Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp10507476rwp; Thu, 20 Jul 2023 23:38:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlE5lUUgmCFw8uqKGZ2Nx2N7soxjllWp4pgS2F1tI/ct2rHirxcSqYSfxuuTnwEKcC3hzt3A X-Received: by 2002:a05:6808:23ce:b0:3a1:b28f:814c with SMTP id bq14-20020a05680823ce00b003a1b28f814cmr1845544oib.1.1689921506482; Thu, 20 Jul 2023 23:38:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921506; cv=none; d=google.com; s=arc-20160816; b=0lIwQOwXsIVt7+aveU59IckNqHL4GBlFa2vN+FEC+IYACaciScR3QNsdYp095xcov7 /yzH/7SJRRgHmVx2a/y0/bynMrRB2XdCTzIq+BnxbEXWAn3AxII2i/GMSIQ37gBrhCbd ULqkdJSiOx5oSPhQXi2hGPRGVJSf194jD40EGvZU+tiMHcixc7Oc7dCvBLhpO9mC1gjp x9gzcysT+cmRkWxGpZRAdZ6lnfqvdlFU7IYenSXzChfXiZYdlMjYEGulTcZzE+nW3KzW Pbk+kJoTuOp6rTYNIxJCOl1Kixv0FlXWrosXib+gyIEe2U8gpT/EFMCEXPMP8RfcfTaE GfjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RXXcnDlgW/00Uwacyo4VihPrE5bu2dAiX6El+absTDo=; fh=HMcujsZKjNxN/43ffopDJtVTR+LGhIldb/bc7LMNveI=; b=x9UjwP0zIzpV1h1hRIu4lVmtnTTDWlh8CSxZktrb+pnNxy1CERpQkr9ZYoApqIj0lC ARDiuKQk8Xbg0zbuaW+Yhmvk0XZawm29R42BUb5yeb5s/C3MwMEMmlTA6XrC5m4SW9I2 5G0ax+/N8HuE9Jrgj3zkT8Z3+gjYqN2/Qlle4apLOG0eqQms4bmHPCN/eAN7UyPSCL16 e7NLeYUvEUz3z+Imq8Fnck+kCY2iBsdtWNnDbYvh2a9jj4+R6qfS6BHZ/4EX0WwMzXie 8TzW3xWX+rRLHeV8XHrdFcVdjzSmi0nmV+wAbQdFxOhwXsfQbfIqMDSN866wt+GC269h aF5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aDdkNLVN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b26-20020a6567da000000b0054ff38f6448si2315511pgs.238.2023.07.20.23.38.13; Thu, 20 Jul 2023 23:38:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aDdkNLVN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230326AbjGUGJZ (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230028AbjGUGI6 (ORCPT ); Fri, 21 Jul 2023 02:08:58 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FE741BDC; Thu, 20 Jul 2023 23:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919737; x=1721455737; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4bPEHO8OY9NnpX6vcR7dyAdp18jscs+rXkAmk91xB4U=; b=aDdkNLVNcVRltsuY/ZjqUjKtUZimumT83K4vgkzSgtLTMh/6CnIZYRZ+ VpTxVxYjK+uNtlcBS8ZA3c4RupYqRdsti2kyCwARXQ/aISo0hoYbbmNQ7 ugLcDbDtKCELytZcoqLCDYta/ryX2PV6t8gqlooLqAv6kIuvyVVo+mKFd UwSWEKh2kgqVEuitykdSPJzx20Uzu4kjrwxdsO6inzacU/eyqSkXThSr4 T8baJIhh/VeH68xTDYMKb61Zh44/gWk6y5/wIIO/ML7DrcalJEsG9icHD TldLJvyhLkEviBl218RutUc/wptu5NbR5EshKdHlQffK58uB2CnlMtO4Y A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547578" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547578" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721976" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721976" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v4 12/20] KVM:VMX: Introduce CET VMCS fields and control bits Date: Thu, 20 Jul 2023 23:03:44 -0400 Message-Id: <20230721030352.72414-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces new instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that doesn't support CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} mode respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK table,the entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores shadow stack pointer of current active task/thread. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_HOST_CET_STATE = 1, the host CET states are restored from the following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_GUEST_CET_STATE = 1, the guest CET states are loaded from the following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0d02c4aafa6f..db7f93307349 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /* -- 2.27.0