From patchwork Thu May 11 04:08:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 92394 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp4171889vqo; Thu, 11 May 2023 00:16:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5kd6DasCtVgUsJlFHg4oEl3jQVaijabAAOeT0ZmnJpR01GBYd6vA5VZQNfvqkZB6ufLfNH X-Received: by 2002:a17:902:f80a:b0:1a2:749:5f1a with SMTP id ix10-20020a170902f80a00b001a207495f1amr25809601plb.26.1683789398552; Thu, 11 May 2023 00:16:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683789398; cv=none; d=google.com; s=arc-20160816; b=svE7YdsSnBNayLCfeHRiSngTUlB29hAxd2zbUIukTXmpMdfJp8ou/xMr4p9W/uLFM6 0GHDDACBSudirRPjBjLyknP0n/gH6jn1NVFBPW+yD+PmIxELyvQ/BpAHt4bjiDCUBghi +wq5qAvbomEYJBcjrEX+vYzD1fjlWkwOrmTrGn/hNX/Pvfc0hM08UOkictGvdoNLQX8p YsqfqtVHUiX7g8qnjq4ZT5VwL2fDyP9+9n3noxeUopcIznOMWLu35Ol7iaCuLVlfV31D EhwMzpSNCKqWleVo+0zv9MORUxyBNaOGJJh66dKOn29hku9WKG5VBA0jtUO03WU3AXjZ pl/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ylKhb6iVtxXCTqiNdlnL5rRtDMj2rzh5bRWcHdGuHCg=; b=XDvf18PdmVL0urPuQBWMavWtAq6uycsTxFrltwLbeAq4hAjCpyV260nzL43q+EWV87 8YW3lrXzoSSDDuUQCENGYAL9Tu221ekoZFdk7A3Mu3qtnZ3GlLbD8z5aCYfxtlahS28F KjwObi6zFnAmx8JytxbShGx8gcKu7B+IZ5hdzw+niCZncMWHK22qqfLbPcaSjQOIva+K YCJ5ZaJFY27RaGT//NlpzXnOKPTZAP+76M77td3SV4eTvGg9JfBd6TZ6+apU1w7p86pl c4fCfhfMssfPqauvfPyi9/5QTY3+2e9XmyQwKqDMRpQqjqRWE7hrMHudPvUAL2nnOlhM ggrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mfxn3JVQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l191-20020a6391c8000000b00524ecf898a2si5807804pge.359.2023.05.11.00.16.25; Thu, 11 May 2023 00:16:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mfxn3JVQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237581AbjEKHPN (ORCPT + 99 others); Thu, 11 May 2023 03:15:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237453AbjEKHO2 (ORCPT ); Thu, 11 May 2023 03:14:28 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E3BA9EDB; Thu, 11 May 2023 00:14:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683789243; x=1715325243; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=AX0H9iVRW3xvfWuSDoCTwhSLi7i+WGN6LUh2TW6rnio=; b=mfxn3JVQx0Bv9aZzAFR3vaxMQzBUiEMhZqDFbFcmuhqEZle8zujLApmp QZTsGVH2nCDLel5Fk5bEWiNVP5O3gDooyM7sMcx6Pb58f34RSzZeqVybg nx9Oah6B0HLjI2qZLzEX8oZPw2q+hRhZgfL4QdEm5FyS6pOR8xf0divgv LYGdM9Xn1u0cqBwgYHguM7Ci9TV7h2PdgQFe+ifJGSDkiqh7oeVdrizAW ZVA2gA8O4ViHRO7EemDLt3tUIeS266ZRHqPjZFegcpnr6VpBkft/UBDKN xRva1jwCyFOukMn9/HI0t2TgCQnFJDsV6mj6PcQ2RVVwJt1iOxTXxlJhV g==; X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="334896699" X-IronPort-AV: E=Sophos;i="5.99,266,1677571200"; d="scan'208";a="334896699" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2023 00:13:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="1029512389" X-IronPort-AV: E=Sophos;i="5.99,266,1677571200"; d="scan'208";a="1029512389" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2023 00:13:26 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, rppt@kernel.org, binbin.wu@linux.intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, Zhang Yi Z , Sean Christopherson Subject: [PATCH v3 17/21] KVM:VMX: Pass through user CET MSRs to the guest Date: Thu, 11 May 2023 00:08:53 -0400 Message-Id: <20230511040857.6094-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230511040857.6094-1-weijiang.yang@intel.com> References: <20230511040857.6094-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1765581152808946233?= X-GMAIL-MSGID: =?utf-8?q?1765581152808946233?= Pass through CET user mode MSRs when the associated CET component is enabled to improve guest performance. All CET MSRs are context switched, either via dedicated VMCS fields or XSAVES. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 72149156bbd3..c254c23f89f3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -709,6 +709,9 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_U_CET: + case MSR_IA32_PL3_SSP: + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7702,6 +7705,23 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static bool is_cet_state_supported(struct kvm_vcpu *vcpu, u32 xss_state) +{ + return (kvm_caps.supported_xss & xss_state) && + (guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) || + guest_cpuid_has(vcpu, X86_FEATURE_IBT)); +} + +static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) +{ + bool incpt = !is_cet_state_supported(vcpu, XFEATURE_MASK_CET_USER); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, MSR_TYPE_RW, incpt); + + incpt |= !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, incpt); +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -7769,6 +7789,9 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); + + if (kvm_cet_user_supported()) + vmx_update_intercept_for_cet_msr(vcpu); } static u64 vmx_get_perf_capabilities(void)