20200506082110.25441-12-weijiang.yang@intel.com/

Changes in v15:
- Changed patches per Paolo's review feedback on v14.
- Added a new patch for GUEST_SSP save/restore in guest SMM case.
- Fixed guest call-trace issue due to CET MSR interception.
- Removed unnecessary guest CET state cleanup in VMCS.
- Rebased patches to 5.11-rc6.


Sean Christopherson (2):
  KVM: x86: Report XSS as an MSR to be saved if there are supported
    features
  KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES

Yang Weijiang (12):
  KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS
  KVM: x86: Add #CP support in guest exception dispatch
  KVM: VMX: Introduce CET VMCS fields and flags
  KVM: x86: Add fault checks for CR4.CET
  KVM: VMX: Emulate reads and writes to CET MSRs
  KVM: VMX: Add a synthetic MSR to allow userspace VMM to access
    GUEST_SSP
  KVM: x86: Report CET MSRs as to-be-saved if CET is supported
  KVM: x86: Enable CET virtualization for VMX and advertise CET to
    userspace
  KVM: VMX: Pass through CET MSRs to the guest when supported
  KVM: nVMX: Add helper to check the vmcs01 MSR bitmap for MSR
    pass-through
  KVM: nVMX: Enable CET support for nested VMX
  KVM: x86: Save/Restore GUEST_SSP to/from SMRAM

 arch/x86/include/asm/kvm_host.h      |   4 +-
 arch/x86/include/asm/vmx.h           |   8 ++
 arch/x86/include/uapi/asm/kvm.h      |   1 +
 arch/x86/include/uapi/asm/kvm_para.h |   1 +
 arch/x86/kvm/cpuid.c                 |  26 +++-
 arch/x86/kvm/emulate.c               |  11 ++
 arch/x86/kvm/vmx/capabilities.h      |   5 +
 arch/x86/kvm/vmx/nested.c            |  57 ++++++--
 arch/x86/kvm/vmx/vmcs12.c            |   6 +
 arch/x86/kvm/vmx/vmcs12.h            |  14 +-
 arch/x86/kvm/vmx/vmx.c               | 202 ++++++++++++++++++++++++++-
 arch/x86/kvm/x86.c                   |  67 ++++++++-
 arch/x86/kvm/x86.h                   |  10 +-
 13 files changed, 387 insertions(+), 25 deletions(-)

Comments

Paolo Bonzini Feb. 3, 2021, 12:40 p.m. UTC | #1
On 03/02/21 12:34, Yang Weijiang wrote:
> Control-flow Enforcement Technology (CET) provides protection against
> Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
> subfeatures: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
> SHSTK is to prevent ROP and IBT is to prevent JOP.
> 
> Several parts in KVM have been updated to provide guest CET support, including:
> CPUID/XSAVES settings, MSR passthrough, user-space MSR access interface,
> vmentry/vmexit config, nested VM etc. These patches are dependent on CET
> kernel patches for XSAVES support and CET definitions, e.g., MSR and related
> feature flags.
> 
> CET kernel patches: refer to [1], [2].
> 
> Previous CET KVM patches: refer to [3].
> 
> CET QEMU patches: refer to [4].
> 
> CET KVM unit-test patch: refer to [5].
> 
> [1]: CET Shadow Stack patches v18:
> https://lkml.kernel.org/linux-api/20210127212524.10188-1-yu-cheng.yu@intel.com/
> 
> [2]: Indirect Branch Tracking patches v18:
> https://lkml.kernel.org/linux-api/20210127213028.11362-1-yu-cheng.yu@intel.com/
> 
> [3]: CET KVM patches v14:
> https://lkml.kernel.org/kvm/20201106011637.14289-1-weijiang.yang@intel.com/
> 
> [4]: CET QEMU patches:
> https://patchwork.ozlabs.org/project/qemu-devel/patch/20201013051935.6052-2-weijiang.yang@intel.com/
> 
> [5]: CET KVM unit-test patch:
> https://patchwork.kernel.org/project/kvm/patch/20200506082110.25441-12-weijiang.yang@intel.com/
> 
> Changes in v15:
> - Changed patches per Paolo's review feedback on v14.
> - Added a new patch for GUEST_SSP save/restore in guest SMM case.
> - Fixed guest call-trace issue due to CET MSR interception.
> - Removed unnecessary guest CET state cleanup in VMCS.
> - Rebased patches to 5.11-rc6.
> 
> 
> Sean Christopherson (2):
>    KVM: x86: Report XSS as an MSR to be saved if there are supported
>      features
>    KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES
> 
> Yang Weijiang (12):
>    KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS
>    KVM: x86: Add #CP support in guest exception dispatch
>    KVM: VMX: Introduce CET VMCS fields and flags
>    KVM: x86: Add fault checks for CR4.CET
>    KVM: VMX: Emulate reads and writes to CET MSRs
>    KVM: VMX: Add a synthetic MSR to allow userspace VMM to access
>      GUEST_SSP
>    KVM: x86: Report CET MSRs as to-be-saved if CET is supported
>    KVM: x86: Enable CET virtualization for VMX and advertise CET to
>      userspace
>    KVM: VMX: Pass through CET MSRs to the guest when supported
>    KVM: nVMX: Add helper to check the vmcs01 MSR bitmap for MSR
>      pass-through
>    KVM: nVMX: Enable CET support for nested VMX
>    KVM: x86: Save/Restore GUEST_SSP to/from SMRAM
> 
>   arch/x86/include/asm/kvm_host.h      |   4 +-
>   arch/x86/include/asm/vmx.h           |   8 ++
>   arch/x86/include/uapi/asm/kvm.h      |   1 +
>   arch/x86/include/uapi/asm/kvm_para.h |   1 +
>   arch/x86/kvm/cpuid.c                 |  26 +++-
>   arch/x86/kvm/emulate.c               |  11 ++
>   arch/x86/kvm/vmx/capabilities.h      |   5 +
>   arch/x86/kvm/vmx/nested.c            |  57 ++++++--
>   arch/x86/kvm/vmx/vmcs12.c            |   6 +
>   arch/x86/kvm/vmx/vmcs12.h            |  14 +-
>   arch/x86/kvm/vmx/vmx.c               | 202 ++++++++++++++++++++++++++-
>   arch/x86/kvm/x86.c                   |  67 ++++++++-
>   arch/x86/kvm/x86.h                   |  10 +-
>   13 files changed, 387 insertions(+), 25 deletions(-)
> 

Queued, though not for 5.12 unless the bare metal support is there too.

Paolo