Commit 25f38404 authored by Yang Weijiang's avatar Yang Weijiang Committed by Sean Christopherson
Browse files

KVM: VMX: Set up interception for CET MSRs 



Disable interception for CET MSRs that can be accessed via XSAVES/XRSTORS,
and exist accordingly to CPUID, as accesses through XSTATE aren't subject
to MSR interception checks, i.e. can't be intercepted without intercepting
and emulating XSAVES/XRSTORS, and KVM doesn't support emulating
XSAVE/XRSTOR instructions.

Don't condition interception on the guest actually having XSAVES as there
is no benefit to intercepting the accesses (when the MSRs exist).  The
MSRs in question are either context switched by the CPU on VM-Enter/VM-Exit
or by KVM via XSAVES/XRSTORS (KVM requires XSAVES to virtualization SHSTK),
i.e. KVM is going to load guest values into hardware irrespective of guest
XSAVES support.

Suggested-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarYang Weijiang <weijiang.yang@intel.com>
Tested-by: default avatarMathias Krause <minipli@grsecurity.net>
Tested-by: default avatarJohn Allen <john.allen@amd.com>
Tested-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: default avatarChao Gao <chao.gao@intel.com>
Reviewed-by: default avatarBinbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: default avatarXiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: default avatarXin Li (Intel) <xin@zytor.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-17-seanjc@google.com


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent 1a61bd0d

arch/x86/kvm/vmx/vmx.c

+19 −0
Original line number Diff line number Diff line
@@ -4088,6 +4088,8 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu) 


static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu)

{

	bool intercept;



	if (!cpu_has_vmx_msr_bitmap())

		return;
@@ -4133,6 +4135,23 @@ static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu) 
		vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,

					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));



	if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {

		intercept = !guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK);



		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, MSR_TYPE_RW, intercept);

		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, MSR_TYPE_RW, intercept);

		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, MSR_TYPE_RW, intercept);

		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, intercept);

	}



	if (kvm_cpu_cap_has(X86_FEATURE_SHSTK) || kvm_cpu_cap_has(X86_FEATURE_IBT)) {

		intercept = !guest_cpu_cap_has(vcpu, X86_FEATURE_IBT) &&

			    !guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK);



		vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, MSR_TYPE_RW, intercept);

		vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, MSR_TYPE_RW, intercept);

	}



	/*

	 * x2APIC and LBR MSR intercepts are modified on-demand and cannot be

	 * filtered by userspace.