[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86: Enumeration for Control-flow Enforcement Technology


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 21 Apr 2020 11:33:41 +0100
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 21 Apr 2020 10:33:54 +0000
  • Ironport-sdr: CTj4r/FoTU0XdijLSqw9ics0an6TeNYyw1SIKjvHGynHI4DRm8BOEaObiHQ8VOlkeE969JEl+t jVb8vTZ8UlWElfbCUj4r09D7w7YTzFGK7z35HIQY5U/EIEXU5/m8WBOf7Bav05xmoCdnYBOmol B2eHDZcjaj/cx8mAP748+p53fykvbPN2RULRt8FTnZ/PEp5PRk0+F+bJeCxH3NlzY40aIm0Ur8 Pz6gq/rJQAyp1FV2Kpn/HpH41HWMfYhrt0zb/JXrwT/I2WsoZSTfSuNqWZ1jWmmuLptdPix1z0 QLY=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 21/04/2020 08:11, Jan Beulich wrote:
> On 20.04.2020 21:08, Andrew Cooper wrote:
>> --- a/xen/include/public/arch-x86/cpufeatureset.h
>> +++ b/xen/include/public/arch-x86/cpufeatureset.h
>> @@ -229,6 +229,7 @@ XEN_CPUFEATURE(UMIP,          6*32+ 2) /*S  User Mode 
>> Instruction Prevention */
>>  XEN_CPUFEATURE(PKU,           6*32+ 3) /*H  Protection Keys for Userspace */
>>  XEN_CPUFEATURE(OSPKE,         6*32+ 4) /*!  OS Protection Keys Enable */
>>  XEN_CPUFEATURE(AVX512_VBMI2,  6*32+ 6) /*A  Additional AVX-512 Vector Byte 
>> Manipulation Instrs */
>> +XEN_CPUFEATURE(CET_SS,        6*32+ 7) /*   CET - Shadow Stacks */
>>  XEN_CPUFEATURE(GFNI,          6*32+ 8) /*A  Galois Field Instrs */
>>  XEN_CPUFEATURE(VAES,          6*32+ 9) /*A  Vector AES Instrs */
>>  XEN_CPUFEATURE(VPCLMULQDQ,    6*32+10) /*A  Vector Carry-less 
>> Multiplication Instrs */
>> @@ -255,6 +256,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A  AVX512 
>> Multiply Accumulation Single
>>  XEN_CPUFEATURE(MD_CLEAR,      9*32+10) /*A  VERW clears microarchitectural 
>> buffers */
>>  XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */
>>  XEN_CPUFEATURE(IBRSB,         9*32+26) /*A  IBRS and IBPB support (used by 
>> Intel) */
>> +XEN_CPUFEATURE(CET_IBT,       6*32+20) /*   CET - Indirect Branch Tracking 
>> */
> s/6/9/, moved up a line, and then

Oops.  I only spotted during final review that CET-SS and CET-IBT are in
different feature leaves, then failed at adjusting the CET-IBT adequately.

> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks,

>
> I take it you intentionally don't mean to add #CP related bits yet,
> first and foremost TRAP_control_flow or some such, as well as its
> error code bits? Nor definitions for the bits within the MSRs you
> add, nor XSAVE pieces?

Those pieces aren't necessary to hide the MSRs, whereas this patch wants
backporting in due course.  Every "make the MSRs have correct
architectural properties" will until MSR handling is fixed properly (and
by this, I mean no default cases which leak state/availability, or
discard writes).

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.