From: Yang Weijiang <weijiang.yang@intel.com>
To: pbonzini@redhat.com, seanjc@google.com, x86@kernel.org,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
rick.p.edgecombe@intel.com
Cc: weijiang.yang@intel.com
Subject: [PATCH 09/19] KVM: x86: Add #CP support in guest exception classification.
Date: Thu, 16 Jun 2022 04:46:33 -0400 [thread overview]
Message-ID: <20220616084643.19564-10-weijiang.yang@intel.com> (raw)
In-Reply-To: <20220616084643.19564-1-weijiang.yang@intel.com>
Add handling for Control Protection (#CP) exceptions, vector 21, used
and introduced by Intel's Control-Flow Enforcement Technology (CET).
relevant CET violation case. See Intel's SDM for details.
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Message-Id: <20210203113421.5759-5-weijiang.yang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86/kvm/vmx/nested.c | 2 +-
arch/x86/kvm/x86.c | 10 +++++++---
arch/x86/kvm/x86.h | 13 ++++++++++---
4 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index 50a4e787d5e6..69146e7436af 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -32,6 +32,7 @@
#define MC_VECTOR 18
#define XM_VECTOR 19
#define VE_VECTOR 20
+#define CP_VECTOR 21
/* Select x86 specific features in <linux/kvm.h> */
#define __KVM_HAVE_PIT
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 7d8cd0ebcc75..01fe23c6fa49 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2819,7 +2819,7 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
/* VM-entry interruption-info field: deliver error code */
should_have_error_code =
intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode &&
- x86_exception_has_error_code(vector);
+ x86_exception_has_error_code(vcpu, vector);
if (CC(has_error_code != should_have_error_code))
return -EINVAL;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 506454e17afc..40749e47cda7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -511,11 +511,15 @@ EXPORT_SYMBOL_GPL(kvm_spurious_fault);
#define EXCPT_CONTRIBUTORY 1
#define EXCPT_PF 2
-static int exception_class(int vector)
+static int exception_class(struct kvm_vcpu *vcpu, int vector)
{
switch (vector) {
case PF_VECTOR:
return EXCPT_PF;
+ case CP_VECTOR:
+ if (vcpu->arch.cr4_guest_rsvd_bits & X86_CR4_CET)
+ return EXCPT_BENIGN;
+ return EXCPT_CONTRIBUTORY;
case DE_VECTOR:
case TS_VECTOR:
case NP_VECTOR:
@@ -659,8 +663,8 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
return;
}
- class1 = exception_class(prev_nr);
- class2 = exception_class(nr);
+ class1 = exception_class(vcpu, prev_nr);
+ class2 = exception_class(vcpu, nr);
if ((class1 == EXCPT_CONTRIBUTORY && class2 == EXCPT_CONTRIBUTORY)
|| (class1 == EXCPT_PF && class2 != EXCPT_BENIGN)) {
/*
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 501b884b8cc4..b9b1fff6d97a 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -148,13 +148,20 @@ static inline bool is_64_bit_hypercall(struct kvm_vcpu *vcpu)
return vcpu->arch.guest_state_protected || is_64_bit_mode(vcpu);
}
-static inline bool x86_exception_has_error_code(unsigned int vector)
+static inline bool x86_exception_has_error_code(struct kvm_vcpu *vcpu,
+ unsigned int vector)
{
static u32 exception_has_error_code = BIT(DF_VECTOR) | BIT(TS_VECTOR) |
BIT(NP_VECTOR) | BIT(SS_VECTOR) | BIT(GP_VECTOR) |
- BIT(PF_VECTOR) | BIT(AC_VECTOR);
+ BIT(PF_VECTOR) | BIT(AC_VECTOR) | BIT(CP_VECTOR);
- return (1U << vector) & exception_has_error_code;
+ if (!((1U << vector) & exception_has_error_code))
+ return false;
+
+ if (vector == CP_VECTOR)
+ return !(vcpu->arch.cr4_guest_rsvd_bits & X86_CR4_CET);
+
+ return true;
}
static inline bool mmu_is_nested(struct kvm_vcpu *vcpu)
--
2.27.0
next prev parent reply other threads:[~2022-06-16 8:50 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-16 8:46 [PATCH 00/19] Refresh queued CET virtualization series Yang Weijiang
2022-06-16 8:46 ` [PATCH 01/19] x86/cet/shstk: Add Kconfig option for Shadow Stack Yang Weijiang
2022-06-16 8:46 ` [PATCH 02/19] x86/cpufeatures: Add CPU feature flags for shadow stacks Yang Weijiang
2022-06-16 8:46 ` [PATCH 03/19] x86/cpufeatures: Enable CET CR4 bit for shadow stack Yang Weijiang
2022-06-16 10:24 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-17 11:38 ` Peter Zijlstra
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-16 10:25 ` Peter Zijlstra
2022-06-16 17:36 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 04/19] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yang Weijiang
2022-06-16 10:27 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 05/19] x86/fpu: Add helper for modifying xstate Yang Weijiang
2022-06-16 8:46 ` [PATCH 06/19] KVM: x86: Report XSS as an MSR to be saved if there are supported features Yang Weijiang
2022-06-16 8:46 ` [PATCH 07/19] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS Yang Weijiang
2022-06-16 8:46 ` [PATCH 08/19] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang
2022-06-16 8:46 ` Yang Weijiang [this message]
2022-06-16 8:46 ` [PATCH 10/19] KVM: VMX: Introduce CET VMCS fields and flags Yang Weijiang
2022-06-16 8:46 ` [PATCH 11/19] KVM: x86: Add fault checks for CR4.CET Yang Weijiang
2022-06-16 8:46 ` [PATCH 12/19] KVM: VMX: Emulate reads and writes to CET MSRs Yang Weijiang
2022-06-16 8:46 ` [PATCH 13/19] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP Yang Weijiang
2022-06-16 8:46 ` [PATCH 14/19] KVM: x86: Report CET MSRs as to-be-saved if CET is supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 15/19] KVM: x86: Save/Restore GUEST_SSP to/from SMM state save area Yang Weijiang
2022-06-16 8:46 ` [PATCH 16/19] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace Yang Weijiang
2022-06-16 10:59 ` Peter Zijlstra
2022-06-16 15:27 ` Yang, Weijiang
2022-06-25 6:55 ` Yang, Weijiang
2022-06-16 8:46 ` [PATCH 17/19] KVM: VMX: Pass through CET MSRs to the guest when supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 18/19] KVM: nVMX: Enable CET support for nested VMX Yang Weijiang
2022-06-16 8:46 ` [PATCH 19/19] KVM: x86: Enable supervisor IBT support for guest Yang Weijiang
2022-06-16 11:05 ` Peter Zijlstra
2022-06-16 11:19 ` Peter Zijlstra
2022-06-16 15:56 ` Yang, Weijiang
2022-06-16 9:10 ` [PATCH 00/19] Refresh queued CET virtualization series Christoph Hellwig
2022-06-16 11:25 ` Peter Zijlstra
2022-06-16 10:12 ` Peter Zijlstra
2022-06-16 10:21 ` Paolo Bonzini
2022-06-16 14:18 ` Peter Zijlstra
2022-06-16 15:06 ` Yang, Weijiang
2022-06-16 15:28 ` Paolo Bonzini
2022-06-18 6:43 ` Yang, Weijiang
2022-07-14 19:36 ` Sean Christopherson
2022-07-15 15:04 ` Yang, Weijiang
2022-07-15 15:58 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220616084643.19564-10-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.