Re: [PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks

From: Borislav Petkov
Date: Thu Dec 08 2022 - 06:11:23 EST

Next message: Tony Lindgren: "Re: [RFC PATCH v4 1/1] serial: core: Start managing serial controllers to enable runtime PM"
Previous message: Vlastimil Babka: "Re: [PATCH net-next v3] skbuff: Introduce slab_build_skb()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 07, 2022 at 10:35:59PM +0000, Edgecombe, Rick P wrote:
> Yes, the suggestion was to have one for kernel and one for user. But I
> was also thinking about how KVM could hypothetically support shadow
> stack in guests in the non !CONFIG_X86_USER_SHADOW_STACK case (it only
> needs CET_U xsave support). So that configuration wouldn't expose
> user_shstk and since KVM's guest feature support is retrieved
> programmatically, it could be nice to have some hint for KVM users that
> they could try. Maybe it's simpler to just tie KVM and host support
> together though. I'll remove "shstk".

Hmm, I don't have a clear idea how guest shstk support should do so
maybe this is all way off but yeah, if the host supports CET - the
*hardware* feature - then you can use the same logic to support that in
a VM.

I.e., if the guest sees CET - i.e., HV has advertized it - then guest
kernel behaves exactly the same as on the host.

But it is likely I'm missing something more involved...

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Tony Lindgren: "Re: [RFC PATCH v4 1/1] serial: core: Start managing serial controllers to enable runtime PM"
Previous message: Vlastimil Babka: "Re: [PATCH net-next v3] skbuff: Introduce slab_build_skb()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]