Message ID | 20230914063325.85503-21-weijiang.yang@intel.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp761355vqi; Thu, 14 Sep 2023 19:40:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE9XILd0eFrbx4soZWBw6q371VQJ/BWrNH9RHVVlIx1rvNS8+JQAQTl6u/uulHnIb9hH4KO X-Received: by 2002:a05:6a21:a592:b0:14e:a513:7887 with SMTP id gd18-20020a056a21a59200b0014ea5137887mr5788796pzc.10.1694745639351; Thu, 14 Sep 2023 19:40:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694745639; cv=none; d=google.com; s=arc-20160816; b=i8aPks8397P6HkDRe6N2J+t/FodLukyOSy3drgXyAJRj3XxxZLyZ4Gkr2zcbwiqVsw vFPbqmXYyM3haws2Ugq0jChnDEqRQWHFGvgNQYqs5u7cXmjsvKrnS3C6QemZmoxvnqOo Cy0xTVn7ws9XYYEQFyjEuQf8GrsUhVK5dtZ41gss6uyf89BC2msjAWKG+8sudNIAH/mu GBAQXAyjQ5MLffPl1bI0/tfNwSYMr/2JwSmg5PGM7ihDbCvwhYjMKs4n4kAtXl6ADLq6 FVutj/iZZHF27NDk2mC3IB28ytGzcCm5iw+ZwyiVjkUc21SxX90K1FPkl5vdYbshEsVa HKug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TtoXZ/pQNkEqCBXMtNXgksrcX+5MWi30v+keLPXJCD4=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=BNY8/vmfzWU8Mk6wWcAYLir9qwT4MRvsebOhyfpBnALx7ur++NSATNuNlwOkxuUUNU Jj2/gQekZNDeqwZSKn6WcKtLD+cIaXlnEhSWhU80bEFyM/SmswooDe3z0xebdDHkkDqq I3CRRfl8S3/PdNoH2AdsWHasMiuax0R1cI2ATnBPg6F2cpofXvqfmtsJNKjW0bTGKPRn 8dIw3UX15erc0WpBSowlAL/QfAaCSEEk43PyTAoN4sVH05lXz9ixa3/cWGsdQojOSxyO sBeiMI4xWwZe0Dv5KUz6EHRSIeUbcTWJq9FZ9++C2FskSE4ec0IMvfNLO4+EoRe6e8PS 49tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RTNOUhVP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id z16-20020a656650000000b00565d05b2211si2359458pgv.819.2023.09.14.19.40.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 19:40:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RTNOUhVP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DFB588523B45; Thu, 14 Sep 2023 02:39:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237781AbjINJj1 (ORCPT <rfc822;chrisfriedt@gmail.com> + 35 others); Thu, 14 Sep 2023 05:39:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237415AbjINJi2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 611C61FD6; Thu, 14 Sep 2023 02:38:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684303; x=1726220303; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=FIh7tQ4a/6RDY7CSVW6DQiHz8WUvFOSxCbxKQrBiXtw=; b=RTNOUhVPT+fzWnrT8nSyUgNgjU6ZmZz5xlZKATnOpd9HbQUz6JO8zHRi B86Buypd0R6nvRSyznsc9AFGWdzltMlcAwhqEzrdqemZHiE4xESYzhTbD 0kQoqUtTiUPT4JRXJ+pKomTEPggB54eAGCMKBr5YDpD+u+5E2vmCmjgz3 3ENOIYD7rGrcwPgPR3kMO5fM1bq811YaD7RJX34RYPR1Hr78k1Wa6aXnF S/1BqvtIs38XDcmjtdvuYxxf4KXuEYj8JjHmlSlReRoj4M0ByH3QuPuir lnheiA0m/ynSuzU58g1Irru35LGBZ5h4viOUIiv8S0ZtUsgYLMKMqq49i Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857421" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857421" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656287" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656287" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:22 -0700 From: Yang Weijiang <weijiang.yang@intel.com> To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 20/25] KVM: x86: Save and reload SSP to/from SMRAM Date: Thu, 14 Sep 2023 02:33:20 -0400 Message-Id: <20230914063325.85503-21-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:42 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777069603277213370 X-GMAIL-MSGID: 1777069603277213370 |
Series |
Enable CET Virtualization
|
|
Commit Message
Yang, Weijiang
Sept. 14, 2023, 6:33 a.m. UTC
Save CET SSP to SMRAM on SMI and reload it on RSM. KVM emulates HW arch
behavior when guest enters/leaves SMM mode,i.e., save registers to SMRAM
at the entry of SMM and reload them at the exit to SMM. Per SDM, SSP is
one of such registers on 64bit Arch, so add the support for SSP.
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
arch/x86/kvm/smm.c | 8 ++++++++
arch/x86/kvm/smm.h | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
Comments
On Thu, 2023-09-14 at 02:33 -0400, Yang Weijiang wrote: > Save CET SSP to SMRAM on SMI and reload it on RSM. KVM emulates HW arch > behavior when guest enters/leaves SMM mode,i.e., save registers to SMRAM > at the entry of SMM and reload them at the exit to SMM. Per SDM, SSP is > one of such registers on 64bit Arch, so add the support for SSP. > > Suggested-by: Sean Christopherson <seanjc@google.com> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > --- > arch/x86/kvm/smm.c | 8 ++++++++ > arch/x86/kvm/smm.h | 2 +- > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c > index b42111a24cc2..235fca95f103 100644 > --- a/arch/x86/kvm/smm.c > +++ b/arch/x86/kvm/smm.c > @@ -275,6 +275,10 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, > enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); > > smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); > + > + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) > + KVM_BUG_ON(kvm_msr_read(vcpu, MSR_KVM_SSP, &smram->ssp), > + vcpu->kvm); > } > #endif > > @@ -565,6 +569,10 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, > static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0); > ctxt->interruptibility = (u8)smstate->int_shadow; > > + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) > + KVM_BUG_ON(kvm_msr_write(vcpu, MSR_KVM_SSP, smstate->ssp), > + vcpu->kvm); > + > return X86EMUL_CONTINUE; > } > #endif > diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h > index a1cf2ac5bd78..1e2a3e18207f 100644 > --- a/arch/x86/kvm/smm.h > +++ b/arch/x86/kvm/smm.h > @@ -116,8 +116,8 @@ struct kvm_smram_state_64 { > u32 smbase; > u32 reserved4[5]; > > - /* ssp and svm_* fields below are not implemented by KVM */ > u64 ssp; > + /* svm_* fields below are not implemented by KVM */ > u64 svm_guest_pat; > u64 svm_host_efer; > u64 svm_host_cr4; Just one note: Due to historical reasons, KVM supports 2 formats of the SMM save area: 32 and 64 bit. 32 bit format more or less resembles the format that true 32 bit Intel and AMD CPUs used, while 64 bit format more or less resembles the format that 64 bit AMD cpus use (Intel uses a very different SMRAM layout) 32 bit format is used when X86_FEATURE_LM is not exposed to the guest CPUID which is very rare (only 32 bit qemu doesn't set it), and it lacks several fields because it is no longer maintained. Still, for the sake of completeness, it might make sense to fail enter_smm_save_state_32 (need to add return value and, do 'goto error' in the main 'enter_smm' in this case, if CET is enabled. I did a similar thing in SVM code 'svm_enter_smm' when it detects the lack of the X86_FEATURE_LM. Best regards, Maxim Levitsky
diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index b42111a24cc2..235fca95f103 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -275,6 +275,10 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_read(vcpu, MSR_KVM_SSP, &smram->ssp), + vcpu->kvm); } #endif @@ -565,6 +569,10 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0); ctxt->interruptibility = (u8)smstate->int_shadow; + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_write(vcpu, MSR_KVM_SSP, smstate->ssp), + vcpu->kvm); + return X86EMUL_CONTINUE; } #endif diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h index a1cf2ac5bd78..1e2a3e18207f 100644 --- a/arch/x86/kvm/smm.h +++ b/arch/x86/kvm/smm.h @@ -116,8 +116,8 @@ struct kvm_smram_state_64 { u32 smbase; u32 reserved4[5]; - /* ssp and svm_* fields below are not implemented by KVM */ u64 ssp; + /* svm_* fields below are not implemented by KVM */ u64 svm_guest_pat; u64 svm_host_efer; u64 svm_host_cr4;