From patchwork Tue Oct 10 20:02:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150932 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp107480vqb; Tue, 10 Oct 2023 13:03:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IETW0MNI7arDeYhqFcKzWgWAqJ7f+w3yfc1RhNxNdGqXeCxmfbLwQY6LiaOWc4F3Ie9MxCh X-Received: by 2002:a17:90a:4143:b0:268:ca63:e412 with SMTP id m3-20020a17090a414300b00268ca63e412mr17041043pjg.4.1696968189405; Tue, 10 Oct 2023 13:03:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968189; cv=pass; d=google.com; s=arc-20160816; b=Jwq7MrkFLtxgl1GjSDd/6FJIqYRHhFG/dUJkQ+N3QkYpZRx+9lX5eb70qh3fGrpUbk fhZzbgzlRcFQ40YgcDn+yb4hf0bbDidm4zUMFQTrd2KErUw8rM7/SunKd3iCixa2kl7I y0RItIdN9z691mehfHP2SfCKZImxrB+KJ3AwS47MlitdZhKfxWvuSxpbsoO2+GsGHe4G mXuDlwDvAsQ4huONCHxut7HV23wWCCztsPrI9U6/VIABtbHTS5uxcO/VD0Jp5RXgqG8X 0hEDF1e3Hnf6DTaPnD8yOY8cj8UNFhggG0lxfZoA+suyzpC+MDSylCS63YJUCHireiOY GxyA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=QhMVG40k16QnEOd5TZV+P9T38+kg056v8RcfN3Ut5eU=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=a9CXTkMc6vuA5/TSw1xCWMIncoULhCSkBlINdytG24nBg4Uu6XKyIgG80/CMVeaD1N IiD6g067FGK8wfBczqrS1C9Xewdfb19s1phurXlVKqZtZsGgcBvndBbtgcCpV33zDvuH 5tLhsxU4zNqM2RwBnHpVgEBx/1R5mhhHd91CiLVI6nuSr0oQU8eIlyGtP8Wgdl23+Asa JDz/vPQasNq98iVFCxxsIyjpqx/avrZwcdUOC0YZ0ALNLv2QZKAAtejyoEMzeHia3E4b qkOUYQhEqhvAOyhxHQw5JS29NwLoT20tp+7jJgz65OwPQTCRrzzTmrNtg/ZsvONjCeZi j+NQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=AjKv1jxc; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id r2-20020a170902c60200b001c3ea2bbebcsi11654985plr.322.2023.10.10.13.03.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:03:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=AjKv1jxc; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 2762F80D31F1; Tue, 10 Oct 2023 13:03:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229734AbjJJUDD (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229809AbjJJUDC (ORCPT ); Tue, 10 Oct 2023 16:03:02 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2054.outbound.protection.outlook.com [40.107.243.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79B4A93; Tue, 10 Oct 2023 13:03:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=awK26XF2I0eIup0OdBSIaqUE+r/Yv/WTzOes7p3EurFBJn3f9SQFsHlklsdMcdt+Un0EXf06fP0TRrRtZPrO0cTMDilVU1YSwky3tVRh3Ra6oqaQJkg9ioNOnqrk7YdBRN9/X/EYsvfyb4z17PRM3S4wRUnWAItLI9hbPzBeuchXMOB3/bdUEh2ddTa4VHF7CeHSErfDS3Y1W8OvGu5e0rqqaBgwODnsH+yFlK39IuEFrNsTTUHLml6I0xvRbpjl++AdMCFHLeu566UsrerJwxKSZpecNVjbdWjsHFK3zmYQkw6Jz7/m4pk7HnU2KA5gUj69Ct0Znw4vG3UPC3cQyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QhMVG40k16QnEOd5TZV+P9T38+kg056v8RcfN3Ut5eU=; b=T7XByjHVlmSfRpcgFzH3LCrsMIfK0BlQPry71W27o9f2e/zIYwpiExDQn2LEQcsqMn4QGFEqm55N/HNImdZzNKmu7vASLBvIHIf4K9E97BWGzruTsh5IRU7HXPqfI7+jfndxXlU8A9poh1weW/ACd1ieEuesqaahDwWnC3pYpzV7LVjW9BXkMacJJ/7vPzQEPCpEwrrLj5oNXPAgkDMTuqXAW0w0sJCI53W2mjJJj+dZrsF0+uZOWRcG4cPA6df52H+4yYUztgmfmhkuvynuOSbKPaVcoPZAIEpuVbfhg1lC3EPCtYUEHXxHjZLcBLB4qBWACwhr6WY2v6O1b6oWVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QhMVG40k16QnEOd5TZV+P9T38+kg056v8RcfN3Ut5eU=; b=AjKv1jxcHYl/ko0bLwMMiYe0TmkkaPCavdybeh8tNaTuosZCbkoJaPZlDnhkqC5pggeg6Ej6rFq5U+eq4fMdj7slorI1QrcXp9nPOSp/4mhlN7XiUsEyRv4xDHPXvEZeBpZbYqIEOzG7Nv5ezq9+KMxuvUH9K/YP01ANbn8G2Z4= Received: from DM6PR07CA0084.namprd07.prod.outlook.com (2603:10b6:5:337::17) by DM4PR12MB6397.namprd12.prod.outlook.com (2603:10b6:8:b4::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:02:57 +0000 Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:337:cafe::ce) by DM6PR07CA0084.outlook.office365.com (2603:10b6:5:337::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:02:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:02:57 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:02:54 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 1/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Tue, 10 Oct 2023 20:02:12 +0000 Message-ID: <20231010200220.897953-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|DM4PR12MB6397:EE_ X-MS-Office365-Filtering-Correlation-Id: f71ba29a-0737-43ba-b501-08dbc9cbe5f3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CismyJklKxIOBoF4AW3SxZLHGggE+w5V9qPuusxoJKagNB/KiqKWAUVzzOqV/F4yJw+kJEmPtXdSd7VF0HI+KYjgbjE17mfuV5GEogOjnKLq7UIhpCtWzSktyawejkfnITGDWmNf3Ogk90/FpDCKEsepHRGIBGPJk03vL/SF62PEGKc2bJUZiECfi9EK6JiThxEYJkNseQ2hra2NohKRdW0xfHC2ITVEPXz8WX00MkDu83tUUjSh3lyKEiAZO2lhZ5JWLAYEiedQfwXJGwbQ8GzRyyo7WeZKSV/gpb21FRSP+bfmMF+2Jkj7bPv9c74DVC3HNeQwQrdrkU/SFwDlguyLGQA4/IfWD0xnIhecgHbCCqGkV8ue4ngCLFzg7he8lIqNR7jBHFidM5QWArycIHAquepn4GErKDrhfYDp8VWNmEnojNrRbJxD0ODfjVaKQSzeHsZdE2Ac1v0XIYMI9cx2RCF+R0deV7YWuS+wYwSPqBUEhVC5ZlIpySVU171o1YQFJ8pTTnFfmnPgiFzdydBNx/T4nd++ETxkSJH12OCPyP1bh64T7z/x8PDTkYsEWpT0TmDMNGqk/O+k01Mm2Q/W2i1N/HBiN5MJz/aUazXLe5xkpZYGx1vAsZvPEAMaVnT9niiMN7Pcsf15GJQ+MsknrCrHOV5vJWLzMtdlkaEIieUqyJzCNK5qAIHLKA5cClbIMyVUNirmSX+hdPRbkMygH7Yy7oUmyL+jvefawsQqvwsPVYhUCxL3rgzNhvRZQAB49QpVtPDXnPgJXbKGcA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(346002)(136003)(396003)(376002)(230922051799003)(64100799003)(451199024)(1800799009)(82310400011)(186009)(36840700001)(40470700004)(46966006)(83380400001)(16526019)(426003)(26005)(2616005)(81166007)(1076003)(336012)(40460700003)(86362001)(36756003)(82740400003)(40480700001)(356005)(8936002)(6666004)(4326008)(478600001)(44832011)(2906002)(8676002)(5660300002)(47076005)(7696005)(36860700001)(6916009)(41300700001)(70206006)(316002)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:02:57.5774 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f71ba29a-0737-43ba-b501-08dbc9cbe5f3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6397 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:03:08 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400116091963503 X-GMAIL-MSGID: 1779400116091963503 Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f283eb47f6ac..6a0d225311bc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2859,6 +2859,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_SSP: + msr_info->data = svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3085,6 +3094,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_SSP: + svm->vmcb->save.ssp = data; + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Tue Oct 10 20:02:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150933 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp107596vqb; Tue, 10 Oct 2023 13:03:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEzJxh/V3KyeYJCnkwWrIGlhCj7Sojv1C0vxdcGB0fPHZ+Qj+RChUHAuCdztETcFICSblEK X-Received: by 2002:a17:902:ea0e:b0:1c1:ee23:bb75 with SMTP id s14-20020a170902ea0e00b001c1ee23bb75mr22024896plg.1.1696968199435; Tue, 10 Oct 2023 13:03:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968199; cv=pass; d=google.com; s=arc-20160816; b=WjDLLOSYV2M9mFWRnK5teGbirYVkjg7Yk3SANNCBw0RU2H9YRgRn1AGrYoDG6lz1qH oQdOhzD2OhC8N5bEMXzBH6j33rSOGw9S4+V4LUK+XZr7BpGAmzLFKik1Dt60xPdKCwjU Tn9HS/vV+8UyN105cweGa0AQkTJgkGXSrdTDTTYKclsDB8wP0rUTliL/F++XRQ2FV7db 3xt1eZtLHbFg6b+ojLD64P08GTJuEL4o4f2VPTC/UaFevggRu6Pomi4GWnxIt/C4luDd JgDunk7dgWoU9MjFtQ8A4O4hjtsZsyDigbyKEyhI1LmpU+s6b17QZXs5BMGX3Jo8rleq biPA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LCDAeu+oFRntxZX3V+OPEPdSGNwKWbI5/06oJfaJqhs=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=pVWlc6K44XzKM2z43DI6UIIRjlK+6EfEYn0ufbdWGUZFcdeWb5M72BfHw6KNtOADrQ LeKCI84jPDSyRZToWaZvX7RhQOgHYwAmccqTbdjgOH10kGyIaWTC52EVDGa9AfQHieRY 6CLYI/CerMoInBxvVoSw7UV1TewQUsoVx+ezjtecbpUK7u5VI1rOQ0gPquRHnVt6ygHp ncjGskv3BRGSU122cnxjPplDPqIA0BVZtKOFuSIujLuuerGzoo+bXEckwFF3wtzzbxsG 5la7KKSsM3AFxkKlzxE8J8npdPNi7iUqMaKKQqlbKpN4wPO3WJd8iQfJYYv1zLwo/HF/ v+qw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=bIMHhtFE; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id lm5-20020a170903298500b001c20db2510asi12556796plb.53.2023.10.10.13.03.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:03:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=bIMHhtFE; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id BABD780D31E9; Tue, 10 Oct 2023 13:03:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234351AbjJJUDL (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234412AbjJJUDJ (ORCPT ); Tue, 10 Oct 2023 16:03:09 -0400 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2073.outbound.protection.outlook.com [40.107.93.73]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 386CDAF; Tue, 10 Oct 2023 13:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=auKuW2x0kjWWVj44538CM/C/5hvU9GUt8TCUwDCz/UYmHCITPn9WPmBE9t/bsI1BEsVrdYTKx+KDao1gFg14xY1PLyeKFdqHvZW/dyZko0AEfuyhPktmzRu4TJ9b8nglAEQTKt1Kt6vxD/n+ZudXE6NXjrBT4sWmXJgBM97MdHFE+Bd6bsczxLKifxDWJDRDmpvGmVisuxH9BxA01aKJRpEOp+yBSjtMhx8CKVm+DTX2QYs+8DOON1OIfI/+XO/B/MRj9QpnzOI7+fUVTD5Au9R2V+G0F3zgBvoj92DHAXjKAvfOPtTzG6TKjKTbj8vPUxYe/V0Hc/qqAIUjOH+hbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LCDAeu+oFRntxZX3V+OPEPdSGNwKWbI5/06oJfaJqhs=; b=aKWNJebbDK9iAIR7iKe26aLXv1l260TNc42Ig8jy1ppoBQ9pNBB95qQxju3bq3MCBQM/UjpDeDRNPvEtCLqC/32UAoQ3P8gy2mM2pl2IHw7w5hp3Bth3csWi4WWa0/HxbeVas27EutOCrGsy9KN1vO7aXYU7+BKYXImDc9iy7+8PWZQivZGyg+31+xcBh1Hsty2YY+OkLt3EvSaqfRYC5RwDUIz8X/2qVUo+HqfH45GL8mwOa8R+HvmcmjVhDo5wjbRdxH45sSkFGZAzxBI2gaHwLt4egNMTV92vCu+QSW0FqurEHdfLW2DovuilR2OzTas4FvLhgLUG8VMO3OH4Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LCDAeu+oFRntxZX3V+OPEPdSGNwKWbI5/06oJfaJqhs=; b=bIMHhtFEBN3/fHTgksvEzs+OanIRntpaNeRg+pbdJ4MDJGllo/I1Hodat8WrIKJIQBVl9+ckhOOPRqvCcR3ULQbvV6yjvVkiRmzjITOhlS04xBcaeOUoJpQLPNtdqoKL++0uMeKhp3Hch5twuKu1w8MVuKN3wXWNNB5kbRsioso= Received: from CH2PR19CA0005.namprd19.prod.outlook.com (2603:10b6:610:4d::15) by SA1PR12MB8888.namprd12.prod.outlook.com (2603:10b6:806:38a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:02 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:610:4d:cafe::16) by CH2PR19CA0005.outlook.office365.com (2603:10b6:610:4d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.14 via Frontend Transport; Tue, 10 Oct 2023 20:03:01 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:00 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 2/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Tue, 10 Oct 2023 20:02:13 +0000 Message-ID: <20231010200220.897953-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|SA1PR12MB8888:EE_ X-MS-Office365-Filtering-Correlation-Id: d1159e21-e12e-42e8-bba3-08dbc9cbe860 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /Rr5kbKDaMhrf1CmIR3M05b3YFBHg6kU7oOgyxSKCa4jdnw40vqzo0f/Wvt7S+Oy5BwUCVY1RBogPfCVIoCQRd3/uyGyqTO9IiqpoUlOAa014h8mD4xkhZV+9csbwl+/DSEIrsJpi6uqM6vFbhgsKDyMs34zMWtL52AXArbdKWSXEFNl3mVPhH8VUOlFMdkp7gV1Tv6mjtQN0cFnX4Y1w0Y+sLJI+iERMn9AWH5uzzBAN527q8CGbZco03qkV2w3zjpeARKHPXwlkxmtMyccZln6Qbr+LmYfmPcBh1K/mFIK/XlQlgBSjkgcLnfWhI4vsfy4ELRVIFKNzUDV7VnNqPQNsXV0qcuKb9doPgjNKkDeK0AwqgrkgJ9Pyy0ltoWekfdK4nW2jTVN1vG5Sv5E6BuPnBtDCfhQfuLWf70pNgSVRiaaZipddlv2i4CKIBPvRJjZvj2Cpe+UNkq1x6zKdfkYaXvnTT422Wd1AcW8SzxBJaJNRTRrc68+YJ0Leuuk7UXo4AWhYfrLlGBVX6K7RzTl3U03z7mLokoHn0u8V9S5UVRbhFK5zTJ15dukWHqeGfWZPwCVaBq1sFW0zLO2JDiijFp6LNPMYknT+VFvDzTDMpOPa8nrMvHan7dhw9krB0cDX9PG9YTnzRZkRpwbXhQKW0IO0lA8KVGakhPpBkAfYPM/18tD+ya0KNDDF0WgoB6S8DqA0smAinXJVvK5bo/jF6NIIUsyJHGvG6ApN2OM4VM9rq36XkXGI0NMaPJXbhvmZoMllSJzzDQEEwKETw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(39860400002)(396003)(346002)(230922051799003)(64100799003)(186009)(451199024)(1800799009)(82310400011)(40470700004)(36840700001)(46966006)(16526019)(426003)(26005)(1076003)(81166007)(336012)(2616005)(40460700003)(86362001)(36860700001)(40480700001)(36756003)(82740400003)(356005)(6666004)(8936002)(4326008)(478600001)(44832011)(2906002)(7696005)(47076005)(8676002)(5660300002)(6916009)(316002)(41300700001)(70206006)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:01.6317 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d1159e21-e12e-42e8-bba3-08dbc9cbe860 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8888 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:03:18 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400126493426871 X-GMAIL-MSGID: 1779400126493426871 Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6a0d225311bc..e435e4fbadda 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3416,6 +3416,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Tue Oct 10 20:02:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150934 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp107656vqb; Tue, 10 Oct 2023 13:03:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGZJaier6/OVlH1UCw7OHJPqvZirNNO69HgPG84rzCx0UVMd6ORHEwP4QHYAwUscObo1zSd X-Received: by 2002:a17:902:dac8:b0:1bf:1a9e:85f7 with SMTP id q8-20020a170902dac800b001bf1a9e85f7mr22124423plx.1.1696968205785; Tue, 10 Oct 2023 13:03:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968205; cv=pass; d=google.com; s=arc-20160816; b=wFbly42gPAsoii0ONSkBd8OXdZlMzB7wb6yCiwKDVXcZ7Dh7sZwgOiHf7Y1UieouPM WhjEsKtO8mIqR8gEiiSjK8B0RYpBlbWuxbARs9QN71mXB226qkMODPj7Aewda9KnRtlX NCH3hQTjzLcPIx2+q1o3XNG9OSHYjIkkZmXafUn9JSOuimG+NBgl4IMdcl13NZlfM8O8 7DyuG6VrQqBANDFbYgbhI4YgQqO+ZeAKaz3G1KIB3PYlbHNTNqbx0AFTqt9feGa64l0Q 4322r9sHy92l8/Bk4QHoQxElHAzE/+HidLrP2AAGSfgi3HBfFUNyOmJouFLs4YZ+jAJH cTzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dV0595VjvOmV1IaYkOEutOQmELGCffnog47vHBHmL4Y=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=hx7cCKddH7DrSQE//QOj/wV2aBNv7BPAJkSpIiSbbzeYnG3nHp8iyZuXQ7HKgR9HNj 3X4S7NO9NklRNtiZ32HmSror6EV2m2FqrNjQzkHb6FPLwCDYAcCbCFCDb7PHJN/yZ+4a 0Y342YF0jPFcMkIrvKHcBNQJU2PO8mTZyawztM35FDiEY9ycxxkeZ5eQYL9DZ5PjxHCj uAYUYn3Yk4aHZ90RV0kVnfFWraPTrgY8NnkYto8R0RUVZgE7z+Odq4MMVvVko27/zf3X LIp0GckFdx1s9/ehgF0AQsaVaXTiCM2B+wNEg/S5aK8fdeNJGEAGlpjc81ryp12VK4u9 JddA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=CdmcoG7s; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id r2-20020a170902c60200b001c3ea2bbebcsi11655503plr.322.2023.10.10.13.03.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:03:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=CdmcoG7s; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 656F580D31F5; Tue, 10 Oct 2023 13:03:24 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234430AbjJJUDR (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234365AbjJJUDO (ORCPT ); Tue, 10 Oct 2023 16:03:14 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6EAECC; Tue, 10 Oct 2023 13:03:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BYKqq6+qAy7EkIqaYsqHr4rtO2WgbO9FvVxjSzar3TuSM11GLrBuYciEQOnD+bFr6F7Bj47mzVrPGUXVq37FnPjHV/oVUw3SiBapntz4+3mcEPMOUnv213thNyh5ykVyAESAhxBrkTGSEFnDAPP0W7A5jXNRG86YL5ngXY8lRlK88BXESTml+s0nCsxojWpIeoNVh/P+UV8HVfVufWKAsl4Yu5JGeNO53tgyaAVnDMQ8+tMmSG3KAG5JP7sKiLxUPOdDR171YDeKSFqwqIXE9yWKYp7dJ+is+wbNXf70VQgliu+0qHXGzVf4cVwGh2CYFQB/LxYa75VxU8de8MqKHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dV0595VjvOmV1IaYkOEutOQmELGCffnog47vHBHmL4Y=; b=B6VZBtNj9+lRF4Xo22OaMrvyGaYVokpebcLRhEc1XetsuJYcs04WL9oa18LXI/4fk71KdSQBu79aeOk8FuMaZs1oiPl25iQID1jJoAvxVuqtT9+o0J0T/VfkJzwA3+cRErlqqwHSMqLCBFT/MGaT6nvsCuIJpA6vmZFcmpgJ+m9rCANc5cfmPLVa2pjfzXuArEaCjojcD/t3/r6ual0Orj/OE2FaA2RXFFna0Ckrqu0pY/LRYWc2kxZz73lUQEA0UUr8yzI2WqfRfUGBwYUlJvfYpj8+Jg97G8a9jZF/x2APhKLAntEFwt0pXKpmlHD8b4s82NEhxiI7UCMMmVyyXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dV0595VjvOmV1IaYkOEutOQmELGCffnog47vHBHmL4Y=; b=CdmcoG7sNTagcrbYtNwUB4MLuWYvXNeA+YVQaulwtfEFUwxc/uUHTcthIoIF+F9bjFHTtpQkLVOVkKRofjS3KrIxWwZwWFJGe/TSTWwIThduwPFVO7DFefepDfqTDIFgwG66vUwv128kRbK45lTkwJZuRb/A9dQGLTbrsv06Xwk= Received: from CH0P220CA0018.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:ef::30) by CY8PR12MB7242.namprd12.prod.outlook.com (2603:10b6:930:59::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:09 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:ef:cafe::e1) by CH0P220CA0018.outlook.office365.com (2603:10b6:610:ef::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:08 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:08 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 3/9] KVM: x86: SVM: Pass through shadow stack MSRs Date: Tue, 10 Oct 2023 20:02:14 +0000 Message-ID: <20231010200220.897953-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|CY8PR12MB7242:EE_ X-MS-Office365-Filtering-Correlation-Id: 7e616259-a969-48ba-6716-08dbc9cbecbf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dwhSFk1V+y1oT/0xDrqkFI5ZkoUjDVmV2F5EYmDLTl7/d/c35AW+yN/WisXGCq7g0qxEyp8bHKx/j0SvfL5sYQnekSg050h09FCD/Bl84y8o7oSsKOjdaVGgxDOj7Mgyn/OnvGFjwMqtDnuQCbNcAgw0qk8BZE+nTEMPtN3+gxw5b0nUjUhvb9jcw85Egwn/h6JFTME3OO/ReA/wQyFEJiZ3jbkPkV7tqpcvFbg2ACkfK51UqZD3oC/rDSg8uGzwzZayc53kMfNFIU5R/UXJaEcFcAmEsfUe2m8X2g9LV9F0l1J20iyFECoBt5s0xC2oOA1ufaWYKZEsfR6pvyM0m4Janqg+jw2xeqQxDuqpOiWA26dnCdQDHWq/VuiXTD1lUuOOpcWrgtzS4KB8bIyipDz9k3ZTdEj+AlhDSr82n6Ryxj5r930ybnyILSriAWwrz0lIYZmJ5erS1Wrl3+PPG9XXObfbTP9mnNKPgjeJIsvKSVOJYoL0DD3TuBqUx1WEWlyH2GOItXpiegXe7CCzuHt1+JRQgFVGCNZ5+WSuIMMOFKFostqPzeKiYEqJYkCPXom8PANrvxald9Y+v0u/6hAkLaO2isQ8IFobPfV9n0nBsRDTisAAM+9+gaaLcL4YmGYA3OpP/gX8LorqWNbsuOdTR8uIQEuxyrYoAkGGan1HnaH6mFeOxrl44lBqyvCD6L091AYqjJpZkai/8QCmedfIQbhbbFdq5Eo9xQsFs75E4wwyWS7EdccvrP0tbAjKvxENkfx4YGGZVq1nNRVKtg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(186009)(451199024)(64100799003)(1800799009)(82310400011)(36840700001)(40470700004)(46966006)(6666004)(83380400001)(16526019)(426003)(26005)(336012)(2616005)(1076003)(5660300002)(81166007)(82740400003)(86362001)(40460700003)(40480700001)(36756003)(356005)(4326008)(478600001)(44832011)(2906002)(8676002)(7696005)(36860700001)(47076005)(8936002)(41300700001)(316002)(6916009)(70206006)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:08.9630 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7e616259-a969-48ba-6716-08dbc9cbecbf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7242 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:03:24 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400133215681711 X-GMAIL-MSGID: 1779400133215681711 If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e435e4fbadda..984e89d7a734 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -139,6 +139,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1225,6 +1232,25 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled = guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, + shstk_enabled, shstk_enabled); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f41253958357..bdc39003b955 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -30,7 +30,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Tue Oct 10 20:02:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150935 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp108064vqb; Tue, 10 Oct 2023 13:04:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHLHXVtOHpu3BL64NFCZENx1DG/JsZqNgYZAIQHO1pGQAn/uiwEJc5F1N1eArjKLj1jpfUK X-Received: by 2002:a05:6a21:a588:b0:163:ab09:196d with SMTP id gd8-20020a056a21a58800b00163ab09196dmr24718328pzc.1.1696968241675; Tue, 10 Oct 2023 13:04:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968241; cv=pass; d=google.com; s=arc-20160816; b=dr8toaRfTuCJ4aMEY9f69KD2LGZdjklN+rrrv7OT97HhP8+v37EYONPvIV8bcwrBbC l2AQStDMVetfXFehbLzKJzZK9kXYRtFjtFB+HKCOI/ZivJTd18mqVY3lSxW7OAZPE7tR PJF9G9MjXFmLYwohvosFf6IrkL4tk0CWPDucqR24EogHj7pz+LK7jHvDgaBWUhvpm8xb ChYb32xaeNgxP4OVaMQc04Kg7iq2hg5StyKpk/JIW6YT9BHJhMbhy0RV6QanQBKo7JI5 uIY+sPHGi51CrWmsVnTDnBOOOIRaczMaIR40k5t0QkZlQRm2/EH32WHv94ZGDCKoAB0t hBfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Jm/5N+PjkLaWgeUtJx/+Qz8BnEFaa5kYMsLajDPIox0=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=v5ufLQhri+mRFPvodIeSK7G9KUPbpvqB7zdI4xCPnmmOFIeEBL17y4U0e84tvRjMVk vOXsk9YigIb5w98PgES8mMMR/0OwXfuZalR0pGvvREUTtNWaPs+tUYQj5zR6A/wJygHY b4EFI6Z5HgGYDE1YFV2Mjuw3sXOvFTrLkZtlLvR3SHoInGvfRAj/8aTxZ5Qc7lFYqJfT 2uuPo0EtDtG2NnB9msEMyZTKUNgxzK4vkdS91rElRbWf+1zjXK1344YPPjsiMeoU//rY LpFApAwpKnuKeAOyvYqgtBNJQOE9QDkgnRGG6ZEgtB2gR9pB1xsIJfFsURLHs2Ddmlbj Xgjw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=tlJOHzoY; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id bk13-20020a056a02028d00b0059f0cebd04bsi235625pgb.763.2023.10.10.13.03.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:04:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=tlJOHzoY; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 612FB82DEE6E; Tue, 10 Oct 2023 13:03:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343634AbjJJUDc (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343574AbjJJUD1 (ORCPT ); Tue, 10 Oct 2023 16:03:27 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2062.outbound.protection.outlook.com [40.107.96.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E23AFEA; Tue, 10 Oct 2023 13:03:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZRC3ikJzuYtfHews5lSHSrKUFzz9UcBcuwudTd586hNvWJxica/YEr2tS0XnG0aHRuqC6LilaUiu8Zpa9oHukkSUJs8MPim4iNBph3XkUAQf38+OXKneUdYQbEXvzegbkstqUxaz1z5UpeXS3YsogHWacy4I8BN52AFcV1UIQn+cdm+6f/GtjLaYcEjnIxi5WixmgkRlS0jvxoJeVcugK0Gg/pDfLLIxDSVCVgxV/Ewv3evHU/yKxHPo1iLRzO2ilypX72RBTS9MsOYtrtWH7PCnkc+1X8l00mOiHNpOwyP9ZO8RLQVrRAI5gk/0zG/qwsKPFgHzdXJFc6Tsp18jmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jm/5N+PjkLaWgeUtJx/+Qz8BnEFaa5kYMsLajDPIox0=; b=aBthhHnuQsvcIe/TtBL44oHWrGpFZpqVNXvufuiwp1YTDMwZ/jhghu3Q5epnkiLlVovy4mWntfA9uGzRd5JZMnTyTaAtNCRlnsLh/YwTjGoxESWFwYG8IiUhhmShckTjY1CC8R6TP0ugQhasCefLvZo/HJU9AxAFfA9Ny07P5tlTVV8bLMiMq2RKfH0c62K84huFc7EVVP+vROwjGp837Q999R0oOmroSbpNXAjvSETezekJi9uAlXpRbWPDCzJK8WrL+r3rjXxqbqKWH2Tu4o4x8wuyNV86kMVGRVumT/6QMn/QM4tPyvLb8MCNtpaLPEDWbqIMJMlPYK+Kz4bBUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jm/5N+PjkLaWgeUtJx/+Qz8BnEFaa5kYMsLajDPIox0=; b=tlJOHzoYpD/5BZ3bFzgw+ZieqUC8bXcfG6NQ4+/bZHDEbL5m2EAp9BQ9QHKAUj3d4WmUqpAb/BXkNwvaMmXmFpopdguTwl4m6v0LUZn+j2FJ+2vw0rwFqPuHm7W6K3IGwFLzplYT3kxGjBiLrh8XzgZM63wG4MJFfj5c82FPa6A= Received: from DM6PR05CA0052.namprd05.prod.outlook.com (2603:10b6:5:335::21) by DM4PR12MB7527.namprd12.prod.outlook.com (2603:10b6:8:111::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 20:03:15 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::b2) by DM6PR05CA0052.outlook.office365.com (2603:10b6:5:335::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.20 via Frontend Transport; Tue, 10 Oct 2023 20:03:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:15 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:14 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 4/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp Date: Tue, 10 Oct 2023 20:02:15 +0000 Message-ID: <20231010200220.897953-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|DM4PR12MB7527:EE_ X-MS-Office365-Filtering-Correlation-Id: 2e29df9c-3b88-4327-b44f-08dbc9cbf058 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FEYsxGbe/y+puNGPycwv5hZL7bxSisBjUEKwWYegpJ+63+a0FCkeaJCTNEPWAmwr2cNAjcjqYXiRDrq6QgWITQp4bI7iSnxCe7byunMP0jXXf8JQN7jlqn183QAefhgOZuFszVvZjvtJATBCZKkgj15guJxfyIKmnztaTzV12EolMer54nfqRkadqJQnbcuBwoIhfMELgRwGzgqqMZtcxFjNfN0YlOJdmv3iLPRkCA4jgBzX9AQvNykrpatRtf2QcWwHv8xxlzAEbjAB8JYkAH1PtlLEVvSjnr2K9JI+TnSmnN4qoz0vJJUd554fYX+grh9rmJZ7VbXvEto7eho2OtAnOM7H/khHfVpGoQJGf/fk1QWblQdHy+A9i+vJKk8KSZmFxBe6fw4AEYoMTzzP2kFGJfwvk/XjuzZ3jmnAgttCnJfCk/4n64sQC2l0NU/AjPNjeYikpNBj7bo0w/A4f1J83fPqjU+k+CcElatk68C9yJRL9X/2N1GZGU8bhR5vlKF2av0NHEt7lkCDSyCf6PJVVMbQlCdISMiRFGT74bhyLcXgrI4dFZ4s6NiIpLbZrhrJj+6yzTjfjIPQ4wI1fKTuKFPdEVUT8aPKzrQkwJAtq0Sp80jrjf4LZRVv2mXWGK24AB6nF/BYtWrD6Ocn8fh9vVtcH8wmuQJ5IWsIto6jWGgJiQy1F0qnNrZXD5Edq5Ok5qDus59PHjyLRStqbkDxHlIp6NVMRbyNbHPY7pM0K0D9rsqY79IYSA9qK6JTCnWzAlq7McS3K4LngrLuqQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(376002)(136003)(396003)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(82310400011)(451199024)(36840700001)(46966006)(40470700004)(7696005)(2616005)(1076003)(82740400003)(36756003)(40460700003)(86362001)(81166007)(356005)(36860700001)(83380400001)(40480700001)(4744005)(336012)(2906002)(47076005)(44832011)(426003)(41300700001)(316002)(478600001)(8676002)(70206006)(6916009)(4326008)(8936002)(16526019)(26005)(5660300002)(54906003)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:15.0165 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2e29df9c-3b88-4327-b44f-08dbc9cbf058 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7527 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:03:57 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400170814678212 X-GMAIL-MSGID: 1779400170814678212 Rename SEV-ES save area SSP fields to be consistent with the APM. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/svm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0..568d97084e44 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -361,10 +361,10 @@ struct sev_es_save_area { struct vmcb_seg ldtr; struct vmcb_seg idtr; struct vmcb_seg tr; - u64 vmpl0_ssp; - u64 vmpl1_ssp; - u64 vmpl2_ssp; - u64 vmpl3_ssp; + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; + u64 pl3_ssp; u64 u_cet; u8 reserved_0xc8[2]; u8 vmpl; From patchwork Tue Oct 10 20:02:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150937 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp108660vqb; Tue, 10 Oct 2023 13:04:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHGgLsiPKYo2DOiORm7HM1ocNDL8lBE6oPld999k7lGkYYyHEcaYDzn5YlJEkaiywnyhZ6A X-Received: by 2002:a17:902:d2c1:b0:1c1:fbec:bc32 with SMTP id n1-20020a170902d2c100b001c1fbecbc32mr21567860plc.6.1696968290883; Tue, 10 Oct 2023 13:04:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968290; cv=pass; d=google.com; s=arc-20160816; b=bw8rMlJ9izE0PdtvvQRbhwlFIPFI4IGZRdjp7ShzYg7tAuvX8mQp9aIfhcZzvY9NRr 2XQ0zyZHF7MUR5cFFtHjtuNOLQfv/rrEE7X5R0lLLdXJnW6Fcp0w6Xd9jMKel7IzwhwS cJ3imtaI8y17d0EUlqnPvY5PgV0L3fhtkpEjdarWFYii+3m743RRRQi7xmjPrrAAP+QN bInLFyeBcA/eTMMpL8eXCidt8785Jf0Y8TawTk2zfH4moeSGcOFLcgxQvzh5y8IJQI7q 8/jMh9T9VBqBZkYe/S2SGG/CpymB209MwFW1F/CWTubQYdjS+a9QSTxxmncFNKT5qo25 04KQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AebH29OH5xeknYQdHx8m0v5SBb8y6zsXqPcWlCxf44U=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=bZzen5wIgB1RU/33wJhodK1kqamFQhQ0x9D4jaBITtEC1YXGf9DkP2b0z7oJJ4iye5 JBIFp54KPnO3RlIt/6J2E5EAlV+UEWwY6PHtfga5SXYZlF1OFZpE3mkZyHvW0ebnzwvR YTSqDeB6bnCP1UHt+Rx5xhy0JT2MiXXH0XfQHXV1X4kdGIoiJuJNhpFjH6GGYQDNkV3o 4jxaJFu5o7c8ClDKxNxEpUisSN6CQKBircjYwH1lRaoFx2+1Sv9hTI3zkcFJDnHS1l1p jLtXeZejGy5FGwFxvJl9KujWO8BlZh56BbVjHWEJUrwTcidabf8CRpqmvf7WcjKhVZLC nWcQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=PYbvPluC; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id lr6-20020a17090b4b8600b0027779681be6si13825489pjb.70.2023.10.10.13.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:04:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=PYbvPluC; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id A842C80C2551; Tue, 10 Oct 2023 13:04:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234001AbjJJUDo (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234534AbjJJUDg (ORCPT ); Tue, 10 Oct 2023 16:03:36 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A51C8ED; Tue, 10 Oct 2023 13:03:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mwd/PvTVXWI6+NIxK4bO8Ix3CdE/w3ZgbMakKbZjtufwdkFr8G4solQ37/lw8QcVqlm3h5OQwrIXohDLXqIoW5l0vPTg2jfRlacZCM8nJkEX0DY5Zx/5tFc1haCoTVo2QMBX8ujMrEp0FvRePVu2PWudlkZdrF97+kAq2clSvOj+Zni6c3ymGpawx+miS2cHygW6dn5Z4Ln9YLInvXSVchdmFH++usUHiNccSdwxhKOMEwhBfU96oeLJzx1LREpe8O2YiwMMr0GonSMk3SjwL0hRUGCxfnUKylI1koMEj2njT2mwYDYKt92rNFVaQ2UFa+JHXM3+gHHyRlYU9lXgGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AebH29OH5xeknYQdHx8m0v5SBb8y6zsXqPcWlCxf44U=; b=U/VHO1dg5tCxDGZOnprVwrm4BDYMFNMCntzU75c7ZocyDv4gyyKrJQedxP4y6b6EI3RHGnuv+YaHeDIom1G2HKfESYCYVMkJ6gm2k/Qt0wC/8/oRnWPLqIRKtQdIOA7EoCsPv8W0vZuNk/Sd0og5h8iLhRkClFFngVPom7/ruucGevF7FcpD3jpmFUbtezRHC+FjaUJqD7IjkCyRYXCZnu3iJH6N5nn62UtqxFHGPXvolunHXWMe/LQPqhCtcbf5xn+foJ6iftBTGJ/TY6BpaZGQJEu/GWi6nSY7Svig063DII4qAiPJ51hd1Lu7y09wk9h+rCnczHUXm4Yfv0rfUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AebH29OH5xeknYQdHx8m0v5SBb8y6zsXqPcWlCxf44U=; b=PYbvPluCWRNw6iFm9b5Phq+ZSn6hKUegTeOrCSwgigal6E1HV0QYI3r6yzqCudoQa0fm+p7VRkuoNyj2aCGEv2WJolgTSW2WX3bsboEwihI+JZdhlDw11o8Fa/Mxpb81ZBuCUHXGpGYLv3U1h6gAcumWFR4FLWW+LvoSu5tPlWk= Received: from DM6PR03CA0086.namprd03.prod.outlook.com (2603:10b6:5:333::19) by BY1PR12MB8447.namprd12.prod.outlook.com (2603:10b6:a03:525::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 20:03:26 +0000 Received: from DS2PEPF0000343A.namprd02.prod.outlook.com (2603:10b6:5:333:cafe::70) by DM6PR03CA0086.outlook.office365.com (2603:10b6:5:333::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343A.mail.protection.outlook.com (10.167.18.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:25 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 5/9] KVM: SVM: Save shadow stack host state on VMRUN Date: Tue, 10 Oct 2023 20:02:16 +0000 Message-ID: <20231010200220.897953-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343A:EE_|BY1PR12MB8447:EE_ X-MS-Office365-Filtering-Correlation-Id: 4a24d432-8c11-4c1a-194b-08dbc9cbf6fe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZuspEkZLMHUbe4nhaK1wtMuiT88z9+HdFdlEK32RIHUvxGZZ5tAWgjJRYehEaNfcfotkGL656mfcv7GIuS18zbGhh8A8PbQ+eartDDv5z8G+x0NVliFZiA5Y7MZs3CB5XsGWvsSVjZ19CQcqPSzmS86XSgtJxkQC96w6nNV+N2RBen9WsPyesGF4wjHInRRHJ+T4CGekuCKcStA/g4YVvrenG3jcREdpKKR7SpSubxwi23wSq7pmJg/5LK08wz62wsiXtAdaAhYCBXhBZeuOYvFUwmyMm5sYxU7cLZ+ZB/rSHRif54vk2806eQ9D3sxul9pXBXszulqmqGuPaR3Xjyhh73kvEI2L7SO46pcuv2dHZ6a66qy0pqYCIwmq2/6s28evkKhohKFZsw3A/jqVtgiFpcXMW8wD8cJy0rG2ST5fcOYl1TCOf68A36RSve8zv4uohQXA1e+Xc4zNOqU7OxhwhjV0fnXCP8a/RK6HYfuFaLmnHYlbW1p0EL0WQToPA3biVpteGbnO5Mdn/I0fGWS/sHPUVZFY+tgU9AjFQ89jFDsM4VTI9BoSMyIJ8GCoSsh/m8ykWj12B85nXbj37quCCUvX4gKQ637UD/+ad4c1Nt/vX42QpVUYkzfhr/mBuGoswbuV3HboxISRHHmuCQFvBt+76GKS9ElSOb/lXpkRQaX5I52uCPd6qV653CgkW6y+3jJ9+l5oURZTVYsK2G+kF4zJkO/PoPzw05Zy8+PEIcVB2bGkAU/VReyaJJmK6oRf9pq0GoM/2im1bKGKwg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(136003)(346002)(39860400002)(376002)(230922051799003)(82310400011)(451199024)(1800799009)(64100799003)(186009)(46966006)(40470700004)(36840700001)(81166007)(86362001)(356005)(36756003)(7696005)(40480700001)(6916009)(2906002)(82740400003)(478600001)(8936002)(41300700001)(4326008)(44832011)(5660300002)(8676002)(6666004)(1076003)(336012)(2616005)(83380400001)(426003)(40460700003)(70206006)(54906003)(70586007)(16526019)(36860700001)(26005)(47076005)(316002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:26.1667 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a24d432-8c11-4c1a-194b-08dbc9cbf6fe X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR12MB8447 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:04:38 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400222818755491 X-GMAIL-MSGID: 1779400222818755491 When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. PL0_SSP, PL1_SSP, and PL2_SSP are currently unused. Manually save the other type B host MSR values before VMRUN. Signed-off-by: John Allen --- arch/x86/kvm/svm/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b9a0a939d59f..bb4b18baa6f7 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3098,6 +3098,15 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) hostsa->dr2_addr_mask = amd_get_dr_addr_mask(2); hostsa->dr3_addr_mask = amd_get_dr_addr_mask(3); } + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET and MSR_IA32_PL3_SSP are restored on VMEXIT, + * save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->pl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Tue Oct 10 20:02:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150936 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp108219vqb; Tue, 10 Oct 2023 13:04:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDCRP++R7PoxzEabaU+kGqP2emONMhsS/JUmV+ox912O1plfMnig3VQMzinXTVdOeYhv5p X-Received: by 2002:a05:6602:140c:b0:79f:a8c2:290d with SMTP id t12-20020a056602140c00b0079fa8c2290dmr25145069iov.0.1696968254624; Tue, 10 Oct 2023 13:04:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968254; cv=pass; d=google.com; s=arc-20160816; b=Y6HqUvVLwlMlABG2hRHNUNQY+Ln5xipG0XG/jgNKGSYXBGCyI2qXSBNZ0vF+mfQ6O2 bNjYuCHavOUbAiW3uQy9dDITg4x2yuE2/TBN922+gpHSsEH6ij8HAD+2T87YzlKks5st ZhzsaIoJ1SxeOVMgyEiAUwG1nkdc3uuntTPQfiHIfdQkIDSVf5fOgA7MuYzuCoIHj9lb RImhiK7ZmhqLP91WSEF4wgubQRrYxwnndpjFkIeb1V/zgaySldlHnx3kxnK6OQ0c9+Mv COaDMGWh+8uoOVMjPF1dEcRB7A/ilkZZtmzHWcRzcqcOn+Bxbm3wt133u4jMaEpp1ng7 Cexw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=k0IGP/v8NTLSUIQJeufZmxOBYYK/50JjUKYrrJPZTTo=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=C30vRXAgPSpXhFPJCAA1mb1k5LSigh9R3zxkbf6hzzDKFoZ1kxN46OFmKvI3Xa3mgM taUc7OABGlIUT1KbNFzYuRy43sRWvPskTNPu66vvJJ8IshSkCQc1rlLJHVmp0QXA67+W /85nh2rbjVTu3cOU4CX4YppVmwrz4tgGb9oQzzwlYBM9fieO9KPYAIMRXW0+PjBaRoSH zbZ2tzi5jDBXphH29eAMvAeigtyhe1wqtSlPYWJ5YfCsJ86lC8LV3whXFPWqdHcX3xyb MC9bOrLgo0KRlDwzxSnET5V4yNAZa/ugOmw87wzIvKvRcJRBXA7zsM8n+aDJsEafPjMJ y8+A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=hOu+AQc8; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id 26-20020a63115a000000b00565ead2509asi9816164pgr.199.2023.10.10.13.04.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:04:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=hOu+AQc8; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id AD47D803D025; Tue, 10 Oct 2023 13:04:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234623AbjJJUDx (ORCPT + 19 others); Tue, 10 Oct 2023 16:03:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234365AbjJJUDq (ORCPT ); Tue, 10 Oct 2023 16:03:46 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2081.outbound.protection.outlook.com [40.107.244.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25878120; Tue, 10 Oct 2023 13:03:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LkLjsDL5iQDB+BUmeqp7teo7nNJ4wajZM2NDIPTttLfPsKk9MhpV5ePgJKImnHCCP/JnVvGJzq1exYjyLg6hoJ5wBBEuqPIedBi26rp776snjWKqwpeswFM/6WB+EgmnoQQgd80V4eeFzjx3gV3OwgnyPs5EOs3m+0SGuhUarstKZFDxjnYkMzwGnsn18I3Ou07d+cuk2Zl3ld7+c9zZZACU/BtmhbIydSsyjW3QAgAhaWPbEcF01Zl+rjkeSMpCoePKwEkBstsKegVw34nJYIlDXL+WL91KJzaybN0ECunbIRLFU6pEckEa/23W5gISJpQj8No2R3FDm66iuUCVzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k0IGP/v8NTLSUIQJeufZmxOBYYK/50JjUKYrrJPZTTo=; b=GMARLooMlMntdYmjgJb0U79CzWOvMWHLOAuWBfOPa6ubDJQO2Oudsqk5Qfwzu5ebsfhRZOtPLS7gQZs8q0OtxZk+06s+f2BaEIgMMHmHIP7fzokaKpIhD2s0JUJNC+dQxfCPk98Ju7kucb61h5spDZtFGRCiaONYAJFzk+fQ7aPJRywNcwJhbMbo63KjSP/t5lD0pua4D+0mxGelT3Xg8QVjY+hSj0wjrJCCUDIjcP1xOn6acqeOYUMr33raWcuInyRmr3fe5GV0+zr2pBbyixfJN7NC36+kfoy6Mc6y2gLELv4shKIteyMo803bTrp8tU7j5/+nYt7UCRkDl1/90Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k0IGP/v8NTLSUIQJeufZmxOBYYK/50JjUKYrrJPZTTo=; b=hOu+AQc8QvCsRisPRVWOd+m1Jjarp/eRbFNJDf1TTZwb+QtYlda4Rm3xlh/mbXvIk83AkOHPlpvbI3sIEEjNDNtdYWXPKdp0hKmlqiokB44Ip9Plqgf1Di9qVoseQBkla8iz3mp9/615N6Nk3mtcvgCYBlpzX8SNEN3MUQO2RYc= Received: from DM6PR13CA0044.namprd13.prod.outlook.com (2603:10b6:5:134::21) by PH8PR12MB6819.namprd12.prod.outlook.com (2603:10b6:510:1ca::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Tue, 10 Oct 2023 20:03:33 +0000 Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:5:134:cafe::5b) by DM6PR13CA0044.outlook.office365.com (2603:10b6:5:134::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.20 via Frontend Transport; Tue, 10 Oct 2023 20:03:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:32 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:30 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Tue, 10 Oct 2023 20:02:17 +0000 Message-ID: <20231010200220.897953-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|PH8PR12MB6819:EE_ X-MS-Office365-Filtering-Correlation-Id: c905bd20-c5a5-47b1-0415-08dbc9cbfaae X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GhfpPJBK8gOjDjVDG+qEqAltBHH1uOhuZ7qVVRBpdnKWYI7n9bZyo4nQJvMBzc4X5VdD+/PT67dG2LWsCJ2Bu7D3tjszkrRtJkpGBF7icisCIE3Tf7D0amVakz4+9lGnZn3tR6yFTCWs39DhGf2lNaR00a/HCNy6Qr/tjqDKz9OcaoF4AfpX1BP+i8yjGAExnUHcUTu2p+OGn5oSprp9aIZE6XguYUM5rjVhWh4XX2YiguxSnbjEKAd23Gq2V7BWuOIc1qNMmptdNzFxvT6s/dNimkJ0np97WLl2EgYgYJkcGdHtGz7rxGlPMOBGZpsYjJn9EeFsM/7Idw14fwwtvYTMofY/Ai+ZW1iXxXOgwOZbVUCAY4mnVWqiS6Eo+shfavW6pYj8Tk7yum0EuU2anT/Lz0hbbh1V8BymUTEodXKzrbjzH87ndY2PbFY8PVL+ivnfJDLYx0YZhNWyyi1e4b8FJn/yvcajFipC8eN899t+VQv0j72NBgPCqqeCFoIeLLUBpFAf1yPWLtka04juHuHYKDazctOf2EIA+/XfrmiM9TroL1YtH5f/pyzBTQ5qL7FT6GZIDW5bG4yBZXy1MFw7bc4oQprxFYdvDQ8AYlnylmfwrW9kMAqul14ridjkejNNafCG6mrGp9dGIT7oADpA/VjawHS0AslVoOP83f5bj2385wUKPpUFhYyDQtB8XK5ilzBQNOJSTow4wfqPZaiy3aYHdSbsbinPw9Cg1UGvwsl1QliwJmPSt/Xo8qECHwKQXGKSfKsOvcMlGPGK0A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(396003)(346002)(136003)(39860400002)(230922051799003)(64100799003)(1800799009)(186009)(82310400011)(451199024)(46966006)(40470700004)(36840700001)(1076003)(40460700003)(82740400003)(36756003)(40480700001)(86362001)(81166007)(36860700001)(16526019)(44832011)(426003)(47076005)(2906002)(26005)(83380400001)(356005)(6666004)(2616005)(7696005)(478600001)(8936002)(336012)(8676002)(4326008)(6916009)(316002)(41300700001)(54906003)(5660300002)(70206006)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:32.3372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c905bd20-c5a5-47b1-0415-08dbc9cbfaae X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6819 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:04:08 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400184567165786 X-GMAIL-MSGID: 1779400184567165786 When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 3 ++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 568d97084e44..5afc9e03379d 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -678,5 +678,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bb4b18baa6f7..94ab7203525f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2445,8 +2445,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb); - if (kvm_ghcb_xcr0_is_valid(svm)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) { + if (kvm_ghcb_xcr0_is_valid(svm)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (kvm_ghcb_xss_is_valid(svm)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -3032,6 +3037,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 984e89d7a734..ee7c7d0a09ab 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -146,6 +146,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index bdc39003b955..2011456d2e9f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -30,7 +30,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; @@ -720,5 +720,6 @@ DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) DEFINE_KVM_GHCB_ACCESSORS(xcr0) +DEFINE_KVM_GHCB_ACCESSORS(xss) #endif From patchwork Tue Oct 10 20:02:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150943 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp126174vqb; Tue, 10 Oct 2023 13:42:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEkQEVkobo7c39GonKi6YzwpZ5bI7/Ffm6E8GzaCW6/iIKqKn7SfNUTm7PPT2Uh9ngBwHob X-Received: by 2002:a05:6830:6c14:b0:6c6:473c:9ca0 with SMTP id ds20-20020a0568306c1400b006c6473c9ca0mr19684880otb.3.1696970551916; Tue, 10 Oct 2023 13:42:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696970551; cv=pass; d=google.com; s=arc-20160816; b=i37a0YOtguOs3OZIwFYlh2OpdNQGfrhoydwyHgzhYeGwEuDu1yhcg264yyM8xB6FOi Zx3hC9m/jLvm9haZ8SsCC//VFWm6ODYNe0ScCUKLNVEVlVR47eWgR3bZTBhle2glBDLV V4Cm4k09RdWasDnjAf452ItmKm6KWgY/0ZROg5C8qMc/7/BtJUPnY8hAioyEpTlfn8YK dlo3a06WJCitU/fQY2G2P8kNP1R4tDVU3FVMTWXb518AaU6EWJGqOW+Brgnfba/eW5DW GCrS7z5bU+Kw7IDMhfQ7DQJbbyrtBwa+axZzEBoW3TClMJxImsfMnySnhYnjoSRJwRMf R4TA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7MMo2qNGd1TSpoYke/QjPNh9TxFsE4MZ1BqsHzUXqOA=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=Ok7e1Y2BlFklYL97dHvq2qSUUZFy+mbkR/tQ6iJmQ0D00zajwaawjsuzdPuJLHAWl2 qVZ81U8VqHj7ajNy55/WAVxYRb6rMGiVjHon7o4G15Fx0hxxea1Xodjhp5cBZtYjM5/5 wJHuqyYIdoyn4T05jynYE4H4UMEc/vfIKApVA0vlLRp+buGjnUIvM3S712dY56B4jpSe wUqymuTPVqNHeQDYEnclr0WEz5V69S0uNe2WdyNpDLrMfYzG7znBhahNBK1hs7o6Exxh KeiFlt8DXm2kaOk2vdJhCjiQrcIupqUiSLhf+AweGJF7wnFwKydu+bMQGmlAIKyBhFFf ZA9A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=SfA6A6Pq; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id y7-20020a636407000000b00578d6cb1a16si2465194pgb.178.2023.10.10.13.42.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:42:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=SfA6A6Pq; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 65742810EC01; Tue, 10 Oct 2023 13:42:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343707AbjJJUlz (ORCPT + 19 others); Tue, 10 Oct 2023 16:41:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343698AbjJJUDy (ORCPT ); Tue, 10 Oct 2023 16:03:54 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2057.outbound.protection.outlook.com [40.107.237.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 607E911F; Tue, 10 Oct 2023 13:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XtcLyxtqk6a9U1RNObnPWaocqCRIFnOkOLLXAC/AzCWHuEGtBId0EiThnU+VJzesSDvYgk4UEw/z5dcY1H8mUDAgFkb0xbLroTjRZYQqO9J22qad/T0P1W5vmpHvLorATDqATCDXfqnc2BmzRvmUmq7qMd3f5GG9N7qTLdGtJYTKyhQYKN7a6FgZB9Tjmnxjb6qQyeYj8wL0B5aVRDLU/I3Z4yoUgORss/SA/5xSLv7WTDIFJTLLvm7wQLycv4590lMOUaD5oCGhCkgQKQhANKteb4zwpQ/kXkUYKNE9GX2xhqJddgJzE8qsycGeHoULlb/TGtOUz+XGy64LIE4BXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7MMo2qNGd1TSpoYke/QjPNh9TxFsE4MZ1BqsHzUXqOA=; b=DyoVdAhPKmtDtE1HEMo0atjlWdswmLW0su8P3q/tCH4uos7nxCT8EbQZC7aCGUk7hPrS1XncGrlOrbAhLbl4EL5tCGaauXmb7i+KJ+wfJQPI9iIgBY3gCClSqxaXcBo2IPWovZMGn9cIrwnDhz3oA2zQv4Ji65zIAQc6sDD19kQ7fuiujAqc0XUUR2UkWmgoxu/Kk9J5pfV0y3iiB37PzjjX1D2qYXL6faQaChrsnRb+kBniAFCWMJHrxuX9TSF7Cc7VjjkfF5zr94gheffhvYvM6hvBext80/AH28tqmk9TPCsjzp2tvYVhJNAr7O1PChz+gCs67yoxYhYzqsB4FA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7MMo2qNGd1TSpoYke/QjPNh9TxFsE4MZ1BqsHzUXqOA=; b=SfA6A6PqOulTKIKJj3K9IsVnUPgHgpML4n5ckQYE72cthwJ+BZ/BsD8KQtTHa55cbMRqZ7+2LpJlMzZUcoBoLZbWf3ZxG5+b6FuRcbU2EtFSsmWlOLDGkOOJm0ndY0fL7xxsF5GCnsrYLOdojyW5PuNmx5G+ZqAdLwOnJlmDiE4= Received: from DS7PR05CA0005.namprd05.prod.outlook.com (2603:10b6:5:3b9::10) by CH3PR12MB9252.namprd12.prod.outlook.com (2603:10b6:610:1ba::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.41; Tue, 10 Oct 2023 20:03:38 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:5:3b9:cafe::f7) by DS7PR05CA0005.outlook.office365.com (2603:10b6:5:3b9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.23 via Frontend Transport; Tue, 10 Oct 2023 20:03:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:37 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:36 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request Date: Tue, 10 Oct 2023 20:02:18 +0000 Message-ID: <20231010200220.897953-8-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|CH3PR12MB9252:EE_ X-MS-Office365-Filtering-Correlation-Id: 678a93af-2740-44c5-23de-08dbc9cbfe00 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CVRxH+Le6wKjekmAA0nXDYfFja1PF8YXFsxeN/KlInGFFFPF/vCcujWrAWCzh9re2KW16rNkY2xRit5TLxjRF7wBBBujA6lMBVE8zc2LVXYC2q12+Mdup5QnzWJQwRw4pNZv1RzRvRuBjKtGyshtCJHuIUJJgxi7tn8gQM6RYZIsCKaTmcJbm+CNSiuQOG5sSqoh81fjYYLp2TnRki7OYg7QfgRWPY6ZB14LMN2A5lPuauo3LC+cw2qgqhfiwHj8UeF2GwYqcxyL4Ie8LBXWaKrKA1LBnc7Gm1uzRen5lmn4tkQsseTGddtgt7ZsmT4G6ksh1w0ZAj7LqWHnaLePn19A5kal0ZuWyNzK93pRjxvQSkV1A/hRtEXrkaTKdIMeYkPxtOPf4f2ZFrmKZvRLKe7F+1Qs9yHDHRMbitv49KYHuUGf/JNdkoRtxoOLEahxtOmf9Kt/dZ4TDxiLqbxVTlQ+wr5OQehlmbJuJij4gBJ+sX3dPLNwOQhXDX0aZkNLQ5fT9cmlxhgpzJ95cB6lJHXLBc3qGLrSHJnIDd/gYB4WUykfwz3hEHwWQHNbf5cYF66Ql9xfHwQ3zukHFbiZxkydX9xMeG/nK8Wi2LdwpJPg8nJuZIZ2dyDxaB+qX9zfKfXSj4xKcHhNrJrjx7Z1fUYPAvgc6nzVBc2GfG2lTu/XJB1INm/i6bt9n2MpKOhTusBOM1e6vkRhFMwBeoNfyNy22J9F4anVfUi/Bm5yae3Y1i29x2tNSetrI52OfVMIW8GmGfAukyLG1oG/XvbCAA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(230922051799003)(82310400011)(1800799009)(451199024)(186009)(64100799003)(40470700004)(36840700001)(46966006)(40460700003)(16526019)(356005)(86362001)(1076003)(2616005)(26005)(426003)(7696005)(36860700001)(478600001)(6666004)(36756003)(336012)(82740400003)(2906002)(47076005)(81166007)(83380400001)(40480700001)(316002)(6916009)(54906003)(70206006)(8676002)(4326008)(8936002)(41300700001)(5660300002)(70586007)(44832011)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:37.9242 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 678a93af-2740-44c5-23de-08dbc9cbfe00 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9252 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:42:27 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779402593621336694 X-GMAIL-MSGID: 1779402593621336694 When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), the hypervisor may intercept and access the guest XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. The rdmsr instruction needs to be called directly as the code may be used in early boot in which case the rdmsr wrappers should be avoided as they are incompatible with the decompression boot phase. Signed-off-by: John Allen --- arch/x86/kernel/sev-shared.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 2eabccde94fb..e38a1d049bc1 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -890,6 +890,21 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, /* xgetbv will cause #GP - use reset value for xcr0 */ ghcb_set_xcr0(ghcb, 1); + if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) { + unsigned long lo, hi; + u64 xss; + + /* + * Since vc_handle_cpuid may be used during early boot, the + * rdmsr wrappers are incompatible and should not be used. + * Invoke the instruction directly. + */ + asm volatile("rdmsr" : "=a" (lo), "=d" (hi) + : "c" (MSR_IA32_XSS)); + xss = (hi << 32) | lo; + ghcb_set_xss(ghcb, xss); + } + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); if (ret != ES_OK) return ret; From patchwork Tue Oct 10 20:02:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150939 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp109586vqb; Tue, 10 Oct 2023 13:06:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IELVV2zAkbv7lSkSSKaQa6vfA2jpIGq9Ijzvp8ZCnXhwSqXk/zkUzN8VUgYTFOZXSAmWr4W X-Received: by 2002:a05:6359:639d:b0:149:cbfd:c663 with SMTP id sg29-20020a056359639d00b00149cbfdc663mr14743568rwb.2.1696968386137; Tue, 10 Oct 2023 13:06:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968386; cv=pass; d=google.com; s=arc-20160816; b=XTojem/xdWUrdiqhvtFGw3y0zbPEAD5BcmQdQXbatCGH/TNgPlQXRQSqVafPUlbhdC axZTTDA0iZFI/isq9NZY0iVYqAKr8bHvDI1ZZrPUco+1lhxatEUHEHsfAIkSlfW78x6Y N/ayI7ISKWaqacO/cjqnWOulOwXgBWdwl25pI3v4dPfgA2HK1qOHpta4xAIaZaTz/txG pasBjBcg6kwUAYtwrXcIHn+ufv5QVVcoQvaCbWJ835itDYlVhIUco5E3oPmUgfYh+YDQ MvLwcllYZrSR/Mk6x/3dvLoC6teVcNedfdyrXQFNCdD7iBh6lcZA/VxgRmZMBvMynC1G k9gQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Zak2dgjUMS5qUipDaDvV8QVbeVAnVRyna3C8IIn4zyU=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=h0ep2B4t2F64ZPGgDEKM1gJnMp4P5KjuZkRbeZbgnVh2RA3Y8/c1AIwQVQ21fiE48F dl3DEEJExx4VmoH7SKiH/aOKRX7piADi6RJfR0WdpH+ip1fA0IAonyESyh+6OaVuAmOY 47djv1fJNrz8ngpkCVKAdyUa3n6eyYUSCH9f6lQG06RE7IEBGkSoylOmD1+IBm43bLfr PS19VFT8t9oT27PnIH3RUPoWGOmfhXGnMMk6SQL1xah1itqGGDl5lTaMxD8h4H+DXA2P XWhskpQcKBZxQrFg9WKYR6BRlbR/5oDNRVYGfygJ9+mptFQyKRYZTcauXr3fBHXhBuoJ cUvw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=mus+ZOh0; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id u11-20020a6540cb000000b00573f93787e4si11822059pgp.103.2023.10.10.13.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:06:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=mus+ZOh0; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 3999580D5FAC; Tue, 10 Oct 2023 13:06:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229907AbjJJUEI (ORCPT + 19 others); Tue, 10 Oct 2023 16:04:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343861AbjJJUD7 (ORCPT ); Tue, 10 Oct 2023 16:03:59 -0400 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2078.outbound.protection.outlook.com [40.107.101.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AFAC181; Tue, 10 Oct 2023 13:03:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O8J0F3V7CxQUp5SXQfPbTGcwu4M0xjEtTS2y6clCua1WCoiReIpdTR1Dr7yWnbZ9OQ5699gqmNGoRreqwLaqJJxwvNxo97VRHh/XXhFno9CDfOa1va+5EZS43anxv50dFqE+2LFw/a6XhkOP857DqUPML5lkG9iss6/rzrHSBwqkX4BCCbkBBS8EWBlGz5lwETLfJhgE4DeKTsj2CCZvyupRfSLviu5qp5hazvm5pSTzznmh/yCWZ9WhdTMcHd/6MBm8lImXb+UkWAcyBFs+appw51oD/fnjhXMQ017/nwy6kTBHL2gS2eK0tfVsgfrPKy4bLB2XtXtqcWiKc+FeIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zak2dgjUMS5qUipDaDvV8QVbeVAnVRyna3C8IIn4zyU=; b=mktNG3A2jeXqPKFFcT0M2MC2PiDJQJs3shJ4vOQBMviaHmCNSf4aVPhyP/S5Y0+2ekiGcRFiC+5Fsw4+2ndwWTUHKy0PZUcUWDOfc+Mrb+wmpRtB00PdxWVyFNxmAGtVuhchxCVJigyiOSuFG/PpXK3k5gStsnJtwA33D6nrgu4+Xd0VT5f5xDXMhgrlJfJjRbZVZNeXn17Kzl4Tpz8oEgkd4cBMQhojjwGOdvGbEoSiDs+g+2qlNbDb9yq+7b5tRRpLgWhH1hFmvYL7gO1Fw8KgHsMMZA7Cj+0C1i/GrZQq+vXy5FZVJvygYkAbkMQTFIX7pGbzjX1IIIMVbbS7Ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zak2dgjUMS5qUipDaDvV8QVbeVAnVRyna3C8IIn4zyU=; b=mus+ZOh0Ivn36R22PMipDfswunF2adyNAY9ngnJZm3Uw2PWVhVZ+Snj30w0c6OtMd2jRCInSo2hvlLVP8De4jsCxncuHufQw0UCIWDR568N8Fljcn6bCZIxfMZZytN5/P2YpDfohjzCijpBlJksvIC4zOCO8JJ8W7dG1Mt2ZU+g= Received: from DM6PR05CA0047.namprd05.prod.outlook.com (2603:10b6:5:335::16) by DM6PR12MB4170.namprd12.prod.outlook.com (2603:10b6:5:219::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:45 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::cb) by DM6PR05CA0047.outlook.office365.com (2603:10b6:5:335::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.21 via Frontend Transport; Tue, 10 Oct 2023 20:03:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:45 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:43 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 8/9] KVM: SVM: Use KVM-governed features to track SHSTK Date: Tue, 10 Oct 2023 20:02:19 +0000 Message-ID: <20231010200220.897953-9-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|DM6PR12MB4170:EE_ X-MS-Office365-Filtering-Correlation-Id: 833f4a0c-3326-4d60-1199-08dbc9cc02a8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KCcvyWojtGGezGkYqfZTrnoB4KWLLInYTpyYc4sDe48dVMEIbMCGf2aVklSE35Osc3TQyFrVmNgrxc/2J0nz6dV575BSoQyvLm5zAHCcmNJqXab9dc6bjkZNihLQLeVo5ck84md1n1XR3i9dM6AksmkBqQ5uvvyIbubQP9YIR6mYBhLSNJdlFTaSMw/hQxhZYRD9IglkHzR0yOxUKt5q2HKzMO7zCkGhQi4j15C++NPmpEalxLw82SiPUsDotrXVNMspXIYmBPeivf17opk6zQIr/p2UkaBIUOJ2R2TXmJhqtGRkIzfDNtEs1XNYa6maRLi72dZBHNYflnTKZgSmedIydh09mMIr4Ss3ppZmMY2jeTZsSTLSVh8/h0lll6dl0jidzJhV1At1OpmKdl7eC6d9q6h040evOdE7BdqqHuJ1sJ/nhOk6PTOdIP6dSvt3tsnUgBoxV/BxOHL7CCyP4uIiud9ProeAA3KB0D8TbZd/dnMTfLEpwEhPxgV0qbvTHdgZAUTIQFj2A7g4wLaI18DfhiGmzLr1qzyzsP06Z4RRFiP7eJy31b1Xhr5gWHvqi/litUWESVAOz5wLYRsXmsGZAq3f90Cu79f3U/JQ1BE2YIKa8wM+rtL2S6w4ic7am2FTkSABFiB60XJlrMQ6PbZLMqmIdNY35IYxP1gHlW7nSaRbyGFO7NBqMEgoqHaQe+scxPr0MmcRwiJDjW+7d+d2sKL9mUW2quS1ohhotCKIKYnT6nytgVGe2jeu0lOEDx6QyMmrYTxmWjQWcd07tg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(346002)(39860400002)(136003)(376002)(230922051799003)(1800799009)(64100799003)(451199024)(186009)(82310400011)(46966006)(40470700004)(36840700001)(40480700001)(40460700003)(5660300002)(16526019)(26005)(1076003)(82740400003)(2616005)(356005)(81166007)(36756003)(426003)(336012)(41300700001)(316002)(6916009)(8676002)(54906003)(70206006)(8936002)(4326008)(70586007)(86362001)(7696005)(6666004)(478600001)(2906002)(4744005)(44832011)(36860700001)(47076005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:45.7356 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 833f4a0c-3326-4d60-1199-08dbc9cc02a8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4170 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:06:05 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400322523026082 X-GMAIL-MSGID: 1779400322523026082 Use the KVM-governed features framework to track whether SHSTK can be by both userspace and guest for SVM. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ee7c7d0a09ab..00a8cef3cbb8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4366,6 +4366,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); svm_recalc_instruction_intercepts(vcpu, svm); From patchwork Tue Oct 10 20:02:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 150938 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp108675vqb; Tue, 10 Oct 2023 13:04:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwpWKEXa0nzW1Qw4Uobkav+rMVTT58r7li49QRthKiAa4nYGsMh60SQCrQLY43lfxIr8wF X-Received: by 2002:a05:6358:830d:b0:15e:5391:f1e7 with SMTP id i13-20020a056358830d00b0015e5391f1e7mr13028976rwk.3.1696968292215; Tue, 10 Oct 2023 13:04:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1696968292; cv=pass; d=google.com; s=arc-20160816; b=cGhXufwRgslxZ/bchVK11VzCHIyxQfgTd/VsrL/VYFRtalnCx9O4o6MTpQDKBQ0h5n nFLqMBZOjtbaHnpE+9m8vydQMcZw/rJpFPJg47bwx9Ovr9ix/EHcgGdcSTw1op0F2L+f l/jRdwZ/FAzd7WAsS3TW22L+oR7YLwnR9itVbG1TxznTCGhXi6Z6hUokr5CRMQPZsB38 KXIA2+FsV/KzDqQwIwLjQr9QJGX2E0+JiLKh2qLfzaZvgZnZ8N+XUhxd6b3WYGgEPjVc 0grdN4nlIJDNMLJP6fvBUUaItTB+G2GyHgmRnZCv7GAuKgBPMk05Iv8q5x5UzSpsVR88 gZaA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WkoCrVKmGDI9hJ00SrCItoojV1MeeJLDkvk0tWwF/lk=; fh=YsaQLgy1f3waabOGRB2EBTcbAbdCzDUdwWjn34lJ0cQ=; b=aioSFUZrdjxoRO0unl4zDXhj+EFkm5BhCKv+PMF0f7Oc5LZJ6bzXihJn8JEzIbs62q EbkDByi8GnyCY2wqmuDZxcf6RcYbSv/Su5QM75Orny5nGyrX8YlwxXaH32t6PQHv6YuM SG9Who86oknGPOiM1DcsvlBrUwhe4xEQzDphIqcqtD0izbggz+agfe9qUBdrHr24oPX2 LAQc+FYw68iCEyTf3WH6zgMJHWflhCL9CVOuIKZbX+FJUkYFv19WnttKbvVdc+EisHht /r4ldDaQ1x/TGZ0w9Yn2eR/K0B4nYD8cosUtPi+H+5+N2I/xm/VoKnDBLylbxEBqaFWj zUGw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=M6CgHlt2; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id a21-20020a63e855000000b005774cf04028si12715582pgk.764.2023.10.10.13.04.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 13:04:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=M6CgHlt2; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id BE0E1826EC70; Tue, 10 Oct 2023 13:04:49 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229910AbjJJUEX (ORCPT + 19 others); Tue, 10 Oct 2023 16:04:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231764AbjJJUEH (ORCPT ); Tue, 10 Oct 2023 16:04:07 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2044.outbound.protection.outlook.com [40.107.223.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F426E3; Tue, 10 Oct 2023 13:03:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hf6EC+t+HMmP1YYO6BlnCqQ7y2cv99febT6/pJqZ+R9qFhcOAQLvXevrUSsfideOQfYpd/1o/Gjg/LV/oEl0ECK7EVMivTD24C0UweH2I50AEKxbMKMitUlUEq3cYprDguhnt8peBs7FpcqG1qC0MWgr8YxXQE7nPrpnSLbAbe5Sx2LdibjJI152B6cGtp404uiLFkuICCs2aIirRsvL3y0ak7aGWq3dy8O02MZN//ixPgXE3BMzQLG04L+PmE+1H/ysCEZ9NuP+ddX47zV3skQ9sO0CHD4bdr2io4W6c9sEXr7V3eD6dtjiqztlIeDtiiuUav7nz1Fg4jVgrYqUYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WkoCrVKmGDI9hJ00SrCItoojV1MeeJLDkvk0tWwF/lk=; b=FPUv3kwbSeUE//5Uk8XbEes3j3KK8IlgwxlwioRiYAba9JBM2+njIdPzzDzPBUDoK0VDd+NxqEOI7Y0Jvik7ADGt0l22iMCNjmeK/tsEhQ0FrG5iNS8foIj8n8tpllK8H4uxdOo+FLDMOMTjzCXVN66KbN+RXXVylxngeUZmb/zxkbvdrlDTeHs3v6qePOqI7apbr6/yW+J+131WrIXqb3B0c4fUhLoJ6lHjA2hIiaGaIwObOgdrVXrQCF4vExp1MXAqFDkSixlb8Xq/P0JxTwTcsGuBSComLQvbfmMEyPd099h2l8D66ug9Jy51dA/1FDTH+IMlrEUIk5+n2zdvXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WkoCrVKmGDI9hJ00SrCItoojV1MeeJLDkvk0tWwF/lk=; b=M6CgHlt2Ni6yddWzxxEfbxIZAHqIyJJwAT+tkxTrHmqHgIzEtAifAHVLjFQJLIWCn1S9W20onhgfBJBsRRqjKjjErVdUZE3AbAuxGXxi4xiWr8nIayEyulNXHlYA/SSlFMkOn5FnBbBV0mblPMVSmGz3d0jGnRZqjT3tICCcaQs= Received: from DM6PR05CA0046.namprd05.prod.outlook.com (2603:10b6:5:335::15) by SJ1PR12MB6122.namprd12.prod.outlook.com (2603:10b6:a03:45b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Tue, 10 Oct 2023 20:03:51 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::9b) by DM6PR05CA0046.outlook.office365.com (2603:10b6:5:335::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.21 via Frontend Transport; Tue, 10 Oct 2023 20:03:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:51 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:50 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 9/9] KVM: SVM: Add CET features to supported_xss Date: Tue, 10 Oct 2023 20:02:20 +0000 Message-ID: <20231010200220.897953-10-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|SJ1PR12MB6122:EE_ X-MS-Office365-Filtering-Correlation-Id: 0df1a071-ed1f-4a8e-4ff8-08dbc9cc05ef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AbLkg8i3y5A1XduNTcHfRYwk9gZ8hC3y1SJU6d94eEbKPHwxxc4mLeymm7gHG2vBX9tr0+W/3P96cVL6LmxAiOVIQe1HcEhhBXRhs+aGCIjeiDhr43dvVyCZJzP82CKSPHWxxUU+rT1xqyYYmjYLHQZyvB8gr/ug+D62Dqj0X2amRfwExq26uGhklUJOhc/rY0wO1FEiafmlHaBs259f3Q3zpBhVYXXJplbowZz1FTHgMIuDqGTb9YS0bTDhW8O5VBK3DQFh9J/1D68bwZgQ8byxcGYYVZKQEEEjjsAfa9NyUrgiBinASnEyMi+goQqGVQu3XMHAPXfbzwvFUlMjzHJZKSgqQlyLVJIAEW0KfdtS8YJdn0kkE22bq7vOyyzLQkZHTxHcta0orx0Modh8pN7PlPWTRwqb0Gi+QI8zj0y/mqVAcGR1RMVcc4n9v217VLIDM8oCUZtw2NcS4Cp3BuEGcRKMakBf4NzGq0LoQUXdyEFSOpEvcuDbUXSqzXf5kCNortY8SjR6PZhZWZU1yxcitmU5Mmw1htJPOY+8YI9A3l6btwMhosmjCPvE+sx3Om4nhr5gk5DytZ5vJqaG+yIHU1WW1CtPogggjxFNNBUgz1wU4gALtkyJ7I6CsXGw1jQuFrkFH7JyM+qaZ6ySx5jqynzlR81xLhh9jvRY9N9PG9nFEISgVN3nfbSwl14gqJKFstuSTfHGSrDQZPTo2pf65Ee/QXFje+vSrOxcUVZd9tRMzuh+LM1+EV8f7TyJBJKDyIggVvIunrd8AhCK7Q== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(136003)(346002)(376002)(396003)(230922051799003)(186009)(1800799009)(64100799003)(451199024)(82310400011)(36840700001)(46966006)(40470700004)(40460700003)(1076003)(7696005)(2616005)(478600001)(6666004)(426003)(47076005)(70586007)(336012)(16526019)(26005)(44832011)(4744005)(2906002)(5660300002)(54906003)(70206006)(4326008)(8676002)(6916009)(8936002)(41300700001)(316002)(82740400003)(356005)(81166007)(36860700001)(36756003)(86362001)(40480700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:51.1419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0df1a071-ed1f-4a8e-4ff8-08dbc9cc05ef X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6122 X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 10 Oct 2023 13:04:49 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779400223759933431 X-GMAIL-MSGID: 1779400223759933431 If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 00a8cef3cbb8..f63b2bbac542 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5151,6 +5151,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + if (enable_pmu) { /* * Enumerate support for PERFCTR_CORE if and only if KVM has