From patchwork Thu Sep 14 06:33:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139475 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp239946vqi; Thu, 14 Sep 2023 03:12:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE2GZQf66XHfTWtg6JjIsIwueI/cYFMyjd5SMBAnxQb418GmpQWwMLXJp3fL8YOIhHM37SV X-Received: by 2002:a05:6a00:1805:b0:68f:dfda:1814 with SMTP id y5-20020a056a00180500b0068fdfda1814mr5700564pfa.18.1694686335889; Thu, 14 Sep 2023 03:12:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694686335; cv=none; d=google.com; s=arc-20160816; b=RbF3f5l2rU/Fhswrys9WEEkDlTIYCJ+rPECH4v2cEAOeKB7sLqkddK7PEMC5dXGQ4k i75htRz6KlH+Jy/acilVGqm96ctLV87iBXiWZU+zUUMmRpvFsgTEbLDE/kyRuo2b7tTU p9tCh6K38mGTuOOEE+FdyFVXxE/sQMAdi76ZSdWGle1zC0EjHQXXgX2DTYuQ9fgCj4xF P/hzSiJyqBylYDNIa9QDgQ1mgY/ZP3G8jj+rxmbLtUu8/gA0COJqx0AIuvXJLNNQraHP 4AaLN1yr3zOBA968k5u31Z4bn01H+zj+GNH7pymw7LpD0keTlwkZLjiFeuxVOE7VGdwk X/Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xVABnXeOkMZlJo+ZffrqSfE/4k2ea3Z1/0rzSIi4N90=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=CbGb9d2UrNldRdE+IXB7YZ8bMKkWSSgpQ3vDworxfTO4T5xOLeQIBd8Ad0w91BtgeK O5zsUFB+g7RmPe6tbS0BJgcEXBVkjaaZro0icxnK1/Rax+AvOHLMZ6FZI86C2LjOFNMf f3EiKRjY3Nau0japLu3Sy4mm40CZH1Xxfn888yacXSQi6r3O02avTb9ClOfrxLYhZsLq W4LbluNcazyobS9IAJ8iNQ/9Q0Ez2ibTYSpKNAxWRC2jRDHODqqzTDNWGDgKPaqcLiJC WsHVX7egGLtZ01ziET+hdykdCagjwdGLhdU6/RqB2+JWdjOdaI5c3YuwwgtJHSQZ390/ 97qQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FHzUbTRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id e15-20020a6558cf000000b0056531bfc660si1256199pgu.143.2023.09.14.03.12.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 03:12:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FHzUbTRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id CFF9284C41EB; Thu, 14 Sep 2023 02:38:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237305AbjINJiY (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235825AbjINJiU (ORCPT ); Thu, 14 Sep 2023 05:38:20 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14FDE1BEF; Thu, 14 Sep 2023 02:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684296; x=1726220296; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0H4/DsmRdq6ZAqAGPRiCyRQ3eI7Btuj1gad9cmvRYIo=; b=FHzUbTRatf9MQriLjNnfG0O8qD+rH/kpYfWsRys1cg5LkHPeJ1fmN5N/ f+1j/bWGSvw1vTuBo+vSe8MWPY0cy0UcdaD3HPEUaEqCCFRPTWwXgQplB FNpCa3Q/mKeYEmBYeYdwktRIoes82ZHExpNAJg+gmLGL/Jn/ivI5TVV35 M/fp7egW/8zwrLoX5cVe4FG9zHkvy+h+uByaREa8LQqFBtWNKfjNLzHMM saGuaf5VUwZ3K/tCAXsaiM1+JIXLE9QhRF8Pzu973JJh7lBqEIyw59OfK QrNUsEcCGwIub7ihsD90eaLuEznhLhJWc9bWLl6EBzzq7uh+JZIdyvV9s w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857303" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857303" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656209" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656209" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:15 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 01/25] x86/fpu/xstate: Manually check and add XFEATURE_CET_USER xstate bit Date: Thu, 14 Sep 2023 02:33:01 -0400 Message-Id: <20230914063325.85503-2-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:29 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777007419173748827 X-GMAIL-MSGID: 1777007419173748827 Remove XFEATURE_CET_USER entry from dependency array as the entry doesn't reflect true dependency between CET features and the xstate bit, instead manually check and add the bit back if either SHSTK or IBT is supported. Both user mode shadow stack and indirect branch tracking features depend on XFEATURE_CET_USER bit in XSS to automatically save/restore user mode xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever necessary. Although in real world a platform with IBT but no SHSTK is rare, but in virtualization world it's common, guest SHSTK and IBT can be controlled independently via userspace app. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Tested-by: Rick Edgecombe --- arch/x86/kernel/fpu/xstate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index cadf68737e6b..12c8cb278346 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -73,7 +73,6 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, - [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -798,6 +797,14 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_kernel_cfg.max_features &= ~BIT_ULL(i); } + /* + * Manually add CET user mode xstate bit if either SHSTK or IBT is + * available. Both features depend on the xstate bit to save/restore + * CET user mode state. + */ + if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) + fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); + if (!cpu_feature_enabled(X86_FEATURE_XFD)) fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Thu Sep 14 06:33:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139971 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp743493vqi; Thu, 14 Sep 2023 18:50:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8MH9R9nyWgX9x+vifXb6fhRu15gySBfYkmUazOaGQi5qymvhPzD3txIkEYWCciIs9Y8nu X-Received: by 2002:a05:6a20:6a1a:b0:137:a08b:8bef with SMTP id p26-20020a056a206a1a00b00137a08b8befmr502536pzk.44.1694742655786; Thu, 14 Sep 2023 18:50:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694742655; cv=none; d=google.com; s=arc-20160816; b=A+GByDQFQWroe/AzVYfB33hcdmZqj4LDVdQchmLB6wD5rNI9BiqgWSJ/sM0sUEhy+c feZxqqS3/GUnGU2fd1xzClDP1cz17wJXjfLfK9zaqUBCYRetujZsQSvDYFoPdSm1iIlW HCSJQypTm3Uwrug/I10cgDM8gvksnKTPLsgR20sGfigK2o498OBlfqdy09+2Kqx122SE cuyDx6rXauq/BGFynxzoMHAWKQKPuhdqllJgMNlzHHRyWxkzVYl6F0cMEdbr9zdhLpF5 rbxgzCKKmmy4gwXVxkhFQt7MZBkqPOOrGEP0UrNhU1tD6OZXFGKlwhGWmp8fJb5Ng/eP LrPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iwiP92oyn2ceCRI1LOdxG4MZKS9G4C55pN90o87BauE=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=hKK6n8D/Gj2Mee9+KakUZzq0JDGE2GhEPL8uuzSJkfRjDS8GFvIdgXLNlloyrV+5tK 0njCBce9uy8aeigGyIuy/oXOnlCx9ZVTDZ3y62+QXLwiKAEPGq6ct2mpYq6OiMdBs5aG Ue4pWsOecTtpXAJFGqWU1tfzYIVrq1eTsPRxaMv6kOHlr7c3aRAdiWlkx4NkRGD/MN1S qV2zG8/V5uqqNYwUPAKQbRFXqMHp7Ftd5wKnwGLwkRhvwg6YalL8hCGtnk0P8+h/89qL 97vjw1wwIg1UZU3uqTXAIeJStrEqr/msjQscer+6viUqi2oCHbIDVhKG/x7eBprsoaAJ YdLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cDIdwRKu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id s17-20020a170903201100b001c3976e2307si2382529pla.502.2023.09.14.18.50.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 18:50:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cDIdwRKu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 6EA778239DF5; Thu, 14 Sep 2023 02:38:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237303AbjINJi2 (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235604AbjINJiU (ORCPT ); Thu, 14 Sep 2023 05:38:20 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 769FB83; Thu, 14 Sep 2023 02:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684296; x=1726220296; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GCpk9GKZRRCMIQFL0D0NzM82+1bNcf1kwTMzwzthcgA=; b=cDIdwRKuoPTGI/WjCaaxW/Olk3zhTefEYBrEPNYRlQZmO1e5XXntAdO9 gHXyXLX6rc1YCtV3lxQ3IiCvRiaYpZHA8R8/W516ufKvtDabcKJWo5pmy 7w/3RuhjH/JWG54Wj7qKuxLliNvQv1s/5DdxwOh1VZbOCq/QnaCx5CGEa sLKynkOMKRtX1SdkltkQowdEpZ4EDg+pzO1idyiJSdfoZaNucm5fNUxh1 TMYsIpcIa74EYC+riVLEfX+1ulBUTY+OBN0X5isXBOsxr4lGe03tr1/FR Zh+cwwTJgb0DIeKoJC/Rcly/cpfoI1dgmQB76OqzaTJ7Xq2DbkP/B9gBy Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857313" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857313" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656212" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656212" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:15 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 02/25] x86/fpu/xstate: Fix guest fpstate allocation size calculation Date: Thu, 14 Sep 2023 02:33:02 -0400 Message-Id: <20230914063325.85503-3-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:29 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777058939819866230 X-GMAIL-MSGID: 1777066475192191688 Fix guest xsave area allocation size from fpu_user_cfg.default_size to fpu_kernel_cfg.default_size so that the xsave area size is consistent with fpstate->size set in __fpstate_reset(). With the fix, guest fpstate size is sufficient for KVM supported guest xfeatures. Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index a86d37052a64..a42d8ad26ce6 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -220,7 +220,9 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) struct fpstate *fpstate; unsigned int size; - size = fpu_user_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + size = fpu_kernel_cfg.default_size + + ALIGN(offsetof(struct fpstate, regs), 64); + fpstate = vzalloc(size); if (!fpstate) return false; From patchwork Thu Sep 14 06:33:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139626 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp403433vqi; Thu, 14 Sep 2023 07:51:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHGg/tS/qrHkMbH+NZWHeU2sErHSTRFaBWlCWKLhOm2+oztSkyG5ygZhnwmzCYvT11oSIi8 X-Received: by 2002:a05:6a21:3e09:b0:14e:b4d5:782e with SMTP id bk9-20020a056a213e0900b0014eb4d5782emr5744686pzc.29.1694703092743; Thu, 14 Sep 2023 07:51:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694703092; cv=none; d=google.com; s=arc-20160816; b=Jmwsm/4KgCGLeABayspKWCwvs6Y4WdZoMN1wH04yGCHPGkZFyxtNboWTQ0DGtaKTtj B1J+TBytABh8ChQryrFdBDXBHRA/hEy1nmPnG+tgwyILjTl/dvS7J/CJbuEqd+D5wYnU YvnKw7lpIno2fnszAc9cBKg0wHdJReYrgycY0ohkkRZ4qqhtGZOrOyocO/tGRHCTKZcV p1HX94ZwY9PuOI0anJyuDNGjd2JZqdZWTzzpbyqkXNfUGT6LX4JRdQ1sQmxrPvg06kUS t6NRX6U01ctnx4jsaUStfEuWLwsPR64hrGHMQWRxWmf886vyZk5vpkpUvigN2FCsXPB2 FLbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ffjA9L8TziRR9s+3BG81BNzJMjjifwHlLy5qfG/MckI=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=c2QLjwQ2R9B6FO8JJAp2Y3Z9UMYhsXhmzfzi6bNdOJ6gHTlLkcPpyAWYfOgv64YRMi lGtrRdZU7FnIFczok2oEyvw2PTa+73vvxaFijiJIVEUQ2pKLRtBEEsjDAKKBSlLljK8g wZpbab+avdYmUP/0jNRl1dixYw7L+XpxwO0rfX2Td17GLYQhVtnqlFb5GnuqF7qK2xV6 +LaPYacx7nB3ZURci9bOFo8n9gi9PVCiKtbRVwqY26EdmI9mAEn118oYut0FYgUDsaMm YHbGUjaHxyFg293zyoEonf++iJtHq0lZccr9rHsKfTuFWhBWRNu4XNpbuYQlJ/KF9LVw q+mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DLXeEsQu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id fi6-20020a056a00398600b0068fcf194dacsi1824284pfb.92.2023.09.14.07.51.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 07:51:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DLXeEsQu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id A67C48303B25; Thu, 14 Sep 2023 02:38:48 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237181AbjINJie (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237139AbjINJiV (ORCPT ); Thu, 14 Sep 2023 05:38:21 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E571B1BF9; Thu, 14 Sep 2023 02:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684296; x=1726220296; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DH/kwoW6eRQtxK0yZo8tCx3soKPTztRafZKZYlHzFUA=; b=DLXeEsQuY2bUJhHhoWPhTqwDe3ENNA7Aa++gb2KZjSAVZ7ka4t/bMDRj GGT4SNXLy58fhmcnzse3yNCgDtxuyoF9qvyA5SY6ycYXF081oScV1We5g 11iocSNWjFR+D5r5fN3yqbt9sla6djjpQx/8Tg7BfqJk/V9LxCP34686w l0vrYgOVFIKEBfOAzhF11kn0T95hTIlhU7bXNgMHMPCWkC1aq2jj/6KyP akyoUhxDKUzSQH37TMr2EdDdKh4iUsN7Pd9cShx7MGKC5EeptdxRLjbYq tpQ+drZnAhZMNqIqYmssq7PBzl0WXF5BQ5oedijemTSgTd7eUpyhXgRQm w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857318" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857318" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656216" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656216" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:16 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 03/25] x86/fpu/xstate: Add CET supervisor mode state support Date: Thu, 14 Sep 2023 02:33:03 -0400 Message-Id: <20230914063325.85503-4-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:48 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777024989851082409 X-GMAIL-MSGID: 1777024989851082409 Add supervisor mode state support within FPU xstate management framework. Although supervisor shadow stack is not enabled/used today in kernel,KVM requires the support because when KVM advertises shadow stack feature to guest, architechturally it claims the support for both user and supervisor modes for Linux and non-Linux guest OSes. With the xstate support, guest supervisor mode shadow stack state can be properly saved/restored when 1) guest/host FPU context is swapped 2) vCPU thread is sched out/in. The alternative is to enable it in KVM domain, but KVM maintainers NAKed the solution. The external discussion can be found at [*], it ended up with adding the support in kernel instead of KVM domain. Note, in KVM case, guest CET supervisor state i.e., IA32_PL{0,1,2}_MSRs, are preserved after VM-Exit until host/guest fpstates are swapped, but since host supervisor shadow stack is disabled, the preserved MSRs won't hurt host. [*]: https://lore.kernel.org/all/806e26c2-8d21-9cc9-a0b7-7787dd231729@intel.com/ Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 14 ++++++++++++-- arch/x86/include/asm/fpu/xstate.h | 6 +++--- arch/x86/kernel/fpu/xstate.c | 6 +++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb810074f1e7..c6fd13a17205 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -116,7 +116,7 @@ enum xfeature { XFEATURE_PKRU, XFEATURE_PASID, XFEATURE_CET_USER, - XFEATURE_CET_KERNEL_UNUSED, + XFEATURE_CET_KERNEL, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -139,7 +139,7 @@ enum xfeature { #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) #define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) -#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -264,6 +264,16 @@ struct cet_user_state { u64 user_ssp; }; +/* + * State component 12 is Control-flow Enforcement supervisor states + */ +struct cet_supervisor_state { + /* supervisor ssp pointers */ + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index d4427b88ee12..3b4a038d3c57 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -51,7 +51,8 @@ /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ - XFEATURE_MASK_CET_USER) + XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) /* * A supervisor state component may not always contain valuable information, @@ -78,8 +79,7 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ - XFEATURE_MASK_CET_KERNEL) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 12c8cb278346..c3ed86732d33 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -51,7 +51,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers (unused)", + "Control-flow Kernel registers", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -73,6 +73,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -277,6 +278,7 @@ static void __init print_xstate_features(void) print_xstate_feature(XFEATURE_MASK_PKRU); print_xstate_feature(XFEATURE_MASK_PASID); print_xstate_feature(XFEATURE_MASK_CET_USER); + print_xstate_feature(XFEATURE_MASK_CET_KERNEL); print_xstate_feature(XFEATURE_MASK_XTILE_CFG); print_xstate_feature(XFEATURE_MASK_XTILE_DATA); } @@ -346,6 +348,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL | \ XFEATURE_MASK_XTILE) /* @@ -546,6 +549,7 @@ static bool __init check_xstate_against_struct(int nr) case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_CET_KERNEL: return XCHECK_SZ(sz, nr, struct cet_supervisor_state); case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); From patchwork Thu Sep 14 06:33:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139752 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp518467vqi; Thu, 14 Sep 2023 10:47:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEcK+Imatos2YvLn1s7MnskXD0RibEc1WO1TrDyrugaW6MV1nmrD8gK+yUsl42UXKMpeKBK X-Received: by 2002:a05:6358:99a1:b0:140:ff29:7057 with SMTP id j33-20020a05635899a100b00140ff297057mr6704254rwb.7.1694713629473; Thu, 14 Sep 2023 10:47:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694713629; cv=none; d=google.com; s=arc-20160816; b=iAvZuWV1dbNMGVmonY6mj0JcRxze3nTKWirwa33TkMtmAKUM0awi+fF1muUClZGhd+ FMl8Nk23alPo7aajVK02HcS6tiJaW42HACms4V3JGI68WudNzOOo+l8YByXObXGOYqwP 2rT+YDgg6Y7G1yGP1w8krVNrPTWsTd8HPASQ6KsVV72Ux5t4w0v6KWp+rnqw9hL3eTAa wgGo0muyeZSRyBi3MWCIYOAQmW2/ahRH7MZ5fN9a3RxzkI6Me8ZK5+jxm+lhRjkUT612 ymWJDR9xWKhPVU9EGx0wYUdCRoufsaHaSRAxzZRAlN3ACf0zqp0FGGe3Zj/4REfe84nO Jgqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Uj/uIkifhxYe243RLIyYA/4oIY9s6e3zTKdEeOhULDA=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=FxfkFjqPNc3ShbpoKB1MK3qqkru/6fOsdZQnrTdcluz+xv8Xp4mYUKmVHReROMja/S etcxvSBtfrEgdHxyN+R89qNIrfxx+H9PHV3ovS27rFYtQZE/vIAdrol26z82i4hWewsN Sosl7Q/Egd4QwpcV0Fp2uHXxUSDiycfqXtvPwRBwcupw5N/rxp4rML08PW3+Hy0sa1o6 iRVM5PXXCY/UqF1s7e5thKkR1oRQKcA4Za8jU39jOSmsvdqTwKiUvwZKKPL9Czn3TTJ3 8+2N4WToQnc6acABXPshBl/DYFugfhyoyOiI3sk73tzkRT5NDt36gQPXWR5UbWR287eT AtLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Ip7QVM/F"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id ca20-20020a056a02069400b0056532fbe293si2187297pgb.323.2023.09.14.10.47.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 10:47:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Ip7QVM/F"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 689D6826750A; Thu, 14 Sep 2023 02:38:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237547AbjINJij (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230413AbjINJiV (ORCPT ); Thu, 14 Sep 2023 05:38:21 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4541783; Thu, 14 Sep 2023 02:38:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684297; x=1726220297; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RiRpO69NN4+D9BiPv1b8kqQ9mDIXR5b5ZIvKZMvuZW0=; b=Ip7QVM/FkJrJHMMsv18V7r/amDdzk2zjr6TL2+txRHNxr1Qfpaji8jGp ozOU1RHSoB2OtWrFCWQbpZAwc+j5KnX4q9GhcvGZ0++DhYsWQ/qXs4Rii 7gTLkxuMUIwKCkY8KCvIQdQjf99xKvP4s81lGCs++llFM0Bkas2tE6uia try/Oqho+3WkPG5h0oA0eXRZzAa2qwjljKMNLEP/bhJK1YXnWdKPRU1hO 8PtJaBuUz/8UbIHwQ7J8UgQenrIAJg+hcyZz1pBTEl9kCe+hGzWHEi9R5 HP061Mg9fVqGBqrgY+wNuU1Wo0P8uzt4ZvH/vVKtFu/txAI/KTIdiAzrw A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857323" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857323" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656219" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656219" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:16 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 04/25] x86/fpu/xstate: Introduce kernel dynamic xfeature set Date: Thu, 14 Sep 2023 02:33:04 -0400 Message-Id: <20230914063325.85503-5-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777036038697468634 X-GMAIL-MSGID: 1777036038697468634 Define a new kernel xfeature set including the features can be dynamically enabled, i.e., the relevant feature is enabled on demand. The xfeature set is currently used by KVM to configure __guest__ fpstate, i.e., calculating the xfeature and fpstate storage size etc. The xfeature set is initialized once and used whenever it's referenced to avoid repeat calculation. Currently it's used when 1) guest fpstate __state_size is calculated while guest permits are configured 2) guest vCPU is created and its fpstate is initialized. Suggested-by: Dave Hansen Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/xstate.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c3ed86732d33..eaec05bc1b3c 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -84,6 +84,8 @@ static unsigned int xstate_sizes[XFEATURE_MAX] __ro_after_init = { [ 0 ... XFEATURE_MAX - 1] = -1}; static unsigned int xstate_flags[XFEATURE_MAX] __ro_after_init; +u64 fpu_kernel_dynamic_xfeatures __ro_after_init; + #define XSTATE_FLAG_SUPERVISOR BIT(0) #define XSTATE_FLAG_ALIGNED64 BIT(1) @@ -740,6 +742,23 @@ static void __init fpu__init_disable_system_xstate(unsigned int legacy_size) fpstate_reset(¤t->thread.fpu); } +static unsigned short xsave_kernel_dynamic_xfeatures[] = { + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, +}; + +static void __init init_kernel_dynamic_xfeatures(void) +{ + unsigned short cid; + int i; + + for (i = 0; i < ARRAY_SIZE(xsave_kernel_dynamic_xfeatures); i++) { + cid = xsave_kernel_dynamic_xfeatures[i]; + + if (cid && boot_cpu_has(cid)) + fpu_kernel_dynamic_xfeatures |= BIT_ULL(i); + } +} + /* * Enable and initialize the xsave feature. * Called once per system bootup. @@ -809,6 +828,8 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); + init_kernel_dynamic_xfeatures(); + if (!cpu_feature_enabled(X86_FEATURE_XFD)) fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Thu Sep 14 06:33:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139661 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp454050vqi; Thu, 14 Sep 2023 09:04:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF/DHrz/ILu2XxgtHM8biky7uUINS7eF8/CsgNQ+3VS6hlsSt1fHVKWgzlN30o9ONuhZRHB X-Received: by 2002:a17:903:1208:b0:1c3:6251:a78 with SMTP id l8-20020a170903120800b001c362510a78mr7297362plh.3.1694707486797; Thu, 14 Sep 2023 09:04:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694707486; cv=none; d=google.com; s=arc-20160816; b=HijUfikrTKR+H/GSbjVm5GIVifRxyG/pGBQ8ySiWi+mqtqu7bTmA61PNPgHENjL4yE GZfJpvdvrHpuyeZqW0u7v6egP5KEhQg1sNyR6ZOKM7WzazVT4NFU6Uoz5tB7kxq14c9E asI6DcoZTHV80vUcEqYhomqW+vNNxIUhGZBDqiAi2JQjlpeTSnueZFeEvgwcUzFZkS9D +bDA1KJGkk7yjiG+RsnthB6RIl6Js7Iuab84jXSFPdCR9vArA0wylWjPzYQ73ovDS1b+ FiNXlLMarWvDNwltLGXTgtYX18CqIOz5ICLOvrTiykfbX494W8NSov1TYhhNgXY6s5az +WTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=92qN2Z5YRHy0C1uwmGGQ48IyvoSvHnH/ADqVY06OFoc=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=OKEaCd/sF/fDdnN6+xptwx7Lljbrvu3RWHogVDXXv4HDC5zHMyRThrKtFWFDkwZQzM VAPUbojWA7F22K7GVL25U/oy95D+tNmjujliX5EEhLlVbSlNc+LMwt1O2M+STc3MJqS0 F0Uww/5bbaa3DY5G6069GBEZOv6zpSnFrmyWVsrNqgkmx6JsIp8Lk58aN6IuBoHc/2W+ zysEPUVI041KXKSDn7CoG5MKjbVMj1dRkmk8KTAq/tMVczrVHQYMJbJe6IOWod6GGje7 IMELXhk0ChfwaGhQozC1rKsQ88wtMatQDsN8DPoISslR44Nop0/EdEsF1uEnJoqrAKER 96yA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q+uN2PFZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id v127-20020a632f85000000b0055c8d58cee9si1651354pgv.714.2023.09.14.09.04.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 09:04:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q+uN2PFZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id A5F0D852D248; Thu, 14 Sep 2023 02:38:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237578AbjINJil (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236923AbjINJiV (ORCPT ); Thu, 14 Sep 2023 05:38:21 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B73C71BEF; Thu, 14 Sep 2023 02:38:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684297; x=1726220297; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7cLERNq1vvTBAZ52sQIMEUGAduSmp4Knqxddo4MpnMo=; b=Q+uN2PFZ/YM49u3guS8f3wncn9EMDc7BCIpgsnE3evehRTkaNepQ0zmH f34zdTgtYxzFtHv0Y8T/GWvGSGVvT1ovgPoFXVGY7HKxPjLcFbKcWRlUu tlMNJmrTcUHfY0puW2k6Y4jM/8S8eMWY0pXt0zdnQBCatoS34nrrOYrIF uIEw3SNKvIWYDdfR9soCrRlXnG8s9jjsP3FBJshzRgyrPnOt7I6DTlhg2 VgvkKTwUyJyFcCULM6MwzlZtLhBgxMwf/9UYgkFWlc2klZ4HJ7eMl53qv nXzxhvtgedBuLfp3zWc3vxYCstuTlemyS6flDUf5W8HAjC6Ap+dijOrAG Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857328" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857328" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656226" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656226" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:16 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 05/25] x86/fpu/xstate: Remove kernel dynamic xfeatures from kernel default_features Date: Thu, 14 Sep 2023 02:33:05 -0400 Message-Id: <20230914063325.85503-6-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:51 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777029597730150302 X-GMAIL-MSGID: 1777029597730150302 The kernel dynamic xfeatures are supported by host, i.e., they're enabled in xsaves/xrstors operating xfeature set (XCR0 | XSS), but the corresponding CPU features are disabled for the time-being in host kernel so the bits are not necessarily set by default. Remove the bits from fpu_kernel_cfg.default_features so that the bits in xstate_bv and xcomp_bv are cleared and xsaves/xrstors can be optimized by HW for normal fpstate. Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/xstate.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index eaec05bc1b3c..4753c677e2e1 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -845,6 +845,7 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) /* Clean out dynamic features from default */ fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_kernel_cfg.default_features &= ~fpu_kernel_dynamic_xfeatures; fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Thu Sep 14 06:33:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139748 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp514443vqi; Thu, 14 Sep 2023 10:39:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFcAcu4vna0BheO4u7egMCVOvzeoGPhZY16uzsTkvTxoAppT4f5/eHEGiajGqDH4lNzQth7 X-Received: by 2002:a17:902:ecc5:b0:1bf:557c:5a2c with SMTP id a5-20020a170902ecc500b001bf557c5a2cmr7565525plh.44.1694713153841; Thu, 14 Sep 2023 10:39:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694713153; cv=none; d=google.com; s=arc-20160816; b=UBEhecMOkmbIsCpSinkxuIFwoLTE8UzOt55VarU8jISuqa8jLch/K+oijxl4/VNJw4 a4JmzCpukcn6L2l+OmD6MZedoRLSj8w0B+TmTP7lrtxJefwifo7n94Df0FDEYxo+Aeba 59mwA7Rn4nl+LU5qb/IaVWD/kmCQzZE9axa5kG1z0MBC0gXwE0Xn/72ZYKTsvapAljoj mY7bR5XuECseZnKQ+rtiF0+HOkqFDmU8nnQhRACyQOq1SiVBH/8IibIwYjthcLQbI8Ic krDFtfXgb9J1hEowywFoRwk9qqFCps0NZxRfVlVJRniPNJawCaLTPupDecgx5Q9wvJ7l a60w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4cCg4cl0sgNB+0Scy33zONxGQc7yEzBlhwxNEWru1t8=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=GOuuYiSq8olaqxwLUW9YZ5yIy0Lnef0jEvzMh/mUvJUeILgQhIGn/h17GB4orrm0CA ZQ0kfDu7RDaroUhAEgfyxvxjHPtq2+kyQ4l7NkfYrQIlbtIiAXPfA5Xd/2dYLaz3fi8i xD5EyHc3D9+5UVvuyc9oDCm21B8r4wZlc2wd4ROzONVy9p/wNWXxUBWYJrho87/gdXRx lOo80zE1j4j8V7PD5YbaS2RonP0KZ/SYFbuGgfWOCRRJU6JLbqVGIc9GCOb/UbaVq1lZ pTTvsaZv0rNiwuLcBoLLrgwMaObqGZYWL0xqilmpx+fQZqu4EDk2SnyVScQn7ApaCEXp oJYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=j0grAlD2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id z13-20020a1709027e8d00b001ab1ba2572csi1649824pla.240.2023.09.14.10.39.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 10:39:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=j0grAlD2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 903338303B39; Thu, 14 Sep 2023 02:39:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237413AbjINJin (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40156 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237227AbjINJiW (ORCPT ); Thu, 14 Sep 2023 05:38:22 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAA1183; Thu, 14 Sep 2023 02:38:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684297; x=1726220297; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=kg4jzy9ndQH5j3Qk6jXnrqWtPLjorVO+dQ5iT2oQlDE=; b=j0grAlD2pHYOmxYjCnQHRCMwsVtmyClUbLyGPRyq61a+SP2H/yjGsE/e Iq947Qgze9ZvHh7VOZR2AYmwKK9tSiGTtfXJFyfKOCpeai4H9a73RaLox aWhiF4ZrlWjwb0DMC9tgR4b8Q+wqPwbFuKciTy3dB/lfP9uwd8hBO4UqO LrjUO8yXGijYUU33rCi6tTXalk6rX8f2jW37LfALgg3/q6rRDFKsPl43f UhyQPpevr3nSg3AV9uIVUfWshaB0+Yq9ULiDcafit3O6ihJObR79VPah/ HJPLbhaaH+hYgJDGCE+s7TYryHBdC9DUTmZLoVXhsWBBqBIFZLaYyY9zg w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857335" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857335" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656229" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656229" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:17 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 06/25] x86/fpu/xstate: Opt-in kernel dynamic bits when calculate guest xstate size Date: Thu, 14 Sep 2023 02:33:06 -0400 Message-Id: <20230914063325.85503-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:02 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777035539776570779 X-GMAIL-MSGID: 1777035539776570779 When user space requests guest xstate permits, the sufficient xstate size is calculated from permitted mask. Currently the max guest permits are set to fpu_kernel_cfg.default_features, and the latter doesn't include kernel dynamic xfeatures, so add them back for correct guest fpstate size. If guest dynamic xfeatures are enabled, KVM re-allocates guest fpstate area with above resulting size before launches VM. Signed-off-by: Yang Weijiang Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/xstate.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 4753c677e2e1..c5d903b4df4d 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1636,9 +1636,17 @@ static int __xstate_request_perm(u64 permitted, u64 requested, bool guest) /* Calculate the resulting kernel state size */ mask = permitted | requested; - /* Take supervisor states into account on the host */ + /* + * Take supervisor states into account on the host. And add + * kernel dynamic xfeatures to guest since guest kernel may + * enable corresponding CPU feaures and the xstate registers + * need to be saved/restored properly. + */ if (!guest) mask |= xfeatures_mask_supervisor(); + else + mask |= fpu_kernel_dynamic_xfeatures; + ksize = xstate_calculate_size(mask, compacted); /* Calculate the resulting user state size */ From patchwork Thu Sep 14 06:33:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139799 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp572325vqi; Thu, 14 Sep 2023 12:21:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFSTGYDNstg3eTyypPwmOZGhJu7x0/+Pi2d/tXtXztvf7eVVPbim9VfsCPYQgiVqwiCX7Qp X-Received: by 2002:a05:6a20:7fa7:b0:153:40c3:aa71 with SMTP id d39-20020a056a207fa700b0015340c3aa71mr8670231pzj.43.1694719302131; Thu, 14 Sep 2023 12:21:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694719302; cv=none; d=google.com; s=arc-20160816; b=XOl05lU1fHZFjsF7bEi5btAI/5FPzXepbWMZOcXDWbPcya5zNh4TXVakfb4Cm3vJWE 2Vy+UbOEs+fwruNGOeitjecHcKXrZyHD41NKq6h4LI8tyB6jKxFIy5RIOxKKFj42y4nS pzlH/ErlYJq5rXCQPttHYgYQxFlI6TXoeyRIykUGRZl4epVgbdNlRbA4Pkil78fC+3be PDmakOLSXJZgc0DmA62kqTmsQLNhcq6nrje/WljQAjU3onPYv3lHCoeY7oXu/aEYVrO3 m6lM/QmqWJz4+jbrYmpamNXM4AxYHNGKjWAoh09KM08iGqVPauxAFpuAdKH4TYxcTu07 VtQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vKxIFi+p2CKgVg5+2NrvVr4sMj5wnJnB0/E0RK/jXsY=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=MCHC9WPHiqicWV6IrpynO7slR6O/zYiDoH4GvrTYxj7YzV5ilLLkg/+pJWvJzehgll Kz9lnrFZ0b7sIe+4xBeSBTvaf3/nenwPH2n4WSve5AILPFnSLdBWmVFY0v+C6HYX4P9A 7Jq13dQP+OVIKAZgFiogaUuMNrup+XjtuqeQE3R1GEXHHTfKHKlNCYfFJuzwcW6Cjrw8 SEMqUwKevOV/bfqd6pcA1I4OqdGGLL7sjOeF1qRWzH9qN1BKM85vHkc4WEubfhwyZedH 8Co/NZJZTw34ne4RcI8upBluQHHgzaErzRYNlaa09chVxYygpKk2ii14GisHYQN5npcn 4RVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BbCng3w8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id l12-20020a65680c000000b005779c97fae5si1945303pgt.480.2023.09.14.12.21.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 12:21:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BbCng3w8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 86327827332A; Thu, 14 Sep 2023 02:39:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237572AbjINJit (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237261AbjINJiW (ORCPT ); Thu, 14 Sep 2023 05:38:22 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A671283; Thu, 14 Sep 2023 02:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684298; x=1726220298; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Qn5wUWy4Vkg3CghO5UGfFtXHTUkaS9WcgUAH/F4Vglo=; b=BbCng3w8S/y86ljpQZbVzEfEltJG3Qwgv4wtOQIqDktnowRq3eCkem6Q 8zaMjN4DBDELD+nFyIG3qyCZ8oBEwltOYJjg9upHoZE0RqZQeNQ2VO+FT FLzsvUb3SEV/jvODZDhAh8iby2Dv5YJO9SD4j7Bmm32uyTJfGwYXDfuKh 5ZSFk3Ya2dY7y5DvdAXKLBAYP8cHRAa7ad7A7Njr7pLdoHYaUxpXqzak3 IfGNbc+EP1l1bv7CfttxviEh8MFXFzkZCOiJc8aLUX5DftSUCBpOkofZ6 fhsogzrwFJTMco8F9HcYNzb7Qb0VsmHf7urQZmp7Wb8HSGrq9Po/gP8qB w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857341" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857341" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656232" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656232" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:17 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 07/25] x86/fpu/xstate: Tweak guest fpstate to support kernel dynamic xfeatures Date: Thu, 14 Sep 2023 02:33:07 -0400 Message-Id: <20230914063325.85503-8-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:01 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777041986639995305 X-GMAIL-MSGID: 1777041986639995305 The guest fpstate is sized with fpu_kernel_cfg.default_size (by preceding fix) and the kernel dynamic xfeatures are not taken into account, so add the support and tweak fpstate xfeatures and size accordingly. Below configuration steps are currently enforced to get guest fpstate: 1) User space sets thread group xstate permits via arch_prctl(). 2) User space creates vcpu thread. 3) User space enables guest dynamic xfeatures. In #1, guest fpstate size (i.e., __state_size [1]) is induced from (fpu_kernel_cfg.default_features | user dynamic xfeatures) [2]. In #2, guest fpstate size is calculated with fpu_kernel_cfg.default_size and fpstate->size is set to the same. fpstate->xfeatures is set to fpu_kernel_cfg.default_features. In #3, guest fpstate is re-allocated as [1] and fpstate->xfeatures is set to [2]. By adding kernel dynamic xfeatures in above #1 and #2, guest xstate area size is expanded to hold (fpu_kernel_cfg.default_features | kernel dynamic _xfeatures | user dynamic xfeatures)[3], and guest fpstate->xfeatures is set to [3]. Then host xsaves/xrstors can act on all guest xfeatures. The user_* fields remain unchanged for compatibility of non-compacted KVM uAPIs. Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/core.c | 56 +++++++++++++++++++++++++++++------- arch/x86/kernel/fpu/xstate.c | 2 +- arch/x86/kernel/fpu/xstate.h | 2 ++ 3 files changed, 49 insertions(+), 11 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index a42d8ad26ce6..e5819b38545a 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -33,6 +33,8 @@ DEFINE_STATIC_KEY_FALSE(__fpu_state_size_dynamic); DEFINE_PER_CPU(u64, xfd_state); #endif +extern unsigned int xstate_calculate_size(u64 xfeatures, bool compacted); + /* The FPU state configuration data for kernel and user space */ struct fpu_state_config fpu_kernel_cfg __ro_after_init; struct fpu_state_config fpu_user_cfg __ro_after_init; @@ -193,8 +195,6 @@ void fpu_reset_from_exception_fixup(void) } #if IS_ENABLED(CONFIG_KVM) -static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); - static void fpu_init_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; @@ -215,28 +215,64 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu) gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED; } -bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +static struct fpstate *__fpu_alloc_init_guest_fpstate(struct fpu_guest *gfpu) { + bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); + unsigned int gfpstate_size, size; struct fpstate *fpstate; - unsigned int size; + u64 xfeatures; + + /* + * fpu_kernel_cfg.default_features includes all enabled xfeatures + * except those dynamic xfeatures. Compared with user dynamic + * xfeatures, the kernel dynamic ones are enabled for guest by + * default, so add the kernel dynamic xfeatures back when calculate + * guest fpstate size. + * + * If the user dynamic xfeatures are enabled, the guest fpstate will + * be re-allocated to hold all guest enabled xfeatures, so omit user + * dynamic xfeatures here. + */ + xfeatures = fpu_kernel_cfg.default_features | + fpu_kernel_dynamic_xfeatures; + + gfpstate_size = xstate_calculate_size(xfeatures, compacted); - size = fpu_kernel_cfg.default_size + - ALIGN(offsetof(struct fpstate, regs), 64); + size = gfpstate_size + ALIGN(offsetof(struct fpstate, regs), 64); fpstate = vzalloc(size); if (!fpstate) - return false; + return NULL; + /* + * Initialize sizes and feature masks, use fpu_user_cfg.* + * for user_* settings for compatibility of exiting uAPIs. + */ + fpstate->size = gfpstate_size; + fpstate->xfeatures = xfeatures; + fpstate->user_size = fpu_user_cfg.default_size; + fpstate->user_xfeatures = fpu_user_cfg.default_features; + fpstate->xfd = 0; - /* Leave xfd to 0 (the reset value defined by spec) */ - __fpstate_reset(fpstate, 0); fpstate_init_user(fpstate); fpstate->is_valloc = true; fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_user_cfg.default_features; + gfpu->xfeatures = xfeatures; gfpu->perm = fpu_user_cfg.default_features; + return fpstate; +} + +bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +{ + struct fpstate *fpstate; + + fpstate = __fpu_alloc_init_guest_fpstate(gfpu); + + if (!fpstate) + return false; + /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state * to userspace, even when XSAVE is unsupported, so that restoring FPU diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5d903b4df4d..87149aba6f11 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -561,7 +561,7 @@ static bool __init check_xstate_against_struct(int nr) return true; } -static unsigned int xstate_calculate_size(u64 xfeatures, bool compacted) +unsigned int xstate_calculate_size(u64 xfeatures, bool compacted) { unsigned int topmost = fls64(xfeatures) - 1; unsigned int offset = xstate_offsets[topmost]; diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index a4ecb04d8d64..9c6e3ca05c5c 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -10,6 +10,8 @@ DECLARE_PER_CPU(u64, xfd_state); #endif +extern u64 fpu_kernel_dynamic_xfeatures; + static inline void xstate_init_xcomp_bv(struct xregs_state *xsave, u64 mask) { /* From patchwork Thu Sep 14 06:33:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139781 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp554405vqi; Thu, 14 Sep 2023 11:50:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFiTmWiDOv4k4DzGvzGstdjOWWpqYpKgrqPVGbwsR+AnnD/XL4H8u9bF9F07lsSr6QLdC1p X-Received: by 2002:a05:6a20:12d1:b0:134:135c:5a23 with SMTP id v17-20020a056a2012d100b00134135c5a23mr3366973pzg.18.1694717435104; Thu, 14 Sep 2023 11:50:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694717435; cv=none; d=google.com; s=arc-20160816; b=YhTfl8r+6B/yM4FsFbyvTy0LTqIcjVMOjcYWFjSpYMcTG45KNaQyn7+KDur7cqNRV6 Yov5PIFnhWCS0XmPKw0DfCQT9FgVcJfxJaMjR4Qubr7+QgZLzV6na39jScNr/VftDAfy WJjrR2IuTTQ39Z+5WohZOclD7yikq5bW8GND98qMU4bAyiSxKTTNugzFTfg6MNFhSXV2 n3Fw+XchOzOqcwlEMif4zmOu1P4S6+jx+VkiKUM8a+i5vJ8MFisQpNjk0nHjmoHp/bZq 1QdX72414EuzIdNCKctApfNBgAMNWFHl1wEcsQAk7qhr1KrU4rj0l2dlilgR7cBRryZA S/eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FggzxxUH/b6hV2zW1ZjOUdrnNzRY+MdNgiyVl+BTjIM=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=w2szYML8VrpooPBJ/opDEYF7gb+dIRhbOl/ogZUaXdqllOmgVWRXD3movkBrKBAatY HUyuYLmBxkvs6/c4y2mjPIOKluTVwmXY3PdKwpN5a3rZbPd/8nllfo43rMviQTgrKovV vbKDPYSn1K/U6yAVOu2BeMKGceTr5eaYBqNMFAdEIxsauLWlWC4J1vrCV34WK33c6C03 pqdwPEKDjpYEYgpqMeaA2UaOuBxSCpnbE6d4+6XIpOScoT8+k4HCr1Dyloc9jwXZY9vu 4kZSnXIp+o6LInI9DeQuTA5bCB6HrWtf0MRTDFXeMjhHzAfj3G1HF3war58V5ozMkIvd WziA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gfsfPXzR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id bv2-20020a632e02000000b0056fc3ceaba4si1814176pgb.432.2023.09.14.11.50.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 11:50:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gfsfPXzR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 14C8B875EA0C; Thu, 14 Sep 2023 02:38:49 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237632AbjINJiq (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237264AbjINJiW (ORCPT ); Thu, 14 Sep 2023 05:38:22 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBB931BF2; Thu, 14 Sep 2023 02:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684298; x=1726220298; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Mo0J7nmC7/MpnJ3d9RwhENdZi4KZZ89Pbi3lSWxz018=; b=gfsfPXzRKPscqyalcDfTKP10vg4ulbrXvfC9cSe/vgEgerL3h1RMhN3/ +WIX3/LvPAyyCAKJ4M5OZh2anH0LHTsB1/b2KZKkIQnov9ONS6mgtPqze uc3/hZRD7VY8DWGR1Ffui2ppVgH9Ky3LuZ7TJtLjqE56diaJ/fut2lVmn 8ZAcbhzfs+Tf5ZpcJDfHxEDDUoxVNEeIFK8XeJAvY7MoyTSXDi10Rkwav RsbJ3yg7L/+R0JG77FZfqkqdeK1HpUNsWRedPW2Tzc/H5YPJ6vW2q9Sll l8JNmiLQWShyZdeN/iHmObsNvXtKyB9vfi/6grwA8jXKpPRGhFtneT2Kw A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857346" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857346" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656237" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656237" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 08/25] x86/fpu/xstate: WARN if normal fpstate contains kernel dynamic xfeatures Date: Thu, 14 Sep 2023 02:33:08 -0400 Message-Id: <20230914063325.85503-9-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:38:49 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777040029140970229 X-GMAIL-MSGID: 1777040029140970229 fpu_kernel_dynamic_xfeatures now are __ONLY__ enabled by guest kernel and used for guest fpstate, i.e., none for normal fpstate. The bits are added when guest fpstate is allocated and fpstate->is_guest set to %true. For normal fpstate, the bits should have been removed when init system FPU settings, WARN_ONCE() if normal fpstate contains kernel dynamic xfeatures before xsaves is executed. Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/xstate.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 9c6e3ca05c5c..c2b33a5db53d 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -186,6 +186,9 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && + (mask & fpu_kernel_dynamic_xfeatures)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */ From patchwork Thu Sep 14 06:33:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139466 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp226530vqi; Thu, 14 Sep 2023 02:42:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE8aMAN85CGHnG5MQTTofreWU6aGIoEqEIvvvvm2LusSUEzFa/NZRaGKFghU9x2ABSI7k/m X-Received: by 2002:a05:6a00:14ca:b0:682:537f:2cb8 with SMTP id w10-20020a056a0014ca00b00682537f2cb8mr5831967pfu.26.1694684539384; Thu, 14 Sep 2023 02:42:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694684539; cv=none; d=google.com; s=arc-20160816; b=xfLlyUxV9FSXft0z9MBXABxjGlz2slD1SJQ3LenFv0F0plVNG+mdbpwvAEYnvv36K2 4dVAMvvjqwtJUWJkSl/cIdg12BLd1ohzoOwrqfGpiPW997lzoh3lYIlJTxnsnOmIK+q8 vDEs+/8jRhr+P5vpT56stNN4UFUSlQBqp5PX+Vm5SuN0vy1bsb3Eha74sSiL3huGLwOY uBApKHgtGR8XufJ3beUUwIrK5Q5jJV9GZNoSHJCfFqIhH1b/aU/Kzb3AapBXlKCHQrrE KCbR3azIRbMBiPgMeyGk1Pdv9PUAnbsihn18nflY8jZ9/RK3mB+stB2MRsOS0xT3n8sp LXoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=txcO8Bm5yl30eYH3vWHyMFDGNKeHYAw5vDra+9kQT7g=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=S1aLLKl6cROJ3dDgGzb3N11g3nQte8IKeDiTMbF1o/fXvOuv36q5BXEq+i6sM9FbqJ JI0e/tsnkl1h9L5TEhk9P+1bhVqasxv7meLSecUKE8Nlk8d8JN/tvmkB8+g7oXFMzxzr yVHFwFFM6Ce0cR3gjb5ARoK4j8HGpS8ytSxFgMFznrYi6t/nm3LOez7buLwHzd/BbMuq d98weKWZi+XiIoUsdNWVKg0QO1ggUSBg2n2Clm5OueM8jAAOlmFpP+hV5wpwc5crCGCI SM04EL9ZBHqxhI8RJEuzVz1nPQ2khnCv3mzZHarPebDiN0kEvpFfy8d1ur1R68wcPrR1 XBOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KfGyQVvH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id f20-20020a056a0022d400b0068a68d71b68si1260257pfj.216.2023.09.14.02.42.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 02:42:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KfGyQVvH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 61B6F83328ED; Thu, 14 Sep 2023 02:39:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237735AbjINJiw (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237270AbjINJiX (ORCPT ); Thu, 14 Sep 2023 05:38:23 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 423791BFF; Thu, 14 Sep 2023 02:38:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684299; x=1726220299; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=fmKaQuGnM9SpdEUHMKDlC8GkY5+N9nPibVd+P2rGn30=; b=KfGyQVvH5gvUg9pKIOpTEgtYI2AmdhU9qnyMvEGGL1yPEehDE3BIOFVo DPdZukVNeY86oYz61N/+ucSZpkvHM5DIs6cIu2CtrIpb6ApkpUnRRexiz Tp99laEBJsP3C5POiodv2GfLQyd41XpklYSfyBvffXEYuBmvrncSnHdfo 3SOBvJL1eJwt7e+yZeIqZ+zztponf7dpyTRXo6C6NP2XosJEfiU5ifokQ FCGf46ZfltqaAlA6dwamv53p8O9HPko8ERZwJGUHgwTiYIj+yjlLjF+qc VTFtwJReA9YxfqfgNcsZTb3yzl+w7ZAF0VhUL6/V2HplQS0VcIXjAJY0f Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857351" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857351" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656240" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656240" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 09/25] KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data Date: Thu, 14 Sep 2023 02:33:09 -0400 Message-Id: <20230914063325.85503-10-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:01 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777005535297641678 X-GMAIL-MSGID: 1777005535297641678 From: Sean Christopherson Rework and rename cpuid_get_supported_xcr0() to explicitly operate on vCPU state, i.e. on a vCPU's CPUID state. Prior to commit 275a87244ec8 ("KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM)"), KVM incorrectly fudged guest CPUID at runtime, which in turn necessitated massaging the incoming CPUID state for KVM_SET_CPUID{2} so as not to run afoul of kvm_cpuid_check_equal(). Opportunistically move the helper below kvm_update_cpuid_runtime() to make it harder to repeat the mistake of querying supported XCR0 for runtime updates. No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0544e30b4946..7c3e4a550ca7 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -247,21 +247,6 @@ void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) vcpu->arch.pv_cpuid.features = best->eax; } -/* - * Calculate guest's supported XCR0 taking into account guest CPUID data and - * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). - */ -static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) -{ - struct kvm_cpuid_entry2 *best; - - best = cpuid_entry2_find(entries, nent, 0xd, 0); - if (!best) - return 0; - - return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; -} - static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, int nent) { @@ -312,6 +297,21 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); +/* + * Calculate guest's supported XCR0 taking into account guest CPUID data and + * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). + */ +static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 0); + if (!best) + return 0; + + return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { struct kvm_cpuid_entry2 *entry; @@ -357,8 +357,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_apic_set_version(vcpu); } - vcpu->arch.guest_supported_xcr0 = - cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); + vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); /* * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if From patchwork Thu Sep 14 06:33:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139935 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp709475vqi; Thu, 14 Sep 2023 17:19:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFQY6yMU7S/MmjZTVqJRlNIeWKW3KbrHRyHvIjXTx+Zv7Se45b9a4x1oMlcGt3fy2MSf4zh X-Received: by 2002:a17:902:d4c3:b0:1c3:e3b1:98f9 with SMTP id o3-20020a170902d4c300b001c3e3b198f9mr4922792plg.24.1694737174514; Thu, 14 Sep 2023 17:19:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694737174; cv=none; d=google.com; s=arc-20160816; b=Wo7pCZiNYnMI0CeFBTUW/UO9pmR6Tfy1avG3tHLhD1/nqoe6ImekeGEq/L+l72axzZ N/V4vZAGh+sqeWlSuS0HOL8fro6+GUS6Bu8TJ5C63LuCJz84IOS4mLrVbg51rjzOtP5c GxN/mXp0Hkr5OHs5vKaV2JX+fNUNEcmH0BEKIs795y2B+rM/8/P0kn5Q0nvgqZzaoxHN 3qfp7B18DC1vojihrJERz3L0whkpl/YhSjLrgv2BgDWhpnihUe/AD7IM7qobtdUG5ixA OTgurbuDPflvyrmj8SUlSy5VkEc8gYLXoB2HYmwtvlSs+Hk1XWFqSJWbt5XILekAyGgb mgTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8foqlmJN62eale56ARtkInIicX8/TPX5DiQN3sl2KZg=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=uBDYZQx4vkgCyFveewf/tGaoL0MnKDCP12UnuY3FVi4DCWE1lz60+DZlxml7mhQUrv kVI06u2d2uaYqepvK2M1VFvgXHwLjwKaHisjigIJBdrdUHG4AsnF2DMJIg2pWKzOX4Ah F2MxlI/VT8PwHe432RPfR31oaM1W99oqIG3lgaopzoaLy2ijcTEjWxNIAerg6Lbhd4bx kfLOjdfA0ALU0P05SIKOeuBh3gfjWZZCcPEQ1ireWGWT6E/Tsqqj494ZJgxxo7lnYxkp YiiM3/zilIWBKmrppX0yjUt7K1uemiQWJONnHxT/WuqLOPB1DXg+16QozIvLvkK2DoXj gABQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CL2wMSn3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id n125-20020a632783000000b0057762236e02si2368713pgn.149.2023.09.14.17.19.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 17:19:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CL2wMSn3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 97B7E852D264; Thu, 14 Sep 2023 02:39:11 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237762AbjINJiy (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237286AbjINJiX (ORCPT ); Thu, 14 Sep 2023 05:38:23 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CC9FCCD; Thu, 14 Sep 2023 02:38:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684299; x=1726220299; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=joiI9l6YnLOfTvcebVDodp/6FgyILV4huxPWCPMd3T8=; b=CL2wMSn3I+HM850gOAz2L4CkGL6NJPI56Ne6/giq7HeMlaScMwP/bkUj EdPPe1OjuA6KBxVEkrMMyzRkGRsPf1A3o3HT6xtHxYQxJuPJaCx68HA56 XZwqY3piMi3ycKQzMHi0xEsdgd2i2sBC9e8CLSmhm3xHb2mwSz03RDxNm YGv/qPmM/kCwR7ue8dBY/NJQVGsr4ugR/5ELDQ86kBz+vy6KDDVUa8Dqo 6PBpjA4MdZHAzfjqUmfGgmYemeiNHRYiOvDjaMuzJrG88YIfM4rlg9uzw mkktM2qUlAr+EUmt0BhyOyAM/bkrxWJL4rrmKnmVDi9fYJrunAgjd1kNn g==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857358" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857358" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656243" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656243" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:18 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 10/25] KVM: x86: Add kvm_msr_{read,write}() helpers Date: Thu, 14 Sep 2023 02:33:10 -0400 Message-Id: <20230914063325.85503-11-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:11 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777060727189501528 X-GMAIL-MSGID: 1777060727189501528 Wrap __kvm_{get,set}_msr() into two new helpers for KVM usage and use the helpers to replace existing usage of the raw functions. kvm_msr_{read,write}() are KVM-internal helpers, i.e. used when KVM needs to get/set a MSR value for emulating CPU behavior. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 4 +++- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/x86.c | 16 +++++++++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 1a4def36d5bb..0fc5e6312e93 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1956,7 +1956,9 @@ void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu); void kvm_enable_efer_bits(u64); bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer); -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated); + +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data); int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7c3e4a550ca7..1f206caec559 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1531,7 +1531,7 @@ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, *edx = entry->edx; if (function == 7 && index == 0) { u64 data; - if (!__kvm_get_msr(vcpu, MSR_IA32_TSX_CTRL, &data, true) && + if (!kvm_msr_read(vcpu, MSR_IA32_TSX_CTRL, &data) && (data & TSX_CTRL_CPUID_CLEAR)) *ebx &= ~(F(RTM) | F(HLE)); } else if (function == 0x80000007) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6c9c81e82e65..e0b55c043dab 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1917,8 +1917,8 @@ static int kvm_set_msr_ignored_check(struct kvm_vcpu *vcpu, * Returns 0 on success, non-0 otherwise. * Assumes vcpu_load() was already called. */ -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, - bool host_initiated) +static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, + bool host_initiated) { struct msr_data msr; int ret; @@ -1944,6 +1944,16 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, return ret; } +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data) +{ + return __kvm_set_msr(vcpu, index, data, true); +} + +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data) +{ + return __kvm_get_msr(vcpu, index, data, true); +} + static int kvm_get_msr_ignored_check(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated) { @@ -12082,7 +12092,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) MSR_IA32_MISC_ENABLE_BTS_UNAVAIL; __kvm_set_xcr(vcpu, 0, XFEATURE_MASK_FP); - __kvm_set_msr(vcpu, MSR_IA32_XSS, 0, true); + kvm_msr_write(vcpu, MSR_IA32_XSS, 0); } /* All GPRs except RDX (handled below) are zeroed on RESET/INIT. */ From patchwork Thu Sep 14 06:33:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139540 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp309873vqi; Thu, 14 Sep 2023 05:26:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF0K9YwiXygtG77sw8MI60OrZZASqcyiHyll1pO0z/WAMjghl40ek/xkSyMgw4QlreNBASN X-Received: by 2002:a05:6a20:a10c:b0:145:3bd9:1389 with SMTP id q12-20020a056a20a10c00b001453bd91389mr4900728pzk.6.1694694399803; Thu, 14 Sep 2023 05:26:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694694399; cv=none; d=google.com; s=arc-20160816; b=Wduw7DH+iR5rAyaCc7ESZI05ZK1d+mUqAlioprvuAk/iwdCzRjs5BBwbHEUGl1DHR5 haIKkoxpX+4hffc8kn/4mRDkmYC4rU6ny6n+zvIb5BuM77CN2xj+E5HaaTOpINeYQ7JM OJY8Zcyhj3p5mM7qdfWqAHf4LG3jr5j0C8UwLCXdVKYljbMEuJLJDppRb5c12mGcYNPx 9RLKri9DrdY7orNjlXA3FI8NS6eEVwz+ngN+cq9E04eCIUdAua3sJ37c01PGUJCzCbOB 9wiCBJwuLmAU4CO8Rk5/yEfYQX2hCcozoB9JrxoTf3mJjd1AEhS1/lftgSja9jUbGa75 OohQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pF7K1E0yaWZXGkQ8MfUJ9QWwGiQh8ZibNSYdHp4N+oI=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=Vm20RRcfuHCuEjTtnNktFBGdonZvic1A78udhqXFhgO8BnfC72t5+Mk/pWQ0NAFkIL BugCrxqzLAXWD9g2lnVLm3yH2hRmaTZGGiifAnWpDz438BJnvRZ63JCU2BB7y7bSdDvJ UKzlblXAXAHdcAGrnBib8o1pAvSYy54PNzRO8jQOKkTsGUX9qsl/jPPY9sMa9AVmBdug bj7JAHlIU2KBV3fOTm0Oi234xQhetuL4Bouog+hGvItI90kCZ1BW9uiK+OT5k97I4wz2 S8eH6pkwdwERgl35Hrnn+0NHWHfeXhLOZojR30mj5muOTNhnUa6AWtJ5ENc+2wo0XYhk BhlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ge1ePs9N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id o20-20020a17090aac1400b0025c1f64f29dsi1476064pjq.171.2023.09.14.05.26.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 05:26:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ge1ePs9N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 331DE8275E7A; Thu, 14 Sep 2023 02:39:09 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237817AbjINJi7 (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237308AbjINJiY (ORCPT ); Thu, 14 Sep 2023 05:38:24 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D6211BFF; Thu, 14 Sep 2023 02:38:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684300; x=1726220300; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=faimbtNjTig8ktvwEdQFWKOpWka/XGI0e5+YlNc3lTQ=; b=Ge1ePs9NdamCIEJc8g9sVnh5FWpbq1OianxLrjLI64n+mLOzr8RE2Vf8 cqynR8qaTy7SeapKsU0w+Wk8LaDW5v/bS0jb/mweXFBL/XwAGJ5C4nv+R 8jeuDD1uwypS73LPLfhy6+QwfQmI+nFmGXGb9RXv/GlQLkYQFvpMEqrEq qv/iH22Q7KhqkccuvGEW51pf/931cBDry/vUZBJJMBDXUC7brj/z6RRaX BsVFzwg5vWGdEF+ZXDScZKdBwtsQLdRqrGMtCpbgayyCs27I1x5iJGE6t BOpTcBruVmdarA0l8JlqxS5ZzwZYr0cVAeU7wAXIkaNSyHGn/WOGflzp2 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857363" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857363" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656246" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656246" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:19 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 11/25] KVM: x86: Report XSS as to-be-saved if there are supported features Date: Thu, 14 Sep 2023 02:33:11 -0400 Message-Id: <20230914063325.85503-12-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:09 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777015874688527691 X-GMAIL-MSGID: 1777015874688527691 From: Sean Christopherson Add MSR_IA32_XSS to list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e0b55c043dab..1258d1d6dd52 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1464,6 +1464,7 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_UMWAIT_CONTROL, MSR_IA32_XFD, MSR_IA32_XFD_ERR, + MSR_IA32_XSS, }; static const u32 msrs_to_save_pmu[] = { @@ -7195,6 +7196,10 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR)) return; break; + case MSR_IA32_XSS: + if (!kvm_caps.supported_xss) + return; + break; default: break; } From patchwork Thu Sep 14 06:33:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139467 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp226728vqi; Thu, 14 Sep 2023 02:42:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHSt3moY26s0sQwKxpYVT9M6fkiLF5IHVJgysjmqkG9jsPemkrQlPv4lXXHWXkDn0/AHz6c X-Received: by 2002:a05:6358:15cf:b0:142:eb11:b0b8 with SMTP id t15-20020a05635815cf00b00142eb11b0b8mr2482890rwh.1.1694684579312; Thu, 14 Sep 2023 02:42:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694684579; cv=none; d=google.com; s=arc-20160816; b=cXFh+Nd2EWApqyOD5lQILYd9r+f7oZYfebD7xpyOAcvmvOmgdMERZYtvgHEbISjIab T+hlBLuAdy2Qv1aWnXq7MG09YmTaRrQjuS29TiLEIcIOF0VgoIc0gnJtO9y4eUyJdChO E5Lx5lRdiSvgM8pazOkepN30rMBh2Te7hQCSDS6zhBj0OMO7s9v6tAW1ZVc+ppHZf9Bc l+dyT9eImwf6aZN1vu/Yrz0wj43NLgBLy5uB+6+WJE0uw36mOz0P4wSR3HzQGv2SmrMX fGiigfu2WI6or+fy2laBXp2aiaTNy2bC7rr2rYYafif2PXj2i8bIEHL1qXpdAhpIrzzG /nGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2BGwlPxhseDDaNa8EciDLIxuH/vveOfEmcLvoMvgh4E=; fh=6178OKG2HPQ9OtiEe+sL0+amgAIGC3finCMsQ4RI52c=; b=0AwrMWex5yqwnnk3AfbSPd0B+UZy5I8B4K2mAvBBczrkxVL92w4idhJ/4GVooQ+sIm tXcllUWi5w1MoJAEoJixdU99yBOnewMLiy+Dsm0BnZn2bDsNXFiMlsc5Ybr0SoiXfbMe aBCn4AqcbzmdIe1c8tLRLumG/gyHDH6+zMVjcACPAceN5Oxs2WSyM4S4N8sVB1xYRro2 ydqJhbH+HbRJ0TdBQ4q0actgMy6aVZESRRSSqmDUH8P3JtGuFP+DiQb9kdm7Df0Yo0CM Uqza3VoDyB87Roay5ASopOyKGg8l6ElqRUlyTusByoiWkTOBzeHqC0rn+DNHLB5LysPV MawQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=R0jpc+kk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id z16-20020a656650000000b00565d05b2211si1112759pgv.819.2023.09.14.02.42.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 02:42:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=R0jpc+kk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 5014583328F2; Thu, 14 Sep 2023 02:39:13 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237521AbjINJiz (ORCPT + 35 others); Thu, 14 Sep 2023 05:38:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237307AbjINJiY (ORCPT ); Thu, 14 Sep 2023 05:38:24 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42BA81FC0; Thu, 14 Sep 2023 02:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684300; x=1726220300; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=SgNlcd5ktSWMn2hdoXAHgtutH/xRPayw7k0UwTE2UoM=; b=R0jpc+kkwyUnD4vj0n5qK1M8z37Rw40Dnf/udaVAiWOsWK2eCysg7rtK vUIi4OqMn97Ilru9fx4+2O1OslChFVM6/KWyU9MDo3TzRyl/lw6/GQiAs Ey0T9JZ8+EzRuXIg93xvOSk4d3BsA8Jhp/Z8PACdNcrqoC65c5oIeFxtA KgUuvw7FfrMEimuF1I0Di3HOGQkruxeLtIdjBgSAOSWcfJPjpK/KhuB8F cMz213jdlLgC3sFBP7nSlx2Lg5EEpTX1IczxGvu09MmeqIuE3xQOZiM9t z343GFk2jLxEhAV0kmYynjlFSmQiOwOMiqZZOhbBR5nQMTBcUAEkh0ALZ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857365" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857365" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656249" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656249" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:19 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, Zhang Yi Z Subject: [PATCH v6 12/25] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Date: Thu, 14 Sep 2023 02:33:12 -0400 Message-Id: <20230914063325.85503-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:13 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777005577133653762 X-GMAIL-MSGID: 1777005577133653762 Update CPUID.(EAX=0DH,ECX=1).EBX to reflect current required xstate size due to XSS MSR modification. CPUID(EAX=0DH,ECX=1).EBX reports the required storage size of all enabled xstate features in (XCR0 | IA32_XSS). The CPUID value can be used by guest before allocate sufficient xsave buffer. Note, KVM does not yet support any XSS based features, i.e. supported_xss is guaranteed to be zero at this time. Opportunistically modify XSS write access logic as: if !guest_cpuid_has(), write initiated from host is allowed iff the write is reset operaiton, i.e., data == 0, reject host_initiated non-reset write and any guest write. Suggested-by: Sean Christopherson Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c | 15 ++++++++++++++- arch/x86/kvm/x86.c | 13 +++++++++---- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0fc5e6312e93..d77b030e996c 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -803,6 +803,7 @@ struct kvm_vcpu_arch { u64 xcr0; u64 guest_supported_xcr0; + u64 guest_supported_xss; struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1f206caec559..4e7a820cba62 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -275,7 +275,8 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_e best = cpuid_entry2_find(entries, nent, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) - best->ebx = xstate_required_size(vcpu->arch.xcr0, true); + best->ebx = xstate_required_size(vcpu->arch.xcr0 | + vcpu->arch.ia32_xss, true); best = __kvm_find_kvm_cpuid_features(vcpu, entries, nent); if (kvm_hlt_in_guest(vcpu->kvm) && best && @@ -312,6 +313,17 @@ static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } +static u64 vcpu_get_supported_xss(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 1); + if (!best) + return 0; + + return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { struct kvm_cpuid_entry2 *entry; @@ -358,6 +370,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) } vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); + vcpu->arch.guest_supported_xss = vcpu_get_supported_xss(vcpu); /* * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1258d1d6dd52..9a616d84bd39 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3795,20 +3795,25 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.ia32_tsc_adjust_msr += adj; } break; - case MSR_IA32_XSS: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) + case MSR_IA32_XSS: { + bool host_msr_reset = msr_info->host_initiated && data == 0; + + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES) && + (!host_msr_reset || !msr_info->host_initiated)) return 1; /* * KVM supports exposing PT to the guest, but does not support * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than * XSAVES/XRSTORS to save/restore PT MSRs. */ - if (data & ~kvm_caps.supported_xss) + if (data & ~vcpu->arch.guest_supported_xss) return 1; + if (vcpu->arch.ia32_xss == data) + break; vcpu->arch.ia32_xss = data; kvm_update_cpuid_runtime(vcpu); break; + } case MSR_SMI_COUNT: if (!msr_info->host_initiated) return 1; From patchwork Thu Sep 14 06:33:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139853 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp637775vqi; Thu, 14 Sep 2023 14:32:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEyUZyhuzoynst5ijY93x+ijbEBXyqSzreaW1S1oxKJ3dsVzHeRQSYcYoIjb6PReIHtCkkb X-Received: by 2002:a92:cb0f:0:b0:345:c8ce:ff49 with SMTP id s15-20020a92cb0f000000b00345c8ceff49mr25502ilo.11.1694727162918; Thu, 14 Sep 2023 14:32:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694727162; cv=none; d=google.com; s=arc-20160816; b=nMGKi+g5ZTrk3BSwMkE0mwqy6mJ1zy0mk7e4jPT9WHSbERny7BoHvtRzE/1grNmV+8 kyRKDKrn6B0jG/e94++l8S/4uR4PcCz+i5sj88YoKVCz4W+DYNBjZp7WVEVYeQ9+AOBo 16S/GiAhdIr8e4eCoaSd8dSOzpLNgP2eT6tTmItm72Lbg+BcXNWqjk5q88Kf90uasM30 G/a2ak+nbBcgyrtoh+Yx0Nd0BKwuJhWstBa2W/rtZnJvwgZqLIloj5br0qh7ROUq/SaU VXqY2qPYTMcD3xNIPfgd/a2v9uwzTb/ST0NdHiZX6U3vl0+aWxjjuDbBdqxWmbhfFD/m FOHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4j1/XCVYXcy2oKs1Uo84Bm6ERB82SuS8C6gnJSwEydE=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=OffjPzV7lP5VgWWi2vmGglv8kuvVyhRYUbtZWXMQiQxLRsED9BjRtHnF7Ij9s9S4Hs rhMWNJ9KdAtHHgCS3mki2AmYmFJeieqSbJI5eBptoKGN97TVR1F4RV17AwaLh2e66NUm ufEgLc66elWTRZl79/bVhYOl1uAFRgB8PGd82ouoR3LFqV3fspuOMjMfHkS4jW2uA2iI fepeW4bcKU/w428JNhJaOOJGaUGSL5vJko0yPHLN8sg41vYv/sY8mLHHA8Yvxr888wWP mHFVcT8dSZklkbfs8/lo6IPoqkzLLf68CAs8N2NgPiAwya7Uvx/f/b5tbvoJC2xQlO98 MgHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=YYYj2j8D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id a4-20020a63d204000000b00565ec2a1e2asi2101977pgg.760.2023.09.14.14.32.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 14:32:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=YYYj2j8D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id D408F8283A4B; Thu, 14 Sep 2023 02:39:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237585AbjINJjG (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237340AbjINJiY (ORCPT ); Thu, 14 Sep 2023 05:38:24 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A09C1FC2; Thu, 14 Sep 2023 02:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684300; x=1726220300; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=H3+t7eF715WT9lWgIVo67gkWhRRXLUl+sRA4/HxOaqw=; b=YYYj2j8DPOh8K5Dm6C9vFbGk5IL2uogv1psLVfXl6wT0Fv1b9XdKlpZ2 fuAyFxiLwx+ruYgj0TMiEbQGUUSyzNQehu37wIaIvgXFZgD+RQruuj5Tg oJ5wLv3ClUUY74dftn2WWdQcU+9PZtCeg3mQNji0/DRT1nTvR+7mRHwJF s+YTFD2EhOMnyvAKNaC89f42jdmqsUgVEDCH8ZVwZ6s/pF89vkzt8vhUO pSmc9DE6H+ZGVuEhGjYi3abANzvINzNadBstFf6kdRPLpfVyUy0Gy+dSb RAaBDkzCXAVEKcRUvg5BdfcDAgA8swV7+MUz75twW9KLIcD+93Nq0/MxL Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857379" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857379" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656254" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656254" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:19 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 13/25] KVM: x86: Initialize kvm_caps.supported_xss Date: Thu, 14 Sep 2023 02:33:13 -0400 Message-Id: <20230914063325.85503-14-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:20 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777050230078972790 X-GMAIL-MSGID: 1777050230078972790 Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if XSAVES is supported. host_xss contains the host supported xstate feature bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM enabled XSS feature bits, the resulting value represents the supervisor xstates that are available to guest and are backed by host FPU framework for swapping {guest,host} XSAVE-managed registers/MSRs. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9a616d84bd39..66edbed25db8 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -226,6 +226,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) +#define KVM_SUPPORTED_XSS 0 + u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9515,12 +9517,13 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); kvm_caps.supported_xcr0 = host_xcr0 & KVM_SUPPORTED_XCR0; } + if (boot_cpu_has(X86_FEATURE_XSAVES)) { + rdmsrl(MSR_IA32_XSS, host_xss); + kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + } rdmsrl_safe(MSR_EFER, &host_efer); - if (boot_cpu_has(X86_FEATURE_XSAVES)) - rdmsrl(MSR_IA32_XSS, host_xss); - kvm_init_pmu_capability(ops->pmu_ops); if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) From patchwork Thu Sep 14 06:33:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139691 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp475046vqi; Thu, 14 Sep 2023 09:34:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGNqZqinTZVp8B4nH6WBPJium08vtPyrDydvg8FHjkXwMiQueTAkdgILB0/rz6lHvSPPir9 X-Received: by 2002:a05:6a20:1019:b0:153:1f43:314e with SMTP id gs25-20020a056a20101900b001531f43314emr5414901pzc.57.1694709280425; Thu, 14 Sep 2023 09:34:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694709280; cv=none; d=google.com; s=arc-20160816; b=MhqvzJKP2x9GjKwAjGkt4IuAwjaaZU5RwPy093U1rYKkJeckUUMWwav2mpSVqn5zsL FIBzZWTRWNcIg0CqhfxKAjTEnIJYX+QA2EZeTq9r1F+uc88VvkwoYj2coApqDmAc5Cfs i/S1EY4kQ31HX3Mj5I9HZzoaSc8RUw1j/4yNkF1po0WXifpKlYeNMSuTiiuBHrVlqWzp qj88bQ8l2ALbmkkeLQFHrLWTg+6Ft1sTuhKQQSLNU9fNpl1bJOcsmuxkRZPAZ2wtKPcd oXZpkBzFdILIysBGiAm/Qg+YyUC476ZrMEUC8u3bsotqnY/N/rzaG89k0z1Ezy0qfKDX NiAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jOQokFg9P47wNVW1w6tS2mfxIkwYJeilyiaSQOc/6ww=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=CPryPZCRKmDwtT2VasE2SYadVgfm9Uk7eH2Q+Rd3jZ/HSvMbW8yYsxipmtoVaZrPtc UmJXfXjhIcoHkFW6ggW1n8YC1uU7H9LxAlDlhf+3cvw5TvuFEgMpPihBPUwZlgv/iQ2C Y46j67byQSvSft0kZhEKh+r3Y5FekRe7uyX3JnvJigVxWGEEeR4FZLo7/1tvZOFdZ/7p lYbol0x14TpCioznK/ppjNUUDwnqR2dqhDC6xPkps3nWdTIW4Br81JXQ907/ofXuNIJ5 By20gLufkSAeSGFr8ZhgTAf5aoMSD+sLxK5rV4vAqijfjvHYiLnP7x/Hx9Zk4L31HC+d sKgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fpU2R+va; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id o4-20020a62cd04000000b0068bede61c1fsi1726264pfg.325.2023.09.14.09.34.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 09:34:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fpU2R+va; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 3B955832B177; Thu, 14 Sep 2023 02:39:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237813AbjINJjJ (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237369AbjINJi1 (ORCPT ); Thu, 14 Sep 2023 05:38:27 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 323691FC6; Thu, 14 Sep 2023 02:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684301; x=1726220301; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qlHnWyHRSXxxRhVYMCd0RGmIeUUDEFAPvADSMDz/aBU=; b=fpU2R+va+0unNcE5frrR2g6O+qIlBIG9i4RYfEq15BkcmR/Z89oUs3iJ apkzLFCbBRnTJBjuPEH3m5DjGAQI3WAzbSpHyzFJiom1ux8EEPCb7lkuu KFImlQnT5SBM+1komwCLnYsOHKoEO+o1dpbER6xGRn8NMY3uDCmuGvYE2 673uV+fhOOZAOsF5U+eGtX0ByR7CGFr2ZXK0NR618vjajN/e15R6NyEQ6 zNB4JS02LMJRlo7/LmqLHTAkRTE6gMtQLZmqfnnejXXl4DI3tWKKNRyE1 ErLoMdeHZL2gJ5BiZ6t1JjQ9asG7hCar25TKhGnp9Z/mqFrn015LxPMQY A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857385" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857385" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656260" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656260" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:20 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 14/25] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Date: Thu, 14 Sep 2023 02:33:14 -0400 Message-Id: <20230914063325.85503-15-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:39 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777031478357850476 X-GMAIL-MSGID: 1777031478357850476 From: Sean Christopherson Load the guest's FPU state if userspace is accessing MSRs whose values are managed by XSAVES. Introduce two helpers, kvm_{get,set}_xstate_msr(), to facilitate access to such kind of MSRs. If MSRs supported in kvm_caps.supported_xss are passed through to guest, the guest MSRs are swapped with host's before vCPU exits to userspace and after it re-enters kernel before next VM-entry. Because the modified code is also used for the KVM_GET_MSRS device ioctl(), explicitly check @vcpu is non-null before attempting to load guest state. The XSS supporting MSRs cannot be retrieved via the device ioctl() without loading guest FPU state (which doesn't exist). Note that guest_cpuid_has() is not queried as host userspace is allowed to access MSRs that have not been exposed to the guest, e.g. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 30 +++++++++++++++++++++++++++++- arch/x86/kvm/x86.h | 24 ++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 66edbed25db8..a091764bf1d2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -133,6 +133,9 @@ static int __set_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static void __get_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static DEFINE_MUTEX(vendor_module_lock); +static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu); +static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu); + struct kvm_x86_ops kvm_x86_ops __read_mostly; #define KVM_X86_OP(func) \ @@ -4372,6 +4375,22 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) } EXPORT_SYMBOL_GPL(kvm_get_msr_common); +static const u32 xstate_msrs[] = { + MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, + MSR_IA32_PL2_SSP, MSR_IA32_PL3_SSP, +}; + +static bool is_xstate_msr(u32 index) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(xstate_msrs); i++) { + if (index == xstate_msrs[i]) + return true; + } + return false; +} + /* * Read or write a bunch of msrs. All parameters are kernel addresses. * @@ -4382,11 +4401,20 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data)) { + bool fpu_loaded = false; int i; - for (i = 0; i < msrs->nmsrs; ++i) + for (i = 0; i < msrs->nmsrs; ++i) { + if (vcpu && !fpu_loaded && kvm_caps.supported_xss && + is_xstate_msr(entries[i].index)) { + kvm_load_guest_fpu(vcpu); + fpu_loaded = true; + } if (do_msr(vcpu, entries[i].index, &entries[i].data)) break; + } + if (fpu_loaded) + kvm_put_guest_fpu(vcpu); return i; } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 1e7be1f6ab29..9a8e3a84eaf4 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -540,4 +540,28 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, unsigned int port, void *data, unsigned int count, int in); +/* + * Lock and/or reload guest FPU and access xstate MSRs. For accesses initiated + * by host, guest FPU is loaded in __msr_io(). For accesses initiated by guest, + * guest FPU should have been loaded already. + */ + +static inline void kvm_get_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + rdmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + +static inline void kvm_set_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + wrmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + #endif From patchwork Thu Sep 14 06:33:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139645 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp432268vqi; Thu, 14 Sep 2023 08:30:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEuFPHa2dhD3fQZBoDNke5ZeNoed7Yw5XcoSNVL2xNo9C2KGNChzyIp+YK0vsGEOHor+M73 X-Received: by 2002:a17:90a:70c7:b0:26d:414d:a98a with SMTP id a7-20020a17090a70c700b0026d414da98amr5223803pjm.1.1694705451438; Thu, 14 Sep 2023 08:30:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694705451; cv=none; d=google.com; s=arc-20160816; b=pXdbm4OZQwlcP+AxZ5KV68y1SEwIgNh6vQbfZi6GDCVoxJNEjj7nsYV8Is/AeHncPU X+eI48cMXjpGxFrMjS5dCrPTymZhYXf89lepQJz8z++dZTiPRb04ILJbnKKusfwzeXT5 o/r8RuVX4H5Gzexd6wtkYIGeMMm8Aq22Li/I0cNA2ihs0eY7x5nqoo5KmAuhfjf3GPJO FZoSBqJVbv+x8A+6x0cjUSBu0D0ZbGO3EzF57CNuMal+KcQQAGBx1G/TJUTcmF1ZG6jn YuEkgITpgtxdj0HvDLhLUeEAkCkPoICrZpO65OUB3l8qrBaJk6JMSLpJRkKtwHCOn6AJ tYXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RaE2dP5acMHFTvMjfKG13FY7bva2+7T76eYb0ivb/p8=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=qlvqhBpVy3XNuIiZ90nBjly6NSEnZOahvStD/bDJ6anNSeq19Nt/Aduz//R9maPSt7 /Nt3x7+tCgAFZlTFPjAunIjv2ct4MZ/88uqOHs1WpVimBjsAbOG4uBMQ+oiHb2oCy/FM IWi+yqU7bcgcA/mggvja+ZQ8QJr2vErkrRcFbwgGdYnymaQ+/UnZsv0n6v3iqdJL2iLe /UGLeaVhQ6g59cYv/HXP8MsPjX26LlcEaNY/UpVOo2ohO2KblG6L9MgdV3kmzCvkdeHn J6nRdiuMfROM7G56bMl2tQx0u+XGq2qYr2IlU+9aD//yQb4HKVO7GoHFyFjJvg+h2Nap g1Ow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Igb7a9z+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id kk17-20020a17090b4a1100b00262f0035181si4386055pjb.26.2023.09.14.08.30.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 08:30:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Igb7a9z+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A3F028275E5A; Thu, 14 Sep 2023 02:39:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237910AbjINJjL (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237379AbjINJi1 (ORCPT ); Thu, 14 Sep 2023 05:38:27 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82A1A1FC8; Thu, 14 Sep 2023 02:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684301; x=1726220301; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eOwVTkRE0fn4PxlTlhArnb0PaHsbEIKS1k0cy/K5iE4=; b=Igb7a9z+s0YwBvnrASfWT91tui2prdVT/lZsYqqNXonmC0KrdqfKp3vL xM1L6Yhgznb2uC/9WHCyeXe9Oi/R0eASlr48BX3rRNTL9bY9wrZDq33/v dVKVbVGYecyilH/RwdrSvyXbS5tM1ybnAAG+eRletcqt8L+tC7zMwGQBY gKnZLLZjVlUKVP2jJ2f5dvMe357Keuw6JahmykFZrUin5GvTO5FJISL7+ r4JLqOfWkgeuIdtRxVf7WDkTLOoazlk50w/6YkNddBBkZF602yqCje/hU j3c2laltFZg6XbWfDaNStIwrCTVxD+9lBMm/2NQbFs0xoWLzQOl6WXHju g==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857391" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857391" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656265" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656265" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:20 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 15/25] KVM: x86: Add fault checks for guest CR4.CET setting Date: Thu, 14 Sep 2023 02:33:15 -0400 Message-Id: <20230914063325.85503-16-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:20 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777027463039217114 X-GMAIL-MSGID: 1777027463039217114 Check potential faults for CR4.CET setting per Intel SDM requirements. CET can be enabled if and only if CR0.WP == 1, i.e. setting CR4.CET == 1 faults if CR0.WP == 0 and setting CR0.WP == 0 fails if CR4.CET == 1. Reviewed-by: Chao Gao Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a091764bf1d2..dda9c7141ea1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1006,6 +1006,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1217,6 +1220,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); kvm_post_set_cr4(vcpu, old_cr4, cr4); From patchwork Thu Sep 14 06:33:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139825 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp611606vqi; Thu, 14 Sep 2023 13:36:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGmthhvC6qHpTy1PWk85clkWT6TwvGpaC6L/9iXw6+dwXMryS+MDne5qTZiZWvu7OdlLE4q X-Received: by 2002:a17:90a:8c15:b0:274:98aa:72d8 with SMTP id a21-20020a17090a8c1500b0027498aa72d8mr182497pjo.3.1694723797547; Thu, 14 Sep 2023 13:36:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694723797; cv=none; d=google.com; s=arc-20160816; b=ElsSZmEd5fJIn/lczfAeiXfsznsJe+9Y+iXBraB0xqqr2PYL0n5Hahyk8qZWRWcK0X DqPe4GomXdMeVzaZpQXR24zbKmItysCVzFgnPjdl5Vd3OX+WlwZfJ8OmkGNIkc2yT7qy shHGnif0W+VLrQ4glNOhbxt1ZWPYnZdss1SoJi0I1flR9v6FzhkMFVkYSJvMUldnNrsm /s92tO3lcgwwCPuSmk0nUMPN0qHV46mHKp0+vXV6wODHibVbsff7Z6qzjrAMch6jb7tj 4UYfTlojU1gCk885k6HoxW9gQ5ygV9I1TBrrP5UCedf2GJwy/75dBQ17INjoZBGY6EOM TySw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XWZC4sQK3cwhnJOYHWF05YGKy1to3thL02EyGu2jHxs=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=dn9GqJyzBFAaBAqWnpYBvxu4MVvSWS/fJJPsy0Y2YVbM7s8XDzSiTAnlxQL/FluJjM hijs7HUaYY88H7dIqCtz9JIGp7YlP3FlTCJBe8thCYDdK5NpH6gyDYcQtEJ3EjMn2smo pb+OyNmfUfJMe4LTtkDjWBnnMaifSMOQVml4MeCVrHubmGMq3/agE/llICqQAOFVE14R f6BF42ZhC8azNwjMed+XRmTJBQ+iqxBffIMFuRmsTqlDD6vHiP6TxrM7urzcf+iK3ekH /5V/r0DlYgrBGg1IMMMJ54YRk6c56zw+sGNamouZUDZ/QdNjVa/BihyRuIpnfeF+/Wn0 7xRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lGwzX0Qb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id h6-20020a17090ac38600b0026b22aaf29bsi4399493pjt.146.2023.09.14.13.36.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 13:36:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lGwzX0Qb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 823A08269C78; Thu, 14 Sep 2023 02:40:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237747AbjINJjR (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237398AbjINJi2 (ORCPT ); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C14EE1FCA; Thu, 14 Sep 2023 02:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684301; x=1726220301; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VPJQf4U39E7DZwum/HGUJ0vCeET4v76K5tsmsMkVRMg=; b=lGwzX0Qb5ZuZQ70Fj6+m3l6vg6oZMquG+OQbxq5MMbRRGUzekiD1FVOU OGrUVh4BflXRTYbhMmYw/dNZQVf2VjBboDzpJoAPxrKXBqTSyxK/o1wIU FCd1J+wNKsxPxSRqmewM+Bykz/66eXoTjZk/sluMQyWbCVI0JzAdsyWnB ZLDy5SJa2MShWJii4+u+DbhT+C6RR9JxnnYzyceaigz1jPH81Qnk5o5w5 LiJ5/sauFu7PspVGFFlyh4KP4mM6G87N8j5nao87OfonYy1GfpJDfRo4q HC4TiHs1cfaEUlbVXmiBR8I6pYuL0uFgrQEAUNiNnnIUuXKYPWRqVfQ7Y w==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857396" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857396" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656270" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656270" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 16/25] KVM: x86: Report KVM supported CET MSRs as to-be-saved Date: Thu, 14 Sep 2023 02:33:16 -0400 Message-Id: <20230914063325.85503-17-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:40:30 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777046700776948609 X-GMAIL-MSGID: 1777046700776948609 Add CET MSRs to the list of MSRs reported to userspace if the feature, i.e. IBT or SHSTK, associated with the MSRs is supported by KVM. SSP can only be read via RDSSP. Writing even requires destructive and potentially faulting operations such as SAVEPREVSSP/RSTORSSP or SETSSBSY/CLRSSBSY. Let the host use a pseudo-MSR that is just a wrapper for the GUEST_SSP field of the VMCS. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/kvm/x86.c | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..9864bbcf2470 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 72e3943f3693..9409753f45b0 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7009,6 +7009,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) case MSR_AMD64_TSC_RATIO: /* This is AMD only. */ return false; + case MSR_KVM_SSP: + return kvm_cpu_cap_has(X86_FEATURE_SHSTK); default: return true; } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dda9c7141ea1..73b45351c0fc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1476,6 +1476,9 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS, + MSR_IA32_U_CET, MSR_IA32_S_CET, + MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP, + MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB, }; static const u32 msrs_to_save_pmu[] = { @@ -1576,6 +1579,7 @@ static const u32 emulated_msrs_all[] = { MSR_K7_HWCR, MSR_KVM_POLL_CONTROL, + MSR_KVM_SSP, }; static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)]; @@ -7241,6 +7245,20 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!kvm_caps.supported_xss) return; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + return; + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cpu_cap_has(X86_FEATURE_LM)) + return; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return; + break; default: break; } From patchwork Thu Sep 14 06:33:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 140253 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp902034vqi; Fri, 15 Sep 2023 01:58:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFsHqjD+i04EN3KWmb0IVki1yF9yMU6PkrCMGd1+2qUrf6j352WlzLKVeQelsvGDe9zGVjU X-Received: by 2002:a05:6a20:5488:b0:14d:4ab5:5e3c with SMTP id i8-20020a056a20548800b0014d4ab55e3cmr1417456pzk.1.1694768302606; Fri, 15 Sep 2023 01:58:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694768302; cv=none; d=google.com; s=arc-20160816; b=devR22UsVE2kpDGHZrZ+cLyjh72iSVLSreBB7kfxv3xjNV1WS5kCnFput3obiu3F4b Ye198NrFLqgg1N3AtVJLFf+1QRjgE4OLduEjX3jRSBsBr9aXL2L4dJilAe8xPhr/lWCe EjIL4k0j0gM0abLr/hVAt66UqXHC2OQibH7rLnGO06/nQMBaPfgB+kNzq/crPo+L7QhF G4IK67qtTco8/9LIw1cdoBE7IXcQQ7WTFWuGT8Ns/sMYjdqo/grfQ3+Qt4Y5ozHI+xGS mAHmcBtv9W7qcEA7YrOnOeBQMKsyRzMS3YEMppJGkChcXimfRViXzPW3pYluhWg02/aL SVNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TDFZ+L2JYpn9EruLzWPoFIeU1T6VVji5fDIJz1eXau8=; fh=6178OKG2HPQ9OtiEe+sL0+amgAIGC3finCMsQ4RI52c=; b=ECp/rXCTUoWfRys7kuxv+n6qrM3dSRUTQ4K3/0ZqEK7sxXnEAtRyT5/rCeVoILzUos uSJXdzW8EzLl/ZzU8Yse27croM+8cNFJ4v92DejWF7U1m9yI/XZHqTPAC+6EInQxD8Tp 8BeBX0qiW0iKv5dZ07tlguCqjIPjn2efM6hGzsitbm1yT3UEqWmZunaM/noaIUcP7zHr TRJktzFAK91Eu+V6AnFlQR4NZbePhfB742KMTmYWtpbXpBJKtSw8YRfWGSVfoHlQ/YsX rWuhxNdOrWYDxoZstb0Gc3J85O/Q6oF/cCyR6FcGBwMg80tgENWWGYqF/nHR5r2K9gZC 8xIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GdteVxjv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id o5-20020a17090323c500b001b8c4168e20si3089916plh.58.2023.09.15.01.58.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 01:58:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GdteVxjv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 4766182BB56B; Thu, 14 Sep 2023 02:39:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237771AbjINJjX (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237397AbjINJi2 (ORCPT ); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 345EA1FCC; Thu, 14 Sep 2023 02:38:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684302; x=1726220302; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=TS/VKDE1O/rn+ikFL14LmVI7YbiOfvQZpzAeNZ2MVYI=; b=GdteVxjvqstWaf0NMEnBtwNaZgsI5DHcD6LbIGTz1qCGlT1hzU9KMJb3 06NcRcUS3RA4U40d+PkWekR9KOR0DoGf6UMnO0cKV1h4eaHwVAAFPwCpz 1Z7hyfVK+TAnZJKi8vzdAIRFKWuIhnSpK/bhug5q3OD40rV1mZOeiK+hv mpBneFdJL74NHE0Sar4lfRAm6qsZdayiJKzZn9rZmfepGM/vfv7OQQebQ 8ppYq0C15Yj8FwsAejyA82s2bbjSOMhA5UGmyocUdZdqIEQaCyY0ViAoH 7SAEwu/uC9agCtQGor8E3942CpLaKtQtpQX3gdHdvkoVgWqDxtk/TagL3 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857398" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857398" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656273" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656273" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, Zhang Yi Z Subject: [PATCH v6 17/25] KVM: VMX: Introduce CET VMCS fields and control bits Date: Thu, 14 Sep 2023 02:33:17 -0400 Message-Id: <20230914063325.85503-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:35 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777093367401701652 X-GMAIL-MSGID: 1777093367401701652 Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that have no CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores current active SSP. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Reviewed-by: Chao Gao Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0e73616b82f3..451fd4f4fedc 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /* From patchwork Thu Sep 14 06:33:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139629 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp405562vqi; Thu, 14 Sep 2023 07:55:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG1npg+27RJjXApMWYQTG/zxDyvMVU7LRZ/MbFE6Pd8QGT2AJhK26u56SEEQ6l4O0DYfNLu X-Received: by 2002:a17:903:4288:b0:1c3:2dcb:25c9 with SMTP id ju8-20020a170903428800b001c32dcb25c9mr5651300plb.40.1694703316726; Thu, 14 Sep 2023 07:55:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694703316; cv=none; d=google.com; s=arc-20160816; b=IlD/NPW2ftmOy40lZGgeK3RCchP9u5yBMToJLXZTY0JclXutm0HEpIULEvP7pPIwjB 4x/pAuPdcXwnC+Wyd8ywtvNo9YAMHORyEMyQPDA9FVIDRU1V5SDfQ/lT0zzaTEE8YMVs YLybSSZAKfc74ae/fVv1vCm38m3PwEUfOuQXjmm8YnX8iWoYY+He6MDCYaGxej3NuCYs 4Ol+uCUgr9X1rH3uu6Bi/PMYyQ0AN0TdCoQlBoIwg8bg1klumGJV6xLXb/fgiYpQfJhw PdQVmR2o1GaNii7ngZSxYMCIQ9Rerzdy6NGLvOtakwWg7kGJHBYKPExddhY2Nt7gxKJE e0nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ejCSRWNUtjfScEInpv1vLC5+M/MCs3U5cD6mcWKXJtQ=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=sxBwsHHfRarvyRRP4OeqLLOyDcCMIpb6gPuzpi09bdI5im9NutVoX6GGrQFa9nfHDw 6XQqp21WY67dCYGiG7rlguKHh5gbvdv3cudPYvkxzSqXVnn6ylQOSkxShdpfz86hLaOU WasO/P5stYdjh7qkXNuD8GfAb87PnZj2TwXfy6MlYOku74EOM3Qk7f6WX5mQ2SHYEP0v Isn2fKXPf8WVdUVhhgwIhl2P+D2zOV96AEKvmwRgcifyCDMqaiqQg7e7+S9rfYCv841Y ON911STxua1WrO/8cc98g+xXDkpeHGnlrUNWG4hFF8zRd7LA5DwmUiv4q/bvQQHDnZAN WVzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E0BwAGNp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id z11-20020a170903018b00b001bc17ab8d6esi1943740plg.530.2023.09.14.07.55.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 07:55:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E0BwAGNp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 075C1824BAD5; Thu, 14 Sep 2023 02:39:59 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237308AbjINJjU (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237403AbjINJi2 (ORCPT ); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76EA31FCD; Thu, 14 Sep 2023 02:38:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684302; x=1726220302; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+nX7XbfVJDmuajtuURcflfcN8G9QEQqgxp6V39Gi2/4=; b=E0BwAGNpX3ZGaRcX3ukmz3L68KkLiByzH4Uk5e/pIHyqAc+0vPRahE8r YXrYMYsDHUnRSurguhEP38+V+rTSBaleENKqAZlX3AEGLQdPn0sSR1p/X KLitecvwT0b65iHHROUaAqVZjuSr/yaaoyctYECmszOo1MthqIm8xgcGu OXvpjCJMe7XZXbUMCsmzmLeRGitm7tv5oTE0I2zOxoOoW941VMByN52pY YWjPR4SKkJC7a7TL9oW+P0vTVcIrNoPUTyN9n8nAJMKLuX473GQ4iTH75 J0WF88st1/xsYbqiuAbABxH1yQTsBb84/titEFpiX2ZT/jyDSiB4AR5CJ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857407" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857407" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656279" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656279" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:21 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 18/25] KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT enabled" Date: Thu, 14 Sep 2023 02:33:18 -0400 Message-Id: <20230914063325.85503-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:59 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777025225231285386 X-GMAIL-MSGID: 1777025225231285386 Use the governed feature framework to track whether X86_FEATURE_SHSTK and X86_FEATURE_IBT features can be used by userspace and guest, i.e., the features can be used iff both KVM and guest CPUID can support them. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/vmx/vmx.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 423a73395c10..db7e21c5ecc2 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -16,6 +16,8 @@ KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) KVM_GOVERNED_X86_FEATURE(VGIF) KVM_GOVERNED_X86_FEATURE(VNMI) +KVM_GOVERNED_X86_FEATURE(SHSTK) +KVM_GOVERNED_X86_FEATURE(IBT) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9409753f45b0..fd5893b3a2c8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7765,6 +7765,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_IBT); vmx_setup_uret_msrs(vmx); From patchwork Thu Sep 14 06:33:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139535 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp304810vqi; Thu, 14 Sep 2023 05:18:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHRwiSQo4a6xAYf/B6s8Z9BQW3wcCbeTjKDLTBBFD1BnSJNAmcePosK/+B8VWlYfj58rreC X-Received: by 2002:a17:90a:8c4:b0:263:ebab:a152 with SMTP id 4-20020a17090a08c400b00263ebaba152mr4907841pjn.19.1694693894740; Thu, 14 Sep 2023 05:18:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694693894; cv=none; d=google.com; s=arc-20160816; b=DD7zsYw5xq3ProCR2daBil1cEeD0gXalfyOD/+NTVLgqSgZjNaNDuMZq00VdUyt20m TAAMxixnvp2gATngI7Pp1l3Vd1YFT4PvDY6T7RWXhj62D1AsnhxEdzaPDbn8emSL5R+H 4oIEkpkn6QHFG2wg+PecjgLPTl9DvNhBa+NCPh9KIH7AJ3qR6F86FM8ZZ1wtLGzBcAh1 EhyKuU2DuSD1RbCPbRMoP2+ntGxYmxsI10M/H90xwNOszt1drupOWJsObgede9wuZkKp swUL5NQDJwCmvn3GoxNqie9YZ5pc4HDCoDGNSClUVAAgvArZcjJajnslionfrg+sMs8N k0xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=sUph+sDmZNA/0HJmBEjg5wkjNRdmMIQee2EJtlp5UE8=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=tzDkFVgEBk45lx8nw/nnFGHK1FCW1Dpw8NJ6xxzOYlF5zNT0hMsIfOWuZfXTh2/38B dHAJe1aFPftD0ZTx0lZimeiu0eo8NvBSqGWNDtzBegKfPTMJokJQuCGJ7GClVlyXwnUr 4fi4Q7VUOzdm8G0BnE3D/WE/IoG4VEQw+v59HXfPN2RvSXxBEXP8FEr91VBkMJCWjMDd XsNhXrYsVrf7Idyz17zggCFspKsyZkA2bbUBmizEHefE/lfEC2j3IBwLrXMXI7hkpamk YHVQ//SS6X9qyxWNWYFtNjTSnxGSMa96f7tgJ4FB+rHaqOa5YZb82dyaDMtH/JFB0P+o C5Lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Gatj0u3p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id ky11-20020a170902f98b00b001bb8f59aca3si1436639plb.583.2023.09.14.05.18.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 05:18:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Gatj0u3p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A103582B6F50; Thu, 14 Sep 2023 02:39:22 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237924AbjINJjO (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237402AbjINJi2 (ORCPT ); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3DE91FCE; Thu, 14 Sep 2023 02:38:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684302; x=1726220302; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=n4Ly4tJ3v4uXUm/GZNY8ToGEs2H/HmEPxplAta3n6CA=; b=Gatj0u3pOfTkNpfzV0MGbxhNz8pik+P4VVTyHqLnndNj71eVUkYx/PS2 AAul1XA87xFWgp1WZbHGwgVmnoKyQOeYpi8sV5UwAEsKkmxQTaF+UoISd lvSFo39FXriizeoKt5xDklIp1DcpP8wCxAMGXyM4HsHaqJ8xjBTk4E/b9 k6+weMVoz6a3Gk0usvW84V3A6bIRvL2/FJz+q8MbKAHXNJN93vnjgD1fk L1btzBmQ+QBZ+UZFafoHkTOmMiqkMpBZVwXmKDF/e81XZeNbvd4B/usPh TMPbL09zcUZsGfIHFSWvrNUu4QENtjohpUzz48ZIafNeTPJ1KutdWi+9H A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857413" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857413" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656283" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656283" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:22 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 19/25] KVM: VMX: Emulate read and write to CET MSRs Date: Thu, 14 Sep 2023 02:33:19 -0400 Message-Id: <20230914063325.85503-20-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:22 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777015345536219240 X-GMAIL-MSGID: 1777015345536219240 Add emulation interface for CET MSR access. The emulation code is split into common part and vendor specific part. The former does common check for MSRs and reads/writes directly from/to XSAVE-managed MSRs via the helpers while the latter accesses the MSRs linked to VMCS fields. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 18 +++++++++++ arch/x86/kvm/x86.c | 71 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index fd5893b3a2c8..9f4b56337251 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2111,6 +2111,15 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; break; + case MSR_IA32_S_CET: + msr_info->data = vmcs_readl(GUEST_S_CET); + break; + case MSR_KVM_SSP: + msr_info->data = vmcs_readl(GUEST_SSP); + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE); + break; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); break; @@ -2420,6 +2429,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else vmx->pt_desc.guest.addr_a[index / 2] = data; break; + case MSR_IA32_S_CET: + vmcs_writel(GUEST_S_CET, data); + break; + case MSR_KVM_SSP: + vmcs_writel(GUEST_SSP, data); + break; + case MSR_IA32_INT_SSP_TAB: + vmcs_writel(GUEST_INTR_SSP_TABLE, data); + break; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version) return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 73b45351c0fc..c85ee42ab4f1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1847,6 +1847,11 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type) } EXPORT_SYMBOL_GPL(kvm_msr_allowed); +#define CET_US_RESERVED_BITS GENMASK(9, 6) +#define CET_US_SHSTK_MASK_BITS GENMASK(1, 0) +#define CET_US_IBT_MASK_BITS (GENMASK_ULL(5, 2) | GENMASK_ULL(63, 10)) +#define CET_US_LEGACY_BITMAP_BASE(data) ((data) >> 12) + /* * Write @data into the MSR specified by @index. Select MSR specific fault * checks are bypassed if @host_initiated is %true. @@ -1856,6 +1861,7 @@ EXPORT_SYMBOL_GPL(kvm_msr_allowed); static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, bool host_initiated) { + bool host_msr_reset = host_initiated && data == 0; struct msr_data msr; switch (index) { @@ -1906,6 +1912,46 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, data = (u32)data; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (host_msr_reset && (kvm_cpu_cap_has(X86_FEATURE_SHSTK) || + kvm_cpu_cap_has(X86_FEATURE_IBT))) + break; + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) && + !guest_can_use(vcpu, X86_FEATURE_IBT)) + return 1; + if (data & CET_US_RESERVED_BITS) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) && + (data & CET_US_SHSTK_MASK_BITS)) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_IBT) && + (data & CET_US_IBT_MASK_BITS)) + return 1; + if (!IS_ALIGNED(CET_US_LEGACY_BITMAP_BASE(data), 4)) + return 1; + + /* IBT can be suppressed iff the TRACKER isn't WAIT_ENDBR. */ + if ((data & CET_SUPPRESS) && (data & CET_WAIT_ENDBR)) + return 1; + break; + case MSR_IA32_INT_SSP_TAB: + if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + case MSR_KVM_SSP: + if (host_msr_reset && kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + break; + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return 1; + if (index == MSR_KVM_SSP && !host_initiated) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + if (index != MSR_IA32_INT_SSP_TAB && !IS_ALIGNED(data, 4)) + return 1; + break; } msr.data = data; @@ -1949,6 +1995,23 @@ static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) return 1; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!guest_can_use(vcpu, X86_FEATURE_IBT) && + !guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return 1; + break; + case MSR_IA32_INT_SSP_TAB: + if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + case MSR_KVM_SSP: + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return 1; + if (index == MSR_KVM_SSP && !host_initiated) + return 1; + break; } msr.index = index; @@ -4009,6 +4072,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.guest_fpu.xfd_err = data; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_set_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr_info); @@ -4365,6 +4432,10 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = vcpu->arch.guest_fpu.xfd_err; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_get_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr_info->index)) return kvm_pmu_get_msr(vcpu, msr_info); From patchwork Thu Sep 14 06:33:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 140029 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp761355vqi; Thu, 14 Sep 2023 19:40:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE9XILd0eFrbx4soZWBw6q371VQJ/BWrNH9RHVVlIx1rvNS8+JQAQTl6u/uulHnIb9hH4KO X-Received: by 2002:a05:6a21:a592:b0:14e:a513:7887 with SMTP id gd18-20020a056a21a59200b0014ea5137887mr5788796pzc.10.1694745639351; Thu, 14 Sep 2023 19:40:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694745639; cv=none; d=google.com; s=arc-20160816; b=i8aPks8397P6HkDRe6N2J+t/FodLukyOSy3drgXyAJRj3XxxZLyZ4Gkr2zcbwiqVsw vFPbqmXYyM3haws2Ugq0jChnDEqRQWHFGvgNQYqs5u7cXmjsvKrnS3C6QemZmoxvnqOo Cy0xTVn7ws9XYYEQFyjEuQf8GrsUhVK5dtZ41gss6uyf89BC2msjAWKG+8sudNIAH/mu GBAQXAyjQ5MLffPl1bI0/tfNwSYMr/2JwSmg5PGM7ihDbCvwhYjMKs4n4kAtXl6ADLq6 FVutj/iZZHF27NDk2mC3IB28ytGzcCm5iw+ZwyiVjkUc21SxX90K1FPkl5vdYbshEsVa HKug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TtoXZ/pQNkEqCBXMtNXgksrcX+5MWi30v+keLPXJCD4=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=BNY8/vmfzWU8Mk6wWcAYLir9qwT4MRvsebOhyfpBnALx7ur++NSATNuNlwOkxuUUNU Jj2/gQekZNDeqwZSKn6WcKtLD+cIaXlnEhSWhU80bEFyM/SmswooDe3z0xebdDHkkDqq I3CRRfl8S3/PdNoH2AdsWHasMiuax0R1cI2ATnBPg6F2cpofXvqfmtsJNKjW0bTGKPRn 8dIw3UX15erc0WpBSowlAL/QfAaCSEEk43PyTAoN4sVH05lXz9ixa3/cWGsdQojOSxyO sBeiMI4xWwZe0Dv5KUz6EHRSIeUbcTWJq9FZ9++C2FskSE4ec0IMvfNLO4+EoRe6e8PS 49tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RTNOUhVP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id z16-20020a656650000000b00565d05b2211si2359458pgv.819.2023.09.14.19.40.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 19:40:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RTNOUhVP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DFB588523B45; Thu, 14 Sep 2023 02:39:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237781AbjINJj1 (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237415AbjINJi2 (ORCPT ); Thu, 14 Sep 2023 05:38:28 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 611C61FD6; Thu, 14 Sep 2023 02:38:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684303; x=1726220303; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=FIh7tQ4a/6RDY7CSVW6DQiHz8WUvFOSxCbxKQrBiXtw=; b=RTNOUhVPT+fzWnrT8nSyUgNgjU6ZmZz5xlZKATnOpd9HbQUz6JO8zHRi B86Buypd0R6nvRSyznsc9AFGWdzltMlcAwhqEzrdqemZHiE4xESYzhTbD 0kQoqUtTiUPT4JRXJ+pKomTEPggB54eAGCMKBr5YDpD+u+5E2vmCmjgz3 3ENOIYD7rGrcwPgPR3kMO5fM1bq811YaD7RJX34RYPR1Hr78k1Wa6aXnF S/1BqvtIs38XDcmjtdvuYxxf4KXuEYj8JjHmlSlReRoj4M0ByH3QuPuir lnheiA0m/ynSuzU58g1Irru35LGBZ5h4viOUIiv8S0ZtUsgYLMKMqq49i Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857421" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857421" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656287" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656287" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:22 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 20/25] KVM: x86: Save and reload SSP to/from SMRAM Date: Thu, 14 Sep 2023 02:33:20 -0400 Message-Id: <20230914063325.85503-21-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:42 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777069603277213370 X-GMAIL-MSGID: 1777069603277213370 Save CET SSP to SMRAM on SMI and reload it on RSM. KVM emulates HW arch behavior when guest enters/leaves SMM mode,i.e., save registers to SMRAM at the entry of SMM and reload them at the exit to SMM. Per SDM, SSP is one of such registers on 64bit Arch, so add the support for SSP. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/smm.c | 8 ++++++++ arch/x86/kvm/smm.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index b42111a24cc2..235fca95f103 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -275,6 +275,10 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_read(vcpu, MSR_KVM_SSP, &smram->ssp), + vcpu->kvm); } #endif @@ -565,6 +569,10 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0); ctxt->interruptibility = (u8)smstate->int_shadow; + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_write(vcpu, MSR_KVM_SSP, smstate->ssp), + vcpu->kvm); + return X86EMUL_CONTINUE; } #endif diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h index a1cf2ac5bd78..1e2a3e18207f 100644 --- a/arch/x86/kvm/smm.h +++ b/arch/x86/kvm/smm.h @@ -116,8 +116,8 @@ struct kvm_smram_state_64 { u32 smbase; u32 reserved4[5]; - /* ssp and svm_* fields below are not implemented by KVM */ u64 ssp; + /* svm_* fields below are not implemented by KVM */ u64 svm_guest_pat; u64 svm_host_efer; u64 svm_host_cr4; From patchwork Thu Sep 14 06:33:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139561 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp320726vqi; Thu, 14 Sep 2023 05:46:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGuQDEKQVzAtFFZvXzvIHxRlvyaY050UCmTCAuE8XfzrtGqI8sI/6+Snj2liF8Dtez7i7ac X-Received: by 2002:a05:6a20:3d1b:b0:153:8983:d87c with SMTP id y27-20020a056a203d1b00b001538983d87cmr3013867pzi.22.1694695606521; Thu, 14 Sep 2023 05:46:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694695606; cv=none; d=google.com; s=arc-20160816; b=g8fPAbNlfSN8To/XUc66ltAVSEymGZqEFNEusTtY/0kEmxt/0mxKvuT1zFPDCsaj6w zQQTuTbUQp0EsxvM3moNbFqxSqGTYFlJ/x681MB369TihuS1rfFYvG3hgMQBzUMuAxEY mVD6xKQDvwjhgzRlCTY9e0NgLMiB95/mtCeQBMyg9H3QSifLVhywED7ieqP8KHZA6KYM SGw08EZ+emTPzpdFiQsJDDY55KmvzWGJu/jeit2wBY77or+E653Ls4ACDT6ZzzADyuaM NJHKYI31bwZSEgVq7mLd4bS5hIifp1UD7zUuaDX1nmV4NxDti2giJ9osOqiPSb4/s/tx 1PdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bHulLCQJM790xxXnVsAog+/83sFtbDAsqqiPEAMDq/s=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=aVpPoCqBmrgANeOcwEzc2gaSxCKwTEotSQ3fGix5zQWrzBtX3WKpCzHuwWhnoOVyaU pM6Lqy2LguasDThUq/WlrvNRuGWz+5yo+hBjopHcpGn1+p+7iR3AADYFGe1KOnsKiqvk RTFTUWlYZt4UsmIzrjdnYqJPAEeK4ib6HZkZfHGTGIE1jenB271Os3uWCddmp12zJ7BP py7mrbEYBDcbfhM1uP8V8ggkryXJI5onVHBrjREm7fEU3uatmHzI9CACj964IvTiztnc 8rBgohMifD8YxYMv+e6EOua9PxxwBKlaHm+M8zvFAzrlrlozRMicEhI7rEvUSD8aKfH+ /iVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QDwor15h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id r20-20020a6560d4000000b0056ae965c533si1430827pgv.16.2023.09.14.05.46.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 05:46:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QDwor15h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 5E37F8283A76; Thu, 14 Sep 2023 02:39:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237788AbjINJjc (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237432AbjINJia (ORCPT ); Thu, 14 Sep 2023 05:38:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4A761FD8; Thu, 14 Sep 2023 02:38:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684303; x=1726220303; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/Fcn/JsDDhKgNCQIEeFUvEKU2jF55FyYBOBg3kc7yEI=; b=QDwor15hm0/MuaSP+8JnrRhIdpXo6dFgoHBO5h6ERNmZEF0MNt+C20Lh hM6owtQOE8SXcu3UdsszsLlcfduhFB24EqcpOkkD8dxnvbdvzEHO0hFq7 L9OABgrkyAE8ClQAfL/ziNMDP9prScwI+BoyJrcHAKg+SubuIySVQbN8i 3Z5LJvFr8GDPaV4Kwepb00c5rBxZHL7pmhVirC5aJwKmdzMYo4+bjXW2X 5+ly0GusX8she9A9PwlwjVQC+ScIOZetHYfhZ0z0wPY7jtFGL6mRmKtUh VD2R1/j6NOt7umX+4xzvg1ncja/tec0Wk3UGjDO2lR3iNt66gDG1GSBLf A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857426" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857426" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656292" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656292" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 21/25] KVM: VMX: Set up interception for CET MSRs Date: Thu, 14 Sep 2023 02:33:21 -0400 Message-Id: <20230914063325.85503-22-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:35 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777017140415613752 X-GMAIL-MSGID: 1777017140415613752 Enable/disable CET MSRs interception per associated feature configuration. Shadow Stack feature requires all CET MSRs passed through to guest to make it supported in user and supervisor mode while IBT feature only depends on MSR_IA32_{U,S}_CETS_CET to enable user and supervisor IBT. Note, this MSR design introduced an architectual limitation of SHSTK and IBT control for guest, i.e., when SHSTK is exposed, IBT is also available to guest from architectual perspective since IBT relies on subset of SHSTK relevant MSRs. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9f4b56337251..30373258573d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -699,6 +699,10 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7769,6 +7773,42 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) +{ + bool incpt; + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, + MSR_TYPE_RW, incpt); + if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, + MSR_TYPE_RW, incpt); + if (!incpt) + return; + } + + if (kvm_cpu_cap_has(X86_FEATURE_IBT)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_IBT); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + } +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -7846,6 +7886,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); + + vmx_update_intercept_for_cet_msr(vcpu); } static u64 vmx_get_perf_capabilities(void) From patchwork Thu Sep 14 06:33:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139635 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp409590vqi; Thu, 14 Sep 2023 08:01:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDDVLsWb1AIhwjFdwo6TRpb+oHbnVi/sW1dPsGw4doYa0lr8Dn/D2L2LppgH6sejwT2SlR X-Received: by 2002:a05:6a20:3246:b0:157:877a:5f5e with SMTP id hm6-20020a056a20324600b00157877a5f5emr4914598pzc.61.1694703685560; Thu, 14 Sep 2023 08:01:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694703685; cv=none; d=google.com; s=arc-20160816; b=vjkXfc2XRAeEPszeWmXGZqwfuex0jwsDEmwvNfT9PdCKA8tguPzqukevwMOO1Fw6F8 AGXXjCbXtnHiiXs8c/myA+X3vNdd3uFdWkycEUbZDPQFi14nzG4jNlEBI9c/ZpPO30Lg IGwI2ZJwqNTYaAvP+3TRuQAn9Enx9Rbt6yRWf1tdMqRzSSeotEVOn54cPZWImw614z2/ EMdbAYNKOA+S41QkF3ZqNZ338pTX25G99Mh8cC74F74hX0dCqBL36HnqTw1zLZZ0iHVv eFmceQuSo0g9JyLqLVepctz89xms/NZ1MVs6v3lNex2EQdEFTgmHXXOYJD3YK5/QWUcc prPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Fy0P01oBygBl2CX8/pnJ1BBIRpD7GnKFBf9ioIolnM0=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=n4e8ZY6hJ8A/LOeWRqrIH4mXQ0/56lq4k8c8Jxqhd7/jRz2hEpWvWc8Y/p6eQtbwZx hZD/EwgxYqq9HP4gcABsJerVpfyTjG5ISrB8OiuZSICZp/0YFK1kGi3iKzUUUINTD8s5 bGimP9gnYb1QQgRwmY1IrfkBamK4v8GSOxGZ1CPTxo5OBgkQf2PZbhn4ZTgVm+bcRLOv xl+wCgVjL3REZYg/yCCjp4vgW5Np3N8eC8NlijCxSz47arxXdgbVs7dNdTRvbUdDoD1p 6WQ7d/s+G5bgUfOhpgx81PRnT3gr9lOybfA2dlHx7QBbjZYpcpOfRFjSlVgMBnykkXJY mlYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="cQTNe76/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id n5-20020a637205000000b00565eedb1cf8si1656258pgc.825.2023.09.14.08.01.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 08:01:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="cQTNe76/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id E569182C92E3; Thu, 14 Sep 2023 02:39:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237464AbjINJje (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237436AbjINJia (ORCPT ); Thu, 14 Sep 2023 05:38:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DE641FD9; Thu, 14 Sep 2023 02:38:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684304; x=1726220304; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4oZsvhTZUqUAAXS788VUv+8I+dApR/h26znaChNPNp0=; b=cQTNe76/BkfbNE/+EKRb5QzW9+7h5snZr0Tu9DC8IrQEvqUedr5KeXgl QKAQy9+E8GCMK7zu5iZx4ZR2a2eqG4tqteViNI75yloygTxDiEHjIh6aS S4JabrfXAb2nadsVWWl821qO++I0WMlLRGieeeKQH9yV2NI/rhfsdkMDJ PPeeMeogVi+4T7iIVe/swexL/Q8G1iAXEMXIh6fS/UfsnmWVpYNzqqcIx DcjD0m6bpmzrZcS6PDiHKBh5BnQyokcJg7LQL3NlSp6xRGkLbNHI1X6/+ epDFX72dathoghmh+KYhZiOVSkzzgCxtNa4U3f4/VenYr0WHHXubt12P+ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857431" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857431" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656297" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656297" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 22/25] KVM: VMX: Set host constant supervisor states to VMCS fields Date: Thu, 14 Sep 2023 02:33:22 -0400 Message-Id: <20230914063325.85503-23-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:40 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777025611535668996 X-GMAIL-MSGID: 1777025611535668996 Save constant values to HOST_{S_CET,SSP,INTR_SSP_TABLE} field explicitly. Kernel IBT is supported and the setting in MSR_IA32_S_CET is static after post-boot(The exception is BIOS call case but vCPU thread never across it) and KVM doesn't need to refresh HOST_S_CET field before every VM-Enter/ VM-Exit sequence. Host supervisor shadow stack is not enabled now and SSP is not accessible to kernel mode, thus it's safe to set host IA32_INT_SSP_TAB/SSP VMCS field to 0s. When shadow stack is enabled for CPL3, SSP is reloaded from PL3_SSP before it exits to userspace. Check SDM Vol 2A/B Chapter 3/4 for SYSCALL/ SYSRET/SYSENTER SYSEXIT/RDSSP/CALL etc. Prevent KVM module loading if host supervisor shadow stack SHSTK_EN is set in MSR_IA32_S_CET as KVM cannot co-exit with it correctly. Suggested-by: Sean Christopherson Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/capabilities.h | 4 ++++ arch/x86/kvm/vmx/vmx.c | 15 +++++++++++++++ arch/x86/kvm/x86.c | 14 ++++++++++++++ arch/x86/kvm/x86.h | 1 + 4 files changed, 34 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 41a4533f9989..ee8938818c8a 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -106,6 +106,10 @@ static inline bool cpu_has_load_perf_global_ctrl(void) return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; } +static inline bool cpu_has_load_cet_ctrl(void) +{ + return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_CET_STATE); +} static inline bool cpu_has_vmx_mpx(void) { return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 30373258573d..9ccc2c552f55 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4375,6 +4375,21 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) if (cpu_has_load_ia32_efer()) vmcs_write64(HOST_IA32_EFER, host_efer); + + /* + * Supervisor shadow stack is not enabled on host side, i.e., + * host IA32_S_CET.SHSTK_EN bit is guaranteed to 0 now, per SDM + * description(RDSSP instruction), SSP is not readable in CPL0, + * so resetting the two registers to 0s at VM-Exit does no harm + * to kernel execution. When execution flow exits to userspace, + * SSP is reloaded from IA32_PL3_SSP. Check SDM Vol.2A/B Chapter + * 3 and 4 for details. + */ + if (cpu_has_load_cet_ctrl()) { + vmcs_writel(HOST_S_CET, host_s_cet); + vmcs_writel(HOST_SSP, 0); + vmcs_writel(HOST_INTR_SSP_TABLE, 0); + } } void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c85ee42ab4f1..231d4a7b6f3d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -114,6 +114,8 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE); #endif static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS; +u64 __read_mostly host_s_cet; +EXPORT_SYMBOL_GPL(host_s_cet); #define KVM_EXIT_HYPERCALL_VALID_MASK (1 << KVM_HC_MAP_GPA_RANGE) @@ -9618,6 +9620,18 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) return -EIO; } + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + rdmsrl(MSR_IA32_S_CET, host_s_cet); + /* + * Linux doesn't yet support supervisor shadow stacks (SSS), so + * KVM doesn't save/restore the associated MSRs, i.e. KVM may + * clobber the host values. Yell and refuse to load if SSS is + * unexpectedly enabled, e.g. to avoid crashing the host. + */ + if (WARN_ON_ONCE(host_s_cet & CET_SHSTK_EN)) + return -EIO; + } + x86_emulator_cache = kvm_alloc_emulator_cache(); if (!x86_emulator_cache) { pr_err("failed to allocate cache for x86 emulator\n"); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 9a8e3a84eaf4..0d5f673338dd 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -324,6 +324,7 @@ fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu); extern u64 host_xcr0; extern u64 host_xss; extern u64 host_arch_capabilities; +extern u64 host_s_cet; extern struct kvm_caps kvm_caps; From patchwork Thu Sep 14 06:33:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139524 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp290227vqi; Thu, 14 Sep 2023 04:56:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFIwBSp2nm8G4jh+SnmpuASLfaxCl6KVbw5CdiX6LVKg0e0HPdAO5068um6gVhHY0j4RySn X-Received: by 2002:a17:902:da83:b0:1b8:af5e:853c with SMTP id j3-20020a170902da8300b001b8af5e853cmr2223113plx.26.1694692587834; Thu, 14 Sep 2023 04:56:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694692587; cv=none; d=google.com; s=arc-20160816; b=wmeLrRiSEHHa59AvY3kt9LG9NsAgyVSHWTu9JRgoVx6HtQNZyimMo19etmwl77+fdz /wrxGrDW4Ryd9VSZNn+L4h1Fb/j0hiUA8A+THWVlaBxgQ4vccmMUmRyYRE/PDY/9imID jPXppDf0NdHEx61g/ByNhBuERL+PxeFvyyRxYlUaw2ZEfY6PKW9ZG6iNXxQeOrTvwzKC 2LIgs1FQa2pxU9A66kystE8fyVBPqkK+vbLp/3tiw3y+SJ9E8gIOyXeeyVyXiRqQGvTM iauwBPO64hewdOl2vskoWG2Wx1uLRWSOCpSWSQqwKZnIK6Z+WKfZ6B4MoIZGKrQRthm6 +4sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oU4+RgQDq+xzcqYFHrNTidSu48BEKwUxwXFNrx46gL0=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=hpMrI0x863Xlc6rjXpE8vSgVeVFYjW10sz9Wfg99eiNdud3XY11bxJMYD/7OIEoncF rZEAW6as7HHq/XMSyc5IIgehqShgTkc/JgGbsccBv6vs7LefJFfHdeUSjJfykQPYWwGS OyNHyfNyuz7rVMz/BH28wtvaaxctiF9MXx2FWOeY5Tw0GlQFUkQ8nJ7EyU76/zCDQx0y EMRi8YthZkt2FiVHKZsjXFzq49tFtg51LtGLApSR25f39XMV20QtAqq+FE/KG0ccU+Wo RMt6m4nk5onw2iWt0UNfcITXsWGqxpw7aNr+mn5p6Xq5g/MS/SJUG+QnTIbwLccW4J3S WFUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="BuiJhux/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id b2-20020a170902d40200b001bbcddc33dasi1469843ple.180.2023.09.14.04.56.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 04:56:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="BuiJhux/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 9F868832225E; Thu, 14 Sep 2023 02:39:53 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237828AbjINJjh (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237440AbjINJia (ORCPT ); Thu, 14 Sep 2023 05:38:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 607E91BF9; Thu, 14 Sep 2023 02:38:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684304; x=1726220304; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5n02LuDiDUjCrYr4wB6bg9rxnnNbdlTBdRZXUE+MxOw=; b=BuiJhux/C4jSjYvLMMzKyy5GJqdIlj1DMWEiSfXB9iRUY2dRjKT2fGcW IXahfoob2PypRn2gR5xUVxf4MxNoM1UjdCOjCBwiSzmY6mz7Z7Gj9zN7T T5ZSX1GXnNNd/a2Nd5zvXSRUtBz04SV1LEWgSbWxB/UMhZzgsfX/HgGP7 swjdlU+HfFeEy7wTcNzQd1iHW2sgx2E4f5xSJB/UuXfHaf3GwEVXUGZNZ Uuu5bPx/ojR/ZN9chmgtB/uzeXeJcL8aN0bjFGfjZuu6MqnGIt8JznyQn 6eQSYPK+1l0SwMBFSJgsCB/kgPfjosJkpzmJMqZadLIA0FWyI70sfy6Uv g==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857436" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857436" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656302" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656302" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:23 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 23/25] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Date: Thu, 14 Sep 2023 02:33:23 -0400 Message-Id: <20230914063325.85503-24-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:53 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777013975036219351 X-GMAIL-MSGID: 1777013975036219351 Expose CET features to guest if KVM/host can support them, clear CPUID feature bits if KVM/host cannot support. Set CPUID feature bits so that CET features are available in guest CPUID. Add CR4.CET bit support in order to allow guest set CET master control bit. Disable KVM CET feature if unrestricted_guest is unsupported/disabled as KVM does not support emulating CET. Don't expose CET feature if either of {U,S}_CET xstate bits is cleared in host XSS or if XSAVES isn't supported. The CET load-bits in VM_ENTRY/VM_EXIT control fields should be set to make guest CET xstates isolated from host's. And all platforms that support CET enumerate VMX_BASIC[bit56] as 1, clear CET feature bits if the bit doesn't read 1. Regarding the CET MSR contents after Reset/INIT, SDM doesn't mention the default values, neither can I get the answer internally so far, will fill the gap once it's clear. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kvm/cpuid.c | 12 ++++++++++-- arch/x86/kvm/vmx/capabilities.h | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 23 ++++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 6 ++++-- arch/x86/kvm/x86.c | 12 +++++++++++- arch/x86/kvm/x86.h | 3 +++ 8 files changed, 59 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index d77b030e996c..db0010fa3363 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -125,7 +125,8 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ + | X86_CR4_CET)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 1d111350197f..1f8dc04da468 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1091,6 +1091,7 @@ #define VMX_BASIC_MEM_TYPE_MASK 0x003c000000000000LLU #define VMX_BASIC_MEM_TYPE_WB 6LLU #define VMX_BASIC_INOUT 0x0040000000000000LLU +#define VMX_BASIC_NO_HW_ERROR_CODE_CC 0x0100000000000000LLU /* Resctrl MSRs: */ /* - Intel: */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 4e7a820cba62..d787a506746a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -654,7 +654,7 @@ void kvm_set_cpu_caps(void) F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) | F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) | F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ | - F(SGX_LC) | F(BUS_LOCK_DETECT) + F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK) ); /* Set LA57 based on hardware capability. */ if (cpuid_ecx(7) & F(LA57)) @@ -672,7 +672,8 @@ void kvm_set_cpu_caps(void) F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) + F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) | + F(IBT) ); /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ @@ -685,6 +686,13 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); + /* + * The feature bit in boot_cpu_data.x86_capability could have been + * cleared due to ibt=off cmdline option, then add it back if CPU + * supports IBT. + */ + if (cpuid_edx(7) & F(IBT)) + kvm_cpu_cap_set(X86_FEATURE_IBT); kvm_cpu_cap_mask(CPUID_7_1_EAX, F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index ee8938818c8a..e12bc233d88b 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -79,6 +79,12 @@ static inline bool cpu_has_vmx_basic_inout(void) return (((u64)vmcs_config.basic_cap << 32) & VMX_BASIC_INOUT); } +static inline bool cpu_has_vmx_basic_no_hw_errcode(void) +{ + return ((u64)vmcs_config.basic_cap << 32) & + VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + static inline bool cpu_has_virtual_nmis(void) { return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9ccc2c552f55..f0dea8ecd0c6 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2614,6 +2614,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER }, { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS }, { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL }, + { VM_ENTRY_LOAD_CET_STATE, VM_EXIT_LOAD_CET_STATE }, }; memset(vmcs_conf, 0, sizeof(*vmcs_conf)); @@ -4934,6 +4935,9 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vmcs_write64(GUEST_BNDCFGS, 0); vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */ + vmcs_writel(GUEST_SSP, 0); + vmcs_writel(GUEST_S_CET, 0); + vmcs_writel(GUEST_INTR_SSP_TABLE, 0); kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); @@ -6354,6 +6358,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0) vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest); + if (vmentry_ctl & VM_ENTRY_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(GUEST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(GUEST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(GUEST_INTR_SSP_TABLE)); + } pr_err("*** Host State ***\n"); pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); @@ -6431,6 +6441,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) pr_err("Virtual processor ID = 0x%04x\n", vmcs_read16(VIRTUAL_PROCESSOR_ID)); + if (vmexit_ctl & VM_EXIT_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(HOST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(HOST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(HOST_INTR_SSP_TABLE)); + } } /* @@ -7967,7 +7983,6 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_UMIP); /* CPUID 0xD.1 */ - kvm_caps.supported_xss = 0; if (!cpu_has_vmx_xsaves()) kvm_cpu_cap_clear(X86_FEATURE_XSAVES); @@ -7979,6 +7994,12 @@ static __init void vmx_set_cpu_caps(void) if (cpu_has_vmx_waitpkg()) kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG); + + if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest || + !cpu_has_vmx_basic_no_hw_errcode()) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + } } static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index c2130d2c8e24..fb72819fbb41 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -480,7 +480,8 @@ static inline u8 vmx_get_rvi(void) VM_ENTRY_LOAD_IA32_EFER | \ VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | \ - VM_ENTRY_LOAD_IA32_RTIT_CTL) + VM_ENTRY_LOAD_IA32_RTIT_CTL | \ + VM_ENTRY_LOAD_CET_STATE) #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \ (VM_EXIT_SAVE_DEBUG_CONTROLS | \ @@ -502,7 +503,8 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_LOAD_IA32_EFER | \ VM_EXIT_CLEAR_BNDCFGS | \ VM_EXIT_PT_CONCEAL_PIP | \ - VM_EXIT_CLEAR_IA32_RTIT_CTL) + VM_EXIT_CLEAR_IA32_RTIT_CTL | \ + VM_EXIT_LOAD_CET_STATE) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 231d4a7b6f3d..b7d1ac6b8d75 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -231,7 +231,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) -#define KVM_SUPPORTED_XSS 0 +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9699,6 +9700,15 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) kvm_caps.supported_xss = 0; + if ((kvm_caps.supported_xss & (XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL)) != + (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + kvm_caps.supported_xss &= ~XFEATURE_CET_USER; + kvm_caps.supported_xss &= ~XFEATURE_CET_KERNEL; + } + #define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) cr4_reserved_bits = __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_); #undef __kvm_cpu_cap_has diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 0d5f673338dd..665a7f91d04f 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -530,6 +530,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_SHSTK) && \ + !__cpu_has(__c, X86_FEATURE_IBT)) \ + __reserved_bits |= X86_CR4_CET; \ __reserved_bits; \ }) From patchwork Thu Sep 14 06:33:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139503 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp262439vqi; Thu, 14 Sep 2023 04:01:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEO3nOopvpfobIyF3KqVZ7EVnQz46SwpGhEgQcqPENN4dhNOg4LVh4AuSKHOiRP4u5MgT4u X-Received: by 2002:a17:90b:1185:b0:268:535f:7c15 with SMTP id gk5-20020a17090b118500b00268535f7c15mr2208117pjb.0.1694689307592; Thu, 14 Sep 2023 04:01:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694689307; cv=none; d=google.com; s=arc-20160816; b=yH9aBxbJr+GDvJs25+9PGf28QL1cJTyXlF4NKaVCSqE5Awrr56CMrbeAolWu/97eBg xnvN4FgyHWplguDp2IH5lt7vz+7zP+vUfwyItrRVSu8ZZM7I6KZiu4JYG1itgy9qurOh IP8lFkuDFdVkD62FsxagOOURi+hVDe0UjpNDpU6pD/DayykhOuQiTYhtFop6y796G8Iv JD7XqMHZTny+JIvE61eBrUoaEc9s4o24C3p6qpWSrOnyx3VwvHYWdppVPq2S3KIPTRzj 7KrVBEATLW/V6PysqpxVgRkQO9p6+wrTj4ZARJtXuJ0dIDX2bBMO4dS6SuKXjj6tgyHX Sszg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LaX4g9w6bHIibhMo4jfzqZMuy6qdFWYH9ItwO86BChU=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=ZLGfZ2Y+ad5af/gvHzMiFaG0As0Bi/oRGTNEht+3g3sVXQayiDM9Nt973bR7o5FrlG /WipI0YLrAvDyAcObVYIpkFmsjIpVK6BA9z6wvBCBBdN1jNyPNoe9v0WVqLPVV6p+UPw TrpymAIv1HecpSHQwEwNLzOyxWbNTiKfjHZ27EMV2D1ASRNoRa/qq4aF/6FdgAkG8/4L eIdpKDkp1QFLiRJ9VbgYo2IEzAQ0oR+KqNtK8P6rjEFjyZ6mo2tLRaDmYat+5nFIxOCi dr9BPlhdoz/NzpJbN1LiRQehJiZy7TB5Q2B4LCL3ZSMf0Is0EzDo90KQU13/zvD3oOTP zgRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fJbI0Wz1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id nv7-20020a17090b1b4700b0026b2602b969si1573463pjb.43.2023.09.14.04.01.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 04:01:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fJbI0Wz1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 93DE6828FC3C; Thu, 14 Sep 2023 02:39:56 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237846AbjINJjl (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237446AbjINJia (ORCPT ); Thu, 14 Sep 2023 05:38:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B97201FC0; Thu, 14 Sep 2023 02:38:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684304; x=1726220304; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Z0ux6e/uG0dkaGdbqkAWPBXX8t5ysVuvO2txMAe3nKQ=; b=fJbI0Wz17iRogtXpnj1IJ+15nQVIs9/iNezsmhKdvKeV/5lyZq15n04I s7/pnWNFUEHfrU6SKwXo4avuFxROW0BG8I2FTDBHFZIzPDbmWZP9eaFHb eMZe8ly6+gBxuNcXOJiJLpHGfCC6lCr0ZDnauaUnrCIOKZpqKgVLXgzWb jYkyU6UEkZz70mZKBOATwzNHSvn8Q8M/WmDFhcB9uVT7sBCbeSfDto5iB To560UoYchTdUbcYK7oNAM64yddj5G7MUOT4gXD+g5srOZTYgoPVUxfib qKqOeIExWM9ndwvl1aHi/oNBpN9OAnaeckWQN4spnVz3Ur5NnjuOBFYFd Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857441" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857441" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656306" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656306" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:24 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 24/25] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Thu, 14 Sep 2023 02:33:24 -0400 Message-Id: <20230914063325.85503-25-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:56 -0700 (PDT) X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_03_06, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777010535297889147 X-GMAIL-MSGID: 1777010535297889147 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 22 ++++++++++++++-------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index c5ec0ef51ff7..78a3be394d00 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1205,9 +1205,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2846,12 +2846,16 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION || + !nested_cpu_has_no_hw_errcode_cc(vcpu)) { + /* VM-entry interruption-info field: deliver error code */ + should_have_error_code = + intr_type == INTR_TYPE_HARD_EXCEPTION && + prot_mode && + x86_exception_has_error_code(vector); + if (CC(has_error_code != should_have_error_code)) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -6968,6 +6972,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index b4b9d51438c6..26842da6857d 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -284,6 +284,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid From patchwork Thu Sep 14 06:33:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 139908 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp693158vqi; Thu, 14 Sep 2023 16:41:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF1HSjy+ZP97xs2pd12+A2duKaKwCbvwW4625XvO3lBApPBsufxcpx2NYUflKCwX1WabVeq X-Received: by 2002:a92:da84:0:b0:34f:36ae:e8d2 with SMTP id u4-20020a92da84000000b0034f36aee8d2mr262802iln.3.1694734889218; Thu, 14 Sep 2023 16:41:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694734889; cv=none; d=google.com; s=arc-20160816; b=VlfJ1URoO+nAcWcpbNhjXZi9mHDIar+dZj2vT0IutVG9rGZ1lTdmKPpwA9vzlZpjgK SGAvoT8KdL6A9yOCaO7+yfrib3GNNybMpGHoiwH1TpvX+3VvOqWwUBs6kPKNhye8O0D+ XRYT9HzTp/1Bs9ActK5Y6zPdVR38g5QR4f6v8AKkLO3IpSFsA+UU/8wp+AmHUVLCPx5p 4PC05qNdHEpxIOCSnx9WkXKQXHSI/2zLoKvmpxTLBOnTlOyqxBBhY1YcxcFmCU+Tkhz7 87tYs1zemC9jjNAGwcATmZnSZVCKX25g9JOzwG0YR99223Nzhqhc5IpGIjSBZ1q2E21z bgvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jV1TBntpTyjq5PhqMpxWA1Qisuah+WfmMItbD5Xi3Q0=; fh=jQqUhNQZPAXcZ44u72Wu3jv2pQizzn2Be2T8mkd1RwU=; b=YMB3WfA7Q53tiCZcs1+rnix/7i2pzbIsicZEYcsR7o8XYSWt3wCSyJM6bnX9RidiXV Vmh42f4hz1yutR50HiDrrtJfKnZR7a8t5eOnw5f1zgJD3G3fV9gIy83rMGayBNJVYEbl 8c5h/u8AVTUQKKv7uMm6wfoUkCNPxvtT3wdKcvRX7YKOIaxVxMR2u3063v41XLpX/KuM 3tb5j6/rtNGjA3nFVFIq0ngd4IC4LQDVWiYh7ma0ZKkXgLo6MzNEuRYA41ogY7c9MdOc xnPJXhrCs8FvnB91WUYwN2YG03rzMDLgB1ZqbFn0XcKf3lIllAnGYE+1otEuXzWm3mW2 Ttgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TG5iqx88; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id d4-20020a633604000000b005658d4c82f8si2236698pga.877.2023.09.14.16.41.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 16:41:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TG5iqx88; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 43AAA82C92FB; Thu, 14 Sep 2023 02:39:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237750AbjINJjo (ORCPT + 35 others); Thu, 14 Sep 2023 05:39:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237444AbjINJia (ORCPT ); Thu, 14 Sep 2023 05:38:30 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 216D61FC3; Thu, 14 Sep 2023 02:38:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694684305; x=1726220305; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=iR94rXH2VOkdWOb6yC2IM46f2G3Vcs7YPjw5gLl1bog=; b=TG5iqx88BLHRwNEDmPR70SnRsu6m7YbK1dG+z3zfM1xhOlq4wqzIskY2 hNqfJphjk0sSKxWJ9+//XqAPGn4WfQ/FdboDyQVmXI1XNRSU4Z8BjqGno ac9GCZ9O1WH0vMu3C7/Uh64y+joh11lmrP/qK348ReV+EpLfJ0HWhS+g8 q6yh8F7sOl90+3HFf34kDX4u99Z8Uffu6iWKxXyEeu17iYywQQ1s+FsLs I4XYfANxdS/7bbR6iQQLC6+0tPw+OqTpQbMf6xYd3qa4JNtxgJjfZqaQm FikNefObkkwKN6U5gKJhHEX0rqGBqCQjBRj8Pu5CquYyq+8adPZWGtmAN A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="409857447" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="409857447" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="747656310" X-IronPort-AV: E=Sophos;i="6.02,145,1688454000"; d="scan'208";a="747656310" Received: from embargo.jf.intel.com ([10.165.9.183]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 02:38:24 -0700 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com Subject: [PATCH v6 25/25] KVM: nVMX: Enable CET support for nested guest Date: Thu, 14 Sep 2023 02:33:25 -0400 Message-Id: <20230914063325.85503-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20230914063325.85503-1-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 02:39:46 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777058330991336463 X-GMAIL-MSGID: 1777058330991336463 Set up CET MSRs, related VM_ENTRY/EXIT control bits and fixed CR4 setting to enable CET for nested VM. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 27 +++++++++++++++++++++++++-- arch/x86/kvm/vmx/vmcs12.c | 6 ++++++ arch/x86/kvm/vmx/vmcs12.h | 14 +++++++++++++- arch/x86/kvm/vmx/vmx.c | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 78a3be394d00..2c4ff13fddb0 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -660,6 +660,28 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_FLUSH_CMD, MSR_TYPE_W); + /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */ + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_U_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_S_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL0_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL1_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL2_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL3_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW); + kvm_vcpu_unmap(vcpu, &vmx->nested.msr_bitmap_map, false); vmx->nested.force_msr_bitmap_recalc = false; @@ -6794,7 +6816,7 @@ static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf, VM_EXIT_HOST_ADDR_SPACE_SIZE | #endif VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT | - VM_EXIT_CLEAR_BNDCFGS; + VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_LOAD_CET_STATE; msrs->exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER | @@ -6816,7 +6838,8 @@ static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf, #ifdef CONFIG_X86_64 VM_ENTRY_IA32E_MODE | #endif - VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS; + VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS | + VM_ENTRY_LOAD_CET_STATE; msrs->entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL); diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 106a72c923ca..4233b5ca9461 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -139,6 +139,9 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(GUEST_PENDING_DBG_EXCEPTIONS, guest_pending_dbg_exceptions), FIELD(GUEST_SYSENTER_ESP, guest_sysenter_esp), FIELD(GUEST_SYSENTER_EIP, guest_sysenter_eip), + FIELD(GUEST_S_CET, guest_s_cet), + FIELD(GUEST_SSP, guest_ssp), + FIELD(GUEST_INTR_SSP_TABLE, guest_ssp_tbl), FIELD(HOST_CR0, host_cr0), FIELD(HOST_CR3, host_cr3), FIELD(HOST_CR4, host_cr4), @@ -151,5 +154,8 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip), FIELD(HOST_RSP, host_rsp), FIELD(HOST_RIP, host_rip), + FIELD(HOST_S_CET, host_s_cet), + FIELD(HOST_SSP, host_ssp), + FIELD(HOST_INTR_SSP_TABLE, host_ssp_tbl), }; const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs12_field_offsets); diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index 01936013428b..3884489e7f7e 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -117,7 +117,13 @@ struct __packed vmcs12 { natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; - natural_width paddingl[8]; /* room for future expansion */ + natural_width host_s_cet; + natural_width host_ssp; + natural_width host_ssp_tbl; + natural_width guest_s_cet; + natural_width guest_ssp; + natural_width guest_ssp_tbl; + natural_width paddingl[2]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; @@ -292,6 +298,12 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_ia32_sysenter_eip, 656); CHECK_OFFSET(host_rsp, 664); CHECK_OFFSET(host_rip, 672); + CHECK_OFFSET(host_s_cet, 680); + CHECK_OFFSET(host_ssp, 688); + CHECK_OFFSET(host_ssp_tbl, 696); + CHECK_OFFSET(guest_s_cet, 704); + CHECK_OFFSET(guest_ssp, 712); + CHECK_OFFSET(guest_ssp_tbl, 720); CHECK_OFFSET(pin_based_vm_exec_control, 744); CHECK_OFFSET(cpu_based_vm_exec_control, 748); CHECK_OFFSET(exception_bitmap, 752); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f0dea8ecd0c6..2c43f1088d77 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7731,6 +7731,8 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU)); cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + cr4_fixed1_update(X86_CR4_CET, ecx, feature_bit(SHSTK)); + cr4_fixed1_update(X86_CR4_CET, edx, feature_bit(IBT)); #undef cr4_fixed1_update }