From patchwork Thu Dec 21 14:02:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182083 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285509dyi; Thu, 21 Dec 2023 01:18:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGqFha424Y9MGKLCPluoVpczCBTUYZI2NDpSTalZ0XhLjk3QYbGwgsaM7dVYzLQalru4/xy X-Received: by 2002:a9d:74cd:0:b0:6d9:f71c:ce8a with SMTP id a13-20020a9d74cd000000b006d9f71cce8amr22429941otl.26.1703150314424; Thu, 21 Dec 2023 01:18:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150314; cv=none; d=google.com; s=arc-20160816; b=nO7dMsMP8gKzUmWaK90zMbV2zIbLlFyxz05BrQ79tO5Uz0ez2LzH4F7eIIuLCkYnHJ AvEa3wy2aQa2eAyH/+ibG9e/bY4T87MFGR/Q7h7hBOrVfYUQHuSt9BUYtXcyJ1GhIumB Wb9ILndEhEfy518sGxFzXolDCLGEMBr0rLEqYFsNktYjtvwJBVDRATIqDMtKZSZrkcmU /NH3/CIz4vamsV6CuKlWipHdWc5NU72mfNx6JutvyA/KySW2r7tUw1EveL478z1ZSUPm TEVKaJk75pvg22fIiq9t7BrATMixKBeZ6jU12nDSP9w/wuT1miI52pYpvkWXRrYlrhIr kJsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=rcWaR+yiGdoTGspD+NvygDz+Rk8ahPn5psAm2Get8vo=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=BCcUCgUNTS61KtinzOH/k1Ae15vR5hWhrBS//PgO/L+973OTzCxdVRnLSDBUAjGK8F QfUsx4QzfHF2SlUmok91YegXC6zZdcPklO8d/ubheNRlbJOxlPw/hkFn0JixQSndzTxx RdoQQWZXOpcoM6mDloxzIt1HAngKUfAtEMVMREoPJp1CA1O8hSFTxGR66nO//loTzzCY 9OC1CZJi5MiYGZSRrnWuBD2H5oQ2S6WzAuv05JB1vhb1fmfq5gIAlAO73+vy+lDKG7Sf 3nolJtxexdG88mNqWMK+lcw17HMRNLZUfUm8uuyPOm+t6xpNQ2115fCi4n1+OpaVvXow DgPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HP4bYwHe; spf=pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id k65-20020a632444000000b005c6091a7ebcsi1268813pgk.231.2023.12.21.01.18.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:18:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HP4bYwHe; spf=pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2140628680D for ; Thu, 21 Dec 2023 09:18:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D9D0958AC7; Thu, 21 Dec 2023 09:03:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HP4bYwHe" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C3C756390; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149433; x=1734685433; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ky/X9OZtJn3bDUIMsiZj6Q/CKpBiasfn5wmoF4H7EIQ=; b=HP4bYwHeBsjZ0gFZQPOzJiXiszsrxhfub4hIcBJhAcyyWceq6G399mrf WjSdr0Q1dCj1VcjPsyKNATO7j+BTcQgzjJBFjAl2R30XkW5+5aBMWtUJY I4RGhEtkVlKKLIxJTnpCE8NOgN9TbEefgG80O1AiBDob4+oofRYnrsr+c bDyrRBHHNz4WMbl7OpTCUeLQDOdlf1Wv+UB2/xA2Ex2JEl7jhGHiGPKvp fujF11srDAGUSSYyV6IrHhIeXOhvI1KbLF3IZjS7k46+iS+bUqPUMklFh TmzxNRg1lnIW3dFrk4q2+KmXTlpPRar1aR8YdP85FTr8Y4HU/RfaVeCxZ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729689" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729689" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028612" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028612" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 16/26] KVM: x86: Add fault checks for guest CR4.CET setting Date: Thu, 21 Dec 2023 09:02:29 -0500 Message-Id: <20231221140239.4349-17-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882543991634904 X-GMAIL-MSGID: 1785882543991634904 Check potential faults for CR4.CET setting per Intel SDM requirements. CET can be enabled if and only if CR0.WP == 1, i.e. setting CR4.CET == 1 faults if CR0.WP == 0 and setting CR0.WP == 0 fails if CR4.CET == 1. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index bde780ae69bf..b418e4f5277b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1006,6 +1006,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1217,6 +1220,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); kvm_post_set_cr4(vcpu, old_cr4, cr4);