Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp251391img; Mon, 25 Feb 2019 22:33:49 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ+UjZ1//ddf9KKiiZn1qr6n5z3vfA8pv9FO8TsMXsJ9gWCmwTmdWx9OedQ4fntvDpx8Eem X-Received: by 2002:a62:1981:: with SMTP id 123mr24316943pfz.69.1551162829343; Mon, 25 Feb 2019 22:33:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551162829; cv=none; d=google.com; s=arc-20160816; b=mHFGhPS/0leMqOCaofDiQVuuz+4ht+kh3Z615cDhO6GZQUVfXLo4LDXCSGjbePjb8O TdWeYQXWLjcaSTZUFZmREl5LDs5tku0VOWm8dB8jesLBqzqva5aejLlSSVS1vZE2gepA myv3Ep8o+rERf0MqkObQC0GhM5iZMu7JudB4twH+PSHz/b0spakJ/BqrrBkvPBu38yyV 9uIMk4jO21dfkO6qWqQ3jJRyYczlPpn7CvrRaepNVMCe7mFQw3Dvp5xQuoNZmjShRYZg rM7A9uxP0mV0bWhG3pSqFcke8NASK+NYAbC+VmbF0Zfibbyq9hGTLwgtWUTF3wkrrFSw Rw6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=2BOFjuhFT3h1HpHmWFKdV9CFddWXy0jancxkSQ08+Bo=; b=YoX6iTo3qZkgPV5UWc3SQej6Owy//ulRi+jNVVx+sX5bI3Qr8yd/pV08H6zh3iZeLv mF4AENRssVDClQydA2B2WqxpqDCu57wMEkHWR4B4j14RMBvN/PHC0Fu3VrQuayLBRTos Ni9pqUvva/eDhfnpN27dQsYgC3R2zgdNxW9JyUxKsZUurgaNinlOdPUaQWltLUF3adu3 CUu5FWMtZi1q2BnauQs7CJFQkDu2LwKeL1BCZqz/Lt5xJHpGojoV06Y5aZc9sk8/S71m yToijYeQ75PY6nmBYzWpPvaOqHH4lkkCX6pjydjee4Y/YBNiJpZHTzEoPkWIVcw58uHl 1w6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j192si11653319pgc.415.2019.02.25.22.33.34; Mon, 25 Feb 2019 22:33:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726810AbfBZGdA (ORCPT + 99 others); Tue, 26 Feb 2019 01:33:00 -0500 Received: from mga17.intel.com ([192.55.52.151]:18116 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726781AbfBZGc5 (ORCPT ); Tue, 26 Feb 2019 01:32:57 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Feb 2019 22:32:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,414,1544515200"; d="scan'208";a="141666175" Received: from local-michael-cet-test.sh.intel.com ([10.239.159.128]) by orsmga001.jf.intel.com with ESMTP; 25 Feb 2019 22:32:55 -0800 From: Yang Weijiang To: pbonzini@redhat.com, rkrcmar@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, mst@redhat.com, yu-cheng.yu@intel.com Cc: Yang Weijiang , Zhang Yi Z Subject: [PATCH v3 6/8] KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest Date: Mon, 25 Feb 2019 21:27:14 +0800 Message-Id: <20190225132716.6982-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190225132716.6982-1-weijiang.yang@intel.com> References: <20190225132716.6982-1-weijiang.yang@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Load Guest CET state" bit controls whether guest CET states will be loaded at Guest entry. Before doing that, KVM needs to check if CPU CET feature is available. Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 89ee086e1729..d32cee9ee079 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -55,6 +55,7 @@ #include #include #include +#include #include "trace.h" #include "pmu.h" @@ -4065,6 +4066,20 @@ static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, return !(val & ~valid_bits); } +static int vmx_guest_cet_cap(struct kvm_vcpu *vcpu) +{ + u32 eax, ebx, ecx, edx; + + /* + * Guest CET can work as long as HW supports the feature, independent + * to Host SW enabling status. + */ + cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); + + return ((ecx & bit(X86_FEATURE_SHSTK)) | + (edx & bit(X86_FEATURE_IBT))) ? 1 : 0; +} + static int vmx_get_msr_feature(struct kvm_msr_entry *msr) { switch (msr->index) { @@ -5409,6 +5424,23 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + /* + * To enable Guest CET, check whether CPU CET feature is + * available, if it's there, set Guest CET state loading bit + * per CR4.CET status, otherwise, return a fault to Guest. + */ + if (vmx_guest_cet_cap(vcpu)) { + if (cr4 & X86_CR4_CET) { + vmcs_set_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + } else { + vmcs_clear_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + } + } else if (cr4 & X86_CR4_CET) { + return 1; + } + if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4)) return 1; -- 2.17.1