[PATCH 6.12.y 7/8] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Chao Gao <chao.gao@intel.com>,
	Mathias Krause <minipli@grsecurity.net>,
	John Allen <john.allen@amd.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Binbin Wu <binbin.wu@linux.intel.com>,
	Sean Christopherson <seanjc@google.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.12.y 7/8] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET
Date: Mon, 16 Mar 2026 13:20:02 -0400	[thread overview]
Message-ID: <20260316172003.1024253-7-sashal@kernel.org> (raw)
In-Reply-To: <20260316172003.1024253-1-sashal@kernel.org>

From: Chao Gao <chao.gao@intel.com>

[ Upstream commit 8060b2bd2dd05a19ad7ec248489d374f2bd2b057 ]

Add consistency checks for CR4.CET and CR0.WP in guest-state or host-state
area in the VMCS12. This ensures that configurations with CR4.CET set and
CR0.WP not set result in VM-entry failure, aligning with architectural
behavior.

Tested-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-33-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Stable-dep-of: e2ffe85b6d2b ("KVM: x86: Introduce KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kvm/vmx/nested.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 76f9624d49386..509f5c5e1f2b9 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3022,6 +3022,9 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu,
 	    CC(!kvm_vcpu_is_legal_cr3(vcpu, vmcs12->host_cr3)))
 		return -EINVAL;
 
+	if (CC(vmcs12->host_cr4 & X86_CR4_CET && !(vmcs12->host_cr0 & X86_CR0_WP)))
+		return -EINVAL;
+
 	if (CC(is_noncanonical_msr_address(vmcs12->host_ia32_sysenter_esp, vcpu)) ||
 	    CC(is_noncanonical_msr_address(vmcs12->host_ia32_sysenter_eip, vcpu)))
 		return -EINVAL;
@@ -3136,6 +3139,9 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu,
 	    CC(!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)))
 		return -EINVAL;
 
+	if (CC(vmcs12->guest_cr4 & X86_CR4_CET && !(vmcs12->guest_cr0 & X86_CR0_WP)))
+		return -EINVAL;
+
 	if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS) &&
 	    (CC(!kvm_dr7_valid(vmcs12->guest_dr7)) ||
 	     CC(!vmx_is_valid_debugctl(vcpu, vmcs12->guest_ia32_debugctl, false))))
-- 
2.51.0

next prev parent reply	other threads:[~2026-03-16 17:20 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-16 15:24 FAILED: patch "[PATCH] KVM: x86: Introduce KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM" failed to apply to 6.12-stable tree gregkh
2026-03-16 17:19 ` [PATCH 6.12.y 1/8] KVM: x86: Co-locate initialization of feature MSRs in kvm_arch_vcpu_create() Sasha Levin
2026-03-16 17:19   ` [PATCH 6.12.y 2/8] KVM: x86: Quirk initialization of feature MSRs to KVM's max configuration Sasha Levin
2026-03-16 17:19   ` [PATCH 6.12.y 3/8] KVM: x86: do not allow re-enabling quirks Sasha Levin
2026-03-16 17:19   ` [PATCH 6.12.y 4/8] KVM: x86: Allow vendor code to disable quirks Sasha Levin
2026-03-16 17:20   ` [PATCH 6.12.y 5/8] KVM: x86: Introduce supported_quirks to block disabling quirks Sasha Levin
2026-03-16 17:20   ` [PATCH 6.12.y 6/8] KVM: x86: Introduce Intel specific quirk KVM_X86_QUIRK_IGNORE_GUEST_PAT Sasha Levin
2026-03-16 17:20   ` Sasha Levin [this message]
2026-03-16 17:20   ` [PATCH 6.12.y 8/8] KVM: x86: Introduce KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:76f9624d4938 dfblob:509f5c5e1f2b )
 OR (
bs:"[PATCH 6.12.y 7/8] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260316172003.1024253-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=binbin.wu@linux.intel.com \
    --cc=chao.gao@intel.com \
    --cc=john.allen@amd.com \
    --cc=minipli@grsecurity.net \
    --cc=rick.p.edgecombe@intel.com \
    --cc=seanjc@google.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.