Re: [PATCH v10 27/27] KVM: x86: Don't emulate instructions guarded by CET

From: Sean Christopherson
Date: Wed May 01 2024 - 19:24:34 EST

Next message: Edgecombe, Rick P: "Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace"
Previous message: Roman Gushchin: "Re: [PATCH v4 8/8] memcg: use proper type for mod_memcg_state"
Next in thread: Yang, Weijiang: "Re: [PATCH v10 27/27] KVM: x86: Don't emulate instructions guarded by CET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Feb 18, 2024, Yang Weijiang wrote:
> Don't emulate the branch instructions, e.g., CALL/RET/JMP etc., when CET
> is active in guest, return KVM_INTERNAL_ERROR_EMULATION to userspace to
> handle it.
>
> KVM doesn't emulate CPU behaviors to check CET protected stuffs while
> emulating guest instructions, instead it stops emulation on detecting
> the instructions in process are CET protected. By doing so, it can avoid
> generating bogus #CP in guest and preventing CET protected execution flow
> subversion from guest side.
>
> Suggested-by: Chao Gao <chao.gao@xxxxxxxxx>
> Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx>
> ---

This should be ordered before CET is exposed to userspace, e.g. so that KVM's
ABI is well defined when CET support because usable.

Next message: Edgecombe, Rick P: "Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace"
Previous message: Roman Gushchin: "Re: [PATCH v4 8/8] memcg: use proper type for mod_memcg_state"
Next in thread: Yang, Weijiang: "Re: [PATCH v10 27/27] KVM: x86: Don't emulate instructions guarded by CET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]