Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp789949lqm; Wed, 1 May 2024 16:24:37 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU3klYvTlEcBZLpWeF3nGGegffv27MQAFjp6QjT7ZRph8Juj0OYk12u/b9vLCWu91PqIjbGMv4blyKna7dPMF3irMBzjeSKe+i5wK8Obg== X-Google-Smtp-Source: AGHT+IHINduTVltQy5niZx/l9+29DIyPJGInEE+snVWnApMRUlOWBeL2OrGatxBZZyyLl0pw4eoQ X-Received: by 2002:a17:906:3a91:b0:a58:e71d:d24 with SMTP id y17-20020a1709063a9100b00a58e71d0d24mr2529093ejd.12.1714605877098; Wed, 01 May 2024 16:24:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714605877; cv=pass; d=google.com; s=arc-20160816; b=TT8ec/1VuZlTr5o3+rGHW6zU+efySHKYHoQyLTyt1nGhqV0HN7qReetPaLRudFSoeN nKGSvF6zsT8MJAP+7TGBZvjdWS7zc1ACHf/04//DiGa26bozrxstXe1l5imQ+xt8KVta arQOcUXnL2iiCcTas04sJgovg9M9k/IfdMFSMJ68eqt200JkwMgp7RP5RrbpIk6TD+QB qX5PVEofEM8LmnJIiQ6xjUIxkI97hfySkD4XKfG72teh2MrsVz6BRLVlbTAYHlP64tAB f+ACB+yvhxL2YQyIrfMvfARO55RXfLyAF9i1RHzQ6QhozW/qMto6EfgE8fvLV4aey8/O 1qdQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=5vosIo0gMRH6qTCFu6LsPALv1eiNHRipwdDGqxFopXI=; fh=8Sxk4qhi4FzgxNbSWDxCc38tUBc1OtpAYG/f2s5dM64=; b=bQFBP/b/KpQc2yOIedgo11TNY86nGce/Sr16MeuwBut7kb9BE7Eir00rzr5axjhiDd tn0YOotW7pzcd4OuP2S72BfkMUouVi1EZQ3K9mXEaHfn9E+YqBpwLOp7iGC28tAQtTyl tbu0W8Wl0L+C9cUgjziOdG4K/wCyb4wop6FsRwYj+sOF5cbt4m7p+R452sBMNTbqz5Of e9jV7txUt4tIQrIpPBp80EEq0y6SimDMYS9nhfhU9MfucSFwo7HzhvKni+jPvBYu/wxt g6fKsBGvYl3ZY9XTctE+jYPx2qXnLxLw4854uUY17LCzCk9vnMaZNe1lZLjIJQOx32gX qsjQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ArCAS5Ae; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-165845-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165845-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id r12-20020a170906704c00b00a55adfbdae8si12538065ejj.12.2024.05.01.16.24.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 16:24:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-165845-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=ArCAS5Ae; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-165845-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165845-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CBBE61F21439 for ; Wed, 1 May 2024 23:24:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 41FB5168B14; Wed, 1 May 2024 23:24:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ArCAS5Ae" Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F305165FD0 for ; Wed, 1 May 2024 23:24:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714605867; cv=none; b=BC8r9kSZOJ2Dd7JFHCyCf8OrFkKcbEdmNeFvoSew1f+BIqYZ12J5VobWTrSbGPCcc+yqjkkYmuhO5RhscY/AyGsM/mUZ1asKYxrlMFpaZUdsMucGPiz2tObB5bMcq6VgoNe6Kuu7B6/QYiqhSm5By97ulkdmMufYo8xxW59bl5o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714605867; c=relaxed/simple; bh=VifpY+xyW/gzCq3YicTXEVs9yPdN1FHL2KKa6ZE287Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DZNgAo+VjG8hYsryo+383M8lg1EmuiNWfzeiJJBU+WxBg7YW6hb2tHbkmqR/FDHBcQ8p/Rf3HqoywTWEv5dwbP50ePvR3ES+rWn7hSm+dtBU3tZghAtmusYjbapv8A4dHLhrsRBRvvtAcjvcyNclKjPg5J5WLlOhoNz+H4t6s5w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ArCAS5Ae; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-61be8f9ca09so47017567b3.2 for ; Wed, 01 May 2024 16:24:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714605865; x=1715210665; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5vosIo0gMRH6qTCFu6LsPALv1eiNHRipwdDGqxFopXI=; b=ArCAS5AeOAfSa6uJFwBL0B23IHes8YRZcv91bwIunzeqQPL6Iq1CIrUgPfq/yRLrnE j1Dug4gx7jKX9AxjsK7YVg2H/Fo8CrNvahiSISl/VL4Z2TnWVY47iEGdVTqZhXob3Eag a2yxCnhFUpeg8s7dHi9UqRH9DjqKw2l/QEcyi3pIpBx2zKtuSlWMPcJj5TsdNC/gS6fv Wait+jnb1zQsGXmgphYmZcuAI+TjLVvaSaxQasSyQ1zhVcfWXJCDB8GHmRAOgQKOoIl5 h2r8W91n4eRbgRbRnlDkmf/oMogp0OmUxrrhu8esvF4rs52GWoOaYNl18Q2wuzS8/F92 hKvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714605865; x=1715210665; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5vosIo0gMRH6qTCFu6LsPALv1eiNHRipwdDGqxFopXI=; b=glHRs5PXTto2eh1x1Luhoe/liVudePwbpCu1KpGOYXO/N1s6/2AgGjbSejH8T+CKyY qvSO/RJX7VOowL/lfqvV7N6TjjmypbDb1cdgdYu4vQU/LKxJgOehs9rxLWtgHyEXdllv VS5uJgPCzeH+CyJ/bJHDFhtRdST/5mQlCIp2n0mwlqwcolYaYikWLfq73b6Xw3PRe5z8 +S26jdjw+pbt2XHnZGaO3pczfYEk4CIfC8BFjrXmQtnrnxekgVrpjPgKGiof+C/HAOmJ baMDlOEFYRPu4Dfp64lFEqOC/sX8I9QN8rENVsCosoDo1YLc6gcoKrNRApuYgxhL9SBf surg== X-Forwarded-Encrypted: i=1; AJvYcCUoJHtmL3JDBqNmxSmguetvL4YH0SY65rhGO/CNnQf0mPm8v5Bslvs79PUsXW28BL/2E8G4rd6qJjrY1LcHAuwXxN5NiPT27BsQu3wT X-Gm-Message-State: AOJu0Yx+M6OLIiRP+pGatPx9KNiAv5X0FYHrqNRf38OPXTAg7yyXm++8 wfhRdgghl/1nrIWJDfbPGlYTEEP6+ynMe0wpRfIGGbYj9Jpp5R+NcDOuY7BvTX3tDwQqQwvK8hf Q/A== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:8448:0:b0:61c:a9de:471c with SMTP id u69-20020a818448000000b0061ca9de471cmr1111986ywf.9.1714605865193; Wed, 01 May 2024 16:24:25 -0700 (PDT) Date: Wed, 1 May 2024 16:24:23 -0700 In-Reply-To: <20240219074733.122080-28-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240219074733.122080-1-weijiang.yang@intel.com> <20240219074733.122080-28-weijiang.yang@intel.com> Message-ID: Subject: Re: [PATCH v10 27/27] KVM: x86: Don't emulate instructions guarded by CET From: Sean Christopherson To: Yang Weijiang Cc: pbonzini@redhat.com, dave.hansen@intel.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com Content-Type: text/plain; charset="us-ascii" On Sun, Feb 18, 2024, Yang Weijiang wrote: > Don't emulate the branch instructions, e.g., CALL/RET/JMP etc., when CET > is active in guest, return KVM_INTERNAL_ERROR_EMULATION to userspace to > handle it. > > KVM doesn't emulate CPU behaviors to check CET protected stuffs while > emulating guest instructions, instead it stops emulation on detecting > the instructions in process are CET protected. By doing so, it can avoid > generating bogus #CP in guest and preventing CET protected execution flow > subversion from guest side. > > Suggested-by: Chao Gao > Signed-off-by: Yang Weijiang > --- This should be ordered before CET is exposed to userspace, e.g. so that KVM's ABI is well defined when CET support because usable.