From patchwork Wed May 24 15:53:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98606 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp32386vqr; Wed, 24 May 2023 09:28:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4QIrclzjmJBNwTx/WQLR78YNWpsbEEBqe2e1JkhTsjm4za3W+bwJNyKukdig9gWIQxQ7np X-Received: by 2002:a05:6a00:23cc:b0:645:c730:f826 with SMTP id g12-20020a056a0023cc00b00645c730f826mr4560023pfc.24.1684945701884; Wed, 24 May 2023 09:28:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945701; cv=pass; d=google.com; s=arc-20160816; b=m1j+O7JafGtH/xlyrTBK/rxmXGKzshMPN/Gl5o6fq4pIken1VJBvWhE4jn4BMFUUci KpOvbiZVc9H0jTEb+EPRu4FxRcviZRGwXVsINKK+MM/43dpkA8xIChmIxbgJ5pLfcvhl N+ygHC4aVl1AjoNFuGHJFBRuuIyCKb2/haGym6dvje8tc1UIFHbfTBnRZ47tgbYAawwo eFrEKh/AxzN5U7hGTGIef8LySeMEB/CufC5AZaGhw2nWm1EcCL2JYR0vkUl09lqeCV/O UYjHFz9GwBEd7n+J0Ue6ZqEut7MrbuQal0d+m3YLlBwxdUGuo1eXbsRidIWCQ0+KERi0 iBAQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Uj0bkYXsR10s3r/m8xtxss13IhLieX8HsOzV2Z7O/i0=; b=X+NrI4/DJN9Ba7c5iddN4FrQByzrCCZgnh8GxY6WM0z9PGruIxMmqjlbgQBnXUNGoP gTwRA93rAui3/QzFmy2ynHouYPEyWcyUzBxM+nKorgRPJJJmy37uqz2pg9nx3NxsnVKN aOjv2GGktljASXe1dLq6p2vREdCAI/EzXm77H2SeUICm4nz3Gs8nJInl4EQFpERhz1U6 dN0C2hbu1RNQj1WCxLx74/Be311NxmK2PAO/piVTFPbrHcWVbcmKq4ARtSogdXcf5Wt8 1V32paxmSCSOHpEn97OcIiTV5LRudJ/7eGWnTvDBUVNKxuR/vgn1JbiL1BsJksxufNvb 586w== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Br1zPgTh; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o29-20020a637e5d000000b00528c170e4f3si8866667pgn.544.2023.05.24.09.28.09; Wed, 24 May 2023 09:28:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Br1zPgTh; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237501AbjEXPyf (ORCPT + 99 others); Wed, 24 May 2023 11:54:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232134AbjEXPyd (ORCPT ); Wed, 24 May 2023 11:54:33 -0400 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2085.outbound.protection.outlook.com [40.107.95.85]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF1F6BF; Wed, 24 May 2023 08:54:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XhKwbVHK3DXIYsNKHRgMaBmWL8QkNfJTHghICdGUDk4rFr4jKf8IdWei24NeKWk8gxHWPmHl5EMjwv4BUBnVyw1q/c6ZkGs0xE3cZX9cd0wPi9bpkJEs/8HQjJT1/sH4LbgBoGdefdMDIO6F/c6zH68vng35oiMCxljf8IadmDNM6q82fAjaAiDp5nrNondVWsoh68LM+D6sSTSkMGhZc2nLFn/tuDsAbrF04W7QTDc0f6lozdxNf4ADtKl49u4ODOE/Vl+Lk8K+eBghjxZDXG/bQPTXq1+nY9/DWOsBlgkUYIOwkKUphb+cyamFIuEAxzf8HdXTU7AFH2K9FCNgxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Uj0bkYXsR10s3r/m8xtxss13IhLieX8HsOzV2Z7O/i0=; b=is25l9oGO14Q26VaZ9v3E3431vTfuw84b7xjorlzxRbOEdxrb2jpZaoFCMDMgqs2tJvY+u3RCvm1IZ5hvAb65uynJ4550+AcVl1c1WiGIt3Olk756C9wECH8M/va+DeUFyqrk0eYkVtMRvefffL1xaUP4LAJjpp9JYW8pJ5uFeAsnYRYVnArE4Xpx1Lz7SOrnjF5/6vOxWt5a2cBGXoU7qjcgPwjZ3wMBYHA0J6UMD2jdbvJUMGugKpL0iJPxpqQyu++v0tlFVuZiBhn2fPPj0KkqG0YHaYgEmw28d54J+M03Q7T7mhhiBaUM3P0aN98SkJmigS5+/2FUbiDDNYrYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Uj0bkYXsR10s3r/m8xtxss13IhLieX8HsOzV2Z7O/i0=; b=Br1zPgThllSS3nyZLXzdIEE/twQsEDmxBRvTpm6f3SC+KYy5XB8LRBtF+UvfdTkwwU45cfzO1ZN74sg3/zQaLte0uw3gkS8L1o3cpHnBdlTdII6HOWFsMy8PYh5QCzG9m6x/ha/OT/QzDgf29XSHttLwsMwdABbxyp+lNX7sRW0= Received: from BN9PR03CA0893.namprd03.prod.outlook.com (2603:10b6:408:13c::28) by DM4PR12MB5889.namprd12.prod.outlook.com (2603:10b6:8:65::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Wed, 24 May 2023 15:54:26 +0000 Received: from BN8NAM11FT079.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13c:cafe::f2) by BN9PR03CA0893.outlook.office365.com (2603:10b6:408:13c::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT079.mail.protection.outlook.com (10.13.177.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:24 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 1/6] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Wed, 24 May 2023 15:53:34 +0000 Message-ID: <20230524155339.415820-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT079:EE_|DM4PR12MB5889:EE_ X-MS-Office365-Filtering-Correlation-Id: 1d4d0fbe-5829-44e4-c266-08db5c6f26ca X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bQkRdOaafGdWAe/xDCQaKjsZokIspN2Bj9uMjTJ1i9+g30qKvIUxU+rcmhq1uxSNSZAw9iLTsZNIvZbbBUzEVvMNShCW9cqsazx1AphIE5peVW5de7fMoWCI+wvhLHDkem4dzURvhXp5uu1+J6wUIyzrnlpd6La+GYnc+DYS/DUaWa3o9a34BBcqL3x59tAr1lqOQx+tXXXlY+l4uX2M83MB8H/gM5NyJ3lS73/kotAIdOP1SRM+1dg0SK9VJVUYXzM3ggLuLRICREUBPW4x+YhgE8UQe6f8QfbAZbBUXeILSWkYxMi0Rt+nOIj3RrmJQUMWd/HHvUpyrqOlC8o0fWX0LGitXC0Ld4IV2P5Yf4diD3V08BI8cIGmV2LBlJq0/0uiRZvVel9ykoJm/6UuXxAVRSjUY5wiSCRRWDBzXL/+jpkqHNfKP3t9ObU//xaRMcka0SHfshwvShx+FpYDptvqiThi9je6G1NwEA2Lj+X45UZETO8GkAY4PHYmPU4KEqkR1uAb3i2F6KZSTNl3jxciiBA0BHv6/7W0Wuz8F+lbhdlYtltaHzE+wUcTh1t7244mgWnTe1fx85LBLdRrC4BrakX1VZyScyEV/GZLw/Nu0woz9uW2GJtO7JqOgb0u2oU8ckBkR+i3BU7TrrMZgAFzbxPxqYEh04h5StTP0x0C4GiaSGtxpf2CD9EpuHgg9d0A5etQsAksO1wKkSrOTjQUiNslVWHHyqj/6Gu2RmjdVYImk1lE/h753EnpzLVlEdSR2q55Pl76RzI55zBu6w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(136003)(346002)(396003)(376002)(451199021)(46966006)(36840700001)(40470700004)(2906002)(36860700001)(16526019)(47076005)(186003)(86362001)(2616005)(40480700001)(426003)(83380400001)(336012)(82740400003)(81166007)(356005)(5660300002)(36756003)(8936002)(8676002)(316002)(41300700001)(44832011)(40460700003)(6666004)(7696005)(26005)(1076003)(6916009)(54906003)(478600001)(4326008)(70206006)(70586007)(82310400005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:26.4535 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1d4d0fbe-5829-44e4-c266-08db5c6f26ca X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT079.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5889 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766793624000849479?= X-GMAIL-MSGID: =?utf-8?q?1766793624000849479?= Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index eb308c9994f9..822d7a65e92a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2800,6 +2800,31 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.ssp; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3016,6 +3041,39 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + kvm_set_xsave_msr(msr); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.ssp = data; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + kvm_set_xsave_msr(msr); + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Wed May 24 15:53:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98610 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp33141vqr; Wed, 24 May 2023 09:29:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5m7RXONQdEiWgYitop4LICaG41cFcFa1f6ORuJebeycfEIkn7OYeUn4R8p+2Q2rC3mMn2B X-Received: by 2002:a05:6a00:21d2:b0:64d:2841:8380 with SMTP id t18-20020a056a0021d200b0064d28418380mr3970823pfj.22.1684945777756; Wed, 24 May 2023 09:29:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945777; cv=pass; d=google.com; s=arc-20160816; b=LGLoYsPUiA3yGI7rLEbRF5b7nApx/pmaJ+7uSu+DkhzLRf85K2rK1SIis9Ell2I/Uq kadstL0iKiMs1Lm0mxL7uqGzgCBA3uRHg/IWMkUIKtB2/Y1sEoiUwipheDBthT4F3hbw ccHR7mzRc8nDZQVASP349qmmd8QB5s1zuLVfJXEtEezS4vk7c1mwijCGJ0Qtd1mpIfNS B+VcYZ+mFwVLilZcSAr/LLR/eYnDX4hgnVOJ/Tuevx9SIQz/0obezToKdAzkH7K7No5j /Jpn2lYG+oMhIYktQhIm9eeVmymgG6Y7KGGINQpHIvjxnt70xVIyv79RZSLigfwI+WSY DydA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Q6zIH168ovFtPh3MqZF5O+JOgyVJkebtffL5YDCpYbY=; b=t17kuK9Ay8onSm0JzpfKFpqk1Pf3WWeEqUDmhqrEhsTdeNHarDtTheWh+LQZu7IqJF oqPzhQB0zxFyEJPw8Saxw0724bZbkz0L3nivNMzz4aMvgXN66NJ0pb19o4jFteT+mHX4 /FigszjvQISBnQDSJJ5Wp/W8tDXi2FGOAm2CduHg1ZmSQdrjoA1XikM6Gn8BdseqblGf rcK8MGxKi7esoGl5WY64LtYOV1iGcrRxul5uc4eqo7akJxvwzPhIDvvyLsMloZzNq8nS EALb6OBYsoaF6rLtIEQBc3ImRZR3wjarswEs5dxbc+53QC756xJc1j5+SkXECtoL2YII OvLg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=zdvB45dO; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o5-20020aa79785000000b0064eeb3d3a19si4215276pfp.158.2023.05.24.09.29.18; Wed, 24 May 2023 09:29:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=zdvB45dO; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232134AbjEXPyh (ORCPT + 99 others); Wed, 24 May 2023 11:54:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236127AbjEXPyd (ORCPT ); Wed, 24 May 2023 11:54:33 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2089.outbound.protection.outlook.com [40.107.243.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A304119; Wed, 24 May 2023 08:54:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ryi5QxoI2NKF1NXJ50wi9tdle25147LCutwsTNnu3pRWdSznMg/OoKXuQ5dWPgLj0RwRhh8dgl8pTOC9Ot3CxeF6Ipg+qYeQ7qmNNWwwQA/q6y9UFZwQa8sSYb7vK+NHNcYdUEBmEk825lnVwlzi079O+J4EYT9YCNbq8bCPbWUnMGgi6YMbtEIaTR+igTItxx4/TAkENmZi7vuBwKQM/tlSEexNl5h6B6NV00jBxqhDLchwN83+y1C0inXCG21c0TalePwuDDDyi2jLZDWo9+beYnV2W4KyVFZlyqHPtjfBsK+OKJqjINmc3JQZe5R6FkUS0C9Lo56A/yE7FsEx9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q6zIH168ovFtPh3MqZF5O+JOgyVJkebtffL5YDCpYbY=; b=f98FAm5ecvqezP1jO0T2nymnsDP0Wd/eFUDROxNn5cdrzTi1vouNjLo9cWcnoTv8fU2rWLuI/M5XOgvqpMrXm677PDyGdQZ3uMCzgf2UWuO9FWTwXjFo8lu8qWrG+T4h6/ul5/9Hb5DsGxcz/qtOVTNnWZtffByLYB2I677mczuyYOtm6/4RXJYWsZ5d8a2rP2HTr2CcFIX2X1FN+EXIBTCmTpM7Gcgmcudqg2i3b7TPZuWYxmzdLbXEu/C1ArGS032+keKGY67Fxu5XZ6NREb93sAYOwCEd6/LAWmnEShqFEOtwefhlOaBsIgum4ISDDYzxvdvsYIIaR0051ilnPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q6zIH168ovFtPh3MqZF5O+JOgyVJkebtffL5YDCpYbY=; b=zdvB45dOJ7AK5PS8SJSXuNVctF5CzmxhuVHyq75LXqI8edE9UUqVU4+Y+yYZhptc2UY/BBwyL17mEaJp69zBtKLGE0A4xWymqMhy95EMp0PDOEyh3fuDChvUG5oJE25kZ/qIubcCGTAD/fE40KKohKiwkvIn+WrLaDIRpPUSAVU= Received: from BN9PR03CA0883.namprd03.prod.outlook.com (2603:10b6:408:13c::18) by BL0PR12MB4913.namprd12.prod.outlook.com (2603:10b6:208:1c7::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29; Wed, 24 May 2023 15:54:26 +0000 Received: from BN8NAM11FT079.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13c:cafe::19) by BN9PR03CA0883.outlook.office365.com (2603:10b6:408:13c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT079.mail.protection.outlook.com (10.13.177.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:25 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 2/6] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Wed, 24 May 2023 15:53:35 +0000 Message-ID: <20230524155339.415820-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT079:EE_|BL0PR12MB4913:EE_ X-MS-Office365-Filtering-Correlation-Id: df79e489-4fd1-463e-be61-08db5c6f2708 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y4vj+o+d6PXxIb++2EPjxdturEJaC1Azt40vPIumiW7iYoG2V2Y74aKBABsrwyCejZr7ejxUSOS61u63y6D9zdRw/qE4Bp1zfS0XMl0uIo8Q92ptJesiXYGQ+uvT1IjcAgOuqwd338+Hsf6m4ycmhWkViHYE11QnHJCewC3AzzmAZXJo2YDhFelwVXSZqVYrRAruDIMkQg4VDTsy6UDKpxYwri3kfhlBaDcm+4tZtOjEKv/yLOUJzpm6MzjgvSn/55MhsASAeKZux4VN99j95Oag4c2cHGFZanLwEj9N6j1vud9CEManWG3E+odVbKAw98Hqj1OrGI/2ddpf+aYrGdyIrTJRcv/3NSsKUYrisfuLQcAkzcj3a0UyKy+R/k2SbSf/NdCCTz0c5rtyZwcqVlWPXh8fU/ai/qzBmDfmAbe8C9MrwqsT5CBr19N9wzaASTn/RbYKB6Lb1PjdYeR3y315vZsQmbmO8W5EYctlaZsNsOxY3wIIkg9OOvTczDnMNHZvr4IhCZwxRov/mzKjGY1N3JaerH8dSQbgx7xaxM1wcZXjmuHYu5wswftfzT90SAUzEI4nkNQH3p/IRDHtmyTwYLCjBCDRjjzh0YveIEoms+F/Wm2ZG1oESIJ+u5TmudkNHcwZaDQeGfa+r0Ef6M7yVJFol4XkBckeO5ENTdXUg3+PI5zmWjdlUX0T3uAMam8gGfJOXzpMHRZe8JGK78dboJsyUoqfQEh/jKKLssUj2/i1jY+oPAmU4SKYXgGgvBuj+MCLuFWJSCjDNLqDvQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(39860400002)(376002)(136003)(346002)(451199021)(46966006)(40470700004)(36840700001)(186003)(81166007)(356005)(82740400003)(40460700003)(26005)(1076003)(44832011)(2616005)(47076005)(36860700001)(36756003)(336012)(2906002)(16526019)(40480700001)(316002)(6666004)(70206006)(4326008)(6916009)(70586007)(7696005)(41300700001)(426003)(54906003)(82310400005)(86362001)(478600001)(8676002)(8936002)(5660300002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:26.8754 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df79e489-4fd1-463e-be61-08db5c6f2708 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT079.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4913 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766793704248583824?= X-GMAIL-MSGID: =?utf-8?q?1766793704248583824?= Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 822d7a65e92a..6df486bb1ac4 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3392,6 +3392,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Wed May 24 15:53:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98608 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp32800vqr; Wed, 24 May 2023 09:29:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5zdARmmhI/N66W35WfHBcZxOJ8Ltdd8PWyksWjKRfZwQHa6dNQGhBUyN1RyLjtQ/NuchrR X-Received: by 2002:a05:6a20:748e:b0:10c:9e35:857a with SMTP id p14-20020a056a20748e00b0010c9e35857amr6873885pzd.49.1684945742762; Wed, 24 May 2023 09:29:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945742; cv=pass; d=google.com; s=arc-20160816; b=mr1VgOoqmURPfgiDndAFH8yGoRj9b9d5SlpDgyKQHr6JqFV6TOOsL8XySmDJRpmWwU Mlw6r7J9rjutzwvDdXdNMuC5eWPwtqw62QCBzmHmp8/K49D2BBq2/Vxcwyw8v9w0d/ED rCeyGqgWQAwSsZjbSz4QVpoq2ypTBgla5j7DWW8OqVM4+l/5xBmakN6goSysRCYexrDR oGeO4QWA2akQ/JWDZrVNXJKeCzAbRok2aUFr9cHH5R7S+YleBGiblcg9XrLOBND5oTSt Wu2W5Mj9OTcoWBA02Yhv1iUgihxkHRNuDkkRCizqtbGATbOsYNA2ky8ai7G1h+xhmzTY G6hw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bhJQrei0cPAAxb+GVVGUWNvRMGgni/3k1a10NVoTUFU=; b=VWyeTsmfXJ/RBMV2GXG3QAOddDhpsd8ZKgPX0DREoEEHjRrsfKAsUTgcUj92tFyJOJ aiy2P4lbfele5or18jPgPbIMqkrOQFOUWcbEYtT02ynyWFMpTyCqS7WOVD68qaKNYz+Q h/6TRwANyhc/dsEuGjndT5qG7449xWGeUPcv9E3xoqxMKzaTQ8+Sh8ePnWGaOsuJpmPi MO4likNtFHReo7rTjHgvSsALFIxH0As2qiWt3Iw2ryGLwkQccCLeTQQU/VhOrv3f86sh jVmuKDf9L0Wy3Zee/HuRb63tiqsSTV7QJ15Gx3E6wVrriNXXFS9Dvq/o/XSQmG+VNq5j EpBw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b="H0T7jq/l"; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i186-20020a626dc3000000b0064d2b6d84a6si8650680pfc.159.2023.05.24.09.28.47; Wed, 24 May 2023 09:29:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b="H0T7jq/l"; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237560AbjEXPyp (ORCPT + 99 others); Wed, 24 May 2023 11:54:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237544AbjEXPyi (ORCPT ); Wed, 24 May 2023 11:54:38 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2047.outbound.protection.outlook.com [40.107.96.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63FEF97; Wed, 24 May 2023 08:54:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dbj3zm02rUnSz5WLkhYcdja40favZ7mEG0pOMmesQcwqC6cz1FT6YAgb2wzy9VFOuv7yOesEp7WlM9b3F/6NeVsAobA8MfPpo2sdyYwKZushXvjQRDmL4ta9gRZDf2eCTgb8MbEq83bLhdYeOSXx0a+siJ3c78Evlx1hQqLP2n2rkREh8XjCbut9bY61E6YXFtLfVAMV5JThrbUXXx6P95ptSZ4miw/gcpBX9mzdL6NApguKZLUlScC9EPLHfxj7hP8y2uBFWX9XUf8NlfC4b2E4pWy4INpun8SXg7tJAHfZNTIqhregZFQqcG/9ZpRRnMgllvu3yXYP0trZYJScAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bhJQrei0cPAAxb+GVVGUWNvRMGgni/3k1a10NVoTUFU=; b=Yi8j7K/3818fnxZ51G+MbYHH4S0XD1UQT1P12dkMhvE2C0WADZIHdriqLsmgtaZunXBfTClsK1f4zexQkC4NdcT30dGcI469bP6WHSzctvJT3vT5p231viJgNmoi98bdOEYBrf16xgjF83MOymckljYQzzFAfjfM5WJaueYgBp5BkFygv9pCG3EwndsXf4L0ANm5XLwFdx7N/F1dPPoN3PkPKpvn4dOFkaYHz43AE6TlrmB++xgwJ4debpq9Sl58DoslZAKDWHoPS2HNlf8aJy2TM/YEU0oEwhRcOlxUwjxMNzzKK4ufEGmCE+Ff/kKPf9DfJ4CzoSdQwVISxJ0kfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhJQrei0cPAAxb+GVVGUWNvRMGgni/3k1a10NVoTUFU=; b=H0T7jq/lg1XGAk/ehplL6oeqY+OnTV68UKp7p9Ormp0H1ilbw8fyh7j36jJGbQRPQS0PtrukLmBKBgqQGwULSc3GwsNgh5NG4cPxIYWyl7PZQM8PwWUf/w7Gijr3YGSLPUCmw2sgSoUN+BSa9rxb1ha74IWLe3/Ays5gdFMFk78= Received: from BN9PR03CA0647.namprd03.prod.outlook.com (2603:10b6:408:13b::22) by DS7PR12MB6045.namprd12.prod.outlook.com (2603:10b6:8:86::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.16; Wed, 24 May 2023 15:54:33 +0000 Received: from BN8NAM11FT062.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13b:cafe::30) by BN9PR03CA0647.outlook.office365.com (2603:10b6:408:13b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28 via Frontend Transport; Wed, 24 May 2023 15:54:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT062.mail.protection.outlook.com (10.13.177.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:33 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:32 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 3/6] KVM: x86: SVM: Pass through shadow stack MSRs Date: Wed, 24 May 2023 15:53:36 +0000 Message-ID: <20230524155339.415820-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT062:EE_|DS7PR12MB6045:EE_ X-MS-Office365-Filtering-Correlation-Id: fe640d0f-8462-4d4a-7fee-08db5c6f2aec X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WW5V9zmQu3XAjBLBhlc8V8znETcjtuZvauVlTw70yJXr3ycJIS6c4/SCr4seDT2KIytVS40AAaTYoJUldtxpQyRCs9Pou9kZZG8/2zbAVfEDFm74HMk7o9sgCsXisDRJ8wrmNWTrgA7/vguQ00fyKFzzCGQxgkKhUBvQLTobJGcrNAwC6lTrHE8RFjr3sfY3llHsQOie/GyXZ6CKSQi1F9VYB/svxa+8+xJcAhZC85CN84WspYFSGP5egA/YnM/2I+ELAQNpel2BxpmlRaD96S4BLO1k9nNk3DmvOSERqEE21DDxAaurdbnASFPI9ueT4rpFJgkRT7rBh5hdV2v2/Fs6ZCPAoemLecfwcQX42dHcwbdC1lSCiMalZ2lyRaxPK3cqMlgNV3mRWqWWU/0TOU+3s/4igmFYxSWC/YpoPWNlqpNyCBisRpFCvm92iVjHehOBVKoAxHigiozktVN1MKOZR0HJekX5NEJFR1yduDV7ir5l0WcIYfb6AdDOlht5dUJGo41EZM70AoGT81pOWU02213BGfyQpY//kNTdWPrQbVJMHldMjueARaihAgpTn14HuFf8gOEu61Tr0w4rR9twQ8lmhRvFFOU4ziU4/oHAY0CBAyMjS4ghd2QE93kEVc5juIxfutU+HoSs0v8zdFFf5DZX17lG3FUT/+03WUfBnjeZ88tRmZ8sKI+s413iQCnP3/HCX9P3MNe15cC3kGDN6e3BpVBtbewxR+uFbIhDIs5S6VvwvGzZrOZjuz1o9yuD+2DQXhn6tAKFkukIFg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(346002)(376002)(136003)(396003)(39860400002)(451199021)(46966006)(40470700004)(36840700001)(40460700003)(41300700001)(7696005)(83380400001)(47076005)(426003)(336012)(36860700001)(16526019)(186003)(2906002)(26005)(82310400005)(86362001)(2616005)(1076003)(82740400003)(356005)(81166007)(40480700001)(44832011)(5660300002)(36756003)(8676002)(8936002)(6916009)(70586007)(70206006)(4326008)(54906003)(478600001)(316002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:33.3699 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fe640d0f-8462-4d4a-7fee-08db5c6f2aec X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT062.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6045 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766793667067091660?= X-GMAIL-MSGID: =?utf-8?q?1766793667067091660?= If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6df486bb1ac4..cdbce20989b8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -136,6 +136,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1181,6 +1188,16 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cet_user_supported() && guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) { + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, 1, 1); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f44751dd8d5d..dad977747a15 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed May 24 15:53:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98590 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp25196vqr; Wed, 24 May 2023 09:16:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7Q/fyaYFq05URqqZ/CUQpJ4GiFo2PRcpdkJp65hU3h2iWEPWXCbKf7rgMqyFyKFYFomfAL X-Received: by 2002:aa7:88d1:0:b0:649:93a7:571b with SMTP id k17-20020aa788d1000000b0064993a7571bmr3906243pff.13.1684945016839; Wed, 24 May 2023 09:16:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945016; cv=pass; d=google.com; s=arc-20160816; b=BgkVbIsWXCtwR8ukQn1OkVmCyIjjEKClPxe0ATXi4S/Xg/7XfP3Y7ZA7RIxJs6SF74 RabcU14j8cUjVyCz5QRM5Yo5DVCT3dOQ4Ub1QOJPGzz0j/VTsoi7rxfrU+sUShUcQB+/ Q/Kx2RHnLqwZpIZrvmEVq3OPiqObaNASCnhjhCV5hXy7reTxcMgcRhzKmXr59JH0xSr3 kzCsL0J7PqJUX6cMk/HYfRoIcYIxkufkhOBU9ugWWk+6CuFLjhyhK5iNkg3cvtgSrJG0 6/LooxOsZ1U9TbHLqoANQNtw2Lce1p9Rx6Fmz5WWDohuPwMypgMdqhiVvfkSfY+BlYVz ogBQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tMnY52pgZAV7LxEzaa5TurP4B844esvfFWyoXxyzGrY=; b=AQcmptItIrO92vFRVHt9erFww294dCA+jo8MzhvkTBznPNMPILlqXfldpbMYCkJdtk C4IN3+XxpVodTuRDQa3r1bFh/tAOxOOu71+8Jacf3cpJIrKZmlYXdDGx4s9kbmFl6GJI OicXO6eTP2So2SPGVsL658hxfdOd8YqYvNnSRNGu7+8MFUv850+GOMAinZHHzt7m4yf9 oPRXqsm6zIgpQjSYswRjHxlj1dt+Mb+x1cvwB9LE9mRi5EqGGMAP1XXGo+YKDbj0xk/V kercFSkcQGNYHZcwryj2D5hwy2PVs94OVga044xpIolg2uWWeadHpeRDl1sdnd+oozVw CY5g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=FflzG1NI; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i28-20020aa796fc000000b00640d9c06df3si8578551pfq.329.2023.05.24.09.16.41; Wed, 24 May 2023 09:16:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=FflzG1NI; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237630AbjEXPyr (ORCPT + 99 others); Wed, 24 May 2023 11:54:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237559AbjEXPyk (ORCPT ); Wed, 24 May 2023 11:54:40 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2052.outbound.protection.outlook.com [40.107.94.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 227E8123; Wed, 24 May 2023 08:54:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LcqegUALGSMSe1JrUaqq2iHxD+vko1qVMaLH97QLz4/swUnKY+mLVIlnJFOEilt4NkYa7eLAhtsPSvSVGW32XwFN6IgFNgu6NuxEVN6BfH7+foynQGUi3xRTZT2+hNzwzwG18Zobtxg9A6yPdFSxlRAigFYOqLIjNaPPmP4uYUdxFz/nB5Az9QQ+3E8afiyWWvleSEUj3hZSoJr6UxI36JI2IHQDwVGXICEac/EhfJXuQlYUwcBLR3Blldep1+paq/6FyUYHOzPAsqFoDl3J3CBnE4EEUMn82hmKBOiY/5SJFoTrHlqCbcHdYpisiOGoPLUwvt4rIyUkljUDaWVc+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tMnY52pgZAV7LxEzaa5TurP4B844esvfFWyoXxyzGrY=; b=WmvI+zLqaa+vHtLOW9QTtg1MBqjGgAKzJnB6Q3cTAZ3RwHrF/6KipL3D/M6jTRChPexX644afwDrvbqI287NTSXURahgqQqCaivIXD5ZkjOtfHD6apj/Nhdi1eO/xsWHtVtmJ1nQhz0VKrHFi1X9p00XaUG1cU8NyBCWYH1ffFaOki5qeAYlIKP2btX3YGYZbkQobxFdUClL0f6TcfBQv5+D4rqh/uAUvpnJsHx72syFB1Ye26ThQ+rozBzvOccz8Cdk/DAQiDNWwrhehlv0nNg6IIWEW+ybv1mE7ZZJ8xDn0FM6ptXVqfRslpFGR6cOXgBxfOBDLxyFGCqAMM4kBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tMnY52pgZAV7LxEzaa5TurP4B844esvfFWyoXxyzGrY=; b=FflzG1NIhGllM/6saZ3fYIejiuUf/NFIb5CuzPM3g0OPX7uhovRBACM9rm1VGnQnFNdrKK+7X6nyY9XGJIqvz82iGFU/BkF625t7wXxlqyAObnagr+MUZrthSoLmtX7zHJxlg03I+tkr4Zd8XDzJ9CaLcxfIM2hrmRyFqP/Y4Mg= Received: from BN0PR03CA0014.namprd03.prod.outlook.com (2603:10b6:408:e6::19) by SJ2PR12MB8739.namprd12.prod.outlook.com (2603:10b6:a03:549::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Wed, 24 May 2023 15:54:36 +0000 Received: from BN8NAM11FT077.eop-nam11.prod.protection.outlook.com (2603:10b6:408:e6:cafe::94) by BN0PR03CA0014.outlook.office365.com (2603:10b6:408:e6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15 via Frontend Transport; Wed, 24 May 2023 15:54:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT077.mail.protection.outlook.com (10.13.177.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:36 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:35 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 4/6] KVM: SVM: Save shadow stack host state on VMRUN Date: Wed, 24 May 2023 15:53:37 +0000 Message-ID: <20230524155339.415820-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT077:EE_|SJ2PR12MB8739:EE_ X-MS-Office365-Filtering-Correlation-Id: 436d93b4-7e98-4f71-fce4-08db5c6f2cc5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6r+uBJ8XUUE5T1wpPmEVoVQjXls9ES2RWV/UyDDTulzmNSiVnbk5LGiEi9CN6XX4s0LhqbxhHGDxqxGvc2UCIZCAA5AUdpgKgX9t1Bct5r5vCrIZNINP2AIKSdAMDXoTXz0Bzd6glxk2byULhMtVf/kG+cCdsKlbfX93rvfvVe7De16Tdsj920OIlryGW8qY7vTntPwGrFdxJ0W1gDmpaddkI+JIj2mimc5v8epHwpoMQQiqQHFRoFl4UndUUw968CDBTldhVRsFdIMEaCyfgZ5bbODIUB0Vkku0QSdWAGIUsQ9DQKQEftiPpyxZABC/wrPYSN9Wj2Y1Vb2IBF4nDlqaTXnKOBUILN2Nwv1iM9VdHMSAbZiJO5ktD+LkE3MV1lA2f9Iyg7xNgQFDT8mLpKjQed5XoRd2BS1r2IlXfRYf3xVuHKCv+YJ23IOsNrloYhBSTBIWTq3OY1fEU1pyvE8cjWh4M2ZG9r+1rnYADwdBwEpFvmYPiUHKsB9r20AlvNe7A4LgonAmobX9SVA0DYmaMWGBkC9RSVeCipaY03jAQ1I1Ryu7Jeav10Ms+X5aynyGU8lUHCG0DhZdLmLWkao7khl0R4XyiEqbzLqH+Ca0osGnzgtuMxLK0i7jCxtQ52nNER7Cns81Z9P6GJfFqXC4bHigUxNTI676jfCwiv/D5CZjWqYhfRWl9ExRECLknd6CDApNYK7LOvp6S8nkfHc/HlmGbCz0q6x2Ibji4UkoNv9tCryvoX4oBfGm+9NU9MZqCxvcZ2yaOxh5DAyg5g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(39860400002)(396003)(451199021)(46966006)(40470700004)(36840700001)(40460700003)(70586007)(4326008)(70206006)(478600001)(316002)(6916009)(54906003)(36756003)(83380400001)(47076005)(5660300002)(26005)(426003)(2616005)(336012)(16526019)(186003)(36860700001)(1076003)(41300700001)(8676002)(8936002)(44832011)(2906002)(7696005)(82310400005)(40480700001)(86362001)(81166007)(82740400003)(356005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:36.4886 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 436d93b4-7e98-4f71-fce4-08db5c6f2cc5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT077.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8739 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766792905852552851?= X-GMAIL-MSGID: =?utf-8?q?1766792905852552851?= When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the type B host MSR values before VMRUN. Signed-off-by: John Allen --- arch/x86/kvm/svm/sev.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c25aeb550cd9..03dd68bddd51 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3028,6 +3028,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ hostsa->xss = host_xss; + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, + * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on + * VMEXIT, save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp); + rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp); + rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Wed May 24 15:53:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98613 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp33785vqr; Wed, 24 May 2023 09:30:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6m77VrUqDyRGO+nitCr40mp+SzjkivC+pnn5hOuTH4PH8kPQAtv7ABz58dSn14KZbAcgKr X-Received: by 2002:a05:6a21:6d98:b0:10a:be5c:7091 with SMTP id wl24-20020a056a216d9800b0010abe5c7091mr14758268pzb.4.1684945832608; Wed, 24 May 2023 09:30:32 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945832; cv=pass; d=google.com; s=arc-20160816; b=VvD0I/xQfRS6BdD0542zIp73yyXEOrKs25dN8zrV0vZuB7gVk4w5j4GduQAJQOwdqA sC4yiL8EjwcBFdptod7XKhbvOsaj8HfXPEAenWbaL3Y42cDw6mCpv0vJVRaJDStbG2e4 D+y4AYdVubYG3goFabgoH21szybfsrevfkUCxnnIqP56aoWM8lnn7rXjB8UDD20yX7rH QwSosTYXy8l4sQ8LrYZoAJGUlbqXCWwVtjsD4x+CLUZOAgEW2Qib70fl9IWqfzcY5krW b4gJCwIewEAwKHWKO31YhhqrixpXaas7EBVNLdUNIjDJea+bI1TjAq6HBn8b8szaS5aV E8Mw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=A2pih2ZZpVPOGOTfrgDGOtFHCoQoQdzuRfKktlUQQ4c=; b=c8QLwq2+Smm8AIjrQK4nlRHCbmVB5v3/Bjm6LlpGdD8rHGT0HD4Ds23KtJR4qHrkes RHZ4wVgnVTcJaJmjQlK7AzsXlXJmS979QZ7IWYvvB+0MHxBxKvo239AXMLK3bEkR6Fs5 fFJ50AEyTMMB4ilQ+Up9kP2YLao4AacgQDXOHh/L6dxeaPNAF4XU1XjH4YGwOlPn6c6q G9O1hIFWa+JBEggoip/rYyUj+h1kaRmjRvqlpcP2JDKacUro//XHp8mqDeos7RBBO7An f6fJpfRQxk/fKrLvtDkKBYM2P/FJhiIQ9+OsD6TBsSTuUI9d0G4gOYUIYpvofrAJ5y6K 0WXw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=T4QJZs7M; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j64-20020a638043000000b005321c71cab1si675247pgd.455.2023.05.24.09.30.20; Wed, 24 May 2023 09:30:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=T4QJZs7M; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237734AbjEXPyu (ORCPT + 99 others); Wed, 24 May 2023 11:54:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237587AbjEXPyo (ORCPT ); Wed, 24 May 2023 11:54:44 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::60a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A71B13E; Wed, 24 May 2023 08:54:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M9eqooEpZqtYyT16D8s2x1Cu73ouNwitRimCbBTnpGpwggGmLuAIFImnKUZXAA64qujkbFAwhqCYanO7dnKsWqdiTZmkYVKrVGIzixXU7qIUOJT0bF4O15IepqKyRtv4vvb2JbgAisqjkCZ/x85VhFgEoghWUGKy8qZ8mKMXH2IoJhmFO/aGSffzPPKl8ShzT2mNi1g/baQRsttoUOYFdVsXuk1Us53PwGXftUM33tvZ0/9XRgyPgDuylhRggnpvDPfprdJqE6EwHC4mEj1/BllnJXYzm/Nk6CM6cAvSQP1tOMxlBXNipQ2zjPpIJ1y5tWTTdlz+XgTxf8MFsGC2YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A2pih2ZZpVPOGOTfrgDGOtFHCoQoQdzuRfKktlUQQ4c=; b=cYr1pum2UYQGpSlf/iiLpj4q3p+WfKNyqfZbve8UJlxQQOiW/J1di3/zUp682Q3vHRl0hOV6SDGn1pOwAAGs7gpbp5HKidKEFg9hsyjfgeucGr5Qajub5RR0Kd0u48HlJlPZvsqP4ggt7epswnG9UmEtiP1YaEOrHZnEcyCciBqwHBYqlghhnVWPShvY1iT6b0BVC8eBFRcLpWp4VWAb/b5wBX+WTa6+V1CLrAN0qjV4VocsMJR7zje62vlUK2oc3Elp9g1+gCcoAzsyLqofPT0BV53GqIVGIWaycWF8fbxZkdWhK1sKXHjPjRUnE2rxFsO20dTBwAlIOkaAtPAEAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A2pih2ZZpVPOGOTfrgDGOtFHCoQoQdzuRfKktlUQQ4c=; b=T4QJZs7MugYIvANoAYopveEVc6ITPbJzOYxM8oXn4Axj6h3/Jr7fozFmIVYGEzH6QMFUmHNvK4VouV/XldwvDSXhVVeu8dDgH0T3jxJ07KwSn5dnXqr6uny1PKr8xCWny52Rhg21fGrye76/c4Aa6xpZDL3clAeID9rFI4C+CBc= Received: from BN0PR04CA0094.namprd04.prod.outlook.com (2603:10b6:408:ec::9) by SN7PR12MB6766.namprd12.prod.outlook.com (2603:10b6:806:26a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Wed, 24 May 2023 15:54:39 +0000 Received: from BN8NAM11FT047.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ec:cafe::39) by BN0PR04CA0094.outlook.office365.com (2603:10b6:408:ec::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT047.mail.protection.outlook.com (10.13.177.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:38 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:38 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 5/6] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Wed, 24 May 2023 15:53:38 +0000 Message-ID: <20230524155339.415820-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT047:EE_|SN7PR12MB6766:EE_ X-MS-Office365-Filtering-Correlation-Id: 04b80d26-77aa-4256-ab88-08db5c6f2e3a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sVBoCyFpbMJSuGT59scEHRBNTpHpvqAg3Mvvy/2y/6cSrXLHi+Z8XmUEFFi0NG92p2Cw8K2kZAus7YqwDhyv9EvCg1jpxfIEeKVY/IiQn/gnaba7uVS9plNe05pwQ79lmt7dhWVObyyK7bCdimFKGJ3x+FNFanU/5PTf53eNHxVnM6zqqaU2aQx1lsRDbAmLG11y2050Da5wmyJhW4eWMQp73H0tE+MnG0+CrESxE9iWhfHsjonfNrpviAnDlBraC3InZyUQF1TR+Veh3aUlBqOg0rMxdSjCLGIy/bOFBKqNokHRmkPX3nA/rs6KtfiugOiQ5VR6jNaDA2rGoO9/pswt/pSQaZSuyr/X1DOTFCIeqH9SLwvdPYoAsyI6AuIpCYQHZWHnNKrvZ1WBDdxyVwKeTQ1B9NL15Y1KVvz7Vj3azHfSB69ACWunUEJFpDk33HDPt/5GQRt/M2urbqXyc1D8LTKkwpqy1K1X56Bqwq3s/bV7nzsSJkT/yegFK9071iN6dqs8TyLr8W9M1nSPe+mkwdKXZyxBs19p+/SNe+2UgHy+heIn0KENTgbinA2PwlN4Ph671WQUg888z7tTAXJnX9PK4Ir+J0xFfsc5Mb2CIbgjqu+cVPYIGb5grYMX3WBPvqtGmcZzDGn9s3lUEJgLz5/O9+FoY+Rut5/8uUJnBGcyCcRT711HEWGeLFLRTpDrpB72sIMq3zu7qR77vFwvX/OJsrbOHn0TeVGt0WbQ6wVocaFKeJI2/vqnAIfFvneIOjulHU/FYScsZbKs+A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(136003)(39860400002)(346002)(376002)(451199021)(40470700004)(36840700001)(46966006)(82310400005)(70586007)(70206006)(478600001)(41300700001)(6916009)(7696005)(54906003)(316002)(4326008)(86362001)(8676002)(5660300002)(8936002)(44832011)(356005)(16526019)(26005)(81166007)(186003)(1076003)(82740400003)(40460700003)(336012)(426003)(2906002)(40480700001)(83380400001)(2616005)(36756003)(36860700001)(47076005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:38.9310 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 04b80d26-77aa-4256-ab88-08db5c6f2e3a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT047.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6766 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766793761407849726?= X-GMAIL-MSGID: =?utf-8?q?1766793761407849726?= When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index e7c7379d6ac7..8f91376273e0 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -677,5 +677,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 03dd68bddd51..92a7c77bc66b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2419,8 +2419,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); - if (ghcb_xcr0_is_valid(ghcb)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (ghcb_xcr0_is_valid(ghcb) || ghcb_xss_is_valid(ghcb)) { + if (ghcb_xcr0_is_valid(ghcb)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (ghcb_xss_is_valid(ghcb)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -2989,6 +2994,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index cdbce20989b8..6afd2c44fdb6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -143,6 +143,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index dad977747a15..92ac1aefe640 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed May 24 15:53:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 98597 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp30940vqr; Wed, 24 May 2023 09:26:04 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4ov6W17YcbhL2DM+vgW0rj2IKwkSx/Dp/uK8n7RC6JKqGTKdvD7SVuATbPpGp7iRBKfMpX X-Received: by 2002:a17:902:b093:b0:1ac:8062:4f31 with SMTP id p19-20020a170902b09300b001ac80624f31mr16973853plr.37.1684945564308; Wed, 24 May 2023 09:26:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684945564; cv=pass; d=google.com; s=arc-20160816; b=bRs6+kapA6xUQKEeoIlJ5xDZer9VnVdJ5oNWjQmv77ZVqygnHgpudY26BZKD/2Y0oR oJWOua4tKRctkpr91fV82pt4PnJ1hI43CJZuO2FG5hXA4OBa2TV2cSq/5hqnjog2GYzY ZPkBXj1d/TQUYB5MbSRf4sPvazmvROLS7vsmDBgYx44a54umWvWzu+8kZaG3IEz4Kf5i 3rIrlI3CSwvErBc2yPhqU47c8+/FFNECZW7M2OoO9YTLz592hslMZpf0a11dSAM8EZi/ R6XmI9+C5YpINIiX9inDHFGqNqx2gQAxbNZFeS2uLUEAGyaDM5hF/+mWCcJl2WO+aQiu uJXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2gFVMMouh7V1LSfGRT5ZG7L0BoHklaeBS0PswjOAMqg=; b=oPEsMChh22it4BmXAXGFZNzENvWSeEzCJGAygl4SglJoeo2Q1Hzl1bM9DsAN3UnptH M+EopF2ADX5jkZzKINP9WTyMgSoXOoQEqgXnmIB8Eul09ikpUh18hNbxTwCNxvYbdG3/ dEzR9N+tKpG+1/HD68lvEwpKzMptFlIxXHd8NQZFx7NhpyDYKqaNLPN34z4fkAZX/z6T LDLlPK0vChhDyhgcEz6ZgtmqICjfCtT0dzbA2Jb5nnS98c1IJNgUUbVsQfxd4XYf26sm j9QrXJ4mJFnxzFV6vq6SyCH2ScbbQs2cIH4afNUKzX2WszndJNVhNmZkbL4jq4/eYQZD +EeQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=EIboHQvp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l3-20020a170902f68300b001ae488bbbd0si1617909plg.494.2023.05.24.09.25.51; Wed, 24 May 2023 09:26:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=EIboHQvp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237673AbjEXPzP (ORCPT + 99 others); Wed, 24 May 2023 11:55:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237571AbjEXPyp (ORCPT ); Wed, 24 May 2023 11:54:45 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCE0697; Wed, 24 May 2023 08:54:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e0+eRCyNRbwSxw0IF1sL7ubSzgTPTZqgMj1du0IaGLIWsoiv4CM/v7zIjcUJR6nprmZFTHnhQAhiKoPZJsJ+i5z3mQ1OtRRJCQviI9eFOJa/lX3tOlxUFo0+MJS5skZBou5vJruhk3FTv8g9CyuaCTvwQ5nMuQL3NrJhaxLw4c9k7auKVKoUu0x9yedFSF0ws4vAuWnoASd5vDPsGrzVYfuShPW8N9ak10lp4fXK4lisZQ97SgcFBo22xNIUk+zAaD0FKIb+Kf4BgmTXX2SOcw6/v5+ZvVJRsgW8Ly+UjMrnrhx6ipfi67cBhUoyVRNYzh3YAGj/cnOc7DhnBVmsiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2gFVMMouh7V1LSfGRT5ZG7L0BoHklaeBS0PswjOAMqg=; b=CqoFUCoJV9I+db/JXM1t5Vz5EBE6QWSbIA3JWi2Y+US3w3apzVokgR6/M3naR08XlBR//2qyERAOhuwC/xbLzdSQ/cR4CeQx6hl/Q5JN0qGWdDTJdbTaC71SVa4sidjhdjpkbU7PwWTRQIyO/9F5dEqErGJcgVbtQx6FPhpVPVKW/KLoMVZPQDI92E/v6JYh0PU9++n3osRcfCpdDZ1lBhYkQdXEGWro5EQrqZmqaqJ7sq4j4M6jYHC7KTKyU/Lu02KbAYtwkT3RvCJXntJTjzF2acFeNlW36kfVLrPvd6k4SlbxhuvVs2k9M0+k1yzOdsJzrLub2tLDj/Co5qPAWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2gFVMMouh7V1LSfGRT5ZG7L0BoHklaeBS0PswjOAMqg=; b=EIboHQvp0H0pbgX1JfTQ07dH1UAOAESx/K1Ufw4Gqtv9/oonubpvz5FfDMUz6oe0FYfmbd+inEsakUjP6gKktIvCdnK6oi2lojLg/bwc0SgPM1NJd8wtlNa2hi6zweBm5ze+Dad8AzMneF7rG1HTOrHF6A/MCaSo8o71uxMg3xQ= Received: from BN9PR03CA0691.namprd03.prod.outlook.com (2603:10b6:408:ef::6) by BL1PR12MB5779.namprd12.prod.outlook.com (2603:10b6:208:392::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.14; Wed, 24 May 2023 15:54:41 +0000 Received: from BN8NAM11FT049.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ef:cafe::5e) by BN9PR03CA0691.outlook.office365.com (2603:10b6:408:ef::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT049.mail.protection.outlook.com (10.13.177.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:41 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:40 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 6/6] KVM: SVM: Add CET features to supported_xss Date: Wed, 24 May 2023 15:53:39 +0000 Message-ID: <20230524155339.415820-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT049:EE_|BL1PR12MB5779:EE_ X-MS-Office365-Filtering-Correlation-Id: b2d65cc9-d563-4dbc-9f49-08db5c6f2fb5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cdl/5UxarJDRwxbcO675vcS5HxFwh3Iawz7mX4Y16Hgt4j+Lfq4SQ8Nqw0+wmgQN5McviVPixkzxWjtqxgdMbIg0TZiG7r9EFyCXpyGi51pVm0youw/Vp+5Psl8UGVO4XCj/PL9qIGhWNQxF+M8HT4ZnKF0sQD9d8S4bEn7kWabxE5hErm9B01GovL2IZyB7AfxDp/QDz4K3olwMduHLggbw+7q1PkG0k9yVsZmlp6RIsRchANEGSP1L9n8DpTqDMu6dVcyq7PUh/OYPJNSSIZb7BlrdZY89gIt/NDI7WBUnQtSIpyooe+YbR4JxlSUa1pZev9I0Ym++U2ER0TjGdXOtGTxFrZfy9690uw1BjK8Hi9FCr3srp145Ca7hlk82z4ubzD7lMg/RWhJgSdIuCG1z8DJnuaaHRnenZsFTLbo3rgG1J6S6tgzgxlz5sFfl8s8K743eqPMCzLk4CYXalWEm2jMQcsonVrf0wcGtMDrFPG5gaACBvTkMEiKrn2HFIs0jljDRFtMlWA73zqoWYFagB8uJy0ZR6tag8qIebiR9gOty6aXV82YnEeEKoO2XAfsA7sW/gkcRgIJHWsYvH5CzoApbhOvvAQ00PNO25wk5syWhi4vZrqaUgVewS8aL3MbAtikt36TQWuU2Qh1Gz5kDXrAQAiUzmqaQNSxWY6z7W/qOyuv2xNM1csa+LMaErVGspo1J5hTL0HDXhh8CDhnQIbr4rN52gzisVVbBu+v+w9TexPulM/8gaGnAfdPemT4CtnF9WEejqhnRI7hOgA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(396003)(376002)(136003)(451199021)(36840700001)(40470700004)(46966006)(8936002)(8676002)(47076005)(44832011)(5660300002)(36860700001)(82310400005)(336012)(426003)(186003)(16526019)(1076003)(26005)(81166007)(86362001)(2616005)(82740400003)(356005)(40460700003)(41300700001)(7696005)(70586007)(6916009)(70206006)(4326008)(316002)(40480700001)(36756003)(478600001)(54906003)(4744005)(2906002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:41.4145 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b2d65cc9-d563-4dbc-9f49-08db5c6f2fb5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT049.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5779 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766793479957488011?= X-GMAIL-MSGID: =?utf-8?q?1766793479957488011?= If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen --- v2: - Remove curly braces around if statement --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6afd2c44fdb6..cee496bee0a9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5070,6 +5070,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + /* AMD PMU PERFCTR_CORE CPUID */ if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE)) kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);