"Load Guest CET state" bit controls whether guest CET states will be loaded at Guest entry. Before doing that, KVM needs to check if CPU CET feature is available.
Signed-off-by: Zhang Yi Z <[email protected]> Signed-off-by: Yang Weijiang <[email protected]> --- arch/x86/kvm/vmx.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 28b8ac027bd7..246467c12930 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -55,6 +55,7 @@ #include <asm/mmu_context.h> #include <asm/spec-ctrl.h> #include <asm/mshyperv.h> +#include <asm/cet.h> #include "trace.h" #include "pmu.h" @@ -5414,6 +5415,23 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + /* + * To enable Guest CET, check whether CPU CET feature is + * available, if it's there, set Guest CET state loading bit + * per CR4.CET status, otherwise, return a fault to Guest. + */ + if (guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) || + guest_cpuid_has(vcpu, X86_FEATURE_IBT)) { + if (cr4 & X86_CR4_CET) + vmcs_set_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + else + vmcs_clear_bits(VM_ENTRY_CONTROLS, + VM_ENTRY_LOAD_GUEST_CET_STATE); + } else if (cr4 & X86_CR4_CET) { + return 1; + } + if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4)) return 1; -- 2.17.1
