From patchwork Thu Dec 21 14:02:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182087 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285944dyi; Thu, 21 Dec 2023 01:19:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IE3uuoorxAKvQopu2hv+0s4XH5eEXC4YDTSt/Y14Og7cu4lwmbNoepcakHK/FIoRLZCSSGi X-Received: by 2002:a05:6214:f28:b0:67e:f91c:bac7 with SMTP id iw8-20020a0562140f2800b0067ef91cbac7mr521896qvb.39.1703150394231; Thu, 21 Dec 2023 01:19:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150394; cv=none; d=google.com; s=arc-20160816; b=K9vhYIU58jO8oBoYZr+gGXYFZFqyL04NiyBYu726lZ2SLLilyCIQ8gVuavmf73Pitc 6OPKDcYqli+pU/5uzv6o5hNt9+92GXRUL6Qeoqu/D1uVSKU4g6expRVUqJ3Idb/84BO5 yY72HsVegbiBiEOEMA2HH9JqB/GGogMBs62FZduH0qf10C3kmU5wDV+j82xNWC/8BI8t K16ZUVMPmVPAHoQUJun53i9YshPNwMIEACjgcmK00VnJyRjoZN8dPXXv4KD0M4xtVuN5 EjhrFdARZI0o29NVz4UDIGTuYjfbtbl2nWSEM+6fDVNNjA6SugdwrZBTdHgfa2UQdvC4 7m9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=bFsaq7ZDpXPjZd856rU5LGTdBbJYbWNlE9z86mc9Jis=; fh=GH5waOuli6h9Set3ggYc/VU0NXbCWcgfIqnPtXKiONQ=; b=rkvdwhOof+C3iKcSjI362j5NunI+lYXeV3OzjOfKBDCIpokobeWYdgWzOl6J+mNI4a Lr1APuu1lmOUZpVuVdAsKOjMLd2p6Me+mjgZmNDl0EnVTiueILu7lCfz9je9+2sVjncj RDIaOCAa65/gHT+Iz6j4J4Nr/Yth9bj+xWz+F4J5qIaRHh0AbeexjLBBWXeSJ7cSL9qX fHq7LaZHjvfOJGildmfQq+i/tWYQT6im4wjpIFJnZ5ujKtJi1g2nU+qSCaJAMnAOGP8E FKg4dOEIqkzSF+WPIywPHrjII+Md1YBvtBW2xzmRJbXjDAyrC9oYIpuArvu3S6FSNPyT 3vZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HXq8C5h9; spf=pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a19-20020a0ce353000000b0067ade4b5b48si1721764qvm.74.2023.12.21.01.19.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HXq8C5h9; spf=pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D459C1C21060 for ; Thu, 21 Dec 2023 09:19:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CF5F15A869; Thu, 21 Dec 2023 09:03:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HXq8C5h9" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54BDF55C28; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149433; x=1734685433; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ky/BGy7YdiRQEiX3OiH3FB749KKoV/jpv2wQq4kCc/0=; b=HXq8C5h9PnCGFsidjcjhd+j8LbqCdWB+k8wnWaHjwIMsXnPvf9AVpg+r P9PL1Jrqfi3IYbTkugnNcUZMhGCJUOlJIZJ4LiFz5XDqN1dkvsq77ghVe R/2Rf+T1+lexkTLameGtRVxWz7CXCMcI5bfmLdX9UuzFtlZHugnqjJp2W XKSGxJD2nnYOr0YR88fXFCsRw23soqojf3vncKcPDtpLegz98YM1buDoq QN3ArbDZ8VSpmvKeGKQoc6m3p9xusRfAXxokt2g6eMy0R6qn58Woa29iT DHU0QpSxmZkhzQ66roo2fuMgoM2UwCHTa6J2V6bbtQXf1Ep2sLODEheVv g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729679" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729679" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028622" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028622" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v8 18/26] KVM: VMX: Introduce CET VMCS fields and control bits Date: Thu, 21 Dec 2023 09:02:31 -0500 Message-Id: <20231221140239.4349-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882627775690191 X-GMAIL-MSGID: 1785882627775690191 Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that have no CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores current active SSP. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0e73616b82f3..451fd4f4fedc 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /*