From patchwork Fri Jul 21 03:03:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123576 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:af86:0:b0:3e9:de7a:15be with SMTP id f6csp6632970vqa; Thu, 20 Jul 2023 23:12:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlGhUUddV6rPGE2iDMq5AcMSG8fWN7Rup39O7iPPOLrAYlqIpTzPAOXUM49GFzyY994gOxGY X-Received: by 2002:a17:906:209e:b0:99b:4ed4:5527 with SMTP id 30-20020a170906209e00b0099b4ed45527mr923666ejq.25.1689919978020; Thu, 20 Jul 2023 23:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689919978; cv=none; d=google.com; s=arc-20160816; b=VeXt52Gpr8DVokDJx4/a1Tm0jDKiBVxZi8bV+rnfKZcLM2khYiW66sBqfL3wP5HnXQ QxvVb7cXwF5hp9VTv9X7VB6ExOGcypz8tSCm38RugZMEylb0PanIaM6E/ebTtatjegj8 URE15Y3668Q06xD0EQrGs5bBPhIjWWdmY1wdSixA9xo66kB56L75L+3dwOJIPZW9mnaS nGqsxCXID/Fi92FkwYmwlY6rr43k2nGKab95VqU8kmsfk4ir1Hmd+kkFB8P8OqS+hijc kO7UGNbyB3HxkdCQevBbCoNhZ1md2J3qdGK1e5UpscEvf6G0Pi3Ak8WXgOH0NqtBmLue WR/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=r/LBRsdLj4EGitSTVcLcdaBaArnzriACQGoqZaknGQA=; fh=X3NoYCvKx2+XHKossD6TJrCoCe/OZyD+mXj7Ft+vopw=; b=qgMXRpPMo9bw2gOH685mAeeDR8kwzNWK5VsubVPm6jWFFmtLqrWja3Bj6xlxkrjdYT ZoEuVSiund9WfIABynrppZCKWja9aFACuEMvlzgrpts93bNrhoHqc5RVrXOJGNV/Ijwj P18MzUpieTg2ONr+sXM8AfTiZ6Z3+1g+Pf3Fg3HR8/JRy1zNIpnxByIfhzZDBTmT5Ziw JHRO/xvvR2YJmn+t/MdSWQSA4rPZxfD7L4+vHms4CBaLqfAuRRva66wzP2/GaYDuEH87 8gvUNAtmwZPlO5n4atVOnjb5MvEB6gJYSo/suo1YaeGJbNI1+lfUxYjupUbnRKzSlcB4 Vxsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UMEWyhlm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z27-20020a170906241b00b0099b6e6c095csi189224eja.698.2023.07.20.23.12.34; Thu, 20 Jul 2023 23:12:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UMEWyhlm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230220AbjGUGJJ (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229936AbjGUGI4 (ORCPT ); Fri, 21 Jul 2023 02:08:56 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DD17171D; Thu, 20 Jul 2023 23:08:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919734; x=1721455734; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yO02CRQF4AAMWQEvtkx0QaFIZMCrH9uguSTnN7FlnyQ=; b=UMEWyhlmiErzUcMNL6naCW5+MMK5Q+5V4Y+10TCXLNpdBShwOAx7QXq0 5BzgJC1jRLGpSMi5onCyir3MR/moK7x6L7I7oR8goX9X9lGmDeK8J/36f escryvRnLq8ogbobj9DNk8W6XbPhV1ve/G2j4ke2f8AuK7jG4ZBc3S3w2 5/LWn4Nbybibtoibji/rYpmaLg7WX1RPDpNGi7ym7MeO0b0w4EpLY1m3b xSZk6cLEE4a/rp2n6W2RQDhpHhk/Co5Z4s9c8GCbcpYtt7ybCiQdwwwdu 0EQz7xkL/j72qNFzbdKnhGAm7tPYaP/Bx8E09Ma46dsdB9szHtJ4pSW1L g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547526" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547526" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721870" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721870" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Yu-cheng Yu , Borislav Petkov , Kees Cook , Mike Rapoport , Pengfei Xu Subject: [PATCH v4 01/20] x86/cpufeatures: Add CPU feature flags for shadow stacks Date: Thu, 20 Jul 2023 23:03:33 -0400 Message-Id: <20230721030352.72414-2-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772009531305623882 X-GMAIL-MSGID: 1772009531305623882 From: Rick Edgecombe The Control-Flow Enforcement Technology contains two related features, one of which is Shadow Stacks. Future patches will utilize this feature for shadow stack support in KVM, so add a CPU feature flags for Shadow Stacks (CPUID.(EAX=7,ECX=0):ECX[bit 7]). To protect shadow stack state from malicious modification, the registers are only accessible in supervisor mode. This implementation context-switches the registers with XSAVES. Make X86_FEATURE_SHSTK depend on XSAVES. The shadow stack feature, enumerated by the CPUID bit described above, encompasses both supervisor and userspace support for shadow stack. In near future patches, only userspace shadow stack will be enabled. In expectation of future supervisor shadow stack support, create a software CPU capability to enumerate kernel utilization of userspace shadow stack support. This user shadow stack bit should depend on the HW "shstk" capability and that logic will be implemented in future patches. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-9-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/include/asm/disabled-features.h | 8 +++++++- arch/x86/kernel/cpu/cpuid-deps.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index cb8ca46213be..d7215c8b7923 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -308,6 +308,7 @@ #define X86_FEATURE_MSR_TSX_CTRL (11*32+20) /* "" MSR IA32_TSX_CTRL (Intel) implemented */ #define X86_FEATURE_SMBA (11*32+21) /* "" Slow Memory Bandwidth Allocation */ #define X86_FEATURE_BMEC (11*32+22) /* "" Bandwidth Monitoring Event Configuration */ +#define X86_FEATURE_USER_SHSTK (11*32+23) /* Shadow stack support for user mode applications */ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ @@ -380,6 +381,7 @@ #define X86_FEATURE_OSPKE (16*32+ 4) /* OS Protection Keys Enable */ #define X86_FEATURE_WAITPKG (16*32+ 5) /* UMONITOR/UMWAIT/TPAUSE Instructions */ #define X86_FEATURE_AVX512_VBMI2 (16*32+ 6) /* Additional AVX512 Vector Bit Manipulation Instructions */ +#define X86_FEATURE_SHSTK (16*32+ 7) /* "" Shadow stack */ #define X86_FEATURE_GFNI (16*32+ 8) /* Galois Field New Instructions */ #define X86_FEATURE_VAES (16*32+ 9) /* Vector AES */ #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index fafe9be7a6f4..b9c7eae2e70f 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -105,6 +105,12 @@ # define DISABLE_TDX_GUEST (1 << (X86_FEATURE_TDX_GUEST & 31)) #endif +#ifdef CONFIG_X86_USER_SHADOW_STACK +#define DISABLE_USER_SHSTK 0 +#else +#define DISABLE_USER_SHSTK (1 << (X86_FEATURE_USER_SHSTK & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -120,7 +126,7 @@ #define DISABLED_MASK9 (DISABLE_SGX) #define DISABLED_MASK10 0 #define DISABLED_MASK11 (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \ - DISABLE_CALL_DEPTH_TRACKING) + DISABLE_CALL_DEPTH_TRACKING|DISABLE_USER_SHSTK) #define DISABLED_MASK12 (DISABLE_LAM) #define DISABLED_MASK13 0 #define DISABLED_MASK14 0 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index f6748c8bd647..e462c1d3800a 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -81,6 +81,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_XFD, X86_FEATURE_XSAVES }, { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 }, { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD }, + { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, {} }; From patchwork Fri Jul 21 03:03:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123613 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp25645vqg; Fri, 21 Jul 2023 00:18:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlELXd28lbGO+MYoOfG1JX0U9yOJMs6Z6wm2oPn3Ipvz2lL4v4tdNZS3u6JUrpsWoK5ETLYf X-Received: by 2002:a17:90b:489:b0:263:f39:496d with SMTP id bh9-20020a17090b048900b002630f39496dmr936328pjb.44.1689923905399; Fri, 21 Jul 2023 00:18:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689923905; cv=none; d=google.com; s=arc-20160816; b=sS8cARhFxc3z6k9jyBcxrTBdMXP9sm+7nhFszue7Is6uRjXsWViGrV0WiWvgmVzauK gBfFKPdxQN6UeZSpZOr6rDKS/p+GbC8VtnXZaAdX1O7Uuba7n8j6LTESzNvXkuKdBzwa 6TBFMtVvYNM/TztbrRp9YGVj48TPmhHDQb+rDSqTjqli/I8IrStvEuxRKwDiI4VEcZ4C zET04NT+Oq1sqYroTEYzCte0qbWF9uRStl6+GkG9oO5b9THHMI9kX+NH2kKHLXNuZsao s0xq7lEMN8e/tx+f+UKszoldOYpStyeuiJzZoVLXQrAD2yLJGE1+VWee8ijyv9PmU8xb S/0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=95TR+1N1QF0ptYTqBuffGHMq/e+hmALBnzzcUXAqR5g=; fh=X3NoYCvKx2+XHKossD6TJrCoCe/OZyD+mXj7Ft+vopw=; b=JVMAj6uEFB0vEwU6hGi/NsQb1EQNBkqOfFYj/CzW44YZDiMpcWvY+AwaLbnu09fce5 dXu2KAshCsD3an2aWkcJYS/pB0PAhQo2Njyh1QfzAjApMr0PxvC/pu7VuslAOBupzlVP qweL7SFMu//ZFv8DFCBWRxOkVWYwk/eeVvW4MLK5Sm20DKatsJN3DXlNoW9BoMsGhGyb ZorLjeV1O8qtHbiMTPro9WWiTzfYB8ViSb/fA0CI2jjVNPO4WBzuqtpwm2Gq/CPKvAtC UVMsaggCRUBRPkwkOIIqZVYUrbOIfwnya0sTm2XGpSgONFbyOAbwH1RyfUrbQgIPCsrr 4F/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eRMQTv1X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d12-20020a170902e14c00b001b9fb4994c0si2316803pla.140.2023.07.21.00.18.11; Fri, 21 Jul 2023 00:18:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eRMQTv1X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230286AbjGUGJT (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229940AbjGUGI4 (ORCPT ); Fri, 21 Jul 2023 02:08:56 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C68C19A6; Thu, 20 Jul 2023 23:08:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919734; x=1721455734; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dBGogkB5XYPTtr6lo9fhHibu/qwkmuDYT0Fu9ffXzZE=; b=eRMQTv1XWQQ54eHN0ruYccqV13Q/sDzf2rkDfxVucDmo46eJgxzBl5iY XOZyjmhbNZrHekoIEgZJBQQ4jexu/liZKdyd7NcePCklgpy9WzgMgpiAW CVSnUFRuhZ6pYA7cBJRgTwskCSmPwgI5By+66eeRJX1MVW94U3kvaguRW gWgqD8BW46K3Ct/wpqAcxO3o6HLG75fy+uxkTf8vsmIX11lJsX3llC9rg 8K1Jk666bMH8QvuwZg8eM0tXdBFWgbWcnaZawVLzrR90s4GKJOwM9SPad a2+BQQLoqPuPUaUyF6ktngeMurAAJneucO9ZVOsDZCSWIDpyo5FodJwOh w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547540" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547540" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721879" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721879" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Yu-cheng Yu , Borislav Petkov , Kees Cook , Mike Rapoport , Pengfei Xu Subject: [PATCH v4 02/20] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Date: Thu, 20 Jul 2023 23:03:34 -0400 Message-Id: <20230721030352.72414-3-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772013648666122639 X-GMAIL-MSGID: 1772013648666122639 From: Rick Edgecombe Shadow stack register state can be managed with XSAVE. The registers can logically be separated into two groups: * Registers controlling user-mode operation * Registers controlling kernel-mode operation The architecture has two new XSAVE state components: one for each group of those groups of registers. This lets an OS manage them separately if it chooses. Future patches for host userspace and KVM guests will only utilize the user-mode registers, so only configure XSAVE to save user-mode registers. This state will add 16 bytes to the xsave buffer size. Future patches will use the user-mode XSAVE area to save guest user-mode CET state. However, VMCS includes new fields for guest CET supervisor states. KVM can use these to save and restore guest supervisor state, so host supervisor XSAVE support is not required. Adding this exacerbates the already unwieldy if statement in check_xstate_against_struct() that handles warning about unimplemented xfeatures. So refactor these check's by having XCHECK_SZ() set a bool when it actually check's the xfeature. This ends up exceeding 80 chars, but was better on balance than other options explored. Pass the bool as pointer to make it clear that XCHECK_SZ() can change the variable. While configuring user-mode XSAVE, clarify kernel-mode registers are not managed by XSAVE by defining the xfeature in XFEATURE_MASK_SUPERVISOR_UNSUPPORTED, like is done for XFEATURE_MASK_PT. This serves more of a documentation as code purpose, and functionally, only enables a few safety checks. Both XSAVE state components are supervisor states, even the state controlling user-mode operation. This is a departure from earlier features like protection keys where the PKRU state is a normal user (non-supervisor) state. Having the user state be supervisor-managed ensures there is no direct, unprivileged access to it, making it harder for an attacker to subvert CET. To facilitate this privileged access, define the two user-mode CET MSRs, and the bits defined in those MSRs relevant to future shadow stack enablement patches. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-25-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/fpu/types.h | 16 +++++- arch/x86/include/asm/fpu/xstate.h | 6 ++- arch/x86/kernel/fpu/xstate.c | 90 +++++++++++++++---------------- 3 files changed, 61 insertions(+), 51 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 7f6d858ff47a..eb810074f1e7 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -115,8 +115,8 @@ enum xfeature { XFEATURE_PT_UNIMPLEMENTED_SO_FAR, XFEATURE_PKRU, XFEATURE_PASID, - XFEATURE_RSRVD_COMP_11, - XFEATURE_RSRVD_COMP_12, + XFEATURE_CET_USER, + XFEATURE_CET_KERNEL_UNUSED, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -138,6 +138,8 @@ enum xfeature { #define XFEATURE_MASK_PT (1 << XFEATURE_PT_UNIMPLEMENTED_SO_FAR) #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) +#define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -252,6 +254,16 @@ struct pkru_state { u32 pad; } __packed; +/* + * State component 11 is Control-flow Enforcement user states + */ +struct cet_user_state { + /* user control-flow settings */ + u64 user_cet; + /* user shadow stack pointer */ + u64 user_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index cd3dd170e23a..d4427b88ee12 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -50,7 +50,8 @@ #define XFEATURE_MASK_USER_DYNAMIC XFEATURE_MASK_XTILE_DATA /* All currently supported supervisor features */ -#define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID) +#define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ + XFEATURE_MASK_CET_USER) /* * A supervisor state component may not always contain valuable information, @@ -77,7 +78,8 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ + XFEATURE_MASK_CET_KERNEL) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 0bab497c9436..4fa4751912d9 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -39,26 +39,26 @@ */ static const char *xfeature_names[] = { - "x87 floating point registers" , - "SSE registers" , - "AVX registers" , - "MPX bounds registers" , - "MPX CSR" , - "AVX-512 opmask" , - "AVX-512 Hi256" , - "AVX-512 ZMM_Hi256" , - "Processor Trace (unused)" , + "x87 floating point registers", + "SSE registers", + "AVX registers", + "MPX bounds registers", + "MPX CSR", + "AVX-512 opmask", + "AVX-512 Hi256", + "AVX-512 ZMM_Hi256", + "Processor Trace (unused)", "Protection Keys User registers", "PASID state", - "unknown xstate feature" , - "unknown xstate feature" , - "unknown xstate feature" , - "unknown xstate feature" , - "unknown xstate feature" , - "unknown xstate feature" , - "AMX Tile config" , - "AMX Tile data" , - "unknown xstate feature" , + "Control-flow User registers", + "Control-flow Kernel registers (unused)", + "unknown xstate feature", + "unknown xstate feature", + "unknown xstate feature", + "unknown xstate feature", + "AMX Tile config", + "AMX Tile data", + "unknown xstate feature", }; static unsigned short xsave_cpuid_features[] __initdata = { @@ -73,6 +73,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_PKU, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, + [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -276,6 +277,7 @@ static void __init print_xstate_features(void) print_xstate_feature(XFEATURE_MASK_Hi16_ZMM); print_xstate_feature(XFEATURE_MASK_PKRU); print_xstate_feature(XFEATURE_MASK_PASID); + print_xstate_feature(XFEATURE_MASK_CET_USER); print_xstate_feature(XFEATURE_MASK_XTILE_CFG); print_xstate_feature(XFEATURE_MASK_XTILE_DATA); } @@ -344,6 +346,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDREGS | \ XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ + XFEATURE_MASK_CET_USER | \ XFEATURE_MASK_XTILE) /* @@ -446,14 +449,15 @@ static void __init __xstate_dump_leaves(void) } \ } while (0) -#define XCHECK_SZ(sz, nr, nr_macro, __struct) do { \ - if ((nr == nr_macro) && \ - WARN_ONCE(sz != sizeof(__struct), \ - "%s: struct is %zu bytes, cpu state %d bytes\n", \ - __stringify(nr_macro), sizeof(__struct), sz)) { \ +#define XCHECK_SZ(sz, nr, __struct) ({ \ + if (WARN_ONCE(sz != sizeof(__struct), \ + "[%s]: struct is %zu bytes, cpu state %d bytes\n", \ + xfeature_names[nr], sizeof(__struct), sz)) { \ __xstate_dump_leaves(); \ } \ -} while (0) + true; \ +}) + /** * check_xtile_data_against_struct - Check tile data state size. @@ -527,36 +531,28 @@ static bool __init check_xstate_against_struct(int nr) * Ask the CPU for the size of the state. */ int sz = xfeature_size(nr); + /* * Match each CPU state with the corresponding software * structure. */ - XCHECK_SZ(sz, nr, XFEATURE_YMM, struct ymmh_struct); - XCHECK_SZ(sz, nr, XFEATURE_BNDREGS, struct mpx_bndreg_state); - XCHECK_SZ(sz, nr, XFEATURE_BNDCSR, struct mpx_bndcsr_state); - XCHECK_SZ(sz, nr, XFEATURE_OPMASK, struct avx_512_opmask_state); - XCHECK_SZ(sz, nr, XFEATURE_ZMM_Hi256, struct avx_512_zmm_uppers_state); - XCHECK_SZ(sz, nr, XFEATURE_Hi16_ZMM, struct avx_512_hi16_state); - XCHECK_SZ(sz, nr, XFEATURE_PKRU, struct pkru_state); - XCHECK_SZ(sz, nr, XFEATURE_PASID, struct ia32_pasid_state); - XCHECK_SZ(sz, nr, XFEATURE_XTILE_CFG, struct xtile_cfg); - - /* The tile data size varies between implementations. */ - if (nr == XFEATURE_XTILE_DATA) - check_xtile_data_against_struct(sz); - - /* - * Make *SURE* to add any feature numbers in below if - * there are "holes" in the xsave state component - * numbers. - */ - if ((nr < XFEATURE_YMM) || - (nr >= XFEATURE_MAX) || - (nr == XFEATURE_PT_UNIMPLEMENTED_SO_FAR) || - ((nr >= XFEATURE_RSRVD_COMP_11) && (nr <= XFEATURE_RSRVD_COMP_16))) { + switch (nr) { + case XFEATURE_YMM: return XCHECK_SZ(sz, nr, struct ymmh_struct); + case XFEATURE_BNDREGS: return XCHECK_SZ(sz, nr, struct mpx_bndreg_state); + case XFEATURE_BNDCSR: return XCHECK_SZ(sz, nr, struct mpx_bndcsr_state); + case XFEATURE_OPMASK: return XCHECK_SZ(sz, nr, struct avx_512_opmask_state); + case XFEATURE_ZMM_Hi256: return XCHECK_SZ(sz, nr, struct avx_512_zmm_uppers_state); + case XFEATURE_Hi16_ZMM: return XCHECK_SZ(sz, nr, struct avx_512_hi16_state); + case XFEATURE_PKRU: return XCHECK_SZ(sz, nr, struct pkru_state); + case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); + case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); + case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; + default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); return false; } + return true; } From patchwork Fri Jul 21 03:03:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123602 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp12800vqg; Thu, 20 Jul 2023 23:47:07 -0700 (PDT) X-Google-Smtp-Source: APBJJlG7Xm2HARebnHzX0qr9UiR2jhwnVo4HB3PEpEFpwhs88xZ3pigcVlalqEnBaQkN+w8+U2Mi X-Received: by 2002:a17:90b:46c1:b0:259:548b:d394 with SMTP id jx1-20020a17090b46c100b00259548bd394mr692117pjb.28.1689922027367; Thu, 20 Jul 2023 23:47:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689922027; cv=none; d=google.com; s=arc-20160816; b=FcQKAOJvgfbWfnQCoNmPXDR66ICZr70HO79Uq/NM/C822B82RtiTQCSj/G8K6AH+Kb 3C6NcheiHyRvjoVkSAreZzp2E5wUBFQCOEUxOSLD/29RSwcE96xvpZRFeRhTE4KKiFmK Ckh5wD4IEHICSDl1KHSN2CGVfuF23IjWtmYQjWcia8mcVO8ytObucJoOKOWxyBh3MFVe g3eIPg+fQaoPchA9mAGXYXrpJbTnQeQKnChW3i4BAEAhPWflGGWZPLSbW2kUVszFNVZq IJ2LvmFMhdC1Hymf38z//MbV5pq9F+DkLZTNheYj2bKqM1732T9a7hdb+lvH4rnHUj6m iDfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eHNRLSTwL3CfIl/sBzK/DAJMiC6Snyq3IMUoxGZ6ojc=; fh=XnsEqSy+CMYHlJo/r8IG9VDzXKlVDe2fhAHrX/WX8cs=; b=kj3GPQe7TkJ0Yjpt1ozIJeQVLpKFZMub7D53IaGmoF0YQM3VXgIlW9EIRmKRfHEbt4 QEZOR1Ufi6TZzmS/OfnC1n941J8WAM/E8CVcAQ+1Dilnuew47AdPb9DduvOSdD2qOmKI bqnUXJ4LDOap15oiWt17y8XLNrR1dcdtAs+cW94fjBhpjrhSx+zEOMIVfIjmk5KxNSlt 6pHFtRFl98u+EOdmWVkHBjfcpdDEcJwCN/kLHO+jYOZO5JKmvaW5xnNZ2wns3HxUYS5o weSoARM3q7I7dJziJKZpZQmV+dUrB88uU68Jd4mX8bvRcXwuhIv3NAReF7OkRLrU2AsC 3OLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XScH0s3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a21-20020a63e855000000b00534784002afsi2297243pgk.807.2023.07.20.23.46.53; Thu, 20 Jul 2023 23:47:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XScH0s3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230460AbjGUGKE (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230071AbjGUGJB (ORCPT ); Fri, 21 Jul 2023 02:09:01 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89B55271F; Thu, 20 Jul 2023 23:08:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919739; x=1721455739; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MwfzTOMWRaXCBbumrvW/EaiFBOP8yUV8uNuQHa+JVoI=; b=XScH0s3Z2hifcqsZ1zDsHj8pBPmIVooVbRETZiurG1f7cqXdurczyYGi GX/JjPNwfi2HlJs5ODK0gyqyWKIxucyQFbmCb48EbfbYNvt/6IaV4MQ5L 7epS8nM3+xHT8MsiGbCUMkqqf2D1dS6lrVDWeR9hr3eq+agXei5srhnUy Cv2xcNFD6nR4exHAUuJrMaRvpR39aQYAdUk3c7+ioVQSxdd0IUE+YZ2dG L/z2pm3fcpcUOHAo04C4lbpxl+ueE1q+ct9JXZ+60JzfDZJFxcK7Xne3a lsV2hsC1U9t789YMszCacRuWsGEQjenq8HcOnKWx08/dL8G/4OOUE5v0r w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547592" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547592" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721883" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721883" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Sean Christopherson Subject: [PATCH v4 03/20] KVM:x86: Report XSS as to-be-saved if there are supported features Date: Thu, 20 Jul 2023 23:03:35 -0400 Message-Id: <20230721030352.72414-4-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011679862113562 X-GMAIL-MSGID: 1772011679862113562 From: Sean Christopherson Add MSR_IA32_XSS to the list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 439312e04384..4597ab3c811c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1451,6 +1451,7 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_UMWAIT_CONTROL, MSR_IA32_XFD, MSR_IA32_XFD_ERR, + MSR_IA32_XSS, }; static const u32 msrs_to_save_pmu[] = { @@ -7173,6 +7174,10 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR)) return; break; + case MSR_IA32_XSS: + if (!kvm_caps.supported_xss) + return; + break; default: break; } From patchwork Fri Jul 21 03:03:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123579 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp3932vqg; Thu, 20 Jul 2023 23:25:41 -0700 (PDT) X-Google-Smtp-Source: APBJJlEvMiMc15W5DoBJ4yZ3jtUVWMyaE4wFf3hwtiEuckiYSym2HOWqTFaDjLtcU/nQn7f7dbff X-Received: by 2002:a05:6a00:3989:b0:668:69fa:f791 with SMTP id fi9-20020a056a00398900b0066869faf791mr908369pfb.3.1689920741566; Thu, 20 Jul 2023 23:25:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689920741; cv=none; d=google.com; s=arc-20160816; b=yPt0h+Le0xJY5kfvAmgPQRqG6Z6lK0uT0BgLVXHYK+OXX0n+u3MLoLHsY4GcZV22CI /UuIBdDcc4KZxV1oorOdf+gKfk1hIgd4eCompvxdNsk3LwiplLIjD3Pq7NxGFeMS9BmI 1pWYwXHE5/84o0bmFvDJA5rm451ILbLh2/YNvjwU4HO2NOpbn7XusAb2dOWzH7hB9LCE hTgTlwNoGocb5BnWyMMRdMu3KArF1VbGwrEfliWiJV/IOUso0DKcUdKsnCcYRN6h6ueo bdZ1hfUPwUVi6mBcJ7DNa0/omD67qXzYw7BAuR8g9fOA2tUddBY0SwCINyOiHa3kfyUV 0W2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=wL3bpe8TZfyc+w0gAobgedNnNMZtkyMGMr73YyVdauc=; fh=HMcujsZKjNxN/43ffopDJtVTR+LGhIldb/bc7LMNveI=; b=gFALCuFkgTI1cy0IFlIDp3y2MxQ8+4YzdzcHk0B6HvFnZrSajJSRY3pg2SJPKuKUHp gv7bIjUDTNv1MQXY5mgtscgvsSSNI2XqofhcO7dlFZw5Tn4UgdYmXwUK8tlcATc55jl5 QdHuGVR92cps4XaRBh6Hi1EBmmldTnHPu+qHZQFDBSAP5PsHdGwOXXExAXA+CDXoxB+N OD9OgpOTJqo7SbxZ0coI4UT2E5jdJtUkWnTcB7ils6SueZopIIbd108PORRrS9/53eQV uQRfn3JkF5171cQTTCbUWppKiOGND8LxT1/VWkgIdQLAh9vrkWPbw27zsiMnCfAOvXat vrMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EW9Dx781; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fa29-20020a056a002d1d00b006848418206csi2442667pfb.190.2023.07.20.23.25.29; Thu, 20 Jul 2023 23:25:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EW9Dx781; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230249AbjGUGJN (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229970AbjGUGI4 (ORCPT ); Fri, 21 Jul 2023 02:08:56 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99B1E10F3; Thu, 20 Jul 2023 23:08:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919735; x=1721455735; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=UcCgJA2s4rP276zztg85CBo/7zr+hvds9+mewB5nILs=; b=EW9Dx7815HChxJLjeAJ3wBqdYUcTX0ekdn3SqZXS+uhC/9E0RbB4ZTJY dhfPSatRUUsAQQ8Da8bTS2zLG8bkb2domt8clystvzLFD/6y6VZAkgNij EsnBftfUOo4VOuoRGapSw97sveojG4iaxjKi+h+VIH+WS+fHfAeOJhfWW wZMyyp8/w1EdTBf5Vws/tzw1HboroNCy2LbB03V3SWzxD5iIw5jg26Rap Qc5QCBgWkhHzvCBbYnvRsvujH50XNApb4SCJdWeuecZcBbwCjxawylDWo LXGGDIP9I7J5ZS0tEr9gXsENDOuadRS48Ij2zMOq/S9k1CAw/uKsLqxvW g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547548" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547548" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721886" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721886" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v4 04/20] KVM:x86: Refresh CPUID on write to guest MSR_IA32_XSS Date: Thu, 20 Jul 2023 23:03:36 -0400 Message-Id: <20230721030352.72414-5-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772010331467910439 X-GMAIL-MSGID: 1772010331467910439 Update CPUID(EAX=0DH,ECX=1) when the guest's XSS is modified. CPUID(EAX=0DH,ECX=1).EBX reports required storage size of all enabled xstate features in XCR0 | XSS. Guest can allocate sufficient xsave buffer based on the info. Note, KVM does not yet support any XSS based features, i.e. supported_xss is guaranteed to be zero at this time. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c | 20 ++++++++++++++++++-- arch/x86/kvm/x86.c | 8 +++++--- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 28bd38303d70..20bbcd95511f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -804,6 +804,7 @@ struct kvm_vcpu_arch { u64 xcr0; u64 guest_supported_xcr0; + u64 guest_supported_xss; struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7f4d13383cf2..0338316b827c 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -249,6 +249,17 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } +static u64 cpuid_get_supported_xss(struct kvm_cpuid_entry2 *entries, int nent) +{ + struct kvm_cpuid_entry2 *best; + + best = cpuid_entry2_find(entries, nent, 0xd, 1); + if (!best) + return 0; + + return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss; +} + static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, int nent) { @@ -276,8 +287,11 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_e best = cpuid_entry2_find(entries, nent, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || - cpuid_entry_has(best, X86_FEATURE_XSAVEC))) - best->ebx = xstate_required_size(vcpu->arch.xcr0, true); + cpuid_entry_has(best, X86_FEATURE_XSAVEC))) { + u64 xstate = vcpu->arch.xcr0 | vcpu->arch.ia32_xss; + + best->ebx = xstate_required_size(xstate, true); + } best = __kvm_find_kvm_cpuid_features(vcpu, entries, nent); if (kvm_hlt_in_guest(vcpu->kvm) && best && @@ -325,6 +339,8 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.guest_supported_xcr0 = cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); + vcpu->arch.guest_supported_xss = + cpuid_get_supported_xss(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); /* * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4597ab3c811c..26edb8fa857a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3781,10 +3781,12 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than * XSAVES/XRSTORS to save/restore PT MSRs. */ - if (data & ~kvm_caps.supported_xss) + if (data & ~vcpu->arch.guest_supported_xss) return 1; - vcpu->arch.ia32_xss = data; - kvm_update_cpuid_runtime(vcpu); + if (vcpu->arch.ia32_xss != data) { + vcpu->arch.ia32_xss = data; + kvm_update_cpuid_runtime(vcpu); + } break; case MSR_SMI_COUNT: if (!msr_info->host_initiated) From patchwork Fri Jul 21 03:03:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123608 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp18336vqg; Fri, 21 Jul 2023 00:01:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlGqhqpBih4B8rLIlb56hcP/34vP+nlgEtdkygNDtWTJZu2uw4whuBU9zU1yuH+7fb2YHMYK X-Received: by 2002:a17:90b:a18:b0:262:e946:7ec4 with SMTP id gg24-20020a17090b0a1800b00262e9467ec4mr658530pjb.17.1689922913027; Fri, 21 Jul 2023 00:01:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689922913; cv=none; d=google.com; s=arc-20160816; b=MkdePlqKHzAQyBAO2Ptywrm2jDk/uxwCwvc5Pn56fiE2XUPeKc1xLfdn1a977ShKnb TXpDob1ASOYG5Dse256HWIBGKq0soixTfsXwq3YBLlyMQ+4XuB9kzyqoKVwRhx0BT2or mqZ6DOFLgHKEQeWleUiVyfvQq9mrl6xGkqfUpoxnurOAEIGmxp/cFdTIJxORsHzmEr0E Ft1HSxmeQ+KCGWf9KhoUpG5a8qh+cemPc9pykwJLZLN4ErKfbtZIud84gVIgMqr77guH eZ1DHJJG9RY9W05MJKs5OghqJhfXjFvDBuThtLGJmSYPmVBWSv4vx7EGY/Fq9tmHKvYF xurw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=BwzkoAggK0khAEFFcZBtQOQxrqLOoFhyQN3h2GdLhcw=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=br/pwgnoKPBKJIPLYim+lLmyu5/zRY1allgRnMKuwgKMHgbOvQ26EYQQDQgcSOPOHp JN0t65+xsXcjw/M1vPUVWJlgEo1e1d3BeHtbBhi+I3EI9EW4o0jjYtRFBsq/0DAiYWMb 14MfSnlGy/HuntuoIfB/QZNkPrryDfUppQbSrlY8z7J8dnjTT60enoXRHk4XW0pNCqU2 BSPUpkcczBp48UwqA1KWTDew3IksKf1j/uW4ZH1c9jl0hnLLisPbPBSt2q0ZqsIxYGEd hxses2Io/cErL+NrYDST+xyLC4VXcgZjnfHsMrbuq2iv3sJPDSNqJJt44x0rHz0V+8sQ +u9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WvAYZkG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q9-20020a17090aa00900b0026301f58ac4si2643782pjp.82.2023.07.21.00.01.35; Fri, 21 Jul 2023 00:01:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WvAYZkG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229941AbjGUGI4 (ORCPT + 99 others); Fri, 21 Jul 2023 02:08:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229821AbjGUGIy (ORCPT ); Fri, 21 Jul 2023 02:08:54 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5629610F3; Thu, 20 Jul 2023 23:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919733; x=1721455733; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=A/gv95RjbJ1ZnOGolXJm9SfRqqkclE9mWMbdAK0FExE=; b=WvAYZkG0NoKdCYBMjyHU2N9VlCmie9nsCDLNLJfHv+h7DbtXpswJjBT4 KMCfO9rnWWPTKggmzfDFJjVCM7LxbGUWl8OUpQvwnViOsb8zHsCc9dky5 JJnYl44YhQtUaEk4UjowR0wF3/i5wxFeB9mXDC9dZUYd5Ar7yeZXvcArR TUnRqVe4LOmIvk0/Fz4pQrZO/AIHaY9dRh4OV2HHOXPxv9smO4fG/cwmx WIXHg89mrHovJIfY1NqQsEm1dCtKFTQBvDnQbZyYj5SYUY5EA+yNScKDU g62NRMQ66AxfU51lM7bPHvZVAJtL5seK2eCc9CEbUI/7LhYim1gGiBeL+ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547512" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547512" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721890" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721890" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 05/20] KVM:x86: Initialize kvm_caps.supported_xss Date: Thu, 20 Jul 2023 23:03:37 -0400 Message-Id: <20230721030352.72414-6-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772012608241914612 X-GMAIL-MSGID: 1772012608241914612 Set kvm_caps.supported_xss to host_xss && KVM XSS mask. host_xss contains the host supported xstate feature bits for thread context switch, KVM_SUPPORTED_XSS includes all KVM enabled XSS feature bits, the operation result represents all KVM supported feature bits. Since the result is subset of host_xss, the related XSAVE-managed MSRs are automatically swapped for guest and host when vCPU exits to userspace. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 1 - arch/x86/kvm/x86.c | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 0ecf4be2c6af..c8d9870cfecb 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7849,7 +7849,6 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_UMIP); /* CPUID 0xD.1 */ - kvm_caps.supported_xss = 0; if (!cpu_has_vmx_xsaves()) kvm_cpu_cap_clear(X86_FEATURE_XSAVES); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 26edb8fa857a..8bdcbcf13146 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -225,6 +225,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) +#define KVM_SUPPORTED_XSS 0 + u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9499,8 +9501,10 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) rdmsrl_safe(MSR_EFER, &host_efer); - if (boot_cpu_has(X86_FEATURE_XSAVES)) + if (boot_cpu_has(X86_FEATURE_XSAVES)) { rdmsrl(MSR_IA32_XSS, host_xss); + kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + } kvm_init_pmu_capability(ops->pmu_ops); From patchwork Fri Jul 21 03:03:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123588 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp9055vqg; Thu, 20 Jul 2023 23:37:33 -0700 (PDT) X-Google-Smtp-Source: APBJJlHfMmU/4BFXMcl/xuhNDsla2RI5Ylc2hL6S8QTPf1NBzWCIQxsYaXuB/rI9Gf/4dE5EMWxA X-Received: by 2002:a05:6512:2820:b0:4fb:9772:6639 with SMTP id cf32-20020a056512282000b004fb97726639mr666235lfb.6.1689921452857; Thu, 20 Jul 2023 23:37:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921452; cv=none; d=google.com; s=arc-20160816; b=RCM+8Cmt3uosoD1NP95YnwAOZVLXlbVx0pI53OAWiETPrYdTGdYJRI8xmVocO6ewhp m/RjjSdZlDPheBEvYctvooyeeQVL9yNlQ2iit/L5WuvO+UOzjZ6jpleUxJl6K2N7NPEa RC5WmoK7qH43Uj/CP6hPNwqT3bZ5RiaCL3s0/B74BpW4oPjsnxErgS9pMMeVnos1b0/r Pc2o3/o7WkvwyQKR/bWfJV+snL1cAIaAOMqc9VnW+5Rte3FJ1fS+t3oGngtdKcn+vqUc pqU7RxQweFp5OgPV5i3G2JoED+qHZ1Kkf5sjhZF1Vv7syO1Ut6iEcxR6gh7iIgwBnFPV 8wWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kYJ20qGpkL7Lsh4ELIQD7oNy35TmRYrJgq3d/YE1v3I=; fh=XnsEqSy+CMYHlJo/r8IG9VDzXKlVDe2fhAHrX/WX8cs=; b=v2T1oku2pSb7iSa0oKxPPLkQKb+WsKYUdoJWbcL1o6mSmta/lz6+Y0sIcpOk1hOfUe HuChVYE96d5c+GuGfpX7uniaxhTO7cUHCg6A9N5O2AEFz8AA1d4pR7lu6gDnX8nkBW2s ttJgJkxdKvaEx6Yv/ABaVwoA1gHTus9c+Ul9lWMXJIqnOKCIeXMnan4Bp+/i53HEyU+a 9ASC1EscxJDqPti2ubfV531vNTte/3SZybCtvLuYB5xwH0Vn62x9/7gDeytsibIIIRY4 dNInGwmfX15p6vW6e3l5isP7S0knMm9mfgIh7KhKCMqLY4LdQO7Ic2lsqePVp72SPXs3 TUDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gz2cbFwk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e7-20020a50ec87000000b0051e2340fabcsi1883526edr.322.2023.07.20.23.37.09; Thu, 20 Jul 2023 23:37:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gz2cbFwk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230426AbjGUGJy (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229821AbjGUGI7 (ORCPT ); Fri, 21 Jul 2023 02:08:59 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2665019A6; Thu, 20 Jul 2023 23:08:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919738; x=1721455738; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=tsSOF6cYaov4kLpfGw7bY+1WPoPGNDtD70m4QddfAE4=; b=gz2cbFwk9k7de1sTGpaWDZXMGpWhP7HnJgwDweI6RQxi9KiUV3NpArRL 5vTCs/LlXL0MTPDhfgXMUod46dzRIiVc6W8gKQ4BqFOJF/508gvj1iDrE +r5MZyfTNB2I63pq5ucCal8G3Of2gRCZlHEwKTnZUK86Aq/4WkNF3s8tI kBI3AJaBwx28kVWN3MD0F4n3EewAvzIUl6saCZ3Alxxqx388PBleEUB4V IEH1fGvHw0RW+LNvkRMmJs4IEt9Et2EWr418IlBRXJSiOC27nWhSjCo6e 72gl7yZpvFrPJW4egwNtDJMHE3NtrpqVBE2d4mc4uYFFKl4QpjrABo5K7 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547588" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547588" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721962" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721962" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Sean Christopherson Subject: [PATCH v4 06/20] KVM:x86: Load guest FPU state when access XSAVE-managed MSRs Date: Thu, 20 Jul 2023 23:03:38 -0400 Message-Id: <20230721030352.72414-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011077406409628 X-GMAIL-MSGID: 1772011077406409628 From: Sean Christopherson Load the guest's FPU state if userspace is accessing MSRs whose values are managed by XSAVES. Two MSR access helpers, i.e., kvm_{get,set}_xsave_msr(), are designed by a later patch to facilitate access to such kind of MSRs. If MSRs supported in kvm_caps.supported_xss are passed through to guest, the guest MSRs are swapped with host contents before vCPU exits to userspace and after it enters kernel again. Because the modified code is also used for the KVM_GET_MSRS device ioctl(), explicitly check @vcpu is non-null before attempting to load guest state. The XSS supporting MSRs cannot be retrieved via the device ioctl() without loading guest FPU state (which doesn't exist). Note that guest_cpuid_has() is not queried as host userspace is allowed to access MSRs that have not been exposed to the guest, e.g. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8bdcbcf13146..04f0245ad0a2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -132,6 +132,9 @@ static int __set_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static void __get_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static DEFINE_MUTEX(vendor_module_lock); +static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu); +static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu); + struct kvm_x86_ops kvm_x86_ops __read_mostly; #define KVM_X86_OP(func) \ @@ -4346,6 +4349,21 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) } EXPORT_SYMBOL_GPL(kvm_get_msr_common); +static const u32 xstate_msrs[] = { + MSR_IA32_U_CET, MSR_IA32_PL3_SSP, +}; + +static bool is_xstate_msr(u32 index) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(xstate_msrs); i++) { + if (index == xstate_msrs[i]) + return true; + } + return false; +} + /* * Read or write a bunch of msrs. All parameters are kernel addresses. * @@ -4356,11 +4374,20 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data)) { + bool fpu_loaded = false; int i; - for (i = 0; i < msrs->nmsrs; ++i) + for (i = 0; i < msrs->nmsrs; ++i) { + if (vcpu && !fpu_loaded && kvm_caps.supported_xss && + is_xstate_msr(entries[i].index)) { + kvm_load_guest_fpu(vcpu); + fpu_loaded = true; + } if (do_msr(vcpu, entries[i].index, &entries[i].data)) break; + } + if (fpu_loaded) + kvm_put_guest_fpu(vcpu); return i; } From patchwork Fri Jul 21 03:03:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123582 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp5818vqg; Thu, 20 Jul 2023 23:30:14 -0700 (PDT) X-Google-Smtp-Source: APBJJlFEC1iDJUigNTgkglGHzzXVXrIOg6vJcY5Xuf0N5nPZWUF8iENKIwAw4eISHy2njGEOGvS+ X-Received: by 2002:a17:906:74d6:b0:993:d7f3:f055 with SMTP id z22-20020a17090674d600b00993d7f3f055mr846114ejl.11.1689921014187; Thu, 20 Jul 2023 23:30:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921014; cv=none; d=google.com; s=arc-20160816; b=XS1NPoytMtQE54YJKfAyrRmcG6e23MGsVgabPzy5IdY/nvmuKCHss3B3hYKlqKXTEf Qb/tyEzceH/q8TnLY87uAfi+6u7WlNCZIo3+ckxj2Y0HjBr0OlWqM+Qd8m8stylQgMBG KqKvyuHet/G3Rn9JIQplQoxEJcagBRKtrXgbXPiL/YY8/iuI3kSytGdLPY4oExZQor3t /OXZcy2S6O066sdriks2qfXwJ32uremZUZ9vpqFxdP1vcrUahv5mINaaMa3aIEdMEhM6 7pbWUfp9sPlJcW4/cQ0OmH1jjcJVqCF+F2Os+5ouX74F4O6QPTnRXw8MZrom69dbEyvL 4dow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NslyjnssteLt3rNfM531aCIViAVDzrmqkVdizF3wC44=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=PYbJNlT5O2NKBdfTFExyDXItHEJ2a/vAbK8paJ0yl2GVHjHYBpQfse8H68fSBDPLVf /nJukiKMRLwhB3JVFCeF9opWG64ayyKQy/eJzENtKmwkJomxGyFET+SxmrqzffOtJh0M rH8WnXXO58lBV3U8rKGlEuXsqywdgTH1edoof5j6+vEYuPVuhAB2R3c1z+Zu1VXOnlje 4FXJVd3o78S1588v7PuoYHC+Am8GCNxrnm8aUFZuos14qZUUFIku8+YTBSl5+WjpKmNj YxUyi2Xq24KFNLA6laHw2++qo2/A+ORtC8srlNQp7Y4luVDuAaIBOlPth7wMCa+XJKVx IsMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q+Y9TnWj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pj13-20020a170906d78d00b00993860a6d38si1908374ejb.314.2023.07.20.23.29.44; Thu, 20 Jul 2023 23:30:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q+Y9TnWj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230200AbjGUGJF (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46156 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229885AbjGUGIz (ORCPT ); Fri, 21 Jul 2023 02:08:55 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D22292; Thu, 20 Jul 2023 23:08:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919734; x=1721455734; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=TLsCDwkPypQyoDGr6WA5M8mk+rSbh1ZROOPBD8uLgVM=; b=Q+Y9TnWjyRBrD/wc3at1uonwO1muE6vcB6PAs70p8SmzEEHFtClxx7lT 0ZQizZCHMDXmELcX+nUCdzuT9TRfYD+WfQ5YBqNGCkObtbl2Hj4tpSod9 eB6Zsrocnqd8Uk2B2l6NPeOpvooCqfZP49t/cQr/iPCImSP2hxxwOHeV3 lX2uOd00H9PSVBtDV8ACHeLrLb35Cc0YVM2o3QOaMpveTJB/E4FQS9Gnh 70MvNIySnk7yNhZkWIsJbl9UGF02RqupWY8e+XW+hr00enUq5GYZsycb1 YU+NMCHGUETiv6Ky56OfoKoQgA6+c0kWb3SZIlUXXPFcVRTOmqZnRqdsC w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547533" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547533" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721964" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721964" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:40 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 07/20] KVM:x86: Add fault checks for guest CR4.CET setting Date: Thu, 20 Jul 2023 23:03:39 -0400 Message-Id: <20230721030352.72414-8-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772010617206227310 X-GMAIL-MSGID: 1772010617206227310 Check potential faults for CR4.CET setting per Intel SDM. CET can be enabled if and only if CR0.WP==1, i.e. setting CR4.CET=1 faults if CR0.WP==0 and setting CR0.WP=0 fails if CR4.CET==1. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 04f0245ad0a2..be76ac6bbb21 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -993,6 +993,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1204,6 +1207,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); kvm_post_set_cr4(vcpu, old_cr4, cr4); From patchwork Fri Jul 21 03:03:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123597 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp9990vqg; Thu, 20 Jul 2023 23:39:40 -0700 (PDT) X-Google-Smtp-Source: APBJJlGV4U+sz2P/28XYlc82TAdcvDGI2RpR+mXCf5FBFoKAoNRQ5YNqHbTZz+cxfRgP0+5F+Odw X-Received: by 2002:a25:ae43:0:b0:cfe:74cf:e626 with SMTP id g3-20020a25ae43000000b00cfe74cfe626mr1003098ybe.51.1689921579822; Thu, 20 Jul 2023 23:39:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921579; cv=none; d=google.com; s=arc-20160816; b=GfnDuP4sSmpKmdJ5KyIWxoAmUUKZX2+BjW8Jg3g2dB7NrS2N4AksrxFZ5pZsmlKMhx Xb/IYuISuF9vUGDBB0byPTmilVv9KK94nL6PTaYYWVdnJfUPpT1dnXdGNOjBYEyiYJ2Y iXlTXwT3xINbO/NUwRg4mGnUNZRG7zr1lRUcqIy6yGw1ql0dWSf1wsyTtfXqW81u1AqO HzpyRrKSyMtON6LT+hW26uMFNW7EaIucSIXjjdBSIBVO49xuBSVvI7GUtMWNJwBViGMh T9KDEzJLQmplMoUG47ZaLT5PLOvaMwGxXl4r3yWj1+PeLS2IIrdPKiY7rRj1z9++k+Qf pkrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uKiADLo2xVwAvwnVXyR1HQVEVNLyRo7AjZnB1UhpS0U=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=GmZdt9XVgeY6pePQz4WqAlfn0Te2mONudA6tMsYgxCmPNzNlezvGbf8K69E4reOjri uY0nB+V0W+cpkPrPuZK/nmkC9Oog8bslwsz05Yz6At+o0bKFYGhLEDo4v1T4NQStA9Ni MlmjNUxfsgb/Kz2MGuLWE7ifIsedrP9t2/DnJjMgWgomFYwC3mWAOEebeYfPWAr0cKLB NqojojeOxzT4uyUXmMG9Bg74xPM9Lk7vJ/JH0PWNvfXVvu9qD5DVmhRRUv8j2rol/om9 qJ77sRrU/mNtvuoYfxX+NWcbrFK9FPFZmwM1uJTCpT9yYGjoNZ1arLv6FjFUMQy4y2j2 0HkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EF11m+fM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m8-20020a17090a668800b002640919b0d8si2682609pjj.32.2023.07.20.23.39.27; Thu, 20 Jul 2023 23:39:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EF11m+fM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230317AbjGUGJW (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230018AbjGUGI5 (ORCPT ); Fri, 21 Jul 2023 02:08:57 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52D731711; Thu, 20 Jul 2023 23:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919736; x=1721455736; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=cPRAjBh+JcqfxChi1axz7cYPe9M4lTZa+vuA83lyP04=; b=EF11m+fMI/p4oBXPIw6WsuhgCp9/zt5bKLnaYLS3NKzbLw66hA/TJC7C V+vkvFhJ2dTJg6OF92oDmuLqXsERPg7R/kxXSAW6OQgVwKEHs4GqZ89H9 BCvA3/vB+Q7Ee3xqN6PKG9nx6Pajze57oWxtbe6xVLGFt5kyAMgcZ9Uo5 nvMxjYU/LdBC4ja3SMdJmGHRgUaToCGCjK902D2X3uZO3kLKF7OQibCRA STBB084UA+y9nlU9MSwceq+8AY1uoGsRXT+ljp8MQzSN+Q8qQ5o+NuCxO 3wwK2lXwm6Bm6/05JNdB8QewV1jFrtwtVC53PJKo0NhpcBUbAKPiwWqON A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547554" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547554" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721966" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721966" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 08/20] KVM:x86: Report KVM supported CET MSRs as to-be-saved Date: Thu, 20 Jul 2023 23:03:40 -0400 Message-Id: <20230721030352.72414-9-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011210661815380 X-GMAIL-MSGID: 1772011210661815380 Add all CET MSRs including the synthesized GUEST_SSP to report list. PL{0,1,2}_SSP are independent to host XSAVE management with later patches. MSR_IA32_U_CET and MSR_IA32_PL3_SSP are XSAVE-managed on host side. MSR_IA32_S_CET/MSR_IA32_INT_SSP_TAB/MSR_KVM_GUEST_SSP are not XSAVE-managed. When CET IBT/SHSTK are enumerated to guest, both user and supervisor modes should be supported for architechtural integrity, i.e., two modes are supported as both or neither. Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/x86.c | 10 ++++++++++ arch/x86/kvm/x86.h | 10 ++++++++++ 3 files changed, 21 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..7af465e4e0bd 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_GUEST_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index be76ac6bbb21..59e961a88b75 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1463,6 +1463,9 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS, + MSR_IA32_U_CET, MSR_IA32_S_CET, + MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP, + MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB, MSR_KVM_GUEST_SSP, }; static const u32 msrs_to_save_pmu[] = { @@ -7215,6 +7218,13 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!kvm_caps.supported_xss) return; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_KVM_GUEST_SSP: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + if (!kvm_is_cet_supported()) + return; + break; default: break; } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 82e3dafc5453..6e6292915f8c 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -362,6 +362,16 @@ static inline bool kvm_mpx_supported(void) == (XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR); } +#define CET_XSTATE_MASK (XFEATURE_MASK_CET_USER) +/* + * Shadow Stack and Indirect Branch Tracking feature enabling depends on + * whether host side CET user xstate bit is supported or not. + */ +static inline bool kvm_is_cet_supported(void) +{ + return (kvm_caps.supported_xss & CET_XSTATE_MASK) == CET_XSTATE_MASK; +} + extern unsigned int min_timer_period_us; extern bool enable_vmware_backdoor; From patchwork Fri Jul 21 03:03:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123586 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp8895vqg; Thu, 20 Jul 2023 23:37:09 -0700 (PDT) X-Google-Smtp-Source: APBJJlHxpTf75I8Rv5HBRlk1q3efiLjkk7SRoz8IbxBuYVVYKeCGZetx4CmpFD5Htac1NV7Nr03G X-Received: by 2002:a17:906:3095:b0:989:450:e585 with SMTP id 21-20020a170906309500b009890450e585mr804478ejv.45.1689921429365; Thu, 20 Jul 2023 23:37:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921429; cv=none; d=google.com; s=arc-20160816; b=s2vC7kAnvxhb50kWlwsXrWDC2l8AlTnYDzA7zRPaxudSIoEp2pbVEnuTKofE5iNZ/u NdMuL81jNbaOVBsdmBpFKBKC3tn/jHAarSWNLQWSA6ZorqMJsxSFEpn6IHM0Fensa6iM YhoKyfQKYhXb3z5RCpEHU+qPCaCAcXcqYJJuKdRPuC06/ulWrybeeTROWQGqDbDhnhqs yZ71Uffw1lV8iaGN4ieBuoOabpvhhBCNK4VbiwMEOtN0ej5LfMDLollOwn8T4hOsz2y8 d/tFsHGKWjt130kh2V0NUcYfLVc3uak5xM53G132gKyAJAkXofwqQRv2spW4LCetA4ea 2oVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=V2nUJPd4868ISNuHUdG1bvWzVFxD1OugGJDAAL4V77I=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=PrWYkfr/QZDAd/fhFcIH/XSV7y1uvhJmtZzqKOxqxSghm3iiHXVROKRXrUKLDTDipb 1ipHi31CZ/XeCwoZyIiecf3yIFtZaiQ+DT9M7dlOw7umZjz2pW81nPOvYvTnTjcG4Oqw OGvEiSVRUf2N3fczmo2Pjs4S/bF+2vDD2SpB35D7rpOc+j9DERxqr/V6Of/Rx/UWOEZ7 FPrNEv32Y4WgM/w7Pl0cdXIZdNsLpE++z5YPyzDIKIyad2yGKU0tMy9mrpR+XAHUsbYm upsUDEJBRRjJj1Rp731bq2v7dbmhDwh6eqPetI2p0UpXjr8N+/KcPUgTbFLIT8316JiN 1BGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PdSmu6ah; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k6-20020a170906970600b009930d603e75si1558044ejx.905.2023.07.20.23.36.46; Thu, 20 Jul 2023 23:37:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PdSmu6ah; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230061AbjGUGJi (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230034AbjGUGI6 (ORCPT ); Fri, 21 Jul 2023 02:08:58 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4AA9171D; Thu, 20 Jul 2023 23:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919736; x=1721455736; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/Vcu3lfidbXVWuWh0tAa22jzUlvj8smQsLz77KEzUs0=; b=PdSmu6ahSDJKCcHd6pkyMngHUfSclIPa5OqbWleMizVcQlGyzvshD60H GL+W5cWD08ciJc0v+KQdrDYRBO1rnGuV3rWTxoQ///bdp/M4KqBEXJMBH A8aw/94eWnT/+u+Aonu/K+LXuUYsXtj2vplJMQpbgbaAEDm9i4KAFhEOa kjaArlGE0IvOhwkpnso0qu6OBMFN7D5oksNhuiKyF7zxT+kyvZwaX3gVF wSdMCoax0CsDRTmsuPM2i/Hp+8EHYDJljJUtVCT1ZkX4uv1qfBehfaSIc xvNlV6FE3dDBTCjax43uNQUh+mYyawqDcPxXcCmBC71C9ytzmfE3PACIR g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547567" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547567" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721968" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721968" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 09/20] KVM:x86: Add common code of CET MSR access Date: Thu, 20 Jul 2023 23:03:41 -0400 Message-Id: <20230721030352.72414-10-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011052750430885 X-GMAIL-MSGID: 1772011052750430885 Add unified handling for AMD/Intel's SHSTK MSRs, and leave IBT related handling in VMX specific code. Guest supervisor SSPs are handled specially because they are loaded into HW registers only when the SSPs are used by guest. Currently, AMD doesn't support IBT, so move related handling in VMX specific code. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.h | 10 ++++ arch/x86/kvm/x86.c | 103 +++++++++++++++++++++++++++++--- arch/x86/kvm/x86.h | 18 ++++++ 4 files changed, 124 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 20bbcd95511f..69cbc9d9b277 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -805,6 +805,7 @@ struct kvm_vcpu_arch { u64 xcr0; u64 guest_supported_xcr0; u64 guest_supported_xss; + u64 cet_s_ssp[3]; struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index b1658c0de847..7791a19b88ba 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -232,4 +232,14 @@ static __always_inline bool guest_pv_has(struct kvm_vcpu *vcpu, return vcpu->arch.pv_cpuid.features & (1u << kvm_feature); } +/* + * FIXME: When the "KVM-governed" enabling patchset is merge, rebase this + * series on top of that and replace this one with the helper merged. + */ +static __always_inline bool guest_can_use(struct kvm_vcpu *vcpu, + unsigned int feature) +{ + return kvm_cpu_cap_has(feature) && guest_cpuid_has(vcpu, feature); +} + #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 59e961a88b75..7a3753c05c09 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3628,6 +3628,47 @@ static bool kvm_is_msr_to_save(u32 msr_index) return false; } +static inline bool is_shadow_stack_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr) +{ + return msr->index == MSR_IA32_PL0_SSP || + msr->index == MSR_IA32_PL1_SSP || + msr->index == MSR_IA32_PL2_SSP || + msr->index == MSR_IA32_PL3_SSP || + msr->index == MSR_IA32_INT_SSP_TAB || + msr->index == MSR_KVM_GUEST_SSP; +} + +static bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, + struct msr_data *msr) +{ + + /* + * This function cannot work without later CET MSR read/write + * emulation patch. + */ + WARN_ON_ONCE(1); + + if (is_shadow_stack_msr(vcpu, msr)) { + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return false; + + if (msr->index == MSR_KVM_GUEST_SSP) + return msr->host_initiated; + + return msr->host_initiated || + guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + } + + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + return false; + + return msr->host_initiated || + guest_cpuid_has(vcpu, X86_FEATURE_IBT) || + guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); +} + int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) { u32 msr = msr_info->index; @@ -3982,6 +4023,35 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.guest_fpu.xfd_err = data; break; #endif +#define CET_IBT_MASK_BITS GENMASK_ULL(63, 2) +#define CET_SHSTK_MASK_BITS GENMASK(1, 0) + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + if ((!guest_can_use(vcpu, X86_FEATURE_SHSTK) && + (data & CET_SHSTK_MASK_BITS)) || + (!guest_can_use(vcpu, X86_FEATURE_IBT) && + (data & CET_IBT_MASK_BITS))) + return 1; + if (msr == MSR_IA32_U_CET) + kvm_set_xsave_msr(msr_info); + break; + case MSR_KVM_GUEST_SSP: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + if (!IS_ALIGNED(data, 4)) + return 1; + if (msr == MSR_IA32_PL0_SSP || msr == MSR_IA32_PL1_SSP || + msr == MSR_IA32_PL2_SSP) { + vcpu->arch.cet_s_ssp[msr - MSR_IA32_PL0_SSP] = data; + } else if (msr == MSR_IA32_PL3_SSP) { + kvm_set_xsave_msr(msr_info); + } + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr_info); @@ -4052,7 +4122,9 @@ static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host) int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) { - switch (msr_info->index) { + u32 msr = msr_info->index; + + switch (msr) { case MSR_IA32_PLATFORM_ID: case MSR_IA32_EBL_CR_POWERON: case MSR_IA32_LASTBRANCHFROMIP: @@ -4087,7 +4159,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_K7_PERFCTR0 ... MSR_K7_PERFCTR3: case MSR_P6_PERFCTR0 ... MSR_P6_PERFCTR1: case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL1: - if (kvm_pmu_is_valid_msr(vcpu, msr_info->index)) + if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_get_msr(vcpu, msr_info); msr_info->data = 0; break; @@ -4138,7 +4210,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_MTRRcap: case MTRRphysBase_MSR(0) ... MSR_MTRRfix4K_F8000: case MSR_MTRRdefType: - return kvm_mtrr_get_msr(vcpu, msr_info->index, &msr_info->data); + return kvm_mtrr_get_msr(vcpu, msr, &msr_info->data); case 0xcd: /* fsb frequency */ msr_info->data = 3; break; @@ -4160,7 +4232,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = kvm_get_apic_base(vcpu); break; case APIC_BASE_MSR ... APIC_BASE_MSR + 0xff: - return kvm_x2apic_msr_read(vcpu, msr_info->index, &msr_info->data); + return kvm_x2apic_msr_read(vcpu, msr, &msr_info->data); case MSR_IA32_TSC_DEADLINE: msr_info->data = kvm_get_lapic_tscdeadline_msr(vcpu); break; @@ -4254,7 +4326,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_IA32_MCG_STATUS: case MSR_IA32_MC0_CTL ... MSR_IA32_MCx_CTL(KVM_MAX_MCE_BANKS) - 1: case MSR_IA32_MC0_CTL2 ... MSR_IA32_MCx_CTL2(KVM_MAX_MCE_BANKS) - 1: - return get_msr_mce(vcpu, msr_info->index, &msr_info->data, + return get_msr_mce(vcpu, msr, &msr_info->data, msr_info->host_initiated); case MSR_IA32_XSS: if (!msr_info->host_initiated && @@ -4285,7 +4357,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case HV_X64_MSR_TSC_EMULATION_STATUS: case HV_X64_MSR_TSC_INVARIANT_CONTROL: return kvm_hv_get_msr_common(vcpu, - msr_info->index, &msr_info->data, + msr, &msr_info->data, msr_info->host_initiated); case MSR_IA32_BBL_CR_CTL3: /* This legacy MSR exists but isn't fully documented in current @@ -4338,8 +4410,22 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = vcpu->arch.guest_fpu.xfd_err; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_KVM_GUEST_SSP: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + if (msr == MSR_IA32_PL0_SSP || msr == MSR_IA32_PL1_SSP || + msr == MSR_IA32_PL2_SSP) { + msr_info->data = + vcpu->arch.cet_s_ssp[msr - MSR_IA32_PL0_SSP]; + } else if (msr == MSR_IA32_U_CET || msr == MSR_IA32_PL3_SSP) { + kvm_get_xsave_msr(msr_info); + } + break; default: - if (kvm_pmu_is_valid_msr(vcpu, msr_info->index)) + if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_get_msr(vcpu, msr_info); /* @@ -4347,7 +4433,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) * to-be-saved, even if an MSR isn't fully supported. */ if (msr_info->host_initiated && - kvm_is_msr_to_save(msr_info->index)) { + kvm_is_msr_to_save(msr)) { msr_info->data = 0; break; } @@ -12131,6 +12217,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vcpu->arch.cr3 = 0; kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3); + memset(vcpu->arch.cet_s_ssp, 0, sizeof(vcpu->arch.cet_s_ssp)); /* * CR0.CD/NW are set on RESET, preserved on INIT. Note, some versions diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 6e6292915f8c..09dd35a79ff3 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -549,4 +549,22 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, unsigned int port, void *data, unsigned int count, int in); +/* + * Guest xstate MSRs have been loaded in __msr_io(), disable preemption before + * access the MSRs to avoid MSR content corruption. + */ +static inline void kvm_get_xsave_msr(struct msr_data *msr_info) +{ + kvm_fpu_get(); + rdmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + +static inline void kvm_set_xsave_msr(struct msr_data *msr_info) +{ + kvm_fpu_get(); + wrmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + #endif From patchwork Fri Jul 21 03:03:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123585 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp8801vqg; Thu, 20 Jul 2023 23:36:57 -0700 (PDT) X-Google-Smtp-Source: APBJJlEXOeC2uUbtBJI7jqspEZ97Cy6P++kRIEJ7sNqvBTS3T5/BZiuEPtoLwyuTXlnZp0iV202X X-Received: by 2002:a17:906:30c3:b0:994:19ed:e92b with SMTP id b3-20020a17090630c300b0099419ede92bmr846605ejb.20.1689921417388; Thu, 20 Jul 2023 23:36:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921417; cv=none; d=google.com; s=arc-20160816; b=t0bGPM3SIOtwMZjHdttuZWyjrO6sPxvFYlYlVbt+JxGZKQJFc0UW+OlqSKAfkHVxwJ Wxl1iyRCEoPce4gwnjDTGLsDWJKOzqS/FH080fDyxpYR6z8WPt1uWagYBFwk/WC5CX3B +M2cm8lHrOVIGf7Tz/sWZ4nbDtIFwXNKok2lAzYDsx/PcDFileEXjKGEaQfjQwEfh1kT Hanwf8Cd6dEGAqU5rBkQTipZdeAWsLFzaFfEcp3IGPvuXfqxtqCUjBMXiYK+xx/cfPVt EHU3/wtPO0wjhxNj8bk3hsg+2Ubh0UP2N/8d5WOpUvYmZHU1H31VzE1GH6cFNkENhMTC g9mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ss3tyTJg0XM9cxjKu1tV25q9C03WebHZTj9reiGZhus=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=DQ+TBwOrlHoN1IciPKNYPAKeOJb2N+MhnTuf4N0LEkbl7jYq+baLBKAgZ9LipmrQHY W4RRZrJIxGc3hEieEYoXCsEI83GIxQlZis24ceO6GW7JLXENdyzWzT/W0WhZJ4ff1XdT pIEBJZ2vWIsOejnccXrYulaooowMJ7CV7r/OJWMCOrPMKwQ9lxV0oR6zjB3CQVgtqDss B6WpCUaJr22hSbQQa1hnjns3rh1nJYFa/FHvo6OLZuLQ3l7d89QNoqqzgUkzKgb0+NO4 /fMjeVrxCEWZZ8Oe869YEbdWlGqRZvjD7Xv4al4a0RAFS6SIQx1RCs+6GrHPlVGF5kCg 1S/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Sqyb+Vll; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l7-20020a170906230700b0098e47bbff3csi1983182eja.297.2023.07.20.23.36.15; Thu, 20 Jul 2023 23:36:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Sqyb+Vll; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230508AbjGUGKT (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230100AbjGUGJN (ORCPT ); Fri, 21 Jul 2023 02:09:13 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 28BB42D54; Thu, 20 Jul 2023 23:09:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919743; x=1721455743; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NdP2SeUCzPEdFuzwKBKi+sK0rXQVe+hgWiznlOj3LLM=; b=Sqyb+VllIsouvOilnlD1Uu154n+oIaBrxePBC+mmZyBVDxzwIRjrMXIW YnIAOtQ2cml5sa2otVP8R0tk8a5mFSFAFa/GgAeMJfjsQlw31gdUUrSc9 GAJlJnLzZh4/zsobAAM4rUqEXUmQyCbIvTAJhs+hzOhCf5azI5bQkv0xv 5MKEM0UOWGp3ZzxAVH1uMmFWnLQhaP0rZEPAEhmzdxYwqJZRmQSJg4F7t WN7XTtLSDlBd8GC03iPMlNMaaCQYO9429D76MUGmeRhTleQ9ewfasf2D+ dTOy0hMX9XxMl+zuDnuZY4cRsl6NCsog+gDx1SnLk3LLDIA0KTX+GycYC w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547616" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547616" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721971" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721971" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 10/20] KVM:x86: Make guest supervisor states as non-XSAVE managed Date: Thu, 20 Jul 2023 23:03:42 -0400 Message-Id: <20230721030352.72414-11-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011040000069709 X-GMAIL-MSGID: 1772011040000069709 Save and reload guest CET supervisor states, i.e.,PL{0,1,2}_SSP, when vCPU context is being swapped before and after userspace <->kernel entry, also do the same operation when vCPU is sched-in or sched-out. Enabling CET supervisor state management in KVM due to: -Introducing unnecessary XSAVE operation when switch to non-vCPU userspace within current FPU framework. -Forcing allocating additional space for CET supervisor states in each thread context regardless whether it's vCPU thread or not. Add a new helper kvm_arch_sched_out() for that purpose. Adding the support in kvm_arch_vcpu_put/load() without the new helper looks possible, but the put/load functions are also called in vcpu_put()/load(), the latter are heavily used in KVM, so adding new helper makes the implementation clearer. Signed-off-by: Yang Weijiang --- arch/arm64/include/asm/kvm_host.h | 1 + arch/mips/include/asm/kvm_host.h | 1 + arch/powerpc/include/asm/kvm_host.h | 1 + arch/riscv/include/asm/kvm_host.h | 1 + arch/s390/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c | 37 +++++++++++++++++++++++++++++ include/linux/kvm_host.h | 1 + virt/kvm/kvm_main.c | 1 + 8 files changed, 44 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 7e7e19ef6993..98235cb3d258 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1023,6 +1023,7 @@ void kvm_arm_vcpu_ptrauth_trap(struct kvm_vcpu *vcpu); static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} +static inline void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) {} void kvm_arm_init_debug(void); void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu); diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h index 957121a495f0..56c5e85ba5a3 100644 --- a/arch/mips/include/asm/kvm_host.h +++ b/arch/mips/include/asm/kvm_host.h @@ -893,6 +893,7 @@ static inline void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} +static inline void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) {} static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu) {} static inline void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) {} diff --git a/arch/powerpc/include/asm/kvm_host.h b/arch/powerpc/include/asm/kvm_host.h index 14ee0dece853..11587d953bf6 100644 --- a/arch/powerpc/include/asm/kvm_host.h +++ b/arch/powerpc/include/asm/kvm_host.h @@ -880,6 +880,7 @@ static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} static inline void kvm_arch_flush_shadow_all(struct kvm *kvm) {} static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} +static inline void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) {} static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu) {} static inline void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) {} diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h index ee0acccb1d3b..6ff4a04fe0f2 100644 --- a/arch/riscv/include/asm/kvm_host.h +++ b/arch/riscv/include/asm/kvm_host.h @@ -244,6 +244,7 @@ struct kvm_vcpu_arch { static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} +static inline void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) {} #define KVM_ARCH_WANT_MMU_NOTIFIER diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h index 2bbc3d54959d..d1750a6a86cf 100644 --- a/arch/s390/include/asm/kvm_host.h +++ b/arch/s390/include/asm/kvm_host.h @@ -1033,6 +1033,7 @@ extern int kvm_s390_gisc_unregister(struct kvm *kvm, u32 gisc); static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} +static inline void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) {} static inline void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7a3753c05c09..f7558f0f6fc0 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11212,6 +11212,33 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) trace_kvm_fpu(0); } +static void kvm_save_cet_supervisor_ssp(struct kvm_vcpu *vcpu) +{ + preempt_disable(); + if (unlikely(guest_can_use(vcpu, X86_FEATURE_SHSTK))) { + rdmsrl(MSR_IA32_PL0_SSP, vcpu->arch.cet_s_ssp[0]); + rdmsrl(MSR_IA32_PL1_SSP, vcpu->arch.cet_s_ssp[1]); + rdmsrl(MSR_IA32_PL2_SSP, vcpu->arch.cet_s_ssp[2]); + /* + * Omit reset to host PL{1,2}_SSP because Linux will never use + * these MSRs. + */ + wrmsrl(MSR_IA32_PL0_SSP, 0); + } + preempt_enable(); +} + +static void kvm_reload_cet_supervisor_ssp(struct kvm_vcpu *vcpu) +{ + preempt_disable(); + if (unlikely(guest_can_use(vcpu, X86_FEATURE_SHSTK))) { + wrmsrl(MSR_IA32_PL0_SSP, vcpu->arch.cet_s_ssp[0]); + wrmsrl(MSR_IA32_PL1_SSP, vcpu->arch.cet_s_ssp[1]); + wrmsrl(MSR_IA32_PL2_SSP, vcpu->arch.cet_s_ssp[2]); + } + preempt_enable(); +} + int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) { struct kvm_queued_exception *ex = &vcpu->arch.exception; @@ -11222,6 +11249,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) kvm_sigset_activate(vcpu); kvm_run->flags = 0; kvm_load_guest_fpu(vcpu); + kvm_reload_cet_supervisor_ssp(vcpu); kvm_vcpu_srcu_read_lock(vcpu); if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) { @@ -11310,6 +11338,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) r = vcpu_run(vcpu); out: + kvm_save_cet_supervisor_ssp(vcpu); kvm_put_guest_fpu(vcpu); if (kvm_run->kvm_valid_regs) store_regs(vcpu); @@ -12398,9 +12427,17 @@ void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) pmu->need_cleanup = true; kvm_make_request(KVM_REQ_PMU, vcpu); } + + kvm_reload_cet_supervisor_ssp(vcpu); + static_call(kvm_x86_sched_in)(vcpu, cpu); } +void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) +{ + kvm_save_cet_supervisor_ssp(vcpu); +} + void kvm_arch_free_vm(struct kvm *kvm) { kfree(to_kvm_hv(kvm)->hv_pa_pg); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index d90331f16db1..b3032a5f0641 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1423,6 +1423,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu); void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu); +void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu); void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu); void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu); diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 66c1447d3c7f..42f28e8905e1 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -5885,6 +5885,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, { struct kvm_vcpu *vcpu = preempt_notifier_to_vcpu(pn); + kvm_arch_sched_out(vcpu, 0); if (current->on_rq) { WRITE_ONCE(vcpu->preempted, true); WRITE_ONCE(vcpu->ready, true); From patchwork Fri Jul 21 03:03:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123594 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp9886vqg; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlEXufzke2Ms4f/S6E1CMiOBMSHJMyqbNogdzCOfY8tQHMC6KP9oclZNWCS4zICnFB3KFA1B X-Received: by 2002:a17:90a:7543:b0:262:ec04:4ff7 with SMTP id q61-20020a17090a754300b00262ec044ff7mr2514019pjk.16.1689921566597; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921566; cv=none; d=google.com; s=arc-20160816; b=zJpOsN57JLTuw+WGckuIiUY4CLyQ1LYgOvHTgBZZzHjV2/ecyhTSwGz2iTlpHNblZz cKk/OKDMjv8sAFcRTp+3lEh8NHU03rhP5FQ28SzZG53qkYGOveu1U0N+/RQ3379zIkdG Lohjy8saVoxjsmtQHGmjSxuwaiCqpwJv8asF32DgbeHiEOf4FT3JeccssqG6N/EBvQ+t CcXYBEGVRYui96lAf4TtFZdrDVvx6rxcHtJ7r40hOczvkNr6SAqoBnJE1m49a81Swgds qPgw+hyiZjtAJceRMPYBuR/WmajaeBgjiYZqxC7c4X2wmIrH8xh0TitGkdpph4uqNYFM ZflQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=arFy8LdGoWcORB+CFh7FXPy+U/TG/ZvH7Mhq/6N9BMw=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=m6civ9lfJTsB2fvTyWVkS1Ob8ECN3ChbUnn99ZjaOT7pdyrgINpNUpjp+U6ZDH1XwF CE9C4DFa8CvR8wZFiVyH1InwVaxcRDLcYZ1BFQrumoI/xfjyxXAd4mZIuAGJsTZ8eZ46 Wl7AVNKGe4Jvjcfawa0Uw5ft179gLpxVX8ROLUK0HttxwIlwYpqlRPXw9QgjSaey/VKu fNiLRtGfX9rhFv+zQUHCJXde2byNN/cz7F2ZincNEzhM4VMSwSs+fEc83pbDjTZC7mWE bypYmD4KZ423mVo/NzqjUJljdBxTJaMvRDGIEzutzxMwsU1xNyzByaBhygqiScHDinby 3Hqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TK1fBbV7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nn8-20020a17090b38c800b00262de4b0d87si2727011pjb.16.2023.07.20.23.38.55; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TK1fBbV7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230353AbjGUGJc (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230061AbjGUGI6 (ORCPT ); Fri, 21 Jul 2023 02:08:58 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78EE610F3; Thu, 20 Jul 2023 23:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919737; x=1721455737; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RHa2LwonmPJL/W+28Rw5xERcqDGr/QwBrpN8d1H9ufA=; b=TK1fBbV7gUDtFxIcrP8GOI42bWzIdyfSEjtJ8Dn4/4SLj6SXRO+CoHpI ecn+GieOg4lu9YBYcpfl9G/Ujx+hcYOgDEcE800F5DBuKE7r34JH8Lkvq s9Tsn6oEqvn/CrzFLF5Eu3CG1bb3Vf8Yb3sSi2lHrQ6mpWzoVTwDdqSIi UdQ4cK90bPUK1ssBivnbEx9JYucQZAhpawm0qS85zTVhRV/0ChWeyP8zc 7rYOCmD9gaKbmWLfkxW7yeI2fMbpuo2NhzaneyTI78hoznoiwzLpYs+06 M7N3wYErdVpWSWOJctt1LEmPxAFhD1XxJDFtJNHQhLE4p0KGyTFKg+j7s A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547577" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547577" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721974" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721974" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 11/20] KVM:x86: Save and reload GUEST_SSP to/from SMRAM Date: Thu, 20 Jul 2023 23:03:43 -0400 Message-Id: <20230721030352.72414-12-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011196546689403 X-GMAIL-MSGID: 1772011196546689403 Save GUEST_SSP to SMRAM on SMI and reload it on RSM. KVM emulates architectural behavior when guest enters/leaves SMM mode, i.e., save registers to SMRAM at the entry of SMM and reload them at the exit of SMM. Per SDM, GUEST_SSP is defined as one of the fields in SMRAM for 64-bit mode, so handle the state accordingly. Check HF_SMM_MASK to determine whether kvm_cet_is_msr_accessible() is called in SMM mode so that kvm_{set,get}_msr() works in SMM mode. Signed-off-by: Yang Weijiang --- arch/x86/kvm/smm.c | 17 +++++++++++++++++ arch/x86/kvm/smm.h | 2 +- arch/x86/kvm/x86.c | 12 +++++++++++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index b42111a24cc2..a4e19d72224f 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -309,6 +309,15 @@ void enter_smm(struct kvm_vcpu *vcpu) kvm_smm_changed(vcpu, true); +#ifdef CONFIG_X86_64 + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) { + u64 data; + + if (!kvm_get_msr(vcpu, MSR_KVM_GUEST_SSP, &data)) + smram.smram64.ssp = data; + } +#endif + if (kvm_vcpu_write_guest(vcpu, vcpu->arch.smbase + 0xfe00, &smram, sizeof(smram))) goto error; @@ -586,6 +595,14 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) if ((vcpu->arch.hflags & HF_SMM_INSIDE_NMI_MASK) == 0) static_call(kvm_x86_set_nmi_mask)(vcpu, false); +#ifdef CONFIG_X86_64 + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) { + u64 data = smram.smram64.ssp; + + if (is_noncanonical_address(data, vcpu) && IS_ALIGNED(data, 4)) + kvm_set_msr(vcpu, MSR_KVM_GUEST_SSP, data); + } +#endif kvm_smm_changed(vcpu, false); /* diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h index a1cf2ac5bd78..b3efef7cb1dc 100644 --- a/arch/x86/kvm/smm.h +++ b/arch/x86/kvm/smm.h @@ -116,7 +116,7 @@ struct kvm_smram_state_64 { u32 smbase; u32 reserved4[5]; - /* ssp and svm_* fields below are not implemented by KVM */ + /* svm_* fields below are not implemented by KVM */ u64 ssp; u64 svm_guest_pat; u64 svm_host_efer; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f7558f0f6fc0..70d7c80889d6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3653,8 +3653,18 @@ static bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) return false; - if (msr->index == MSR_KVM_GUEST_SSP) + /* + * This MSR is synthesized mainly for userspace access during + * Live Migration, it also can be accessed in SMM mode by VMM. + * Guest is not allowed to access this MSR. + */ + if (msr->index == MSR_KVM_GUEST_SSP) { + if (IS_ENABLED(CONFIG_X86_64) && + !!(vcpu->arch.hflags & HF_SMM_MASK)) + return true; + return msr->host_initiated; + } return msr->host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); From patchwork Fri Jul 21 03:03:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123609 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp18517vqg; Fri, 21 Jul 2023 00:02:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlHf0NC7JsrdaZQpJs6dglW51E0N8FJnLTTquAeo7pPW1D6hbqnXnBqDpkUUMEqgcHUgniLw X-Received: by 2002:a05:6a00:ad4:b0:67a:31b7:456c with SMTP id c20-20020a056a000ad400b0067a31b7456cmr992343pfl.9.1689922931390; Fri, 21 Jul 2023 00:02:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689922931; cv=none; d=google.com; s=arc-20160816; b=q3WqL41T8b/PhQFOP0Ym/Grj86b9ngfOJu+NN8vbLpzcE7sLLKpLv9vUE6SsbjzS9/ 3Z9qvgrY0L5rq7xNBgKSGhWtL0HxITHsKu053kWBQ4LNQ08E9mHyW0pTlLo8XCL/qr0W m2yVeHbWg/bjjuq4PGtswQO+mVhQeUQON0vJJ8heX186dEHuSuUYpvOP7kGccge49Lkq GDIyMV6xTI3ugzuzMiYb7x1p76gpQj7JtsXGekvLwVoElaaOJViDDZ8kZK+4D00nruib oYjSU7NUE7dKHTJbcruKJ2IQrmKrNwDHdErw4lrDSs5XUaTHIjXhBlVLvjaQioGvyPE0 rCOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RXXcnDlgW/00Uwacyo4VihPrE5bu2dAiX6El+absTDo=; fh=HMcujsZKjNxN/43ffopDJtVTR+LGhIldb/bc7LMNveI=; b=x9UjwP0zIzpV1h1hRIu4lVmtnTTDWlh8CSxZktrb+pnNxy1CERpQkr9ZYoApqIj0lC ARDiuKQk8Xbg0zbuaW+Yhmvk0XZawm29R42BUb5yeb5s/C3MwMEMmlTA6XrC5m4SW9I2 5G0ax+/N8HuE9Jrgj3zkT8Z3+gjYqN2/Qlle4apLOG0eqQms4bmHPCN/eAN7UyPSCL16 e7NLeYUvEUz3z+Imq8Fnck+kCY2iBsdtWNnDbYvh2a9jj4+R6qfS6BHZ/4EX0WwMzXie 8TzW3xWX+rRLHeV8XHrdFcVdjzSmi0nmV+wAbQdFxOhwXsfQbfIqMDSN866wt+GC269h aF5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aDdkNLVN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fh41-20020a056a00392900b0064d45bbba8csi2540386pfb.62.2023.07.21.00.01.58; Fri, 21 Jul 2023 00:02:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aDdkNLVN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230329AbjGUGJZ (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230028AbjGUGI6 (ORCPT ); Fri, 21 Jul 2023 02:08:58 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FE741BDC; Thu, 20 Jul 2023 23:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919737; x=1721455737; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4bPEHO8OY9NnpX6vcR7dyAdp18jscs+rXkAmk91xB4U=; b=aDdkNLVNcVRltsuY/ZjqUjKtUZimumT83K4vgkzSgtLTMh/6CnIZYRZ+ VpTxVxYjK+uNtlcBS8ZA3c4RupYqRdsti2kyCwARXQ/aISo0hoYbbmNQ7 ugLcDbDtKCELytZcoqLCDYta/ryX2PV6t8gqlooLqAv6kIuvyVVo+mKFd UwSWEKh2kgqVEuitykdSPJzx20Uzu4kjrwxdsO6inzacU/eyqSkXThSr4 T8baJIhh/VeH68xTDYMKb61Zh44/gWk6y5/wIIO/ML7DrcalJEsG9icHD TldLJvyhLkEviBl218RutUc/wptu5NbR5EshKdHlQffK58uB2CnlMtO4Y A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547578" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547578" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721976" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721976" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v4 12/20] KVM:VMX: Introduce CET VMCS fields and control bits Date: Thu, 20 Jul 2023 23:03:44 -0400 Message-Id: <20230721030352.72414-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772012627942941319 X-GMAIL-MSGID: 1772012627942941319 Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces new instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that doesn't support CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} mode respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK table,the entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores shadow stack pointer of current active task/thread. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_HOST_CET_STATE = 1, the host CET states are restored from the following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_GUEST_CET_STATE = 1, the guest CET states are loaded from the following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0d02c4aafa6f..db7f93307349 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /* From patchwork Fri Jul 21 03:03:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123607 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp18327vqg; Fri, 21 Jul 2023 00:01:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlHrbiwdxHZ5l7wfXXHrYEoXVh7sKp6+/OA6c2IhAWToIZg29KcDNXLIPeAzM+AmzlZeD0oW X-Received: by 2002:a05:6a00:1487:b0:66a:2ff1:dee4 with SMTP id v7-20020a056a00148700b0066a2ff1dee4mr988378pfu.2.1689922912219; Fri, 21 Jul 2023 00:01:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689922912; cv=none; d=google.com; s=arc-20160816; b=mbLqvEkNynjcj4Hp+TTzMo2CcsstkXAgCX7FcbDQegt76I08eFNK/kAYir0NWqaTX0 VQ3QHJDa+3qsWLIMukhOKy71ATS7txIKj4lijout+XCKLg8gPzEkOchsEnCXOT41pEBS YMVaCf9JD+C+xy9nskdFJy3nUISPTiI0x0QxVMfzJqNLkbk0oTZrpMww+DO6oZSIk7g7 RO3EODCfpCuEdDb6BB97yopdmHsjeAknPrUPIouhzfDGv2t0508Tilvqijwp+UGyjgUB BxrjcaGyuHXMBb0FDdblStU42ZJcLJarCP4tDtBq6YeIpMoGDO9GxYu7FEEd1SmVdl29 xOvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dzdrKt9QplQoWPCZepnCqn5Tp//ciPHrqojOaGOVC+Q=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=KMc2hcqddxxFDhMYqA7DAz9072FuQFcoJYXyDj3g0tQ8WSCviUdXYyfObYjr9RXwKI hrj599Zci5soQU/K65DMT5j1Huve1mZAtWDrC8D8ZibP3cWeTY7M+LJ91RDSvmfHaRRX aJZbwdnxYjr98E6jGcVR/8a8Bdcb55p2eXaaY8YxCKRh4tf6CkNmejVcb+gZzjYSCVeg QROo0EcZbZ8wPeqpETGqFQmODCkpvNLQCHICTGmH7VKPtqEfG53vgjeh4u/H+H2LLMET rz2x/weimPgdiltbua3QjcFBd0BC0oOHSUGBzDeagbH2ceODNzOwNgKPXOizK01ITDtl ZwWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KN5va1MZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fh41-20020a056a00392900b0064d45bbba8csi2540386pfb.62.2023.07.21.00.01.35; Fri, 21 Jul 2023 00:01:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KN5va1MZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230496AbjGUGKO (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229936AbjGUGJM (ORCPT ); Fri, 21 Jul 2023 02:09:12 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F9CA2735; Thu, 20 Jul 2023 23:09:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919742; x=1721455742; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Fx9J88O7Q3yUbtft19sTQ/HsoEJxgMzNzpONUm7yFwM=; b=KN5va1MZJF3+624TteJkh7VLlZrrJ1MmAXHqwYZeUoS65WGJZN6PGOPQ qtXxTv+EzGHPKGgAS6omAK5qOI+BqJkCZ1EakmqMEB+k9wgrlP+v7OcFJ 3CnW8x3jcFqHzuDPrq5RIibp1gwaLoWLx3wwHbZFGKl0z1gAftRDzMqgI XLnPi3UYmmNFYJNTGS0RDXJmiPU+uW5Lqo0R6W8eFlO7kuAzxzXrL+sDT tDiOi/jWfB9DJ4bk3pDR8EynKdd3/WrQ3LZJJZerZm2sxA8MXdTtNBZj2 uV28oiKyLnKu3ylxin2W4Oa6K3cPbH65hNtGaaTOU756cPMfyJVX1nxet g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547630" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547630" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721978" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721978" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 13/20] KVM:VMX: Emulate read and write to CET MSRs Date: Thu, 20 Jul 2023 23:03:45 -0400 Message-Id: <20230721030352.72414-14-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772012607125020253 X-GMAIL-MSGID: 1772012607125020253 Add VMX specific emulation for CET MSR read and write. IBT feature is only available on Intel platforms now and the virtualization interface to the control fields is vensor specific, so split this part from the common code. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 40 ++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 7 ------- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c8d9870cfecb..b29817ec6f2e 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2093,6 +2093,21 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; break; + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + return kvm_get_msr_common(vcpu, msr_info); + case MSR_IA32_S_CET: + case MSR_KVM_GUEST_SSP: + case MSR_IA32_INT_SSP_TAB: + if (kvm_get_msr_common(vcpu, msr_info)) + return 1; + if (msr_info->index == MSR_KVM_GUEST_SSP) + msr_info->data = vmcs_readl(GUEST_SSP); + else if (msr_info->index == MSR_IA32_S_CET) + msr_info->data = vmcs_readl(GUEST_S_CET); + else if (msr_info->index == MSR_IA32_INT_SSP_TAB) + msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE); + break; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); break; @@ -2402,6 +2417,31 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else vmx->pt_desc.guest.addr_a[index / 2] = data; break; +#define VMX_CET_CONTROL_MASK (~GENMASK_ULL(9, 6)) +#define CET_LEG_BITMAP_BASE(data) ((data) >> 12) +#define CET_EXCLUSIVE_BITS (CET_SUPPRESS | CET_WAIT_ENDBR) + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + return kvm_set_msr_common(vcpu, msr_info); + break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_KVM_GUEST_SSP: + case MSR_IA32_INT_SSP_TAB: + if ((msr_index == MSR_IA32_U_CET || + msr_index == MSR_IA32_S_CET) && + ((data & ~VMX_CET_CONTROL_MASK) || + !IS_ALIGNED(CET_LEG_BITMAP_BASE(data), 4) || + (data & CET_EXCLUSIVE_BITS) == CET_EXCLUSIVE_BITS)) + return 1; + if (kvm_set_msr_common(vcpu, msr_info)) + return 1; + if (msr_index == MSR_KVM_GUEST_SSP) + vmcs_writel(GUEST_SSP, data); + else if (msr_index == MSR_IA32_S_CET) + vmcs_writel(GUEST_S_CET, data); + else if (msr_index == MSR_IA32_INT_SSP_TAB) + vmcs_writel(GUEST_INTR_SSP_TABLE, data); + break; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version) return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 70d7c80889d6..e200f22cdaad 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3642,13 +3642,6 @@ static inline bool is_shadow_stack_msr(struct kvm_vcpu *vcpu, static bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr) { - - /* - * This function cannot work without later CET MSR read/write - * emulation patch. - */ - WARN_ON_ONCE(1); - if (is_shadow_stack_msr(vcpu, msr)) { if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) return false; From patchwork Fri Jul 21 03:03:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123598 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp10014vqg; Thu, 20 Jul 2023 23:39:46 -0700 (PDT) X-Google-Smtp-Source: APBJJlH58ha+UEJxPYUQg8AZSITF72Tlhgrap5vxVz+x3fG8WHaT+gmgBxNbS80wFFnl6249LBIg X-Received: by 2002:aa7:d991:0:b0:521:d83e:8db2 with SMTP id u17-20020aa7d991000000b00521d83e8db2mr764846eds.39.1689921585932; Thu, 20 Jul 2023 23:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921585; cv=none; d=google.com; s=arc-20160816; b=Z7fmlb3ujDX4GWSTV3chSG57Cr692VPurKnTVbHVLUqzN81wZEcggzHGCXi6xm0yUb Gsy6q8+6Fm/6OUjZCCPews+kpzGdLSlAh23BlVRRWc7WhbITgzr83/Eh8RGv1ryMdOle P/ajuYQwbPwj4kUXlnFvpULp630xa0ktwLwZew1fOYIc6dI6Ev0/fnXUeLRXleVXEUPD WN7TEi2q2tg0ltZXEL+A3vW0Q9bnCxQcV/YIWV85G2Kfqi4M2ct/d23JW5wYVfVDurC8 hjje1WY/yr8vUfIti4xXPiZbAa6OePxsF+uFkqwLfgyhwQ8VjANpg6jc3ve9HynFfNY2 41wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mMP675WzkoJDrLn74OGhWK5kBjoJUo2mQTlJXswLTNI=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=wS6bwa5XkE/bDTJI4OU0xvqaZPa990SJyY6o7ShME8wxhrYl8EKKqK0p6qMKldkGFk n+xCPr7qo9kQq4cc11ngn4vRCa2cjjQWcTwe6PULNSlMeCRuJrJDzSC75Vb7L9GTEPJS 9fZxX8mr7Oq7/oZUtVhpT0IQ7zeiyEGBubh9FGHFsL79KOodDlkLdhL9LVZpuRUWguDj Gc8bFvaKrBnIIl1ipdOoKJq1gDQ3S7EuAJuqJUeERemiJd2el/AyrhbFhMFXaIa5hQCM +GAl2zNs3RU8/tIVXcZnWbI0xyF54MUgj+97HNjInTMjO30T/HPVubFFOZdC3jpgVlVG jFtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XdeoyaG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k3-20020aa7d8c3000000b0051df1bbb5eesi2125968eds.233.2023.07.20.23.39.22; Thu, 20 Jul 2023 23:39:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XdeoyaG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230386AbjGUGJo (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230022AbjGUGI5 (ORCPT ); Fri, 21 Jul 2023 02:08:57 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3B5E92; Thu, 20 Jul 2023 23:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919736; x=1721455736; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=szDn5JNOEksWSPekEwByzDTDJlcIsFrl8fPjFl+HRyw=; b=XdeoyaG7Eqr2Do1djMaqHqadVtgSscQ+MuSjjNA9pKrJ15F/NgMeJjFX OrkVneXxNSjn6zg0jlpCQyekWIbDgmcGwJfeZGuMTQQIdbudVIikPZCMk CHM26XqpUWoSuHQ91iWiLzFYa6hmuhD1LZ2DZ0bzGUDRhZdVH+96B1Myu mL5tEyy0kF25hCBIZFOzJF0rgO4mAfk5wiPQbuvBRsYyDI2Z9Fr1pyFaC pq2WbRtojjZYwp7ZahuYBmLinaJF+Bpj94Lwz1L1+fsfZa28/N0IVjkXN Bsh0CzgsjjCPqBb3z75YkADCUFc6ba39C3ffairFg4DYJVltvVroqDba/ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547556" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547556" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721981" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721981" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 14/20] KVM:VMX: Set up interception for CET MSRs Date: Thu, 20 Jul 2023 23:03:46 -0400 Message-Id: <20230721030352.72414-15-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011217062673863 X-GMAIL-MSGID: 1772011217062673863 Pass through CET MSRs when the associated feature is enabled. Shadow Stack feature requires all the CET MSRs to make it architectural support in guest. IBT feature only depends on MSR_IA32_U_CET and MSR_IA32_S_CET to enable both user and supervisor IBT. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b29817ec6f2e..85cb7e748a89 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -709,6 +709,10 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7758,6 +7762,34 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) +{ + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) { + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, + MSR_TYPE_RW, false); + return; + } + + if (guest_can_use(vcpu, X86_FEATURE_IBT)) { + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, false); + } +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -7825,6 +7857,9 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); + + if (kvm_is_cet_supported()) + vmx_update_intercept_for_cet_msr(vcpu); } static u64 vmx_get_perf_capabilities(void) From patchwork Fri Jul 21 03:03:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123587 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp8982vqg; Thu, 20 Jul 2023 23:37:23 -0700 (PDT) X-Google-Smtp-Source: APBJJlFrCoVuHhExA/jYEb85RgM2zLgpDDeTKn5qxdwxSThGJD0tGP18VGCYKoJ5hfQDDWj7jTSn X-Received: by 2002:a19:e05b:0:b0:4fd:e113:f5fa with SMTP id g27-20020a19e05b000000b004fde113f5famr539136lfj.7.1689921442768; Thu, 20 Jul 2023 23:37:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921442; cv=none; d=google.com; s=arc-20160816; b=zn0+UN4y5kUpl/6JVFt4JJjt2BthVxuFhUpBsXPwKXd4ecOpsAbfpB6OO9vmMyzD/i SaOUp3b+U+wENLkBS06UMxVuV5dsV2HWuADhY6aWaSA0Q9fWs93Pj5jZazwVK0YSamUJ djZJscTgC5XhExVn4yaPs3RMHIfN1SvAC43PMu8WAkeU129zV+s8tnHxWsuwJ2jM5mvk tNzOGpXlmYjOV1z2QEm7M7/v6LuoGqXilbgcbPXi+xRiKdNQ3O1xX/6gJ+S/fTqSS3X2 kZMcyKB4poUsgRRDfzPfZo7IYBck25ZWy1u4bDpAsYn5+or/qRE/HDc4MR1hBx3YZ7aa icLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=R5BYJbhDlOJ4EHx7BoLDmRWxhl0hmTt/Eb9k+rMQejU=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=lh/jEfJvtRweWHJVo1HxEHhBF/PciVSyljp/sJVgSCdUNHE96hRSLIwUQKvGcqxDgJ oZaESFhB8iFXQLRX+TT7k4eVFwlMRo4zJIl0Px5eGGsX70ZN/JHQz2kqU53HAAjvCbXF XlQDYufb0Ah1HHXW5pCUrTnkgU2n4ZIZPlxPRF3STcn+9qlPWmGDoSXLk24W+K0nfPE0 3o9glD+SwNUzNK6wZZHq/rQldpOMuMUUCj3WIMH6sny89Ouyqi9vThd0RL1szwnJFMKl eSxLuAkp/JzifEdv/ykSbF/OjS1rPFngtZaK9Wo9e1vT68Hx04n9ARAD9g+y28eef6F6 k7rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=k9m0WLhj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kt15-20020a170906aacf00b0099202eaf99asi1755202ejb.724.2023.07.20.23.36.58; Thu, 20 Jul 2023 23:37:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=k9m0WLhj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230404AbjGUGJr (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229884AbjGUGI7 (ORCPT ); Fri, 21 Jul 2023 02:08:59 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4E671BC1; Thu, 20 Jul 2023 23:08:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919738; x=1721455738; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZuQcR6f3jO1a6bdidmK1FklkJlTVOpSvErOUbLlFv04=; b=k9m0WLhjqsAqF0PVN7K204DL4rJ3TC+wmh/AoXSGaNOERuyTMzxpaYxR d2T99XnMmLy9v2+oI7Z8dwZNdThEBFLrpTNs8T6b2PKEHEUB4+1vGfCJP LZA9p0j4rBb8eLoySs6viGJIYJl6xWMSNtPuLniL4kNrfhp2E3B0YIJbI +NErzUo1/vMVaaF4CXJJVosNnZcw/BUP2XVInYzCYzcNc6Chc/XUgdtT/ jUcDDH0hkTvMv39OVvneIf03yp+KJ+JTL3irxN1+tVTUA+FA+feuzFtWT /FeIKTvLt+UYCZyjgnjs1BEjV7bVKSYZHATL+O9Of8SWHWdkrsx4AbVmp g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547603" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547603" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721983" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721983" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 15/20] KVM:VMX: Save host MSR_IA32_S_CET to VMCS field Date: Thu, 20 Jul 2023 23:03:47 -0400 Message-Id: <20230721030352.72414-16-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011066705221424 X-GMAIL-MSGID: 1772011066705221424 Save host MSR_IA32_S_CET to VMCS field as host constant state. Kernel IBT is supported now and the setting in MSR_IA32_S_CET is static after post-boot except in BIOS call case, but vCPU won't execute such BIOS call path currently, so it's safe to make the MSR as host constant. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/capabilities.h | 4 ++++ arch/x86/kvm/vmx/vmx.c | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index d0abee35d7ba..b1883f6c08eb 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -106,6 +106,10 @@ static inline bool cpu_has_load_perf_global_ctrl(void) return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; } +static inline bool cpu_has_load_cet_ctrl(void) +{ + return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_CET_STATE); +} static inline bool cpu_has_vmx_mpx(void) { return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 85cb7e748a89..cba24acf1a7a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -109,6 +109,8 @@ module_param(enable_apicv, bool, S_IRUGO); bool __read_mostly enable_ipiv = true; module_param(enable_ipiv, bool, 0444); +static u64 __read_mostly host_s_cet; + /* * If nested=1, nested virtualization is supported, i.e., guests may use * VMX and be a hypervisor for its own guests. If nested=0, guests may not @@ -4355,6 +4357,9 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) if (cpu_has_load_ia32_efer()) vmcs_write64(HOST_IA32_EFER, host_efer); + + if (cpu_has_load_cet_ctrl()) + vmcs_writel(HOST_S_CET, host_s_cet); } void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) @@ -8633,6 +8638,9 @@ static __init int hardware_setup(void) return r; } + if (cpu_has_load_cet_ctrl()) + rdmsrl_safe(MSR_IA32_S_CET, &host_s_cet); + vmx_set_cpu_caps(); r = alloc_kvm_area(); From patchwork Fri Jul 21 03:03:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123592 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp9610vqg; Thu, 20 Jul 2023 23:38:49 -0700 (PDT) X-Google-Smtp-Source: APBJJlE0Z9X9WELVacqce8AznqSw7fOOIFUw8Qw5+tP5v2pawSY5ySQFu42WNpl39S7f1Q0dnheB X-Received: by 2002:a92:c566:0:b0:345:6e49:30d2 with SMTP id b6-20020a92c566000000b003456e4930d2mr1470806ilj.10.1689921529208; Thu, 20 Jul 2023 23:38:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921529; cv=none; d=google.com; s=arc-20160816; b=EJfVWf0h24Gk3t+MYl2tU6aFwP1SqMjuRFnIWqxDdR53vjdlQtlrpH6MV4ZcUmHK8d 6q32fzdWGvqrstBClvS9h/DOm9ZtJ4GKX5krgsxw621BxZ2oc6c7+GeNcD8lVzxNTuX4 P4tVSK+0PnaPxjQHuL4j9NCXGC2spdDO94qPyodvZVRkD7EISGoHXauZGhkFM1HusG1M LGL56BSychO2trzekmB6SZ5lkVQnCCHpayvBznNXXe5vswu6l6iyzYWF+ezebIron574 DAgh3XLN8oANXhKJmn0SYaH8OZyNsYvIo8EZ2d8JFjugYwopfowsoMkAIjEPbSXdsTTI WjgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6gGg/WLZw5TMKCyv7OaZFklYXlKN0xQ+dU6SPwJeHuY=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=ESyDEag0iAVI4n+Msm+Kw7wlFYbpcgwzf5jSZlmivk5/rlVUUVjKs3fgB9bXWpXb1b AQGpuqpWdptP9JsdSHESLSxpvMYfAKw+NG9nLoicXat7w606OphuoGXwBY6mAnIFjEl7 9ittjMG6jWDtVnZ8o3gxojTrsGUPXVHl1+yjcUQjcRD6u65A2cy0V2iscVezYumderis YeVLyI+6kCq4vjKw3EKP7pDWOWTCZEikXAbxPsWv36KqYZl9IGhWg5Xt/tk/c+WJEJwN /8eRMC0yD+7mCT+gfOIUgmHHHJyB3Rlg0/Jhnw8yW+Ge55qDG/L5xfRTBK09s6qShhit yuUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="D/NJzhLh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s21-20020a63af55000000b0054ff0e193desi2393744pgo.49.2023.07.20.23.38.35; Thu, 20 Jul 2023 23:38:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="D/NJzhLh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230416AbjGUGJw (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229937AbjGUGI7 (ORCPT ); Fri, 21 Jul 2023 02:08:59 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27DBE19B3; Thu, 20 Jul 2023 23:08:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919738; x=1721455738; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nqMR9J+OHoyRkGbaLaT7762FsalTwr5apnr/WAlbq54=; b=D/NJzhLhOiHaUwUmuSqFSaPo42d86HbCegCmPy2YA3JkhdmhZnPdXc4r WnyaebliVPLiw9fYpaV8kauUBtxkEDh36PKIInNj9VACYZIPgT8LZjywh 7eGri9exPcRvCUiAycAFhnfuBZ7X9uMDYX4iUl9oY9dDy5T+VunH4cuHu Ps8FkZL88SJpPz81Qpb7RZ+QFIPgseNOQG9k7dBMHqETlYznpIq2XqFVk rCawOSoBI77RyQXoOtHpmoc0RU3f/YHFZ+EiH8e6Lcbx9QO6tht1FQWST wZteWJE1ZVv9HcZhg0zvtgTOUNAFOlvsv/YcBgSaJ3IUPdvZuuBJ0FToD Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547568" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547568" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721985" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721985" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 16/20] KVM:x86: Optimize CET supervisor SSP save/reload Date: Thu, 20 Jul 2023 23:03:48 -0400 Message-Id: <20230721030352.72414-17-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011157062449371 X-GMAIL-MSGID: 1772011157062449371 Make PL{0,1,2}_SSP as write-intercepted to detect whether guest is using these MSRs. Disable intercept to the MSRs if they're written with non-zero values. KVM does save/ reload for the MSRs only if they're used by guest. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/vmx/vmx.c | 34 +++++++++++++++++++++++++++++---- arch/x86/kvm/x86.c | 15 ++++++++++----- 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 69cbc9d9b277..c50b555234fb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -748,6 +748,7 @@ struct kvm_vcpu_arch { bool tpr_access_reporting; bool xsaves_enabled; bool xfd_no_write_intercept; + bool cet_sss_active; u64 ia32_xss; u64 microcode_version; u64 arch_capabilities; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cba24acf1a7a..3eb4fe9c9ab6 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2155,6 +2155,18 @@ static u64 vmx_get_supported_debugctl(struct kvm_vcpu *vcpu, bool host_initiated return debugctl; } +static void vmx_disable_write_intercept_sss_msr(struct kvm_vcpu *vcpu) +{ + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) { + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, + MSR_TYPE_RW, false); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, + MSR_TYPE_RW, false); + } +} + /* * Writes msr value into the appropriate "register". * Returns 0 on success, non-0 otherwise. @@ -2427,7 +2439,16 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) #define CET_LEG_BITMAP_BASE(data) ((data) >> 12) #define CET_EXCLUSIVE_BITS (CET_SUPPRESS | CET_WAIT_ENDBR) case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: - return kvm_set_msr_common(vcpu, msr_info); + if (kvm_set_msr_common(vcpu, msr_info)) + return 1; + /* + * Write to the base SSP MSRs should happen ahead of toggling + * of IA32_S_CET.SH_STK_EN bit. + */ + if (msr_index != MSR_IA32_PL3_SSP && data) { + vmx_disable_write_intercept_sss_msr(vcpu); + wrmsrl(msr_index, data); + } break; case MSR_IA32_U_CET: case MSR_IA32_S_CET: @@ -7774,12 +7795,17 @@ static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) MSR_TYPE_RW, false); vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, MSR_TYPE_RW, false); + /* + * Supervisor shadow stack MSRs are intercepted until + * they're written by guest, this is designed to + * optimize the save/restore overhead. + */ vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, - MSR_TYPE_RW, false); + MSR_TYPE_R, false); vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, - MSR_TYPE_RW, false); + MSR_TYPE_R, false); vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, - MSR_TYPE_RW, false); + MSR_TYPE_R, false); vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, false); vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e200f22cdaad..49049454caf4 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4051,6 +4051,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (msr == MSR_IA32_PL0_SSP || msr == MSR_IA32_PL1_SSP || msr == MSR_IA32_PL2_SSP) { vcpu->arch.cet_s_ssp[msr - MSR_IA32_PL0_SSP] = data; + if (!vcpu->arch.cet_sss_active && data) + vcpu->arch.cet_sss_active = true; } else if (msr == MSR_IA32_PL3_SSP) { kvm_set_xsave_msr(msr_info); } @@ -11252,7 +11254,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) kvm_sigset_activate(vcpu); kvm_run->flags = 0; kvm_load_guest_fpu(vcpu); - kvm_reload_cet_supervisor_ssp(vcpu); + if (vcpu->arch.cet_sss_active) + kvm_reload_cet_supervisor_ssp(vcpu); kvm_vcpu_srcu_read_lock(vcpu); if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) { @@ -11341,7 +11344,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) r = vcpu_run(vcpu); out: - kvm_save_cet_supervisor_ssp(vcpu); + if (vcpu->arch.cet_sss_active) + kvm_save_cet_supervisor_ssp(vcpu); kvm_put_guest_fpu(vcpu); if (kvm_run->kvm_valid_regs) store_regs(vcpu); @@ -12430,15 +12434,16 @@ void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) pmu->need_cleanup = true; kvm_make_request(KVM_REQ_PMU, vcpu); } - - kvm_reload_cet_supervisor_ssp(vcpu); + if (vcpu->arch.cet_sss_active) + kvm_reload_cet_supervisor_ssp(vcpu); static_call(kvm_x86_sched_in)(vcpu, cpu); } void kvm_arch_sched_out(struct kvm_vcpu *vcpu, int cpu) { - kvm_save_cet_supervisor_ssp(vcpu); + if (vcpu->arch.cet_sss_active) + kvm_save_cet_supervisor_ssp(vcpu); } void kvm_arch_free_vm(struct kvm *kvm) From patchwork Fri Jul 21 03:03:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123577 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:af86:0:b0:3e9:de7a:15be with SMTP id f6csp6633459vqa; Thu, 20 Jul 2023 23:13:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlFMW5e5zO3mHW5JVaMECu1X4xcK7hLftLSUqGP3GMBo5B+SnWc36R9BnDD6eFwBivEEdweI X-Received: by 2002:a17:906:77d8:b0:993:d8be:53f5 with SMTP id m24-20020a17090677d800b00993d8be53f5mr1025792ejn.14.1689920038430; Thu, 20 Jul 2023 23:13:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689920038; cv=none; d=google.com; s=arc-20160816; b=bbanoizuf+qiz30yi7eo5Pv3QG2KzQm+wRCuIB5KIjGwYqaeiQiWSgrFp2q8vuq2Hp AjWkoau1n9/lBUxwmhTjH6cP2s7YiOn1iJ2dIlrbIasEEeI4r0S+PT2A8vs+NORxV8U6 wpfwUKBiKRLPaJGSifqgE1KjZK+mhYOYh/2HfcAVyiP59/03x6iXonCQKfXK0jrKuxKu 3cwzO+gyHSljVo2VlSuHWUu+gJA+YIIxHJdUuRvFKKuIV1cYApsTV+RnfTu8bKpcZeC4 zDXnVfF0Be6sgeom+Y/M8fEiOw6bALXtUZ87MhQErc+VuUbpkm/7kbf1aSPExxKXpteb eehQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RbOKkg6fdOjqhMJ2mzgtFr4Bp2HpFbhSayhttFCCCWo=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=AdnRVxexxFyTDJKMkeFHIGYrXCM1ARIq+jG23aYEst+cjOg2W/jlq9ggp8nkyFl2nW 7PjdLEPYq0P9H+L/fWT/rPqZBRb+j2MhqGTiCO0VR9MGBVRvapTueU8x0YODPpxgnGMt CyoAXdKVaA8muN3hYOSR8Q/vpzpJxiDFS9CLZS242PF0pcVNIjf+gCR2mMCxUIL3yeKd M1yJUj7gXT2cg+L850CR5xg7ZzqtJS2y1avMIhmqjlHknzbLn2e/Nvs1Cx6JQjDkLx39 JBEPEVCwcRYA1LTfvV3wpqSBO3Br8aY2G64q/rWp9Y775m24DFginsh3BJ7xhynQ9UDZ oiHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="guKVU1O/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id rs17-20020a170907037100b00992c0625ee8si1587737ejb.976.2023.07.20.23.13.34; Thu, 20 Jul 2023 23:13:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="guKVU1O/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230451AbjGUGJ7 (ORCPT + 99 others); Fri, 21 Jul 2023 02:09:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230122AbjGUGJB (ORCPT ); Fri, 21 Jul 2023 02:09:01 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80686E65; Thu, 20 Jul 2023 23:08:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919739; x=1721455739; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DAeXoyv+A5Z9XYgOT6Rh9HAu/BbNwZ7od9ZzCiqyPss=; b=guKVU1O/SAsjWpswWbyEZ9+qDnHJB5QaiLZAdlUIEF7MimYOhEhyXdJB IQgIhov1sqh8sgM06WiFaQRjXbELSNFvu/7t/+T2cFEL5nwid9E4OTOQQ tVQjzmmVLnN8kWMWuqzdludXa1fNrzk46CUO/dEohS8qb6fKzAHrQbLLI x/kLRzBJzXmt0F5iSiSyBrfn7w6+38GLXXTs4H0aruM37K5zyEmTP5n6N n3lzxYubV9B559GJdY71m+3BhFufv3q7tTPLRsG5F9B86NllWE/2KDHbi 8NAY/cRL8dH9O8nuA9ohPrn1pmnXQguJD9zmdhSLyeK3egVsp2UghdME9 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547601" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547601" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721987" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721987" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 17/20] KVM:x86: Enable CET virtualization for VMX and advertise to userspace Date: Thu, 20 Jul 2023 23:03:49 -0400 Message-Id: <20230721030352.72414-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772009594293895443 X-GMAIL-MSGID: 1772009594293895443 Enable CET related feature bits in KVM capabilities array and make X86_CR4_CET available to guest. Remove the feature bits if host side dependencies cannot be met. Set the feature bits so that CET features are available in guest CPUID. Add CR4.CET bit support in order to allow guest set CET master control bit(CR4.CET). Disable KVM CET feature if unrestricted_guest is unsupported/disabled as KVM does not support emulating CET. Don't expose CET feature if dependent CET bit(U_CET) is cleared in host XSS or if XSAVES isn't supported. The CET bits in VM_ENTRY/VM_EXIT control fields should be set to make guest CET states isolated from host side. CET is only available on platforms that enumerate VMX_BASIC[bit 56] as 1. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kvm/cpuid.c | 12 ++++++++++-- arch/x86/kvm/vmx/capabilities.h | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 22 +++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 6 ++++-- arch/x86/kvm/x86.c | 16 +++++++++++++++- arch/x86/kvm/x86.h | 3 +++ 8 files changed, 62 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index c50b555234fb..f883696723f4 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -125,7 +125,8 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ + | X86_CR4_CET)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 3aedae61af4f..7ce0850c6067 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1078,6 +1078,7 @@ #define VMX_BASIC_MEM_TYPE_MASK 0x003c000000000000LLU #define VMX_BASIC_MEM_TYPE_WB 6LLU #define VMX_BASIC_INOUT 0x0040000000000000LLU +#define VMX_BASIC_NO_HW_ERROR_CODE 0x0100000000000000LLU /* Resctrl MSRs: */ /* - Intel: */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0338316b827c..1a601be7b4fa 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -624,7 +624,7 @@ void kvm_set_cpu_caps(void) F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) | F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) | F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ | - F(SGX_LC) | F(BUS_LOCK_DETECT) + F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK) ); /* Set LA57 based on hardware capability. */ if (cpuid_ecx(7) & F(LA57)) @@ -642,7 +642,8 @@ void kvm_set_cpu_caps(void) F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) + F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) | + F(IBT) ); /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ @@ -655,6 +656,13 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); + /* + * The feature bit in boot_cpu_data.x86_capability could have been + * cleared due to ibt=off cmdline option, then add it back if CPU + * supports IBT. + */ + if (cpuid_edx(7) & F(IBT)) + kvm_cpu_cap_set(X86_FEATURE_IBT); kvm_cpu_cap_mask(CPUID_7_1_EAX, F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index b1883f6c08eb..2948a288d0b4 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -79,6 +79,12 @@ static inline bool cpu_has_vmx_basic_inout(void) return (((u64)vmcs_config.basic_cap << 32) & VMX_BASIC_INOUT); } +static inline bool cpu_has_vmx_basic_no_hw_errcode(void) +{ + return ((u64)vmcs_config.basic_cap << 32) & + VMX_BASIC_NO_HW_ERROR_CODE; +} + static inline bool cpu_has_virtual_nmis(void) { return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3eb4fe9c9ab6..3f2f966e327d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2641,6 +2641,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER }, { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS }, { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL }, + { VM_ENTRY_LOAD_CET_STATE, VM_EXIT_LOAD_CET_STATE }, }; memset(vmcs_conf, 0, sizeof(*vmcs_conf)); @@ -2761,7 +2762,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, rdmsrl(MSR_IA32_VMX_MISC, misc_msr); vmcs_conf->size = vmx_msr_high & 0x1fff; - vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff; + vmcs_conf->basic_cap = vmx_msr_high & ~0x7fff; vmcs_conf->revision_id = vmx_msr_low; @@ -6359,6 +6360,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0) vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest); + if (vmentry_ctl & VM_ENTRY_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(GUEST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(GUEST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(GUEST_INTR_SSP_TABLE)); + } pr_err("*** Host State ***\n"); pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); @@ -6436,6 +6443,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) pr_err("Virtual processor ID = 0x%04x\n", vmcs_read16(VIRTUAL_PROCESSOR_ID)); + if (vmexit_ctl & VM_EXIT_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(HOST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(HOST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(HOST_INTR_SSP_TABLE)); + } } /* @@ -7966,6 +7979,13 @@ static __init void vmx_set_cpu_caps(void) if (cpu_has_vmx_waitpkg()) kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG); + + if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest || + !cpu_has_vmx_basic_no_hw_errcode()) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + kvm_caps.supported_xss &= ~CET_XSTATE_MASK; + } } static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 32384ba38499..4e88b5fb45e8 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -481,7 +481,8 @@ static inline u8 vmx_get_rvi(void) VM_ENTRY_LOAD_IA32_EFER | \ VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | \ - VM_ENTRY_LOAD_IA32_RTIT_CTL) + VM_ENTRY_LOAD_IA32_RTIT_CTL | \ + VM_ENTRY_LOAD_CET_STATE) #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \ (VM_EXIT_SAVE_DEBUG_CONTROLS | \ @@ -503,7 +504,8 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_LOAD_IA32_EFER | \ VM_EXIT_CLEAR_BNDCFGS | \ VM_EXIT_PT_CONCEAL_PIP | \ - VM_EXIT_CLEAR_IA32_RTIT_CTL) + VM_EXIT_CLEAR_IA32_RTIT_CTL | \ + VM_EXIT_LOAD_CET_STATE) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 49049454caf4..665593d75251 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -228,7 +228,7 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) -#define KVM_SUPPORTED_XSS 0 +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER) u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9648,6 +9648,20 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) kvm_ops_update(ops); + if (!kvm_is_cet_supported()) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + } + + /* + * If SHSTK and IBT are not available in KVM, clear CET user bit in + * kvm_caps.supported_xss so that kvm_is_cet__supported() returns + * false when called. + */ + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + kvm_caps.supported_xss &= ~CET_XSTATE_MASK; + for_each_online_cpu(cpu) { smp_call_function_single(cpu, kvm_x86_check_cpu_compat, &r, 1); if (r < 0) diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 09dd35a79ff3..9c88ddfb3e97 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -538,6 +538,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_SHSTK) && \ + !__cpu_has(__c, X86_FEATURE_IBT)) \ + __reserved_bits |= X86_CR4_CET; \ __reserved_bits; \ }) From patchwork Fri Jul 21 03:03:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123599 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp10244vqg; Thu, 20 Jul 2023 23:40:21 -0700 (PDT) X-Google-Smtp-Source: APBJJlFe2FyY9kITF8ugwVyii4uEhFNQc6d9vSKaJVyKcYPLAA+T8b9IRQ/6UWgGMeeDvRYU2Oiw X-Received: by 2002:a05:6a20:4d8:b0:137:23a2:2b3c with SMTP id 24-20020a056a2004d800b0013723a22b3cmr1254347pzd.49.1689921620807; Thu, 20 Jul 2023 23:40:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921620; cv=none; d=google.com; s=arc-20160816; b=v4RFAqUUjfD7hgmkIyI+h/EMTy8aGXsgeHFhYFJH1/TUawYtkV4uYTHD18kdO+nE39 UTF6hFFc+4vyj1imMT/cfcaOpuuHFDe+YNpzPr+3nLhUGU4p5g5i+kAURcnTGPOSbZpD FK5mZcQorSkCiOu9xFtIBHeoTRdMxyDfSjzOmj/xVRSpfdNsb3/E8X5ofPvmqkDlYdMf TAF7+aZ+MVlKI8vwjdWXfNxPWvqnfNZfhBxyZK5STO677K0vnN9/z4j97mRlprkiLZhL xtaaITt7CA6p0Yots7eoSSU86S/zHh7LoSeGrq/7oTWnW63CqzrcHGddzIu82FE/Ximd 38Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0uE9aXf0NJAOKQRkbmWpe4lytE5Grmah0ZzRdmsCOQ8=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=c3uGgbr3xNMrOdNaPZKsjyQd5FhKSD3J7AVn3suJR/NR1zRkOTgHrC9TJPDMZbJwXz yv/Z/Weo5lEPztF3hKFdZDfKUiaakkWi3jpZ8wq5WFL5mzENTwIxzEdKhZhMYkGLfVAu Bamw6TBcxkXyVzImUsts4Igb3u+qg+AtYQP4CTDzfHWzUb80e4Y2hwfMDfYuHLzwbwZg tb5hrzv5qHRLARRR1uWbZX4gQ/twvwuuGa3PsUBWa8XTEOOuzJupPw5TXdZroFfUmV/M y6sflFzdzZsWTdl/2QXru0NWoXx1SHur+/Ut5BJJTLb3NYqVHhPa9PVzOiV111qOcQ2T FlCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=D9GPpHcS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u190-20020a6385c7000000b0052c73367c13si2335001pgd.871.2023.07.20.23.40.07; Thu, 20 Jul 2023 23:40:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=D9GPpHcS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230479AbjGUGKK (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230178AbjGUGJD (ORCPT ); Fri, 21 Jul 2023 02:09:03 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6247E19A6; Thu, 20 Jul 2023 23:09:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919741; x=1721455741; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=z1qCzT0ZMxvYsf0S3vJ/qE/swqLkzSDdT/v3wrwsFro=; b=D9GPpHcSK/ixBg5X4yqRAN6Otgh1mlOd5XXnKJC4rE8dtt05vyH27TaU 0JOAPnCURdKjyEdPUJnlKS/5OOKAvG0whkc/2tsPFFFKjQtqqQU/sWCe1 iVGf9Vl3Z/pO9V6N9k/ZKvJDgtIheuytvke+pO+w2va66HNgGS8muZ7+x G/btLIo7C8VS/kG2L6tPDQhKappD3pP6qFh2Z2pjP1YCJUXJGVVTKVFoA HTO8Sy0FOMwaosvRE4ydhkGCVfahS7vr2IjrssIbU1HMXfWWS7f4C5Prf AjJgroiCTmJQaNgChZ8zetbo/tFC2nr2Ykg/b94tIvNdf0X4ByiK27Bul g==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547628" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547628" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721990" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721990" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 18/20] KVM:x86: Enable guest CET supervisor xstate bit support Date: Thu, 20 Jul 2023 23:03:50 -0400 Message-Id: <20230721030352.72414-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011253463377981 X-GMAIL-MSGID: 1772011253463377981 Add S_CET bit in kvm_caps.supported_xss so that guest can enumerate the feature in CPUID(0xd,1).ECX. Guest S_CET xstate bit is specially handled, i.e., it can be exposed without related enabling on host side, because KVM manually saves/reloads guest supervisor SHSTK SSPs and current XSS swap logic for host/guest aslo supports doing so, thus it's safe to enable the bit without host support. Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 4 +++- arch/x86/kvm/x86.h | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 665593d75251..f68e36ef34b9 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -228,7 +228,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) -#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER) +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9638,6 +9639,7 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) if (boot_cpu_has(X86_FEATURE_XSAVES)) { rdmsrl(MSR_IA32_XSS, host_xss); kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + kvm_caps.supported_xss |= XFEATURE_MASK_CET_KERNEL; } kvm_init_pmu_capability(ops->pmu_ops); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 9c88ddfb3e97..66733e01b0ce 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -362,7 +362,7 @@ static inline bool kvm_mpx_supported(void) == (XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR); } -#define CET_XSTATE_MASK (XFEATURE_MASK_CET_USER) +#define CET_XSTATE_MASK (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL) /* * Shadow Stack and Indirect Branch Tracking feature enabling depends on * whether host side CET user xstate bit is supported or not. From patchwork Fri Jul 21 03:03:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123578 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp373vqg; Thu, 20 Jul 2023 23:16:55 -0700 (PDT) X-Google-Smtp-Source: APBJJlGf9exVkupD7Visrkg+zCar7hCQ7DrpYRb+MhWRAasigNxX4XwPYaWpTCQFj+E/3UVnIzuD X-Received: by 2002:a17:906:18c:b0:99b:499c:ddb6 with SMTP id 12-20020a170906018c00b0099b499cddb6mr817564ejb.68.1689920214773; Thu, 20 Jul 2023 23:16:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689920214; cv=none; d=google.com; s=arc-20160816; b=wKlWxKpPXSCrwbb1yZCVBLTHLVpyFCnaSfP12k0qnc0fAcPRbP8/4UNj8yO7qpAwO9 cfbcjLp8YsF5Xr2JZPKGYo6QG1gz6kLDTseBzfnQn/muTjlP7c/WslOQxk+0dNuOtIqR sLHoCit/KavSw6fe5YlP10qOehX6rgDHHAN38CuHhTsiDKsNpVonht+t4/9G76YoIAGz 3yLb962Nx6acnfdDQlqjRVALgN01lCB0vKV1aogBEafXCwE2RCVOPEdn51dpafDFy9Fe JRwIF2N1Fk5WVIGjRLXCA6jKQvcIzVi87dQVfUuQVIthDNnT7EmYBxSZvGJWzBc/uUKA vHyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=516YUklAebFminY1M5zIOZp116Iqw6HGUA7yndS0JQk=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=z0zP2dKlSPySuxVYm2RxHH8owAye4cKdXtYvXemk5Vh0APe3WGwgf3k1WNL9xumaUo ic/7l8Leu1bOkO7eBdcKUR1rS68WhIf0RqzAHsgHSIzTflrDcbtmYcNhNApz+ywaQtsx +VYpf1FJAZXt0AZAyNe2/ctEprqNKrWht/6dEbG9X0LoLTFx6JfBB5cYAlQTD3WfEDi9 UZuvob94rLh9BM2EHFlL/69eRrPmlX7WXwLFn4lDF7ORFly7VuN8Z2+qOVswXiGcWNXQ YL+mJ6eIqT2O9KFs+fsAqA9h+NzjmHgJzkniYbEH8eliJK7ze0cZUyZg4AV3CCTXjCab rlwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Qh/NYCB0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k15-20020a17090646cf00b00992ac91eb76si1703799ejs.684.2023.07.20.23.16.27; Thu, 20 Jul 2023 23:16:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Qh/NYCB0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230486AbjGUGKM (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230228AbjGUGJL (ORCPT ); Fri, 21 Jul 2023 02:09:11 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F8FE272E; Thu, 20 Jul 2023 23:09:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919742; x=1721455742; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7e5ypkNSvdnqN0MtKaMYvhf+y8wsyyJlu13WVz7mfU8=; b=Qh/NYCB0XJKv9nTmOBxn4iOP7WbEca9oaNPpBJuT670UAz0rYLG4QU3K JEVvxsunsEnHNlNyFWuWzAvSp1+7BGs8u8Qlx5dwgzGdBr+eJ1LxNyj39 BCSImOETgfnDK5VeoWblLjcV7kODUbEkThP2/Tbm0dIfafK2rNDcLPjnr qAtZLKI42qo4xXnnBPpUmUbolrEP7+gqXn/pXe6FDqc1ss587Nz3Wr4lf Flu9B3AKos0G93ag92a9D9mH9FxUQUoCK9q2/EPblXiz+4+z67jeC7ur5 jGbfTJwoB/zjJ/OY9aZ6iw3BYHoddQ7G8xZNTumDcJSuDwtX8qD9OP2Z2 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547629" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547629" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721992" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721992" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 19/20] KVM:nVMX: Refine error code injection to nested VM Date: Thu, 20 Jul 2023 23:03:51 -0400 Message-Id: <20230721030352.72414-20-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772009779038535426 X-GMAIL-MSGID: 1772009779038535426 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, otherwise ignore it. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 22 ++++++++++++++-------- arch/x86/kvm/vmx/nested.h | 7 +++++++ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 516391cc0d64..9bcd989252f7 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1205,9 +1205,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2846,12 +2846,16 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION || + !nested_cpu_has_no_hw_errcode(vcpu)) { + /* VM-entry interruption-info field: deliver error code */ + should_have_error_code = + intr_type == INTR_TYPE_HARD_EXCEPTION && + prot_mode && + x86_exception_has_error_code(vector); + if (CC(has_error_code != should_have_error_code)) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -6967,6 +6971,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index 96952263b029..1884628294e4 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -284,6 +284,13 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode(struct kvm_vcpu *vcpu) +{ + struct vcpu_vmx *vmx = to_vmx(vcpu); + + return vmx->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid From patchwork Fri Jul 21 03:03:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 123593 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp9879vqg; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlGEYFnysG93hDEiWIxXI425munybgyksuGCTa4jGPu6gRzWbz48Fc3KwtzifsnH4tumCuMd X-Received: by 2002:a05:6358:991c:b0:134:c815:f067 with SMTP id w28-20020a056358991c00b00134c815f067mr1235060rwa.11.1689921566049; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689921566; cv=none; d=google.com; s=arc-20160816; b=A5uli5w+Y3PL7/+B+aXm87zGDGSWdsa0i4egPJhhVeVI9v4UAt07b3DhsyMSxLtM7L DRrJ92bg3h6xYpcXB6W6fwACCbZgR67M6tCVChqo/MbtNXYr0ytrawixH9KCbHpF2+OT JeaYQ5EJ6hUqcbIIQ8fS3PVPGPSwgtlfEgIWF55fuPWZsMZd3rPHp/yl680lE4rrZ64A cnMfSoavSPuDkxzy2jTRSwPxTx0ISb698ribCh9+OSQx0nmgUmnNeTKRR6P/0o7xEAyK z+fEDwNJvdgmFONCT/5h4274r6UwoovidM0OVSXAdOOpCHE+mxKTFzcWGkBS0Jh4zbHo a0jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PkYmLWSi8TPzbCIzvthr6ysHJLMCYDPKQeAGYzo7M3I=; fh=Opje+PjCQx5n1tZXLBqSYGCQ4Th9+H4dl5HcyP+qSnE=; b=f+XtBWbT1Pz/An9w8esL+ddOQt/8Kcm0FClSuKB1Q8i1lCZ0or1ViMw5sqaShVII5X 1ul+GfsjRvOPLQQo54SQRDXjnVWejhUfnrOyVDD4oKX7YxraJgL4sb8aQFPnkh4QVBET Zv31JSWSRtLo8mt/Fx//pmHOxmrSe8N67wKbW+H1OT3m1k8SdDdjJO/XZbaKcc57F22T cyolZvGGvtWQOzhRX/u+tMTfJ4QAxeYXG9NYBM3Atl1mUQpgxkBqopu/nd7kcYl3nqhn zW9uEYAgP3gbni5JQSFziDtEcFiKz6nBV1pbyVYWieVCcKoplm6mHsSfBupt/e3N0T3c 8Lkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Dv1vdOg5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s75-20020a632c4e000000b005634f59a0b5si2395865pgs.586.2023.07.20.23.39.00; Thu, 20 Jul 2023 23:39:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Dv1vdOg5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230466AbjGUGKH (ORCPT + 99 others); Fri, 21 Jul 2023 02:10:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230146AbjGUGJC (ORCPT ); Fri, 21 Jul 2023 02:09:02 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 813D91BDC; Thu, 20 Jul 2023 23:08:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689919739; x=1721455739; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=G8e7lmvX+2m/o4PMmCn29qc9YniDdcFmVgtYAIHxeXI=; b=Dv1vdOg5Oe00GAOhYfJWqnflED7AZFXJHyu5lN8ylCCkscwo9KfcKUHh 0kX8VQS0vVgqtxTdy9RewRXoHsQbstrAkfyApI6f28MkW8Wsmoqg+QfrF Hj5Yc24X8IqDx+XSoCRCF1SGeB5CYNDnP/bnV3iuoc1wuGDXdOeGGq+bR LUAxSbvIvkuKDFn/9N21qBORe+TnXCP8LOqDZ2jI0CA0IzhHW1GsTuHXl Eb+H0iFL9SOw8DGYuXi1xHm95j5LXMBr+gU8V0MO3Ln+iQfHlgauw1vrR 529mehPHE79XH9eTwvF9AoPCJkqqFchCz3J9qKHETJpOUnrbCZ2QGCT8d Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="370547613" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="370547613" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="848721994" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="848721994" Received: from embargo.jf.intel.com ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 23:08:41 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: rick.p.edgecombe@intel.com, chao.gao@intel.com, binbin.wu@linux.intel.com, weijiang.yang@intel.com Subject: [PATCH v4 20/20] KVM:nVMX: Enable CET support for nested VM Date: Thu, 20 Jul 2023 23:03:52 -0400 Message-Id: <20230721030352.72414-21-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230721030352.72414-1-weijiang.yang@intel.com> References: <20230721030352.72414-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772011195871327144 X-GMAIL-MSGID: 1772011195871327144 Set up CET MSRs, related VM_ENTRY/EXIT control bits and fixed setting for CR4 to enable CET for nested VM. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 27 +++++++++++++++++++++++++-- arch/x86/kvm/vmx/vmcs12.c | 6 ++++++ arch/x86/kvm/vmx/vmcs12.h | 14 +++++++++++++- arch/x86/kvm/vmx/vmx.c | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 9bcd989252f7..bd6883033f69 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -660,6 +660,28 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_FLUSH_CMD, MSR_TYPE_W); + /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */ + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_U_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_S_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL0_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL1_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL2_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL3_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW); + kvm_vcpu_unmap(vcpu, &vmx->nested.msr_bitmap_map, false); vmx->nested.force_msr_bitmap_recalc = false; @@ -6793,7 +6815,7 @@ static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf, VM_EXIT_HOST_ADDR_SPACE_SIZE | #endif VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT | - VM_EXIT_CLEAR_BNDCFGS; + VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_LOAD_CET_STATE; msrs->exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER | @@ -6815,7 +6837,8 @@ static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf, #ifdef CONFIG_X86_64 VM_ENTRY_IA32E_MODE | #endif - VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS; + VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS | + VM_ENTRY_LOAD_CET_STATE; msrs->entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL); diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 106a72c923ca..4233b5ca9461 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -139,6 +139,9 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(GUEST_PENDING_DBG_EXCEPTIONS, guest_pending_dbg_exceptions), FIELD(GUEST_SYSENTER_ESP, guest_sysenter_esp), FIELD(GUEST_SYSENTER_EIP, guest_sysenter_eip), + FIELD(GUEST_S_CET, guest_s_cet), + FIELD(GUEST_SSP, guest_ssp), + FIELD(GUEST_INTR_SSP_TABLE, guest_ssp_tbl), FIELD(HOST_CR0, host_cr0), FIELD(HOST_CR3, host_cr3), FIELD(HOST_CR4, host_cr4), @@ -151,5 +154,8 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip), FIELD(HOST_RSP, host_rsp), FIELD(HOST_RIP, host_rip), + FIELD(HOST_S_CET, host_s_cet), + FIELD(HOST_SSP, host_ssp), + FIELD(HOST_INTR_SSP_TABLE, host_ssp_tbl), }; const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs12_field_offsets); diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index 01936013428b..3884489e7f7e 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -117,7 +117,13 @@ struct __packed vmcs12 { natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; - natural_width paddingl[8]; /* room for future expansion */ + natural_width host_s_cet; + natural_width host_ssp; + natural_width host_ssp_tbl; + natural_width guest_s_cet; + natural_width guest_ssp; + natural_width guest_ssp_tbl; + natural_width paddingl[2]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; @@ -292,6 +298,12 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_ia32_sysenter_eip, 656); CHECK_OFFSET(host_rsp, 664); CHECK_OFFSET(host_rip, 672); + CHECK_OFFSET(host_s_cet, 680); + CHECK_OFFSET(host_ssp, 688); + CHECK_OFFSET(host_ssp_tbl, 696); + CHECK_OFFSET(guest_s_cet, 704); + CHECK_OFFSET(guest_ssp, 712); + CHECK_OFFSET(guest_ssp_tbl, 720); CHECK_OFFSET(pin_based_vm_exec_control, 744); CHECK_OFFSET(cpu_based_vm_exec_control, 748); CHECK_OFFSET(exception_bitmap, 752); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3f2f966e327d..dd68dc73f723 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7728,6 +7728,8 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU)); cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + cr4_fixed1_update(X86_CR4_CET, ecx, feature_bit(SHSTK)); + cr4_fixed1_update(X86_CR4_CET, edx, feature_bit(IBT)); #undef cr4_fixed1_update }