On 9/22/2025 3:17 PM, Binbin Wu wrote:
>
>
> On 9/20/2025 6:32 AM, Sean Christopherson wrote:
>> Add PFERR_SS_MASK, a.k.a. Shadow Stack access, and WARN if KVM attempts to
>> check permissions for a Shadow Stack access as KVM hasn't been taught to
>> understand the magic Writable=0,Dirty=0 combination that is required for
Typo:
Writable=0,Dirty=0 -> Writable=0,Dirty=1
>> Shadow Stack accesses, and likely will never learn. There are no plans to
>> support Shadow Stacks with the Shadow MMU, and the emulator rejects all
>> instructions that affect Shadow Stacks, i.e. it should be impossible for
>> KVM to observe a #PF due to a shadow stack access.
>>
>> Signed-off-by: Sean Christopherson <seanjc@google.com>
>
> Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
>
>> ---
>> arch/x86/include/asm/kvm_host.h | 1 +
>> arch/x86/kvm/mmu.h | 2 +-
>> 2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
>> index 7a7e6356a8dd..554d83ff6135 100644
>> --- a/arch/x86/include/asm/kvm_host.h
>> +++ b/arch/x86/include/asm/kvm_host.h
>> @@ -267,6 +267,7 @@ enum x86_intercept_stage;
>> #define PFERR_RSVD_MASK BIT(3)
>> #define PFERR_FETCH_MASK BIT(4)
>> #define PFERR_PK_MASK BIT(5)
>> +#define PFERR_SS_MASK BIT(6)
>> #define PFERR_SGX_MASK BIT(15)
>> #define PFERR_GUEST_RMP_MASK BIT_ULL(31)
>> #define PFERR_GUEST_FINAL_MASK BIT_ULL(32)
>> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
>> index b4b6860ab971..f63074048ec6 100644
>> --- a/arch/x86/kvm/mmu.h
>> +++ b/arch/x86/kvm/mmu.h
>> @@ -212,7 +212,7 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
>> fault = (mmu->permissions[index] >> pte_access) & 1;
>> - WARN_ON(pfec & (PFERR_PK_MASK | PFERR_RSVD_MASK));
>> + WARN_ON_ONCE(pfec & (PFERR_PK_MASK | PFERR_SS_MASK | PFERR_RSVD_MASK));
>> if (unlikely(mmu->pkru_mask)) {
>> u32 pkru_bits, offset;
>
>