KVM: VMX: introduce module parameter to disable CET

There have been reports of host hangs caused by CET virtualization.
Until these are analyzed further, introduce a module parameter that
makes it possible to easily disable it.

Link: https://lore.kernel.org/all/85548beb-1486-40f9-beb4-632c78e3360b@proxmox.com/
Cc: David Riley <d.riley@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index 56cacc06225ecc573fe040292080813a4b9231c2..31568274d8bb020c0560d6a7580a5e0d13a460fc 100644 (file)
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -14,6 +14,7 @@ extern bool __read_mostly flexpriority_enabled;
 extern bool __read_mostly enable_ept;
 extern bool __read_mostly enable_unrestricted_guest;
 extern bool __read_mostly enable_ept_ad_bits;
+extern bool __read_mostly enable_cet;
 extern bool __read_mostly enable_pml;
 extern int __read_mostly pt_mode;
 

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 5c2c33a5f7dc9a0bc7ca8349c8ece340ed51594b..49feecb286b23cc7213dd2e78eb0f80b1365f03c 100644 (file)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -108,6 +108,9 @@ module_param_named(unrestricted_guest,
 bool __read_mostly enable_ept_ad_bits = 1;
 module_param_named(eptad, enable_ept_ad_bits, bool, 0444);
 
+bool __read_mostly enable_cet = 1;
+module_param_named(cet, enable_cet, bool, 0444);
+
 static bool __read_mostly emulate_invalid_guest_state = true;
 module_param(emulate_invalid_guest_state, bool, 0444);
 
@@ -4476,7 +4479,7 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
         * SSP is reloaded from IA32_PL3_SSP. Check SDM Vol.2A/B Chapter
         * 3 and 4 for details.
         */
-       if (cpu_has_load_cet_ctrl()) {
+       if (enable_cet) {
                vmcs_writel(HOST_S_CET, kvm_host.s_cet);
                vmcs_writel(HOST_SSP, 0);
                vmcs_writel(HOST_INTR_SSP_TABLE, 0);
@@ -4532,6 +4535,10 @@ static u32 vmx_get_initial_vmentry_ctrl(void)
        if (vmx_pt_mode_is_system())
                vmentry_ctrl &= ~(VM_ENTRY_PT_CONCEAL_PIP |
                                  VM_ENTRY_LOAD_IA32_RTIT_CTL);
+
+       if (!enable_cet)
+               vmentry_ctrl &= ~VM_ENTRY_LOAD_CET_STATE;
+
        /*
         * IA32e mode, and loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically.
         */
@@ -4546,6 +4553,9 @@ static u32 vmx_get_initial_vmexit_ctrl(void)
 {
        u32 vmexit_ctrl = vmcs_config.vmexit_ctrl;
 
+       if (!enable_cet)
+               vmexit_ctrl &= ~VM_EXIT_LOAD_CET_STATE;
+
        /*
         * Not used by KVM and never set in vmcs01 or vmcs02, but emulated for
         * nested virtualization and thus allowed to be set in vmcs12.
@@ -8155,7 +8165,7 @@ static __init void vmx_set_cpu_caps(void)
         * VMX_BASIC[bit56] == 0, inject #CP at VMX entry with error code
         * fails, so disable CET in this case too.
         */
-       if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest ||
+       if (!enable_cet || !enable_unrestricted_guest ||
            !cpu_has_vmx_basic_no_hw_errcode_cc()) {
                kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
                kvm_cpu_cap_clear(X86_FEATURE_IBT);
@@ -8630,6 +8640,9 @@ __init int vmx_hardware_setup(void)
            !cpu_has_vmx_invept_global())
                enable_ept = 0;
 
+       if (!cpu_has_load_cet_ctrl())
+               enable_cet = 0;
+
        /* NX support is required for shadow paging. */
        if (!enable_ept && !boot_cpu_has(X86_FEATURE_NX)) {
                pr_err_ratelimited("NX (Execute Disable) not supported\n");