From nobody Tue Feb 10 23:11:53 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D86FC77B7C for ; Thu, 11 May 2023 07:15:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237510AbjEKHPF (ORCPT ); Thu, 11 May 2023 03:15:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237521AbjEKHOV (ORCPT ); Thu, 11 May 2023 03:14:21 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FF2386B5; Thu, 11 May 2023 00:13:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683789235; x=1715325235; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mKznbbQmhJ6bKxVw03U0lSS5TRRLL1ugJjkxLjC4Lyc=; b=MDbHMgZPZKNp+vuVOAXsnE0/fOVXfBy0rUG+bmkTc9oiC+I9iSO5cZaA G0ntLFx1NA80dxDbBWkb0oONK/lGgciVtdC1dvv9AqGYySqeAhatUxoAX sHnUQbWePsasbkr+zi+7p5Vp/Kjnd4jak0XbTrVLgg3sq2E/sbPRs214s A0HS5SejnT8Mgh+X8RTy+P/ExHY20YOBTRgpI4FNrGpPGhaynJmSBjPHj 4lA+zocicAjlZfN+SwGwO7jcPsiv5FyshLvGRaTCoBtMvVcNPIZjdzjxs F5Ot0UmWbeUX8MNrVJCBQRms+DBr1ifMHDSEbfG1EvY0YlZZg9hakXefP g==; X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="334896662" X-IronPort-AV: E=Sophos;i="5.99,266,1677571200"; d="scan'208";a="334896662" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2023 00:13:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="1029512374" X-IronPort-AV: E=Sophos;i="5.99,266,1677571200"; d="scan'208";a="1029512374" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2023 00:13:25 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, rppt@kernel.org, binbin.wu@linux.intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, Sean Christopherson Subject: [PATCH v3 12/21] KVM:x86: Add fault checks for guest CR4.CET setting Date: Thu, 11 May 2023 00:08:48 -0400 Message-Id: <20230511040857.6094-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230511040857.6094-1-weijiang.yang@intel.com> References: <20230511040857.6094-1-weijiang.yang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Check potential faults for CR4.CET setting per Intel SDM. CR4.CET is the master control bit for CET features (SHSTK and IBT). In addition to basic support checks, CET can be enabled if and only if CR0.WP=3D=3D1, i.e. setting CR4.CET=3D1 faults if CR0.WP=3D=3D0 and sett= ing CR0.WP=3D0 fails if CR4.CET=3D=3D1. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a768cbf3fbb7..b6eec9143129 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -995,6 +995,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr= 0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; =20 + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); =20 kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1210,6 +1213,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long = cr4) return 1; } =20 + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); =20 kvm_post_set_cr4(vcpu, old_cr4, cr4); --=20 2.27.0