[PATCH] KVM: VMX: introduce module parameter to disable CET

Kernel KVM virtualization development
 help / color / mirror / Atom feed

* [PATCH] KVM: VMX: introduce module parameter to disable CET
@ 2026-05-12 15:00 Paolo Bonzini
  2026-05-12 23:55 ` Sean Christopherson
  0 siblings, 1 reply; 2+ messages in thread
From: Paolo Bonzini @ 2026-05-12 15:00 UTC (permalink / raw)
  To: linux-kernel, kvm; +Cc: David Riley

There have been reports of host hangs caused by CET virtualization.
Until these are analyzed further, introduce a module parameter that
makes it possible to easily disable it.

Link: https://lore.kernel.org/all/85548beb-1486-40f9-beb4-632c78e3360b@proxmox.com/
Cc: David Riley <d.riley@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 arch/x86/kvm/vmx/capabilities.h |  1 +
 arch/x86/kvm/vmx/vmcs12.c       |  2 +-
 arch/x86/kvm/vmx/vmx.c          | 17 +++++++++++++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index 56cacc06225e..31568274d8bb 100644
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -14,6 +14,7 @@ extern bool __read_mostly flexpriority_enabled;
 extern bool __read_mostly enable_ept;
 extern bool __read_mostly enable_unrestricted_guest;
 extern bool __read_mostly enable_ept_ad_bits;
+extern bool __read_mostly enable_cet;
 extern bool __read_mostly enable_pml;
 extern int __read_mostly pt_mode;
 
diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c
index 1ebe67c384ad..9f96e21dc1b9 100644
--- a/arch/x86/kvm/vmx/vmcs12.c
+++ b/arch/x86/kvm/vmx/vmcs12.c
@@ -202,7 +202,7 @@ static __init bool cpu_has_vmcs12_field(unsigned int idx)
 	case HOST_S_CET:
 	case HOST_SSP:
 	case HOST_INTR_SSP_TABLE:
-		return cpu_has_load_cet_ctrl();
+		return enable_cet;
 
 	/* KVM always emulates PML and the VMX preemption timer in software. */
 	case GUEST_PML_INDEX:
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 5c2c33a5f7dc..49feecb286b2 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -108,6 +108,9 @@ module_param_named(unrestricted_guest,
 bool __read_mostly enable_ept_ad_bits = 1;
 module_param_named(eptad, enable_ept_ad_bits, bool, 0444);
 
+bool __read_mostly enable_cet = 1;
+module_param_named(cet, enable_cet, bool, 0444);
+
 static bool __read_mostly emulate_invalid_guest_state = true;
 module_param(emulate_invalid_guest_state, bool, 0444);
 
@@ -4476,7 +4479,7 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
 	 * SSP is reloaded from IA32_PL3_SSP. Check SDM Vol.2A/B Chapter
 	 * 3 and 4 for details.
 	 */
-	if (cpu_has_load_cet_ctrl()) {
+	if (enable_cet) {
 		vmcs_writel(HOST_S_CET, kvm_host.s_cet);
 		vmcs_writel(HOST_SSP, 0);
 		vmcs_writel(HOST_INTR_SSP_TABLE, 0);
@@ -4532,6 +4535,10 @@ static u32 vmx_get_initial_vmentry_ctrl(void)
 	if (vmx_pt_mode_is_system())
 		vmentry_ctrl &= ~(VM_ENTRY_PT_CONCEAL_PIP |
 				  VM_ENTRY_LOAD_IA32_RTIT_CTL);
+
+	if (!enable_cet)
+		vmentry_ctrl &= ~VM_ENTRY_LOAD_CET_STATE;
+
 	/*
 	 * IA32e mode, and loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically.
 	 */
@@ -4546,6 +4553,9 @@ static u32 vmx_get_initial_vmexit_ctrl(void)
 {
 	u32 vmexit_ctrl = vmcs_config.vmexit_ctrl;
 
+	if (!enable_cet)
+		vmexit_ctrl &= ~VM_EXIT_LOAD_CET_STATE;
+
 	/*
 	 * Not used by KVM and never set in vmcs01 or vmcs02, but emulated for
 	 * nested virtualization and thus allowed to be set in vmcs12.
@@ -8155,7 +8165,7 @@ static __init void vmx_set_cpu_caps(void)
 	 * VMX_BASIC[bit56] == 0, inject #CP at VMX entry with error code
 	 * fails, so disable CET in this case too.
 	 */
-	if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest ||
+	if (!enable_cet || !enable_unrestricted_guest ||
 	    !cpu_has_vmx_basic_no_hw_errcode_cc()) {
 		kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
 		kvm_cpu_cap_clear(X86_FEATURE_IBT);
@@ -8630,6 +8640,9 @@ __init int vmx_hardware_setup(void)
 	    !cpu_has_vmx_invept_global())
 		enable_ept = 0;
 
+	if (!cpu_has_load_cet_ctrl())
+		enable_cet = 0;
+
 	/* NX support is required for shadow paging. */
 	if (!enable_ept && !boot_cpu_has(X86_FEATURE_NX)) {
 		pr_err_ratelimited("NX (Execute Disable) not supported\n");
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] KVM: VMX: introduce module parameter to disable CET
  2026-05-12 15:00 [PATCH] KVM: VMX: introduce module parameter to disable CET Paolo Bonzini
@ 2026-05-12 23:55 ` Sean Christopherson
  0 siblings, 0 replies; 2+ messages in thread
From: Sean Christopherson @ 2026-05-12 23:55 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: linux-kernel, kvm, David Riley

On Tue, May 12, 2026, Paolo Bonzini wrote:
> There have been reports of host hangs caused by CET virtualization.
> Until these are analyzed further, introduce a module parameter that
> makes it possible to easily disable it.
> 
> Link: https://lore.kernel.org/all/85548beb-1486-40f9-beb4-632c78e3360b@proxmox.com/
> Cc: David Riley <d.riley@proxmox.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  arch/x86/kvm/vmx/capabilities.h |  1 +
>  arch/x86/kvm/vmx/vmcs12.c       |  2 +-
>  arch/x86/kvm/vmx/vmx.c          | 17 +++++++++++++++--
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
> index 56cacc06225e..31568274d8bb 100644
> --- a/arch/x86/kvm/vmx/capabilities.h
> +++ b/arch/x86/kvm/vmx/capabilities.h
> @@ -14,6 +14,7 @@ extern bool __read_mostly flexpriority_enabled;
>  extern bool __read_mostly enable_ept;
>  extern bool __read_mostly enable_unrestricted_guest;
>  extern bool __read_mostly enable_ept_ad_bits;
> +extern bool __read_mostly enable_cet;
>  extern bool __read_mostly enable_pml;
>  extern int __read_mostly pt_mode;
>  
> diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c
> index 1ebe67c384ad..9f96e21dc1b9 100644
> --- a/arch/x86/kvm/vmx/vmcs12.c
> +++ b/arch/x86/kvm/vmx/vmcs12.c
> @@ -202,7 +202,7 @@ static __init bool cpu_has_vmcs12_field(unsigned int idx)
>  	case HOST_S_CET:
>  	case HOST_SSP:
>  	case HOST_INTR_SSP_TABLE:
> -		return cpu_has_load_cet_ctrl();
> +		return enable_cet;

As implemented, cpu_has_vmcs12_field() checks raw CPU support, not what KVM is
using.  E.g. EPT_POINTER checks cpu_has_vmx_ept(), not enable_ept.  Whether or
not that's ideal/desirable, dunno.  But I think we should at least be consistent.

An alternative approach would be to squash the controls themselves.  Though again,
I'd probably only want to do that if we plan on taking that approach for all such
module params.

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 5c2c33a5f7dc..d4afc4bf6279 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2818,6 +2818,11 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
                                &_vmentry_control))
                return -EIO;
 
+       if (!enable_cet) {
+               _vmentry_control &= ~VM_ENTRY_LOAD_CET_STATE;
+               _vmexit_control &= ~VM_EXIT_LOAD_CET_STATE;
+       }
+
        if (vmx_check_entry_exit_pairs(vmcs_entry_exit_pairs,
                                       _vmentry_control, _vmexit_control))
                return -EIO;

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-05-12 23:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 15:00 [PATCH] KVM: VMX: introduce module parameter to disable CET Paolo Bonzini
2026-05-12 23:55 ` Sean Christopherson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox