nVMX: Exclude CR4.CET from the test_vmxon_bad_cr()
CET KVM enabling patch series introduces extra constraints on CR0.WP and
CR4.CET bits, i.e., setting CR4.CET == 1 causes fault if CR0.WP == 0. Skip
the bit testing to avoid folding it in flexible_cr4 and finally trigger
a #GP when write the CR4 with CET bit set while CR0.WP is cleared.
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Link: https://lore.kernel.org/r/20230913235006.74172-2-weijiang.yang@intel.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
diff --git a/x86/vmx.c b/x86/vmx.c
index 12e42b0..1c27850 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -1430,7 +1430,7 @@
*/
if ((cr_number == 0 && (bit == X86_CR0_PE || bit == X86_CR0_PG)) ||
(cr_number == 4 && (bit == X86_CR4_PAE || bit == X86_CR4_SMAP ||
- bit == X86_CR4_SMEP)))
+ bit == X86_CR4_SMEP || bit == X86_CR4_CET)))
continue;
if (!(bit & required1) && !(bit & disallowed1)) {