Received-SPF: pass (google.com: domain of linux-kernel+bounces-39795-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Date: Fri, 26 Jan 2024 16:53:01 +0800
From: Chao Gao <chao.gao@intel.com>
To: Yang Weijiang <weijiang.yang@intel.com>
CC: <seanjc@google.com>, <pbonzini@redhat.com>, <dave.hansen@intel.com>,
	<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org>,
	<yuan.yao@linux.intel.com>, <peterz@infradead.org>,
	<rick.p.edgecombe@intel.com>, <mlevitsk@redhat.com>, <john.allen@amd.com>
Subject: Re: [PATCH v9 27/27] KVM: x86: Stop emulating for CET protected
 branch instructions
Message-ID: <ZbNy7TVq62JurQRc@chao-email>
References: <20240124024200.102792-1-weijiang.yang@intel.com>
 <20240124024200.102792-28-weijiang.yang@intel.com>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20240124024200.102792-28-weijiang.yang@intel.com>
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rjPezKbgehuh8ecXpH/eV9rn1r6wqFBQjKQoUKDa866R42E5zobKFyLeHawg?=
 =?us-ascii?Q?Yk//wFP1Ibq3lD2Z6e5iXJIfCx2oVRwGRnokfpp+WKJPUlJmPU9fHyzo0g/b?=
 =?us-ascii?Q?iRrsVHKIbVvmW1zPvmrW3lbz2epZgifuv7SwakhYesn/xdGO5pHwyILNruQc?=
 =?us-ascii?Q?Qy/ZaqQ4Nl/fldEWbSrlVxXKQHFk1lUZENobG6MBtpNYN0EBk4n/4wsavR1P?=
 =?us-ascii?Q?MKxom+FqxeGbyuZTqPatkU40RY7rB+5iPUPulYyFjvo5Iljm5575LZo5srkN?=
 =?us-ascii?Q?G8cdqOSwoYuSOJvj6RBF/LKTrpqi4YEzTC1qHwuJpr6BJyR+D3LOYR7i32x7?=
 =?us-ascii?Q?9CtOFLNjZd8AjOdeAEorf3HarRlTqlaglcHvNBeudSyLLrn+wjOdprHzkEQB?=
 =?us-ascii?Q?6/m6PDPjlP7HznQu49ztIFWDxWYxbbseG6J2jErv1nPnbKTHbLtbab0d94nb?=
 =?us-ascii?Q?47bYOk+dUSRFNKpYIN++IdE2e+JpHqPXiL7r07T6k436nT3deG+nfpJwt/D8?=
 =?us-ascii?Q?wfx7yKzbN2HT+8bkOdxT8Zp09n6AYm2HUcErd9e/q4E5dIz7cBYl8o1VHnz3?=
 =?us-ascii?Q?MaubFoCZplYeqrtL44YoeChS2eauE4qM830SEm+vP01NBfdTIqUxJrG685n/?=
 =?us-ascii?Q?Zl/XXAx7hwfaR/Jcy8Hs56RFmkK8WooRilRreFKZp41VMTt9ZF4yRmcFmPz4?=
 =?us-ascii?Q?Ge4chh+18yZVBJCOpj2mp6DbnOiFhILi8CtQGs3cuY7xkCknVa0N29rn/Pgl?=
 =?us-ascii?Q?LOQpadi36zY/bIb2BSSmGN0FGAlcoM8BpxOeVjyaSYTpBTV2Ny3rVIapyMBn?=
 =?us-ascii?Q?QONnbd5So592dLsn+9PLR1oaQKDiSMbb7k+QxdzBXnVk/f5ry1EFJ+7nuXeh?=
 =?us-ascii?Q?jouQhvZpFeaaxn6lji0jX/ghjr8IZRoYAHdYdDbjLfNSkoy/rHetUf035Bvl?=
 =?us-ascii?Q?cpBIiPudpwtgaDS72fjuRhi8adHImUSWkdbjBD64QZe16+3NzeCPSgMNJ5hd?=
 =?us-ascii?Q?+JIlHGNgBfeBR1InoFdfllfBsPaadAsAevHM2jy0vqP5p1O/fdQERcwnsh9a?=
 =?us-ascii?Q?i1C/g3jWOyuR+AWE+wxstJGwlj0hULHMm2Od9z2N6OvtwUq4eyx/TrTmoFzv?=
 =?us-ascii?Q?QVqKz009PJklQZrz5Q72+sKaNUmvVuux48AEDI33GT5pRbEV8XzaRaGRLhGo?=
 =?us-ascii?Q?757K0zBDqd+SEtEqjFIIyMLtbdoMSId7L00XKvO+Ecj6lbdh/hHicvx0etYu?=
 =?us-ascii?Q?TE8/fzHkd4sPQcniWLr53qd0LFNeDBwuc5om6uSFycgBOvJuiATmzVGnFfo1?=
 =?us-ascii?Q?C+ZLgDDKM7L/nhxyAittbJyPH7Lr1Sc/JMtEH6dcDek2itOcDlWvUJFWkHCe?=
 =?us-ascii?Q?8fHlPYIfPpJHrxLwq6Vr3duqXYsuDKuLnh7XECPtKp7jKHGJlH9FSgX07p4z?=
 =?us-ascii?Q?c7hN7BuGU+dG57byRedJ7qyOWrsVCfdym5ZoG0ccpqlGYICRnX55R4719Lhd?=
 =?us-ascii?Q?TOb5mFuKtAObHIDsXxWM9lzjCef9iRXfZtNNAbm/r4IbaiY9c7ogwvJVPJpD?=
 =?us-ascii?Q?BC44dJuiJ5Z+oQN8mCq8sGN7NsqenaCgGZqb1nnM?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 66926643-4aef-493f-c10c-08dc1e4c3890
X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8660.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 08:53:09.6308
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2oXdVllGdkRQ6DIazObD4N6FL+BrJiHTKO6CdAF9/S2iwKXWGvxkz3MIysSYmSOpZJv1lFhim//lxoMstvf60w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB8009
X-OriginatorOrg: intel.com

On Tue, Jan 23, 2024 at 06:42:00PM -0800, Yang Weijiang wrote:
>Don't emulate the branch instructions, e.g., CALL/RET/JMP etc., when CET
>is active in guest, return KVM_INTERNAL_ERROR_EMULATION to userspace to
>handle it.
>
>KVM doesn't emulate CPU behaviors to check CET protected stuffs while
>emulating guest instructions, instead it stops emulation on detecting
>the instructions in process are CET protected. By doing so, it can avoid
>generating bogus #CP in guest and preventing CET protected execution flow
>subversion from guest side.
>
>Suggested-by: Chao Gao <chao.gao@intel.com>
>Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
>---
> arch/x86/kvm/emulate.c | 27 ++++++++++++++++-----------
> 1 file changed, 16 insertions(+), 11 deletions(-)
>
>diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
>index e223043ef5b2..ad15ce055a1d 100644
>--- a/arch/x86/kvm/emulate.c
>+++ b/arch/x86/kvm/emulate.c
>@@ -178,6 +178,7 @@
> #define IncSP       ((u64)1 << 54)  /* SP is incremented before ModRM calc */
> #define TwoMemOp    ((u64)1 << 55)  /* Instruction has two memory operand */
> #define IsBranch    ((u64)1 << 56)  /* Instruction is considered a branch. */
>+#define IsProtected ((u64)1 << 57)  /* Instruction is protected by CET. */

the name IsProtected doesn't seem clear to me. Its meaning isn't obvious from
the name and may be confused with protected mode. Maybe we can add two flags:
"IndirectBranch" and "ShadowStack".

> 
> #define DstXacc     (DstAccLo | SrcAccHi | SrcWrite)
> 
>@@ -4098,9 +4099,9 @@ static const struct opcode group4[] = {
> static const struct opcode group5[] = {
> 	F(DstMem | SrcNone | Lock,		em_inc),
> 	F(DstMem | SrcNone | Lock,		em_dec),
>-	I(SrcMem | NearBranch | IsBranch,       em_call_near_abs),
>-	I(SrcMemFAddr | ImplicitOps | IsBranch, em_call_far),
>-	I(SrcMem | NearBranch | IsBranch,       em_jmp_abs),
>+	I(SrcMem | NearBranch | IsBranch | IsProtected, em_call_near_abs),
>+	I(SrcMemFAddr | ImplicitOps | IsBranch | IsProtected, em_call_far),
>+	I(SrcMem | NearBranch | IsBranch | IsProtected, em_jmp_abs),

In SDM, I don't see a list of instructions that are affected by CET. how do you
get the list.