This bit controls whether guest CET states will be loaded on guest entry.
Signed-off-by: Zhang Yi Z <yi.z.zh...@linux.intel.com>
Signed-off-by: Yang Weijiang <weijiang.y...@intel.com>
---
arch/x86/kvm/vmx.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 7bbb8b26e901..25fa6bd2fb95 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1045,6 +1045,8 @@ struct vcpu_vmx {
bool req_immediate_exit;
+ bool vcpu_cet_on;
+
/* Support for PML */
#define PML_ENTITY_NUM 512
struct page *pml_pg;
@@ -5409,6 +5411,23 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned
long cr4)
return 1;
}
+ /*
+ * When CET.CR4 is being set, it means we're enabling CET for
+ * the guest, then enable loading CET state bit in entry control.
+ * Otherwise, clear loading CET bit to disable guest CET.
+ */
+ if (cr4 & X86_CR4_CET) {
+ if (!to_vmx(vcpu)->vcpu_cet_on) {
+ vmcs_set_bits(VM_ENTRY_CONTROLS,
+ VM_ENTRY_LOAD_GUEST_CET_STATE);
+ to_vmx(vcpu)->vcpu_cet_on = 1;
+ }
+ } else if (to_vmx(vcpu)->vcpu_cet_on) {
+ vmcs_clear_bits(VM_ENTRY_CONTROLS,
+ VM_ENTRY_LOAD_GUEST_CET_STATE);
+ to_vmx(vcpu)->vcpu_cet_on = 0;
+ }
+
if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4))
return 1;
--
2.17.1
