CET KVM enabling patch series introduces extra constraints on CR0.WP and
CR4.CET bits, i.e., setting CR4.CET == 1 causes fault if CR0.WP == 0. Skip
the bit testing to avoid folding it in flexible_cr4 and finally trigger
a #GP when write the CR4 with CET bit set while CR0.WP is cleared.
Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx>
---
x86/vmx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/x86/vmx.c b/x86/vmx.c
index 12e42b06..1c27850f 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -1430,7 +1430,7 @@ static int test_vmxon_bad_cr(int cr_number, unsigned long orig_cr,
*/
if ((cr_number == 0 && (bit == X86_CR0_PE || bit == X86_CR0_PG)) ||
(cr_number == 4 && (bit == X86_CR4_PAE || bit == X86_CR4_SMAP ||
- bit == X86_CR4_SMEP)))
+ bit == X86_CR4_SMEP || bit == X86_CR4_CET)))
continue;
if (!(bit & required1) && !(bit & disallowed1)) {
--
2.27.0
