Message ID | 20240219074733.122080-19-weijiang.yang@intel.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1137472dyc; Sun, 18 Feb 2024 23:57:35 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWXQTEvZ+9QJPJ6LjFJJmScInr441d1cAxi3O7NfoQiTf6ZF5K9v9qEnCq1mEXLciOD3CjbKDUJwD1kzQFvWShH0CMjkg== X-Google-Smtp-Source: AGHT+IEoLIJOjqqP9s687qkli+Ah5zejfB6GOb+PMOnmikDkeCt2mCHbfE1yTpfULvOa4XVSjpOn X-Received: by 2002:a0d:d952:0:b0:5f7:5054:19da with SMTP id b79-20020a0dd952000000b005f7505419damr10904681ywe.46.1708329455704; Sun, 18 Feb 2024 23:57:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708329455; cv=pass; d=google.com; s=arc-20160816; b=VVACV8rX0EWKBXZNn+3Un85wMGBoYWeT6IJ53rtEs6VooEmuXWW5M4jgmex4BW7/71 fBQf98tAzHuN66lnqwgSAV3BKUHxvVe+8035NDGlN277KCpyo8HUIwl4Xwmyl6IeIyko gZzuJ11USqsEzzd++fcuA4EfTYpwifqgFVLktufhH1MwMs6EVqra6GBJxoe7bZ7pAMZP SksV7vtntQ3i9JxgXFRYv5lIeVahEhg3HyCTVkRDSzs+VfpXrSk8OezLt/h9+ch24Ytc I1WTabBwIyu7xqjZKzfzKsJwm7sK7F5kIfkB06SHez2GPG2p6ENtG4lqNTmYrniFPOzK xFuw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=4j1PkMI4NxXSz7/ndF4DBwb+3tVxxnSayJTSq+OP6xk=; fh=LPLhCyqdstfYntP3j8tSM5eS1+396b4RiC07fH1OEjg=; b=FObeFXGLsUgCED5Ewx32lKuWNkWwTzGk6S3CHm9butMx75xxxGO255VI2R1dw+yE79 O4MQU7pZxlicBSZDG2f5vslz9h7NkgB82Gd9oV/QNXoTBlui6+Zn2y+Zd+BmOH9gkh4O m3qiWDgS24yvAjygOKafbJUn/liy1Lm2KQ0RUzSpRwgJxXU2IWF44rvyf3yhWkNQM6Eu A3cWDXFLN9G/3ZtY2iaiIY/wESlaeSjo6nVKqD3shNC1240grpZx0JuR35LV5t7YRwBx StyoUNMP7Yv/PGv5J9QBbtwpOcK0uHY8O34tIX3uCq6stPi1IjGbH83tKP0gJsGzxJo5 MA/g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z8KgaNXc; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id h11-20020ac8744b000000b0042da9184e83si5457406qtr.268.2024.02.18.23.57.35 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 23:57:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z8KgaNXc; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-70883-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 722BA1C21B22 for <ouuuleilei@gmail.com>; Mon, 19 Feb 2024 07:57:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2848941C84; Mon, 19 Feb 2024 07:48:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Z8KgaNXc" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EE5736126; Mon, 19 Feb 2024 07:47:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708328876; cv=none; b=CGiDSjL3+hA2+LaRSECJC0kh5evMn9KmV92P4I3lFibZQ4lbQKp4/5ThL/dBDX2ZLFLhNR8EYOPakxe+wlaaa5yApubvuI4HVK5IIt+81WKTyYpsiA3eMZPMeH+rTWHXwi6WniSy+C0Liuu/jP4ChISI5TgLFTJnmrv3m5nKApc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708328876; c=relaxed/simple; bh=1oiB8Ecsu9nSN1HnISHg9tKNmX0Jqyokz3Hwfr97W7A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fRAW77fq1giaSH5QuTWZslogH1dSBTFGvu9oy4qlVeAHwZsz556JbyYDkg109TdtPOjX+MqVyk6Z3ivVdtyzZawBf/9KW3Rk3mBcQxcgmKij7rnU3zRkcZgzbxxmGMR69OBhcGU3WrqAiuxlXV1Ry/deFcfhWwDgljBgvOdrvgA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Z8KgaNXc; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708328874; x=1739864874; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1oiB8Ecsu9nSN1HnISHg9tKNmX0Jqyokz3Hwfr97W7A=; b=Z8KgaNXc9SIEpE0MlzxQR3izSzS8rHix0VKU3bAF1TpG0rhJreWxrwyH o05GxXaNAAy1Yrxg2A6S0VSk40e5Yp+iGUMuk2idt887jaowu6lP63FDI iF84iPp9nkbcg4aSe1mnzlZA2g+He3rO+/vwowAjXQHZ684PAaId5Qf12 /RzSG0trdGcGUXOjT2iVWsXv8qT1eLp0br+l2I6uNhakAnfOUq4DVRE/E I60bpeEtDuiJw8j2Z//RIYkBdQK0bygm1KnQQDSWHKBJPn5Y4PWvRM1jn Eo0mzUiRirQ4EWPcqSX9G1IVKSItvYjHFkFBUtreMqOUcxMmUlAzsjMoD Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10988"; a="2535128" X-IronPort-AV: E=Sophos;i="6.06,170,1705392000"; d="scan'208";a="2535128" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2024 23:47:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10988"; a="826966111" X-IronPort-AV: E=Sophos;i="6.06,170,1705392000"; d="scan'208";a="826966111" Received: from jf.jf.intel.com (HELO jf.intel.com) ([10.165.9.183]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2024 23:47:44 -0800 From: Yang Weijiang <weijiang.yang@intel.com> To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z <yi.z.zhang@linux.intel.com> Subject: [PATCH v10 18/27] KVM: VMX: Introduce CET VMCS fields and control bits Date: Sun, 18 Feb 2024 23:47:24 -0800 Message-ID: <20240219074733.122080-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240219074733.122080-1-weijiang.yang@intel.com> References: <20240219074733.122080-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791313267612511897 X-GMAIL-MSGID: 1791313267612511897 |
Series |
Enable CET Virtualization
|
|
Commit Message
Yang, Weijiang
Feb. 19, 2024, 7:47 a.m. UTC
Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that have no CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores current active SSP. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> Reviewed-by: Chao Gao <chao.gao@intel.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0e73616b82f3..451fd4f4fedc 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /*