On Thu, 2023-09-14 at 02:33 -0400, Yang Weijiang wrote: > Check potential faults for CR4.CET setting per Intel SDM requirements. > CET can be enabled if and only if CR0.WP == 1, i.e. setting CR4.CET == > 1 faults if CR0.WP == 0 and setting CR0.WP == 0 fails if CR4.CET == 1. > > Reviewed-by: Chao Gao <chao.gao@xxxxxxxxx> > Co-developed-by: Sean Christopherson <seanjc@xxxxxxxxxx> > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx> > --- > arch/x86/kvm/x86.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index a091764bf1d2..dda9c7141ea1 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -1006,6 +1006,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) > (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) > return 1; > > + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) > + return 1; > + > static_call(kvm_x86_set_cr0)(vcpu, cr0); > > kvm_post_set_cr0(vcpu, old_cr0, cr0); > @@ -1217,6 +1220,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) > return 1; > } > > + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) > + return 1; > + > static_call(kvm_x86_set_cr4)(vcpu, cr4); > > kvm_post_set_cr4(vcpu, old_cr4, cr4); Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx> Best regards, Maxim Levitsky