On 6/6/2023 5:08 PM, Chao Gao wrote:
On Thu, May 11, 2023 at 12:08:46AM -0400, Yang Weijiang wrote:
Add handling for Control Protection (#CP) exceptions(vector 21).
The new vector is introduced for Intel's Control-Flow Enforcement
Technology (CET) relevant violation cases.
Although #CP belongs contributory exception class, but the actual
effect is conditional on CET being exposed to guest. If CET is not
available to guest, #CP falls back to non-contributory and doesn't
have an error code.
This sounds weird. is this the hardware behavior? If yes, could you
point us to where this behavior is documented?
It's not SDM documented behavior.
The original description is provided by Sean here:
Re: [PATCH v15 04/14] KVM: x86: Add #CP support in guest exception
dispatch - Sean Christopherson (kernel.org)
<https://lore.kernel.org/all/YBsZwvwhshw+s7yQ@xxxxxxxxxx/>
I also verified the issue on my side. If the KVM CET patches are there
in L1 but CET is not enabled, and running some unit test can
trigger unit test failure although the #CP induced one has been fixed in
KVM unit tests.