Re: [PATCH v2 07/25] KVM: VMX: Set intercept for FRED MSRs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 18, 2024, Xin Li wrote:
> > > MSR_IA32_FRED_SSP0 is an alias of the CET MSR_IA32_PL0_SSP and likely to
> > > be used in the same way as FRED RSP0, i.e., host FRED SSP0 _should_ be
> > > restored in arch_exit_to_user_mode_prepare().  However as of today Linux
> > > has no plan to utilize kernel shadow stack thus no one cares host FRED
> > > SSP0 (no?).  But lets say anyway it is host's responsibility to manage
> > > host FRED SSP0, then KVM only needs to take care of guest FRED SSP0
> > > (just like how KVM should handle guest FRED RSP0) even before the
> > > supervisor shadow stack feature is advertised to guest.
> > 
> > Heh, I'm not sure what your question is, or if there even is a question.  KVM
> > needs to context switch FRED SSP0 if FRED is exposed to the guest, but presumably
> > that will be done through XSAVE state?  If that's the long term plan, I would
> > prefer to focus on merging CET virtualization first, and then land FRED virtualization
> > on top so that KVM doesn't have to carry intermediate code to deal with the aliased
> > MSR.
> 
> You mean the following patch set, right?

Yep, and presumably the KVM support as well:

https://lore.kernel.org/all/20240219074733.122080-1-weijiang.yang@xxxxxxxxx

> https://lore.kernel.org/kvm/20240531090331.13713-1-weijiang.yang@xxxxxxxxx/

...

> > Ugh, but what happens if a CPU (or the host kernel) supports FRED but not CET SS?
> > Or is that effectively an illegal combination?
> 
> The FRED Spec says:
> 
> IA32_FRED_SSP1, IA32_FRED_SSP2, and IA32_FRED_SSP3 (MSR indices 1D1H–
> 1D3H). Together with the existing MSR IA32_PL0_SSP (MSR index 6A4H), these
> are the FRED SSP MSRs.
> 
> The FRED SSP MSRs are supported by any processor that enumerates
> CPUID.(EAX=7,ECX=1):EAX.FRED[bit 17] as 1. If such a processor does not
> support CET, FRED transitions will not use the MSRs (because shadow stacks
> are not enabled), but the MSRs would still be accessible using RDMSR and
> WRMSR.
> 
> 
> So they are independent, just that FRED SSP MSRs are NOT used if
> supervisor shadow stacks are not enabled (obviously Qemu can be
> configured to not advertise CET but FRED).
> 
> When FRED is advertised to a guest, KVM should allow FRED SSP MSRs
> accesses through disabling FRED SSP MSRs interception no matter whether
> supervisor shadow stacks are enabled or not.

KVM doesn't necessarily need to disabling MSR interception, e.g. if the expectation
is that the guest will rarely/never access the MSRs when CET is unsupported, then
we're likely better off going with a trap-and-emulate model.  KVM needs to emulate
RDMSR and WRMSR no matter what, e.g. in case the guest triggers a WRMSR when KVM
is emulating, and so that userspace can get/set MSR values.

And this means that yes, FRED virtualization needs to land after CET virtualization,
otherwise managing the conflicts/dependencies will be a nightmare.





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux