Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp917294ybh; Wed, 15 Jul 2020 20:18:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQpixy7ObB+udp7f/fu16t8Dlfsx4Kv6i9IkmCPNPEe6nGmlh0J0LI/5RMhYhfalCbF7Go X-Received: by 2002:aa7:c341:: with SMTP id j1mr2610372edr.197.1594869494829; Wed, 15 Jul 2020 20:18:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594869494; cv=none; d=google.com; s=arc-20160816; b=rMuH1WiRijZ12slU3N4n71wvf0cGPiidUb1Nztu0x0trryoVW2CkO4e1PF63wmKe2u aEqCzZXF25tp4CgIWt02qq6qLlHtFV0IB+oVg+cdE/k5rG+CaJyA4YmAgJD2jiG8ucxS 0IPCihL+Juoz5MX2IzXc/iF/Cs7qmMexzizDY8Pjdu+FvpzoscWZmXgnhWjCjKIP86UL I63MV143wNqaynKMM6NnA+2kJECZEk8zucW9LvPM4Xg5UkbSlQVIKtmBXDBrI65h82vJ U5AFhIx0tfJMzg25Rfudc26xgX72urjnPQWVGkyDj3bT76kkvKaSliqKlGd47QGe1xx8 eJug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:ironport-sdr:ironport-sdr; bh=ROFsAk0Re1qUpj7NKWqaYQIXEOlrDta7AaElus3/5jw=; b=V5BpYvfVluCdcQRRayG1OBKxM0hamkvSOVTEyEED0bVkFXuA+agZb89PqEYIAyZXHX GCicd6sDpPRzakNlwBQvq2E1pMwpwk6kLGnA2HBJBcTEw3fA0a0zzrMzCdtN7nuITda7 6DlOXsf4wp6oTwXvVpZUS81uFcvvNjpB6ggOL9wG2ICYLmrhm718Z7n7f3VNt7vnLfJ9 EEyoOZQvGHUXPJUeVX5WcozVBmXERvj3BP14J8vjVaQeh9Oj2ssblp1m2aR9ax0chCUh Y9KOIUrBeHa8cO+qmvfv6aCTgaWDZsZfmfjJspXw/07iV/hDz3m13nJjvrffLRsB6Ha6 LTYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y18si2398793edw.583.2020.07.15.20.17.52; Wed, 15 Jul 2020 20:18:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728280AbgGPDRR (ORCPT + 99 others); Wed, 15 Jul 2020 23:17:17 -0400 Received: from mga06.intel.com ([134.134.136.31]:8158 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728271AbgGPDRO (ORCPT ); Wed, 15 Jul 2020 23:17:14 -0400 IronPort-SDR: yvXKX+Eq0ty5Bnj0MsI+h8F8Kp93IFkBOJn51tn/um13Kro6Rw8oD72duSMWP+jZio+vXoQqmp /iwj8RDS+GzQ== X-IronPort-AV: E=McAfee;i="6000,8403,9683"; a="210844864" X-IronPort-AV: E=Sophos;i="5.75,357,1589266800"; d="scan'208";a="210844864" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jul 2020 20:17:14 -0700 IronPort-SDR: SrJQS4EtKr8PXj1FJSSsKS1x7Kelif0kMOiFZn3LoOaUORCMiNNUfCCW78Hk9LJe1YJbrFmJf1 iZokZpt7s+ig== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,357,1589266800"; d="scan'208";a="360910481" Received: from unknown (HELO local-michael-cet-test.sh.intel.com) ([10.239.159.128]) by orsmga001.jf.intel.com with ESMTP; 15 Jul 2020 20:17:12 -0700 From: Yang Weijiang To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com Cc: yu.c.zhang@linux.intel.com, Yang Weijiang Subject: [RESEND v13 09/11] KVM: VMX: Add VMCS dump and sanity check for CET states Date: Thu, 16 Jul 2020 11:16:25 +0800 Message-Id: <20200716031627.11492-10-weijiang.yang@intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200716031627.11492-1-weijiang.yang@intel.com> References: <20200716031627.11492-1-weijiang.yang@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dump CET VMCS states for debug purpose. Since CET kernel protection is not enabled, if related MSRs in host are filled by mistake, warn once on detecting it. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index d465ff990094..5d4250b9dec8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6056,6 +6056,12 @@ void dump_vmcs(void) pr_err("InterruptStatus = %04x\n", vmcs_read16(GUEST_INTR_STATUS)); + if (vmentry_ctl & VM_ENTRY_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(GUEST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(GUEST_SSP)); + pr_err("SSP TABLE = 0x%016lx\n", + vmcs_readl(GUEST_INTR_SSP_TABLE)); + } pr_err("*** Host State ***\n"); pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); @@ -6130,6 +6136,12 @@ void dump_vmcs(void) if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) pr_err("Virtual processor ID = 0x%04x\n", vmcs_read16(VIRTUAL_PROCESSOR_ID)); + if (vmexit_ctl & VM_EXIT_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(HOST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(HOST_SSP)); + pr_err("SSP TABLE = 0x%016lx\n", + vmcs_readl(HOST_INTR_SSP_TABLE)); + } } /* @@ -8205,6 +8217,7 @@ static __init int hardware_setup(void) unsigned long host_bndcfgs; struct desc_ptr dt; int r, i, ept_lpage_level; + u64 cet_msr; store_idt(&dt); host_idt_base = dt.address; @@ -8365,6 +8378,16 @@ static __init int hardware_setup(void) return r; } + if (boot_cpu_has(X86_FEATURE_IBT) || boot_cpu_has(X86_FEATURE_SHSTK)) { + rdmsrl(MSR_IA32_S_CET, cet_msr); + WARN_ONCE(cet_msr, "KVM: CET S_CET in host will be lost!\n"); + } + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + rdmsrl(MSR_IA32_PL0_SSP, cet_msr); + WARN_ONCE(cet_msr, "KVM: CET PL0_SSP in host will be lost!\n"); + } + vmx_set_cpu_caps(); r = alloc_kvm_area(); -- 2.17.2