Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp809450imu; Wed, 23 Jan 2019 06:08:20 -0800 (PST) X-Google-Smtp-Source: ALg8bN4gkQriJqc4mSqBqAsanXQmrqd2hsF0i/SzzTQjuBHfLEQhgXtwZgjGNsY8RxTd0s0fWlyH X-Received: by 2002:a63:f65:: with SMTP id 37mr2071725pgp.238.1548252500407; Wed, 23 Jan 2019 06:08:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548252500; cv=none; d=google.com; s=arc-20160816; b=gvTe+TarHZkcJn6qbvdvblBPA1vvwXNifpN2xRhakQvYJA6D5Y3hp4Ex7psXlCZ4HG 7he/fEH1+BujmqBgn6Pfs6hS4w07qCg/9eUNOQuItvskIwvXLezvxEuCiyDx1/FEB37k lFgMc3FdEZ5flIRsUg8Z0fVmZrhUTgyG7mPzigqYwqz4C44yQZfVbtZcDg5T53rF27QA kddO78m/xiyUxsxTI3MeJeVFxd7+GIwRF9C5Phy7K5WrScnwNq2XwvpAhzVPW7aUlT6I 9vZ1S1AsZal/58yVYDr7h/W0o1S0zZVN/rqZ89O+1z5WKqO264d6Jh8mEfjfQQxVZoD0 8StA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=YfLm2ThYv7h8wajzQksjmBZtjhat0yoIbaPxHg7yE8s=; b=hGe2p7N1QGSdMY9WxYrxYB927AbMNOcHsz4qdsbXTZ0CYPpSAfGckIkgrw1S2r/CIA 7pjy6T645TTM3RIcdfP56dqvmvcl8tDVVDofdFnYRreKRUJzjrd2c8hmzE1UVuiqZuJA h4xt6HBIpA6mGpD+r6rS62pKbO59kFm1H8o5kpZAaV74aZ1qBC2PUnjtDi1xztObaGEp Pv4AAGKqFUYKWEayXliXI0BtZGwN83iWwmORSfE0JdFzeg/EYNHjM3PJ/3bUFxnTS9ER /qno+hAUclAL7VqNpQ/WifV/q/qcRZcJ5PlQRQdHaTzQSjhwexNk+leYM4f6j1tvp0Fn GvPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p23si18348131plo.7.2019.01.23.06.08.05; Wed, 23 Jan 2019 06:08:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727070AbfAWOGn (ORCPT + 99 others); Wed, 23 Jan 2019 09:06:43 -0500 Received: from mga17.intel.com ([192.55.52.151]:53944 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726995AbfAWOGi (ORCPT ); Wed, 23 Jan 2019 09:06:38 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2019 06:06:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,511,1539673200"; d="scan'208";a="140622288" Received: from local-michael-cet-test.sh.intel.com ([10.239.159.128]) by fmsmga001.fm.intel.com with ESMTP; 23 Jan 2019 06:06:34 -0800 From: Yang Weijiang To: pbonzini@redhat.com, rkrcmar@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, mst@redhat.com, yu-cheng.yu@intel.com, yi.z.zhang@intel.com, hjl.tools@gmail.com Cc: weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v2 6/7] KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest Date: Wed, 23 Jan 2019 04:59:08 +0800 Message-Id: <20190122205909.24165-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190122205909.24165-1-weijiang.yang@intel.com> References: <20190122205909.24165-1-weijiang.yang@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Load Guest CET state" bit controls whether guest CET states will be loaded on Guest entry. Before doing that, KVM needs to check if CET feature is exposed to Guest. Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 68c0e5e41cb1..9c8cecac80ea 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -55,6 +55,7 @@ #include #include #include +#include #include "trace.h" #include "pmu.h" @@ -4065,6 +4066,18 @@ static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, return !(val & ~valid_bits); } +static int vmx_guest_cet_cap(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + int r = 0; + + best = kvm_find_cpuid_entry(vcpu, 7, 0); + if (best && best->function == 0x7) + r = (best->ecx & bit(X86_FEATURE_SHSTK)) | + (best->edx & bit(X86_FEATURE_IBT)) ? 1 : 0; + return r; +} + static int vmx_get_msr_feature(struct kvm_msr_entry *msr) { switch (msr->index) { @@ -5409,6 +5422,26 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + /* + * To enable Guest CET, first check if Guest CET feature is + * available, if it's not available but its CR4.CET is being set, + * return a fault to Guest; then check if Host CET is enabled and + * CR4.CET is toggled, if they are, then enable loading CET state + * bit in entry control, otherwise, clear the bit to + * disable guest CET state loading. + */ + if (vmx_guest_cet_cap(vcpu)) { + if (hw_cr4 & cr4 & X86_CR4_CET) { + vmcs_set_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + } else { + vmcs_clear_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + } + } else if (cr4 & X86_CR4_CET) { + return 1; + } + if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4)) return 1; -- 2.17.1