Re: [PATCH v3 10/21] KVM:x86: Add #CP support in guest exception classification

From: Yang, Weijiang
Date: Thu Jun 08 2023 - 02:02:30 EST

Next message: Michael S. Tsirkin: "Re: [PATCH] vhost-vdpa: filter VIRTIO_F_RING_PACKED feature"
Previous message: Stanislaw Gruszka: "Re: [PATCH] accel/ivpu: Use struct_size()"
Next in thread: Sean Christopherson: "Re: [PATCH v3 10/21] KVM:x86: Add #CP support in guest exception classification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/6/2023 5:08 PM, Chao Gao wrote:

On Thu, May 11, 2023 at 12:08:46AM -0400, Yang Weijiang wrote:

Add handling for Control Protection (#CP) exceptions(vector 21).
The new vector is introduced for Intel's Control-Flow Enforcement
Technology (CET) relevant violation cases.

Although #CP belongs contributory exception class, but the actual
effect is conditional on CET being exposed to guest. If CET is not
available to guest, #CP falls back to non-contributory and doesn't
have an error code.

This sounds weird. is this the hardware behavior? If yes, could you
point us to where this behavior is documented?

It's not SDM documented behavior.

The original description is provided by Sean here:

Re: [PATCH v15 04/14] KVM: x86: Add #CP support in guest exception dispatch - Sean Christopherson (kernel.org) <https://lore.kernel.org/all/YBsZwvwhshw+s7yQ@xxxxxxxxxx/>

I also verified the issue on my side. If the KVM CET patches are there in L1 but CET is not enabled, and running some unit test can

trigger unit test failure although the #CP induced one has been fixed in KVM unit tests.

Next message: Michael S. Tsirkin: "Re: [PATCH] vhost-vdpa: filter VIRTIO_F_RING_PACKED feature"
Previous message: Stanislaw Gruszka: "Re: [PATCH] accel/ivpu: Use struct_size()"
Next in thread: Sean Christopherson: "Re: [PATCH v3 10/21] KVM:x86: Add #CP support in guest exception classification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]