git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yang Weijiang <weijiang.yang@intel.com>
	Fri, 19 Sep 2025 22:32:21 +0000 (15:32 -0700)
committer	Sean Christopherson <seanjc@google.com>
	Tue, 23 Sep 2025 16:10:47 +0000 (09:10 -0700)
commit	8b59d0275c964bcbe573dde46bd3c1f20ed2d2bd
tree	1fe951c2fad1dbbefdc6aaa31e6742dae832744c	tree \| snapshot
parent	9d6812d415358372aaaf1dfe95bc30d11e4e95db	commit \| diff

KVM: VMX: Emulate read and write to CET MSRs

Add emulation interface for CET MSR access. The emulation code is split
into common part and vendor specific part. The former does common checks
for MSRs, e.g., accessibility, data validity etc., then passes operation
to either XSAVE-managed MSRs via the helpers or CET VMCS fields.

SSP can only be read via RDSSP. Writing even requires destructive and
potentially faulting operations such as SAVEPREVSSP/RSTORSSP or
SETSSBSY/CLRSSBSY. Let the host use a pseudo-MSR that is just a wrapper
for the GUEST_SSP field of the VMCS.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Tested-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
[sean: drop call to kvm_set_xstate_msr() for S_CET, consolidate code]
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-15-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

arch/x86/kvm/vmx/vmx.c		diff \| blob \| blame \| history
arch/x86/kvm/x86.c		diff \| blob \| blame \| history
arch/x86/kvm/x86.h		diff \| blob \| blame \| history