Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp251089img; Mon, 25 Feb 2019 22:33:25 -0800 (PST) X-Google-Smtp-Source: AHgI3IbVAXiVd6QnKZSsNpSpQC04C6uP3axdl6gCCplGCyqEi7OwjAD/mK9P/hHhG17mpsFX9A9C X-Received: by 2002:a62:c302:: with SMTP id v2mr24524937pfg.155.1551162805239; Mon, 25 Feb 2019 22:33:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551162805; cv=none; d=google.com; s=arc-20160816; b=yz3mPX6xJwipQFNRhKYxBaqaD3uypDz2naTL0xdzIvmd6VZy2v3hgN88aK1PjJ49CA 4AJoG+a2ElJFTrD4G8ApRzeZBPnqPTPmfJyiq3AlBKVbwnVQ5eit8519cg4L/GB2f1TT C9zx6EcFkhTm6n+Raft0zUZyi9GTXaoQfCDnPY+jhb33gzrhmg3xr36/VKZZXKBDyxDa jqXzGwW+3sE4gtbVynA0vnWr8HAnJQ8zVXj8mlowGVVjNIUhj7RQeJm0hUKch+jwtaNS AhBR5KQYKXs1+1UQYMm9DbbDH13k0Hoc1ASqEqGF/dGwRFPMa5rhkUH+CtiJZ5kvPW7I wbSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=ZfvXXMExtnHge9okfZDXwwZjF7HtHJfD6VQao0TfBOI=; b=ezoY+FpIycHlhiq3v6MtQ2JVjAuwFrf+gvO3L9HCpvSH6qWu/5F9vUcG7cAZHBZ/D4 9Pv4EtaSX4n21u84OsIHMbCWfntCHHw6g5SYMDuCivLBzDotJtnIVDo2Mpokl+/vZUzC ZWtugD2oSRcSQOd6H2RnLhr0SDWZ2M4WcbC/fO5h3i0l37L9PWHHlJz990AiGsZi400V eMzYTkJntqJUPXnT+mMQuCjQz4mdbP0FSEUIUbk4G9DT3Hp0cH/+cbQS6SA54/INCsPg 9ErhV0Pklpp7HQX6TUY0JVwEwUSB9VPvDhgLmJGhDgxdsQmv0+WN20zj5tP6Y+CkAbog WcKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l67si12111449pfc.147.2019.02.25.22.33.09; Mon, 25 Feb 2019 22:33:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726367AbfBZGcp (ORCPT + 99 others); Tue, 26 Feb 2019 01:32:45 -0500 Received: from mga17.intel.com ([192.55.52.151]:18105 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725879AbfBZGcp (ORCPT ); Tue, 26 Feb 2019 01:32:45 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Feb 2019 22:32:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,414,1544515200"; d="scan'208";a="141666029" Received: from local-michael-cet-test.sh.intel.com ([10.239.159.128]) by orsmga001.jf.intel.com with ESMTP; 25 Feb 2019 22:32:42 -0800 From: Yang Weijiang To: pbonzini@redhat.com, rkrcmar@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, mst@redhat.com, yu-cheng.yu@intel.com Cc: Yang Weijiang Subject: [PATCH v3 0/8] This patch-set is to enable Guest CET support Date: Mon, 25 Feb 2019 21:27:08 +0800 Message-Id: <20190225132716.6982-1-weijiang.yang@intel.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Control-flow Enforcement Technology (CET) provides protection against return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own the capability, this patch-set is required. It enables CET related CPUID report, xsaves/xrstors, vmx entry configuration etc. for Guest OS. PATCH 1 : Define CET VMCS fields and bits. PATCH 2/3 : Report CET feature support in CPUID. PATCH 4 : Fix xsaves size calculation issue. PATCH 5 : Pass through CET MSRs to Guest. PATCH 6 : Set Guest CET state auto loading bit. PATCH 7 : Enable CET xsaves bits support in XSS. PATCH 8 : Add CET MSR user space access interface. Changelog: v3: - Modified patches to make Guest CET independent to Host enabling. - Added patch 8 to add user space access for Guest CET MSR access. - Modified code comments and patch description to reflect changes. v2: - Re-ordered patch sequence, combined one patch. - Added more description for CET related VMCS fields. - Added Host CET capability check while enabling Guest CET loading bit. - Added Host CET capability check while reporting Guest CPUID(EAX=7, EXC=0). - Modified code in reporting Guest CPUID(EAX=D,ECX>=1), make it clearer. - Added Host and Guest XSS mask check while setting bits for Guest XSS. Yang Weijiang (8): KVM:VMX: Define CET VMCS fields and bits KVM:CPUID: Define CET CPUID bits and CR4.CET master enable bit. KVM:CPUID: Add CPUID support for Guest CET KVM:CPUID: Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1). KVM:VMX: Pass through host CET related MSRs to Guest. KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest KVM:X86: Add XSS bit 11 and 12 support for CET xsaves/xrstors. KVM:X86: Add user-space read/write interface for CET MSRs. arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/vmx.h | 8 ++++ arch/x86/kvm/cpuid.c | 67 ++++++++++++++++++++++++--------- arch/x86/kvm/vmx.c | 53 ++++++++++++++++++++++++-- arch/x86/kvm/x86.c | 46 ++++++++++++++++++++-- arch/x86/kvm/x86.h | 4 ++ 6 files changed, 157 insertions(+), 24 deletions(-) -- 2.17.1