From patchwork Fri Apr 21 13:46:06 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang, Weijiang" <weijiang.yang@intel.com>
X-Patchwork-Id: 86431
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1211743vqo;
        Fri, 21 Apr 2023 10:01:08 -0700 (PDT)
X-Google-Smtp-Source: 
 AKy350buomDkke6Gl2vMthy6MDlgoDkEdf3brbYwUMmPzUBXakukYKI64AXwCgMw4TWuf+HfqREV
X-Received: by 2002:a17:902:e752:b0:1a6:955c:6329 with SMTP id
 p18-20020a170902e75200b001a6955c6329mr7878812plf.22.1682096468479;
        Fri, 21 Apr 2023 10:01:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682096468; cv=none;
        d=google.com; s=arc-20160816;
        b=XNiFjLiVodO//C8OC7Gzn8ucjFgRzNSGOraLZBy29msUIRhYv53x2LUFbtl/AK075V
         WyAkHBw8SsKJx3bvhbN2xdjqd3ild710+NKh0auYBaHVvvToSZzbeHk67jgMWh4yuaNu
         p7mA+Kr8IOfYt/tKk5lH4P+GpB/XcMVjmU6S4UxGF6rKZ0z5NEV8ty6Tupzdl5wD0VwN
         JawkETYl7oUrjAy6N7xII1ad/Hlm4d3GcL9I3qIuW30ZTJJzuQeRrsLbwejNTG/2p5kT
         b7uobIdbfCiuZA5/Oha092Dk9tjXbSpL1qp+t6LN0F/8tVkGjgchJ4ueaD8Z/st/P+b5
         M/Cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=9Pl12vdSaPd0RVKsu10e6K4o+cCHyalDCbjv8dgkG80=;
        b=dYnoCNnQcaLFZo5h0jvz5Z1vLZVq2JpegWDPqKT9xz0KSqGMVoN1VxnLVkipkjS+wW
         u6c4bgr+c8Ob1/DvABRCL3Ky9g8TLGn2RkuOaN2svEN1+RzsJMnI26EsiFdvaqVRCZof
         wVX55iTGP3a4ryxlKXCaVygHIMEEoUjkrc9pN4S1DQa8Nawb/yY6izDPtG/i620aeDTO
         oXpUFa16RR5JFum93Wb0Hxmo/LmNjTGwkjB0X0bg8stw3veFCx/soeFW21N49imqKZH+
         4SJiVBaz2mvQT7qcz1H1v46/AJCsiDUE1nTuKOEqyde6VQs9ui6Ac5flM+SIn0wBf5BN
         5SSw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=OCJD9WK9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 z17-20020a170903019100b0019abec982c2si5452520plg.77.2023.04.21.10.00.53;
        Fri, 21 Apr 2023 10:01:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=OCJD9WK9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233361AbjDUQvc (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
        Fri, 21 Apr 2023 12:51:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57558 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233280AbjDUQu6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Apr 2023 12:50:58 -0400
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64A4615475;
        Fri, 21 Apr 2023 09:50:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1682095850; x=1713631850;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=fm6A54UaKJ7/SItL0KZhWViv4pMOGNnxyKhl8jQnT5A=;
  b=OCJD9WK9V1Gp3CFgLCRWqOCW/tQ7evWU6S5WxIRuWMTRU8UKd4NUSciS
   ikkGFTSIgupp3a1dZ9j9Hk0s9+R2y8ja4V/hFLJAqmTmZQiSStNoa7KbK
   SNeMPn9UV68sBYkiC9JhvorbvVbKCef2TGatlmvf47SJTtYhtGwHlVigY
   WD7TWPDOQrdxHQsMBaUa55KcICQ0raIPbk8aDVwAD8wGCSiGQU6OVxjhv
   sSmyfmpCT2HSeNR2B83QpCbs8Px1tY1Fw3nNGCw06M0BklFWLMNpK3HpS
   bWvNbeGjhmSmfq4j3tkrsuGxorAgviT/iAXoNoF5cJi5PFXtm3EEFmf8/
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10687"; a="344787026"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="344787026"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Apr 2023 09:50:46 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10687"; a="722817399"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200";
   d="scan'208";a="722817399"
Received: from embargo.jf.intel.com ([10.165.9.183])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Apr 2023 09:50:44 -0700
From: Yang Weijiang <weijiang.yang@intel.com>
To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org,
        john.allen@amd.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc: rick.p.edgecombe@intel.com, weijiang.yang@intel.com,
        Sean Christopherson <sean.j.christopherson@intel.com>
Subject: [PATCH v2 12/21] KVM:x86: Add fault checks for guest CR4.CET setting
Date: Fri, 21 Apr 2023 09:46:06 -0400
Message-Id: <20230421134615.62539-13-weijiang.yang@intel.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20230421134615.62539-1-weijiang.yang@intel.com>
References: <20230421134615.62539-1-weijiang.yang@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06,
        DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,
        URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1763805986194984875?=
X-GMAIL-MSGID: =?utf-8?q?1763805986194984875?=

Check potential faults for CR4.CET setting per Intel SDM.
CR4.CET is the master control bit for CET features (SHSTK and IBT).
In addition to basic support checks, CET can be enabled if and only
if CR0.WP==1, i.e. setting CR4.CET=1 faults if CR0.WP==0 and setting
CR0.WP=0 fails if CR4.CET==1.

Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/kvm/x86.c | 6 ++++++
 arch/x86/kvm/x86.h | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a768cbf3fbb7..7cd7f6755acd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -995,6 +995,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
 	    (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE)))
 		return 1;
 
+	if (!(cr0 & X86_CR0_WP) && kvm_read_cr4_bits(vcpu, X86_CR4_CET))
+		return 1;
+
 	static_call(kvm_x86_set_cr0)(vcpu, cr0);
 
 	kvm_post_set_cr0(vcpu, old_cr0, cr0);
@@ -1210,6 +1213,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 			return 1;
 	}
 
+	if ((cr4 & X86_CR4_CET) && !(kvm_read_cr0(vcpu) & X86_CR0_WP))
+		return 1;
+
 	static_call(kvm_x86_set_cr4)(vcpu, cr4);
 
 	kvm_post_set_cr4(vcpu, old_cr4, cr4);
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 2ba7c7fc4846..daadd5330dae 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -536,6 +536,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type);
 		__reserved_bits |= X86_CR4_VMXE;        \
 	if (!__cpu_has(__c, X86_FEATURE_PCID))          \
 		__reserved_bits |= X86_CR4_PCIDE;       \
+	if (!__cpu_has(__c, X86_FEATURE_SHSTK) &&	\
+	    !__cpu_has(__c, X86_FEATURE_IBT))		\
+		__reserved_bits |= X86_CR4_CET;		\
 	__reserved_bits;                                \
 })