From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Yang Weijiang <weijiang.yang@intel.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, jmattson@google.com,
yu.c.zhang@linux.intel.com, yu-cheng.yu@intel.com
Subject: Re: [PATCH v8 4/7] KVM: VMX: Load CET states on vmentry/vmexit
Date: Wed, 11 Dec 2019 08:35:10 -0800 [thread overview]
Message-ID: <20191211163510.GF5044@linux.intel.com> (raw)
In-Reply-To: <20191211015423.GC12845@local-michael-cet-test>
On Wed, Dec 11, 2019 at 09:54:23AM +0800, Yang Weijiang wrote:
> On Tue, Dec 10, 2019 at 01:23:05PM -0800, Sean Christopherson wrote:
> > On Fri, Nov 01, 2019 at 04:52:19PM +0800, Yang Weijiang wrote:
> > > @@ -2834,6 +2837,9 @@ void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
> > > struct vcpu_vmx *vmx = to_vmx(vcpu);
> > > unsigned long hw_cr0;
> > >
> > > + if (!(cr0 & X86_CR0_WP) && kvm_read_cr4_bits(vcpu, X86_CR4_CET))
> > > + cr0 |= X86_CR0_WP;
> >
> > Huh? What's the interaction between CR4.CET and CR0.WP? If there really
> > is some non-standard interaction then it needs to be documented in at least
> > the changelog and probably with a comment as well.
> >
> The processor does not allow CR4.CET to be set if CR0.WP = 0 (similarly, it
> does not allow CR0.WP to be cleared while CR4.CET = 1).
Ya, as you surmised below, this needs to be a #GP condition.
Have you tested SMM at all? The interaction between CR0 and CR4 may be
problematic for em_rsm() and/or rsm_enter_protected_mode().
> > > +
> > > hw_cr0 = (cr0 & ~KVM_VM_CR0_ALWAYS_OFF);
> > > if (enable_unrestricted_guest)
> > > hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST;
> > > @@ -2936,6 +2942,22 @@ static bool guest_cet_allowed(struct kvm_vcpu *vcpu, u32 feature, u32 mode)
> > > return false;
> > > }
> > >
> > > +bool is_cet_bit_allowed(struct kvm_vcpu *vcpu)
> > > +{
> > > + unsigned long cr0;
> > > + bool cet_allowed;
> > > +
> > > + cr0 = kvm_read_cr0(vcpu);
> > > + cet_allowed = guest_cet_allowed(vcpu, X86_FEATURE_SHSTK,
> > > + XFEATURE_MASK_CET_USER) ||
> > > + guest_cet_allowed(vcpu, X86_FEATURE_IBT,
> > > + XFEATURE_MASK_CET_USER);
> > > + if ((cr0 & X86_CR0_WP) && cet_allowed)
> > > + return true;
> >
> > So, attempting to set CR4.CET if CR0.WP=0 takes a #GP? But attempting
> > to clear CR0.WP if CR4.CET=1 is ignored?
> >
> Per above words in spec., inject #GP to guest in either case?
>
> > > +
> > > + return false;
> > > +}
> > > +
next prev parent reply other threads:[~2019-12-11 16:35 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-01 8:52 [PATCH v8 0/7] Introduce support for guest CET feature Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 1/7] KVM: CPUID: Fix IA32_XSS support in CPUID(0xd,i) enumeration Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 2/7] KVM: VMX: Define CET VMCS fields and #CP flag Yang Weijiang
2019-12-10 21:00 ` Sean Christopherson
2019-12-11 1:45 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 3/7] KVM: VMX: Pass through CET related MSRs Yang Weijiang
2019-12-10 21:18 ` Sean Christopherson
2019-12-11 1:32 ` Yang Weijiang
2019-12-11 1:50 ` Sean Christopherson
2019-12-11 2:27 ` Yang Weijiang
2019-12-16 2:18 ` Yang Weijiang
2019-12-18 0:34 ` Sean Christopherson
2019-12-18 13:55 ` Yang Weijiang
2019-12-18 16:02 ` Sean Christopherson
2019-11-01 8:52 ` [PATCH v8 4/7] KVM: VMX: Load CET states on vmentry/vmexit Yang Weijiang
2019-12-10 21:23 ` Sean Christopherson
2019-12-11 1:54 ` Yang Weijiang
2019-12-11 16:35 ` Sean Christopherson [this message]
2019-12-12 1:04 ` Yang Weijiang
2019-12-18 0:30 ` Sean Christopherson
2019-12-18 13:20 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 5/7] KVM: X86: Enable CET bits update in IA32_XSS Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 6/7] KVM: X86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang
2019-12-10 21:27 ` Sean Christopherson
2019-12-11 2:03 ` Yang Weijiang
2019-11-01 8:52 ` [PATCH v8 7/7] KVM: X86: Add user-space access interface for CET MSRs Yang Weijiang
2019-12-10 21:58 ` Sean Christopherson
2019-12-11 2:19 ` Yang Weijiang
2019-12-11 16:27 ` Sean Christopherson
2019-12-12 0:42 ` Yang Weijiang
2019-12-12 16:03 ` [PATCH v8 0/7] Introduce support for guest CET feature Konrad Rzeszutek Wilk
2019-12-13 0:44 ` Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211163510.GF5044@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=weijiang.yang@intel.com \
--cc=yu-cheng.yu@intel.com \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.