Commit 29659934 authored Sep 19, 2025 by Sean Christopherson

KVM: x86/mmu: WARN on attempt to check permissions for Shadow Stack #PF

Add PFERR_SS_MASK, a.k.a. Shadow Stack access, and WARN if KVM attempts to
check permissions for a Shadow Stack access as KVM hasn't been taught to
understand the magic Writable=0,Dirty=1 combination that is required for
Shadow Stack accesses, and likely will never learn. There are no plans to
support Shadow Stacks with the Shadow MMU, and the emulator rejects all
instructions that affect Shadow Stacks, i.e. it should be impossible for
KVM to observe a #PF due to a shadow stack access.

Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-22-seanjc@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>

parent d4c03f63

arch/x86/include/asm/kvm_host.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -267,6 +267,7 @@ enum x86_intercept_stage;
		#define PFERR_RSVD_MASK BIT(3)
		#define PFERR_FETCH_MASK BIT(4)
		#define PFERR_PK_MASK BIT(5)
		#define PFERR_SS_MASK BIT(6)
		#define PFERR_SGX_MASK BIT(15)
		#define PFERR_GUEST_RMP_MASK BIT_ULL(31)
		#define PFERR_GUEST_FINAL_MASK BIT_ULL(32)

arch/x86/kvm/mmu.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -212,7 +212,7 @@ static inline u8 permission_fault(struct kvm_vcpu vcpu, struct kvm_mmu mmu,

		fault = (mmu->permissions[index] >> pte_access) & 1;

		WARN_ON(pfec & (PFERR_PK_MASK \| PFERR_RSVD_MASK));
		WARN_ON_ONCE(pfec & (PFERR_PK_MASK \| PFERR_SS_MASK \| PFERR_RSVD_MASK));
		if (unlikely(mmu->pkru_mask)) {
		u32 pkru_bits, offset;