| Message ID | 20231003092835.18974-1-jinankjain@linux.microsoft.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2a8e:b0:403:3b70:6f57 with SMTP id
in14csp1959564vqb;
Tue, 3 Oct 2023 02:28:50 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IHXHEyzW9V4R9OwXp5xAhtdaJf5WDDl+mD1FnFItxTMPuxl+GySVhjlZ4qyQomuKFg0DUmT
X-Received: by 2002:a05:6a00:13a7:b0:690:c75e:25d7 with SMTP id
t39-20020a056a0013a700b00690c75e25d7mr14211215pfg.18.1696325329691;
Tue, 03 Oct 2023 02:28:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696325329; cv=none;
d=google.com; s=arc-20160816;
b=0glZqtstxuKZsfwmcHEFRYxd8SxAjiPjLX7Tc0cd5peMyTGyx8IWbvSB7lihfOL4oc
pOHpGygi3Kfh+UYu1GoRGp37MnyNjeIzFRkIwM2sN0+LkHmqOpSWRCG37Gn6ipFEku/V
s5UCNd/dAQAi0yPgnzQ42bpNNn+2d3KvF5ajbzrgXPLXUriAFVsd6E5shr+ml7Bl5n40
tgzqz69+qAh7ZahkzH62mmmMe8stT35n7iAjv8LPmrmYp+uKd08LO0N7C31Mtlx9gmdj
WxRicgVDRQs1wn+S3C8NmoYrIZMGFajqBpjt/g0pPsBcom9LXoSc3O7wN9oQ+D+pllgE
yoGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature:dkim-filter;
bh=gZ9ywJ91S296Vc3gZYVJDfc5JwL0EbNgI9h5fuzeoMs=;
fh=uEEh5+L9AA1GH+1Gl2e8099A6RmQNEWMWiCnPB8Syn8=;
b=b+8Rh0jwrds/id1v8CASthCZ08hpVxVcobaBx40a0ErFeZgzgxUBlhhwwJSpMffEHK
RIWA8dBcCInzTzQ6J6jubg+ipFVLoZoQXEu6aBSPTBMz53SUE01KJCGi0cCva22LcKYx
i7h9tMB/+uddul9MfTvrU17wJlJHAmIyPN0Z4qRAPaQnL5EHBYSSHa8dZs403ZEyUjSl
u5ivZcNcZODZRlSPRpWK9eFh6W4nHPmZ5A+q2dXQs+wlyWpfbYoJgo0XyS89wHjNKFD2
b0xGh1jwZGHSXLuaqlmy+9oA1QPz8kl76Y37HgaGKVuQngzBrcga/Mf0+rbkPgdaTNwT
q9Cg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=XZIQSHKJ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.34 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
by mx.google.com with ESMTPS id
y15-20020a056a00190f00b00690258a9766si1101390pfi.373.2023.10.03.02.28.49
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 03 Oct 2023 02:28:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=XZIQSHKJ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.34 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by howler.vger.email (Postfix) with ESMTP id 0AB54827AF9B;
Tue, 3 Oct 2023 02:28:49 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231626AbjJCJ2r (ORCPT <rfc822;pusanteemu@gmail.com> + 18 others);
Tue, 3 Oct 2023 05:28:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55080 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231199AbjJCJ2n (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 3 Oct 2023 05:28:43 -0400
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id DD710AB;
Tue, 3 Oct 2023 02:28:40 -0700 (PDT)
Received: from jinank-dev.tail216e5.ts.net (unknown [40.90.178.231])
by linux.microsoft.com (Postfix) with ESMTPSA id A8F1E20B74C0;
Tue, 3 Oct 2023 02:28:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A8F1E20B74C0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
s=default; t=1696325320;
bh=gZ9ywJ91S296Vc3gZYVJDfc5JwL0EbNgI9h5fuzeoMs=;
h=From:To:Cc:Subject:Date:From;
b=XZIQSHKJ2GJcqrskFeoitJoIRQDbTmhtbG9GUNbxq44Yg1LPDmOtDXK9ydOXjYJYy
uHK6MTVlQyvK7DsnrN8keJnCFnNJF9tF5bPBZyq2lREo7WGQBhw40/w2LSRY6zJMgX
Ycuxp7hz8fS9ZlGJr3wcfca7pvPhsm8rvdYXvi8o=
From: Jinank Jain <jinankjain@linux.microsoft.com>
To: seanjc@google.com, pbonzini@redhat.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, jinankjain@microsoft.com,
thomas.lendacky@amd.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: wei.liu@kernel.org, tiala@microsoft.com
Subject: [PATCH] arch/x86: Set XSS while handling #VC intercept for CPUID
Date: Tue, 3 Oct 2023 09:28:35 +0000
Message-Id: <20231003092835.18974-1-jinankjain@linux.microsoft.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-17.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,
SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
Tue, 03 Oct 2023 02:28:49 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1778726028988907165
X-GMAIL-MSGID: 1778726028988907165
|
| Series |
arch/x86: Set XSS while handling #VC intercept for CPUID
|
|
Commit Message
Jinank Jain
Oct. 3, 2023, 9:28 a.m. UTC
According to [1], while handling the #VC intercept for CPUID leaf
0x0000_000D, we need to supply the value of XSS in the GHCB page. If
this value is not provided then a spec compliant hypervisor can fail the
GHCB request and kill the guest.
[1] https://www.amd.com/system/files/TechDocs/56421-guest-hypervisor-communication-block-standardization.pdf
Signed-off-by: Jinank Jain <jinankjain@linux.microsoft.com>
---
arch/x86/include/asm/svm.h | 1 +
arch/x86/kernel/sev-shared.c | 3 +++
2 files changed, 4 insertions(+)
Comments
* Jinank Jain <jinankjain@linux.microsoft.com> wrote: > According to [1], while handling the #VC intercept for CPUID leaf > 0x0000_000D, we need to supply the value of XSS in the GHCB page. If > this value is not provided then a spec compliant hypervisor can fail the > GHCB request and kill the guest. > > [1] https://www.amd.com/system/files/TechDocs/56421-guest-hypervisor-communication-block-standardization.pdf URL doesn't seem to exist, I get redirected to AMD's 404 page. Thanks, Ingo
On 10/3/23 02:28, Jinank Jain wrote: ... > diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c > index 2eabccde94fb..92350a24848c 100644 > --- a/arch/x86/kernel/sev-shared.c > +++ b/arch/x86/kernel/sev-shared.c > @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, > if (snp_cpuid_ret != -EOPNOTSUPP) > return ES_VMM_ERROR; > > + if (regs->ax == 0xD && regs->cx == 0x1) > + ghcb_set_xss(ghcb, 0); The spec talks about leaf 0xD, but not the subleaf: > XSS is only required to besupplied when a request forCPUID 0000_000D > is made andthe guest supports the XSS MSR(0x0000_0DA0). Why restrict this to subleaf (regx->cx) 1? Second, XCR0 is being supplied regardless of the CPUID leaf. Why should XSS be restricted to 0xD while XCR0 is universally supplied? Third, why is it OK to supply a garbage (0) value? If the GHCB field is required it's surely because the host *NEEDS* the value to do something. Won't a garbage value potentially confuse the host?
On 10/3/23 11:07, Dave Hansen wrote: > On 10/3/23 02:28, Jinank Jain wrote: > ... >> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c >> index 2eabccde94fb..92350a24848c 100644 >> --- a/arch/x86/kernel/sev-shared.c >> +++ b/arch/x86/kernel/sev-shared.c >> @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, >> if (snp_cpuid_ret != -EOPNOTSUPP) >> return ES_VMM_ERROR; >> >> + if (regs->ax == 0xD && regs->cx == 0x1) >> + ghcb_set_xss(ghcb, 0); > > The spec talks about leaf 0xD, but not the subleaf: > >> XSS is only required to besupplied when a request forCPUID 0000_000D >> is made andthe guest supports the XSS MSR(0x0000_0DA0). > Why restrict this to subleaf (regx->cx) 1? Today, only subleaf 1 deals with XSS, but we could do just what you say and set it for any 0xD subleaf to be safe. > > Second, XCR0 is being supplied regardless of the CPUID leaf. Why should > XSS be restricted to 0xD while XCR0 is universally supplied? XCR0 is really only required for 0xD, I'm not sure why it is being setting all the time (unless similar to above, it becomes required for some other CPUID leaf in the future?) > > Third, why is it OK to supply a garbage (0) value? If the GHCB field is > required it's surely because the host *NEEDS* the value to do something. > Won't a garbage value potentially confuse the host? Ideally, the guest should be checking if XSAVES is enabled, which requires checking CPUID leaf 0xD, subleaf 1. So a bit of a chicken and egg thing going on the very first time. And then the guest should read MSR_IA32_XSS to get the actual value. This MSR is virtualized, so the hypervisor needs to not intercept access in order for the guest to actually set/get a value. Today, KVM/SVM doesn't support that since XSS is used (mainly/only) for shadow stack and KVM shadow stack support is only getting looked at now. So the guest support for XSS and ES/SNP guests needs to be thought out a bit more. Thanks, Tom >
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0..c2f670f7cb47 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -678,5 +678,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 2eabccde94fb..92350a24848c 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, if (snp_cpuid_ret != -EOPNOTSUPP) return ES_VMM_ERROR; + if (regs->ax == 0xD && regs->cx == 0x1) + ghcb_set_xss(ghcb, 0); + ghcb_set_rax(ghcb, regs->ax); ghcb_set_rcx(ghcb, regs->cx);