From patchwork Fri Nov 24 05:53:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169254 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984311vqx; Fri, 24 Nov 2023 00:00:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IHDkyw+RE+Kek4u/WGAlL58kzHyASCQEquK9VUevetTUqTclWHJazsT9D0Tfr57JcsI6k49 X-Received: by 2002:a17:902:c407:b0:1cf:8ebd:4eae with SMTP id k7-20020a170902c40700b001cf8ebd4eaemr1829916plk.69.1700812849066; Fri, 24 Nov 2023 00:00:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812849; cv=none; d=google.com; s=arc-20160816; b=NCksBYCEmvQRRVi7kk9ewFBX+gOiKAlAIf2W7EFTp/S54sV0bvbYt/IoJ20pQZ4WGc i+Ha58qIj/BhHYFYRztvC4Gp1PidTezDRU6csr9YsAWxzIHymaNWSrp0WICugTKtqYm7 42kI/rf4BAzsgzdMxt2o7NBaKTHFmB7v1Bj7rEHNugth4WVJl/Yoq2G5PDa1iDLuR9ez TTt5bDsaBwAz26qChmXqZ/EqzyyC0t+SR/amklBTibJzZMrdV+hjVciVUmnrHvHc3MIg 4uMWhg308djEFpDSzpzNi4NnAs//0SRzLMweoYQVP2tdCTcrqdJDWtK1JdmAwkD0F9Ws XRCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0WjVdjZiY3dAz+POoecfB4g/QUVH1ed+P9oGgo8IpGw=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=LqkcbKKV3zlzG0/gurcauKuYKQdjG/u0r4/cZHa4Tdudno68CmhfIpDSX3LttIv4jN iAgNUeJ84AAyetZhmQrgx+wgL4VYHFhE3RG4KgeLwdK5i9BsJ9+SCMXz/cPpmIpYs3U3 nUd/RVkd/5HyZfE2B1fusxLbQ8/E7nkVvBmOVgdqBmpY9/yoH1HzEGao7wa8q2VBLgwZ fnQyYZLh7tRFErkOyCtrQ/gGmBI4nb0fcf3P9s6O0Ck9Nf9Gqeut/xDTLz+xPo3+hGeN xhYg+2dgz3Hdu8JkJLO1CI6v/lYqzBNcWf8TrgbV3jKVKhJNiadCFNa52STso6nn3tXT /bow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hLGBqOoW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id i3-20020a170902c94300b001cfa126e7d7si1404350pla.451.2023.11.24.00.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:00:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hLGBqOoW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 8C2698057465; Fri, 24 Nov 2023 00:00:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235220AbjKXH64 (ORCPT + 29 others); Fri, 24 Nov 2023 02:58:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233004AbjKXH6d (ORCPT ); Fri, 24 Nov 2023 02:58:33 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A20C10D9; Thu, 23 Nov 2023 23:58:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812717; x=1732348717; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=FY+TjiqP6PVL/eV9KFtWN7gkVry/Q+xzLwp/vlo5pk4=; b=hLGBqOoW+FllBqteUJwjiy/x7udK2KuJ2IZdoT3gLE8SCZXcH8o0zX6J 36waDg3LXRMPHQdHryliIllTm6QLiHWs0gbFZ5z5ZpRWZoitsK6mmtfto 78YWgk7uIDr47BpS+s46zv2F/GUHrnGDXiCg82Lpy3v3Sho6kQvXN7KmC 6OUdWh6ZQKjl+Aw2YNXahJDr3StHie7d+rwaOh3ftMBf2JQ1ci2oYDWaL XCUcrBfa6G59q02qf6WxG21V53p5TkmEPZZ8nRaGA9FZOExfGh2fNU1jp TtyXOOFJ7G8r5XOPemh+nKXteJuM1wQabI9hI8/0U5b7Dwoytvc3BQ2Sd A==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872270" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872270" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629789" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629789" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:34 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 01/26] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Date: Fri, 24 Nov 2023 00:53:05 -0500 Message-Id: <20231124055330.138870-2-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:37 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431534039733426 X-GMAIL-MSGID: 1783431534039733426 From: Sean Christopherson When granting userspace or a KVM guest access to an xfeature, preserve the entity's existing supervisor and software-defined permissions as tracked by __state_perm, i.e. use __state_perm to track *all* permissions even though all supported supervisor xfeatures are granted to all FPUs and FPU_GUEST_PERM_LOCKED disallows changing permissions. Effectively clobbering supervisor permissions results in inconsistent behavior, as xstate_get_group_perm() will report supervisor features for process that do NOT request access to dynamic user xfeatures, whereas any and all supervisor features will be absent from the set of permissions for any process that is granted access to one or more dynamic xfeatures (which right now means AMX). The inconsistency isn't problematic because fpu_xstate_prctl() already strips out everything except user xfeatures: case ARCH_GET_XCOMP_PERM: /* * Lockless snapshot as it can also change right after the * dropping the lock. */ permitted = xstate_get_host_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); case ARCH_GET_XCOMP_GUEST_PERM: permitted = xstate_get_guest_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); and similarly KVM doesn't apply the __state_perm to supervisor states (kvm_get_filtered_xcr0() incorporates xstate_get_guest_group_perm()): case 0xd: { u64 permitted_xcr0 = kvm_get_filtered_xcr0(); u64 permitted_xss = kvm_caps.supported_xss; But if KVM in particular were to ever change, dropping supervisor permissions would result in subtle bugs in KVM's reporting of supported CPUID settings. And the above behavior also means that having supervisor xfeatures in __state_perm is correctly handled by all users. Dropping supervisor permissions also creates another landmine for KVM. If more dynamic user xfeatures are ever added, requesting access to multiple xfeatures in separate ARCH_REQ_XCOMP_GUEST_PERM calls will result in the second invocation of __xstate_request_perm() computing the wrong ksize, as as the mask passed to xstate_calculate_size() would not contain *any* supervisor features. Commit 781c64bfcb73 ("x86/fpu/xstate: Handle supervisor states in XSTATE permissions") fudged around the size issue for userspace FPUs, but for reasons unknown skipped guest FPUs. Lack of a fix for KVM "works" only because KVM doesn't yet support virtualizing features that have supervisor xfeatures, i.e. as of today, KVM guest FPUs will never need the relevant xfeatures. Simply extending the hack-a-fix for guests would temporarily solve the ksize issue, but wouldn't address the inconsistency issue and would leave another lurking pitfall for KVM. KVM support for virtualizing CET will likely add CET_KERNEL as a guest-only xfeature, i.e. CET_KERNEL will not be set in xfeatures_mask_supervisor() and would again be dropped when granting access to dynamic xfeatures. Note, the existing clobbering behavior is rather subtle. The @permitted parameter to __xstate_request_perm() comes from: permitted = xstate_get_group_perm(guest); which is either fpu->guest_perm.__state_perm or fpu->perm.__state_perm, where __state_perm is initialized to: fpu->perm.__state_perm = fpu_kernel_cfg.default_features; and copied to the guest side of things: /* Same defaults for guests */ fpu->guest_perm = fpu->perm; fpu_kernel_cfg.default_features contains everything except the dynamic xfeatures, i.e. everything except XFEATURE_MASK_XTILE_DATA: fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; When __xstate_request_perm() restricts the local "mask" variable to compute the user state size: mask &= XFEATURE_MASK_USER_SUPPORTED; usize = xstate_calculate_size(mask, false); it subtly overwrites the target __state_perm with "mask" containing only user xfeatures: perm = guest ? &fpu->guest_perm : &fpu->perm; /* Pairs with the READ_ONCE() in xstate_get_group_perm() */ WRITE_ONCE(perm->__state_perm, mask); Cc: Maxim Levitsky Cc: Weijiang Yang Cc: Dave Hansen Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Chao Gao Cc: Rick Edgecombe Cc: John Allen Cc: kvm@vger.kernel.org Link: https://lore.kernel.org/all/ZTqgzZl-reO1m01I@google.com Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kernel/fpu/xstate.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index ef6906107c54..73f6bc00d178 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1601,16 +1601,20 @@ static int __xstate_request_perm(u64 permitted, u64 requested, bool guest) if ((permitted & requested) == requested) return 0; - /* Calculate the resulting kernel state size */ + /* + * Calculate the resulting kernel state size. Note, @permitted also + * contains supervisor xfeatures even though supervisor are always + * permitted for kernel and guest FPUs, and never permitted for user + * FPUs. + */ mask = permitted | requested; - /* Take supervisor states into account on the host */ - if (!guest) - mask |= xfeatures_mask_supervisor(); ksize = xstate_calculate_size(mask, compacted); - /* Calculate the resulting user state size */ - mask &= XFEATURE_MASK_USER_SUPPORTED; - usize = xstate_calculate_size(mask, false); + /* + * Calculate the resulting user state size. Take care not to clobber + * the supervisor xfeatures in the new mask! + */ + usize = xstate_calculate_size(mask & XFEATURE_MASK_USER_SUPPORTED, false); if (!guest) { ret = validate_sigaltstack(usize); From patchwork Fri Nov 24 05:53:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169242 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983358vqx; Thu, 23 Nov 2023 23:59:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IGDssD71skMUsYStfUieNvD+tIlu4eqcYvp2nT3fCHh1JDUpk6D4hPcxNhULOaZyp9A5oTw X-Received: by 2002:a05:6a20:6a0e:b0:18a:d7a8:5e5e with SMTP id p14-20020a056a206a0e00b0018ad7a85e5emr1824285pzk.41.1700812758320; Thu, 23 Nov 2023 23:59:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812758; cv=none; d=google.com; s=arc-20160816; b=zEERq5jlGlTNkCgLHtgZ+aWuibrQ3bxb3axsRZRdmKmXwSNk5tZPy+U4Z61OCH9SKZ RfaD8pGWt9Zb3tqgY+TGWhrVk+PsJgAs6+KahLKjPXdVhWTcOBrR6qZKsBBU0eHQvy5K sCk1w41JfU8p+rQj7sQbiMsR6L5ZX4QyFTh5neMOa7yJhcAOmwlWD3TMQl3ltdbIM8MD yPO5Rx9/cg3N7GDV4PT2i1MOv3nt3dD9cgkw2DcdRkhQQtzEr0bn7hlrZyB2cP5lr2Im tFnyVEr/owJj06yB7OkxiHckBwp8zNvjzPSwmpx8vbeyvdzUPFJcUd+jd5CHVJtgAiSY 0oVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OjAp6ntHsD0rU4FZV2WoUopxtQ1keagAcJRwHB1nnRM=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=XI50NrFhSgTPuy9nchm8CbCz5LIUfI6zEF1krdQ0A6ovTftCg4Kfx0346D2r88aT/n 0tm1YCUAEqXDErwVAVCIn4Ofs2ts7nCzX9HjZxDFwyzvaorgnMl57GqgBkaU+5uCSj7x pwlwctNJz7ItMBK0k2K2TK+Uib6aYInT3zeoMp4nrcSGCkpDSyeVX1RpIhbMubVGLAO5 LMO12btxqUys/E288QwTretMZtZHDrqxXmLrC59gY04WQwCsDWabhe/KVo9utVKR+8QL MK1DbX3HbGaAHIoChZZvwm4QE3kqyRa2fIeemuP7hnxOcYft4Yjgpw28/U4a8DA6pwJW 9KhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HJZIRBVU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id q3-20020a17090311c300b001c88fc3c593si3031919plh.560.2023.11.23.23.59.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HJZIRBVU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 33C008057442; Thu, 23 Nov 2023 23:59:08 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344884AbjKXH6p (ORCPT + 29 others); Fri, 24 Nov 2023 02:58:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232058AbjKXH6d (ORCPT ); Fri, 24 Nov 2023 02:58:33 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FA7F1709; Thu, 23 Nov 2023 23:58:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812718; x=1732348718; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OdZD38yweQWB0vjlPzQLn4oLXiqKkJKeoiDZAwo7txU=; b=HJZIRBVUmhkgaFHdfjlmjnDn15iwL82UY2p1inbICSWsT1uZ8a3+cixG N1NplYqUeNux60Zsdv8Zbub8BbmSxQD7qax/WUxyBhA5U9KnPyjWAOymO 9XFXyrEy3e875eU+/MIs0f7VdImJOEHZxhEdPPDi//wvYQWwXm4cw5qHe +x2ypX9roMSnTcYd/FEQGsFhFUs3n/055qrEvWu6v91WVLSK4V/tU8WGU QaV4aaoBRKLsONo3pB93TqcJx40+VETkWd21z+potpEORtdH0Hp4FGyef G7QMxftIj3gX5lwOzcyOjakDn1gCrfKPAQasgemJ857fILbRGmnm35kpv w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872275" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872275" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629795" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629795" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:35 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 02/26] x86/fpu/xstate: Refine CET user xstate bit enabling Date: Fri, 24 Nov 2023 00:53:06 -0500 Message-Id: <20231124055330.138870-3-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:08 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431438850525118 X-GMAIL-MSGID: 1783431438850525118 Remove XFEATURE_CET_USER entry from dependency array as the entry doesn't reflect true dependency between CET features and the user xstate bit. Enable the bit in fpu_kernel_cfg.max_features when either SHSTK or IBT is available. Both user mode shadow stack and indirect branch tracking features depend on XFEATURE_CET_USER bit in XSS to automatically save/restore user mode xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever necessary. Note, the issue, i.e., CPUID only enumerates IBT but no SHSTK is resulted from CET KVM series which synthesizes guest CPUIDs based on userspace settings,in real world the case is rare. In other words, the exitings dependency check is correct when only user mode SHSTK is available. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Tested-by: Rick Edgecombe --- arch/x86/kernel/fpu/xstate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 73f6bc00d178..6e50a4251e2b 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -73,7 +73,6 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, - [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -798,6 +797,14 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_kernel_cfg.max_features &= ~BIT_ULL(i); } + /* + * CET user mode xstate bit has been cleared by above sanity check. + * Now pick it up if either SHSTK or IBT is available. Either feature + * depends on the xstate bit to save/restore user mode states. + */ + if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) + fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); + if (!cpu_feature_enabled(X86_FEATURE_XFD)) fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Fri Nov 24 05:53:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169247 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983536vqx; Thu, 23 Nov 2023 23:59:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGZtW0SWLzAGgwEfHGUMgku6tY9Dw4ZS2+xUZ4F7qoVPUqs+xJGY4DzHtttCCKliWSenHKb X-Received: by 2002:a17:90a:bd11:b0:283:9db9:ec74 with SMTP id y17-20020a17090abd1100b002839db9ec74mr7523578pjr.2.1700812784108; Thu, 23 Nov 2023 23:59:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812784; cv=none; d=google.com; s=arc-20160816; b=IYaHEW08RZnFm4qGjrLstiCMCDgZEFrjs/8AxCjJB6lREkF4Fgx9GxuwLiKRQatitp vRzuQrBqQlQZkii0yDHSWMZtp5QBBgXGvh13RkTnMZy59wC+hEW/yYuFnOR4TLiHeEmR yujOwEE1hw3bQ0ii0slzc5c3H7kRf6gi+/cnUs8SO6mHJ/SOjrjUBDAkJyfEbCt1mpAp REzhO7nHvsxKaJUvf0q1G+zC0Sm2CIt7RhZSlZdGrc5K4T/deBVWnV9mz0ap6mLoiK9S f51ZKy0BvZVvPFnOXAgJUiWc/mmIeWYc7Q6Z1PNREM10TyF/Q210JSZvM7hn8o4wS02s EXXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=y05SARCY1T6an8WHE+/ITXTVUCYp5gt3Zx8PELwRekI=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=S9dbPYhbbLoueca9uXTdJ7wtVtsoDK3YTz5lONE2mnHS0D4hl9vgZalpNNCUc7qJKk u6qhjFDBX/F03U4RYrMFZ7Qho5ctMTA1RZM9LR3qa7pfDDsRBJ8Z5mPIeLT/LNjXikUY 3a4NwHOJkVYov9XR67Wrmg0RLmW07ZIbWXabk0bFHosLah+vRRB9SGJ2Me1lU7tu+DnL h9VEuawbHL+eys0Mo/9WGG5XjYOu0ZNBuAiyZZ00qK7e2ope6DZHLm18JDTVV6uaaWgr 3zXI3AxjtwHUQwftx9Wh99cEu8jdiCEWiIyasSlhyaV+Nt7GOQVVT20z4Mg9KDZ29SSj NxYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NhV2JNFG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id h1-20020a170902f54100b001cc32df8ecesi2936102plf.513.2023.11.23.23.59.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NhV2JNFG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id E43C080687CC; Thu, 23 Nov 2023 23:59:40 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235227AbjKXH7B (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234724AbjKXH6g (ORCPT ); Fri, 24 Nov 2023 02:58:36 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 336B51718; Thu, 23 Nov 2023 23:58:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812721; x=1732348721; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ueFBMa7IWWTU+8CMTyEu010bIW30ttCfBescaRmbKyY=; b=NhV2JNFG7FL5vni/7wNvk37Jg7HjawQodC+XGT2PK85DPqi0kXFWtRRp Dyy3pe7VrMJDBsfx31RL4okmjvjCmJYbpG+575nuVhNT7Pl888vW9jdWY pPSPXS8bR9Uh/xTC5LeIDk4qRWDwJsg1arag3K/U1DpRUj3GfkbNio7gc Xd+qIQahzwviyrsRjselm9yWg20IWpd/eclp/PaSyY2jO1ldRp9kpJ0VY tn7tldecbPCF32Ga28gh9NED5ACiVJxTNI4IuM6DuiUPyclSGOdqD9jyN /zfPmKixAw/6EpSxCHIabwge9YrgWvcZrN2hRQvKahUlSiYFNU3vPwdwg A==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872281" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872281" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629798" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629798" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:35 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 03/26] x86/fpu/xstate: Add CET supervisor mode state support Date: Fri, 24 Nov 2023 00:53:07 -0500 Message-Id: <20231124055330.138870-4-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:41 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431465828591254 X-GMAIL-MSGID: 1783431465828591254 Add supervisor mode state support within FPU xstate management framework. Although supervisor shadow stack is not enabled/used today in kernel,KVM requires the support because when KVM advertises shadow stack feature to guest, architecturally it claims the support for both user and supervisor modes for guest OSes(Linux or non-Linux). CET supervisor states not only includes PL{0,1,2}_SSP but also IA32_S_CET MSR, but the latter is not xsave-managed. In virtualization world, guest IA32_S_CET is saved/stored into/from VM control structure. With supervisor xstate support, guest supervisor mode shadow stack state can be properly saved/restored when 1) guest/host FPU context is swapped 2) vCPU thread is sched out/in. The alternative is to enable it in KVM domain, but KVM maintainers NAKed the solution. The external discussion can be found at [*], it ended up with adding the support in kernel instead of KVM domain. Note, in KVM case, guest CET supervisor state i.e., IA32_PL{0,1,2}_MSRs, are preserved after VM-Exit until host/guest fpstates are swapped, but since host supervisor shadow stack is disabled, the preserved MSRs won't hurt host. [*]: https://lore.kernel.org/all/806e26c2-8d21-9cc9-a0b7-7787dd231729@intel.com/ Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 14 ++++++++++++-- arch/x86/include/asm/fpu/xstate.h | 6 +++--- arch/x86/kernel/fpu/xstate.c | 6 +++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb810074f1e7..c6fd13a17205 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -116,7 +116,7 @@ enum xfeature { XFEATURE_PKRU, XFEATURE_PASID, XFEATURE_CET_USER, - XFEATURE_CET_KERNEL_UNUSED, + XFEATURE_CET_KERNEL, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -139,7 +139,7 @@ enum xfeature { #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) #define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) -#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -264,6 +264,16 @@ struct cet_user_state { u64 user_ssp; }; +/* + * State component 12 is Control-flow Enforcement supervisor states + */ +struct cet_supervisor_state { + /* supervisor ssp pointers */ + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index d4427b88ee12..3b4a038d3c57 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -51,7 +51,8 @@ /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ - XFEATURE_MASK_CET_USER) + XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) /* * A supervisor state component may not always contain valuable information, @@ -78,8 +79,7 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ - XFEATURE_MASK_CET_KERNEL) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 6e50a4251e2b..b57d909facca 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -51,7 +51,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers (unused)", + "Control-flow Kernel registers", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -73,6 +73,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -277,6 +278,7 @@ static void __init print_xstate_features(void) print_xstate_feature(XFEATURE_MASK_PKRU); print_xstate_feature(XFEATURE_MASK_PASID); print_xstate_feature(XFEATURE_MASK_CET_USER); + print_xstate_feature(XFEATURE_MASK_CET_KERNEL); print_xstate_feature(XFEATURE_MASK_XTILE_CFG); print_xstate_feature(XFEATURE_MASK_XTILE_DATA); } @@ -346,6 +348,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL | \ XFEATURE_MASK_XTILE) /* @@ -546,6 +549,7 @@ static bool __init check_xstate_against_struct(int nr) case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_CET_KERNEL: return XCHECK_SZ(sz, nr, struct cet_supervisor_state); case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); From patchwork Fri Nov 24 05:53:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169249 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983556vqx; Thu, 23 Nov 2023 23:59:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IFPtaQaxZnEWaT02orrWZHtPRNE/YOxpkzO9slGNbzlJB/9URRqCVLURnHYOqTCbuX0sd+E X-Received: by 2002:a17:902:b948:b0:1cc:b71:c96f with SMTP id h8-20020a170902b94800b001cc0b71c96fmr1666010pls.41.1700812786666; Thu, 23 Nov 2023 23:59:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812786; cv=none; d=google.com; s=arc-20160816; b=tAvQidL5KFmj02iASSjIAZGUBMP3bj7vjkhOmtxWwE7W+tANyRlH+Q50hSBrtni70R 05YpfxGn9vJpNJUuxLQOF/ZiYF2VYUnenGqr+wGyIukOwPGT8d7FSBGMkG966VcVWQ6q mZO6kuzQwLXkJKuj2dnzWkb1o41Th5c+KzkT2+THiVEtY5aIZvnltFDf0ZDTUS3klCiq 3+gazeqo7uoiZHTiBUGd3008wfKIuRMV373E70S0rzLBwhAGC2gMSw2RPSIkCVJRUkRr VkbIPhSvo71wd3SZF4A1Sasv1SQASNRCP0cnuGgFOtZoaBoxrsSyFLASflZGPcKoGRRv MJpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VDutRh151I2Rj9GWXl40WG5oKOVTJ1+4FA+twdQJ4q4=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=AgZK1YQ+AXwNU7CyQgvQ34lJXue5r8hc7LRudojFK7BUb7+jABAGcSlhMQQLpB1xV+ 0RtajF2ydyIFx+ypKaqbB8P2EVs5rL19q5OAtVMVeplgNtRKoFZk7GCUhnFjSFeYuDML bAHi7QirS5KbEMe/cbb0eXNzak64D2OtlGc82aTn6wAGSNIndIifcA/Df9nDYj/d2n6J GLpGyguPUjzm6qs+f2iXMSOAdCUjK36U9WZH4MeY1harYyE8DI+h9zi37Pk4ZnmMvQOi Ox6rcHbx96++G2Yp0r8ix2pU5biwILyJSiEk6Jx7b4QZ/MQgIF5oaJg5WGzZpoBagKR6 Cavg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Mm0QiHiz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id p3-20020a1709026b8300b001cf9d8ae8f0si1796467plk.166.2023.11.23.23.59.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Mm0QiHiz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 8BFE88216926; Thu, 23 Nov 2023 23:59:45 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345148AbjKXH72 (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234713AbjKXH6g (ORCPT ); Fri, 24 Nov 2023 02:58:36 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 426061719; Thu, 23 Nov 2023 23:58:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812721; x=1732348721; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ri6Un4b+Ug+q4iHhsNMvjaggwXQxRjHXcUUIj5tdoAM=; b=Mm0QiHiz7Jw2x4YIvxGrZs3dbJv5rNjJVxMWUm1I75RsGCsxDqCITWqs 8HMTe7CF3YpHZph50BRnQ5hBKLK4YScWwl73irWQB5YDsVDqndxqIAh1R nVnfn7EfdPmIG0UXND6T7Rzrr3jKe0PD6+lbGG29/DR624GnSqcuwEoDZ 8MgdacGLPf5CfHAHNDJZz6RfDm0yPd1vHyWiDbJy75hsRTMOpsAe6pVQv BNoSgtY2GiAKopSl63Evi2QbZz1jTEExDv5Ml/KuM+s/ozgmNmRvQQXEq IPHk+Gf7zMnF90DkqwMyRLpFO8ks98x7F2IeimvxvJLru83VKt+penb+R g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872286" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872286" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629801" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629801" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:35 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 04/26] x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set Date: Fri, 24 Nov 2023 00:53:08 -0500 Message-Id: <20231124055330.138870-5-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:45 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431468492133925 X-GMAIL-MSGID: 1783431468492133925 Define new XFEATURE_MASK_KERNEL_DYNAMIC set including the features can be optionally enabled by kernel components, i.e., the features are required by specific kernel components. Currently it's used by KVM to configure guest dedicated fpstate for calculating the xfeature and fpstate storage size etc. The kernel dynamic xfeatures now only contain XFEATURE_CET_KERNEL, which is supported by host as they're enabled in xsaves/xrstors operating xfeature set (XCR0 | XSS), but the relevant CPU feature, i.e., supervisor shadow stack, is not enabled in host kernel so it can be omitted for normal fpstate by default. Remove the kernel dynamic feature from fpu_kernel_cfg.default_features so that the bits in xstate_bv and xcomp_bv are cleared and xsaves/xrstors can be optimized by HW for normal fpstate. Suggested-by: Dave Hansen Signed-off-by: Yang Weijiang --- arch/x86/include/asm/fpu/xstate.h | 5 ++++- arch/x86/kernel/fpu/xstate.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 3b4a038d3c57..a212d3851429 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -46,9 +46,12 @@ #define XFEATURE_MASK_USER_RESTORE \ (XFEATURE_MASK_USER_SUPPORTED & ~XFEATURE_MASK_PKRU) -/* Features which are dynamically enabled for a process on request */ +/* Features which are dynamically enabled per userspace request */ #define XFEATURE_MASK_USER_DYNAMIC XFEATURE_MASK_XTILE_DATA +/* Features which are dynamically enabled per kernel side request */ +#define XFEATURE_MASK_KERNEL_DYNAMIC XFEATURE_MASK_CET_KERNEL + /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index b57d909facca..ba4172172afd 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -824,6 +824,7 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) /* Clean out dynamic features from default */ fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_KERNEL_DYNAMIC; fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Fri Nov 24 05:53:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169243 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983440vqx; Thu, 23 Nov 2023 23:59:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IEEjjFLzYJ3nrmBnSBgqDhXPYpVkxPTLJWverlBKfzRvnFWTvQ1vlw05ZtJHryAaqp3pHyg X-Received: by 2002:a17:902:d50c:b0:1cc:33f1:3f03 with SMTP id b12-20020a170902d50c00b001cc33f13f03mr1716530plg.2.1700812771849; Thu, 23 Nov 2023 23:59:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812771; cv=none; d=google.com; s=arc-20160816; b=IWqxd8f12QN8Vad8IC1XmJTK/nKV5EpKSk2B7LInu7iA+PlvWlF5uDK7XGxib2g2jz IaDOfKJ0DnY1hMxmjrrMjKgh+aKu7tHkurXvvGWlQNlsrtC5GCKwvG8icNVlI2Yc/oMr CwhUYShyVvff1FQKSnNrpV6C564UKoGS3ZrAmrZo8TPd8cvESRo52nqzheUDlkHFVe4c dSeqDxZR2Gx+OLQvTKLa5Vn+N5tzMj3hN+S5aiHzYq/C4bMtL9xkluOK/snycVN/VE6p jVV8jA/B30C//qM+XzQsYqp/RFCYvhL579swrzCfo2CLxl7a1OnLVUKJVv5BDTZof2eI wbsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/bfdE/EWSq8Anzhtt1fPwLW5scgt7nmL1zfqXEDMLcU=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=nVt7EQvpAtF4QIRPYHzsD5UasrkXXpPdMeZlttVHd1iot0A/6ycRFHp8RQ65qOTbP3 ioxv227RHmnmQSUU4PRJFoCng67IiIfh68FcEFhTX4YfHX0GgFWsXx9JUUSdPlLE8bFS aLvwvsAYYxO2e2bY33UuWAEmacSzQoEXHPBkAHYccQqv7kyhVlaBH8TW3v/no+KOSr0N cNo+9L7syGuYiNp+5PszUeq5Rp2BrNYlR3Ss80ikIhw8tnX0pQ3ba4ZA5rkiyBMjZH0O 5sL2aDEyD0Ux75q8tBMYs2xMtYnXQ2Fkd9Kb70MQ5V+EAsQfAg6VY4xeqmRQY5eBbX29 cUig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VB8MP1qe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id e2-20020a170902744200b001b894687ec9si2727808plt.462.2023.11.23.23.59.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VB8MP1qe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 4A2AD82F8741; Thu, 23 Nov 2023 23:59:27 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232798AbjKXH7H (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234814AbjKXH6g (ORCPT ); Fri, 24 Nov 2023 02:58:36 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66865171D; Thu, 23 Nov 2023 23:58:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812721; x=1732348721; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MqLxwMAJxms+uuTstGvVmS/6CUfrp463NJ8UfpNe2ug=; b=VB8MP1qe/KtQy+OLbUsfQj8DHCGgfiuF+vzyOU0roBLxj3J4isyMvOoA tKe8z9QE+owT91acE1s0t3kRV8PcwBCp6aKZRWbm4iGZVwiIazS0NcSUp +ygFeLb/fXxeCFhmZLQjdAvY7ZwNqNeua1mreblSuZm0OtI7MkkYfbF7z q4HPD1tKDeaCRRUNpaYPokWDv6BItUqNTfCIZGUWQN4R8xlVu62n6qA2R PDehDku6VSnWWJzvThzcD5gQm3p3do5AgQrmd75mtJggPe28P51OmpAga 6K6V/L0v6t5eaRlwxYBbhrSeXx+siGrcIWl/ochJ1aK6KGpBjMoxCedmB Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872292" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872292" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629804" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629804" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:36 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 05/26] x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration Date: Fri, 24 Nov 2023 00:53:09 -0500 Message-Id: <20231124055330.138870-6-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:27 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431452569868744 X-GMAIL-MSGID: 1783431452569868744 Define new fpu_guest_cfg to hold all guest FPU settings so that it can differ from generic kernel FPU settings, e.g., enabling CET supervisor xstate by default for guest fpstate while it's remained disabled in kernel FPU config. The kernel dynamic xfeatures are specifically used by guest fpstate now, add the mask for guest fpstate so that guest_perm.__state_permit == (fpu_kernel_cfg.default_xfeature | XFEATURE_MASK_KERNEL_DYNAMIC). And if guest fpstate is re-allocated to hold user dynamic xfeatures, the resulting permissions are consumed before calculate new guest fpstate. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 2 +- arch/x86/kernel/fpu/core.c | 14 +++++++++++--- arch/x86/kernel/fpu/xstate.c | 10 ++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index c6fd13a17205..306825ad6bc0 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -602,6 +602,6 @@ struct fpu_state_config { }; /* FPU state configuration information */ -extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg; +extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg, fpu_guest_cfg; #endif /* _ASM_X86_FPU_H */ diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index a21a4d0ecc34..516af626bf6a 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -33,9 +33,10 @@ DEFINE_STATIC_KEY_FALSE(__fpu_state_size_dynamic); DEFINE_PER_CPU(u64, xfd_state); #endif -/* The FPU state configuration data for kernel and user space */ +/* The FPU state configuration data for kernel, user space and guest. */ struct fpu_state_config fpu_kernel_cfg __ro_after_init; struct fpu_state_config fpu_user_cfg __ro_after_init; +struct fpu_state_config fpu_guest_cfg __ro_after_init; /* * Represents the initial FPU state. It's mostly (but not completely) zeroes, @@ -536,8 +537,15 @@ void fpstate_reset(struct fpu *fpu) fpu->perm.__state_perm = fpu_kernel_cfg.default_features; fpu->perm.__state_size = fpu_kernel_cfg.default_size; fpu->perm.__user_state_size = fpu_user_cfg.default_size; - /* Same defaults for guests */ - fpu->guest_perm = fpu->perm; + + /* Guest permission settings */ + fpu->guest_perm.__state_perm = fpu_guest_cfg.default_features; + fpu->guest_perm.__state_size = fpu_guest_cfg.default_size; + /* + * Set guest's __user_state_size to fpu_user_cfg.default_size so that + * existing uAPIs can still work. + */ + fpu->guest_perm.__user_state_size = fpu_user_cfg.default_size; } static inline void fpu_inherit_perms(struct fpu *dst_fpu) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index ba4172172afd..aa8f8595cd41 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -681,6 +681,7 @@ static int __init init_xstate_size(void) { /* Recompute the context size for enabled features: */ unsigned int user_size, kernel_size, kernel_default_size; + unsigned int guest_default_size; bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); /* Uncompacted user space size */ @@ -702,13 +703,18 @@ static int __init init_xstate_size(void) kernel_default_size = xstate_calculate_size(fpu_kernel_cfg.default_features, compacted); + guest_default_size = + xstate_calculate_size(fpu_guest_cfg.default_features, compacted); + if (!paranoid_xstate_size_valid(kernel_size)) return -EINVAL; fpu_kernel_cfg.max_size = kernel_size; fpu_user_cfg.max_size = user_size; + fpu_guest_cfg.max_size = kernel_size; fpu_kernel_cfg.default_size = kernel_default_size; + fpu_guest_cfg.default_size = guest_default_size; fpu_user_cfg.default_size = xstate_calculate_size(fpu_user_cfg.default_features, false); @@ -829,6 +835,10 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_guest_cfg.max_features = fpu_kernel_cfg.max_features; + fpu_guest_cfg.default_features = fpu_guest_cfg.max_features; + fpu_guest_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + /* Store it for paranoia check at the end */ xfeatures = fpu_kernel_cfg.max_features; From patchwork Fri Nov 24 05:53:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169252 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984296vqx; Fri, 24 Nov 2023 00:00:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IHizFyvjA0CNn+MBoViclUmzElQiGRJ4lKTgrWlaiECW72awZb8KiAB62DYQ6mnFXw6ZXQ3 X-Received: by 2002:a05:6870:f78f:b0:1f9:574c:b5ec with SMTP id fs15-20020a056870f78f00b001f9574cb5ecmr2570945oab.27.1700812847757; Fri, 24 Nov 2023 00:00:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812847; cv=none; d=google.com; s=arc-20160816; b=jLMc1/lz7p4iTjd1diV+0eSmR73Y/Z6yjVOxj09FhuO75I+OY8Bti9LKrUketFKjvp aNnL6RQE9tbyb6WTDHIlW9hSvalwRZxaEofk+t/agzB8W8vNe4vOjyqv12G9PzponbWS nl+d8Zpfb3Y5HSvkLDO0GFgkSrIqFejAkCyO1KXYRYaO//Ec0XFVZrvUkKMM73UtoJIa bieEsrDFPIJV3q22aclcVQLBK75SlWFq5OSYKH0lrFpGZfDLk8f60LEe72d/1SNrtMdv KJZg8plR4PFwzSm5/0vFbiu0mVTiasmA3x4NFATbHvVmbWlQOfkbxS5W5YCYUX3ugY+6 bpww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Vn7H1cIFu2QJ4soBoSUN2TWXzY+rODFniUGSjnVwhnQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=tDsCptCG6LlxGrEtNJi/qLlj83CeA13Dzob+w91JEtYkfbFhYCvJXGpB44OoD0k5L0 4Bl6Y8Fq0twJAgTYtugodaTc5sJvDlrdPtdQwYbH6b6uNpr3VVB6dEkcb2+35kvkpEOe V0Mrxg6WAF8TpXAKIUcADQA5yZY1KDG2sgyovJkREuJPhp164guFzbTywlWoZd2CSNvS HMGtLFLpjZJfd6r07wcnNP3i35DsvfqotoE0Maq8lbGUXozIUN9mQSvHKQ8v6mNKNuJF UQxWCfeeUDObVnw7lKjncUlfNNG1F3+YzKkNi0cLzQ8UT84OpsZzVOVfrbXAZu35pai6 /G5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ak4Ldskp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id t10-20020a9d590a000000b006d7fd488ed3si923801oth.179.2023.11.24.00.00.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:00:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ak4Ldskp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id EB264809E8BF; Fri, 24 Nov 2023 00:00:04 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345163AbjKXH7b (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232291AbjKXH6h (ORCPT ); Fri, 24 Nov 2023 02:58:37 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06AA610C8; Thu, 23 Nov 2023 23:58:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812723; x=1732348723; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1vwvfuaBTc7h5kz+PPAFiMP1RdwSkDr6j//+KudefV4=; b=Ak4Ldskpm9w5KOqmB3eQTagizetRVcHNTf7wKyMhhXPrjbizl1G3+CfQ PyboXnzwUbVhcj+Au5vjrYacYIKuocSGvqRj9EVK0MffU/IBr0BX10ZSg ZF0AUmNXKQMA7l+c9npO6UNvIgWllqTAB67eCpVdt1/Mp+IN2aFfpaYxr HIdAT+1Xv1mJ7whZcHeqTCe6Rw7aERDDJePMkmcTH9ZV9ljhpVtJxQRYB cZAGvGR7NvvpC83BFPdHnNd06I8XtUekkFhUgu0uHmdygtJUUmudY7yKB 3OETi3XuqXvc7wPhMBSAP/J4Xdh42SQRutzyInvDy20EKQnhtXsZPvvou A==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872298" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872298" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629807" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629807" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:36 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 06/26] x86/fpu/xstate: Create guest fpstate with guest specific config Date: Fri, 24 Nov 2023 00:53:10 -0500 Message-Id: <20231124055330.138870-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:06 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431532614068563 X-GMAIL-MSGID: 1783431532614068563 Use fpu_guest_cfg to calculate guest fpstate settings, open code for __fpstate_reset() to avoid using kernel FPU config. Below configuration steps are currently enforced to get guest fpstate: 1) Kernel sets up guest FPU settings in fpu__init_system_xstate(). 2) User space sets vCPU thread group xstate permits via arch_prctl(). 3) User space creates guest fpstate via __fpu_alloc_init_guest_fpstate() for vcpu thread. 4) User space enables guest dynamic xfeatures and re-allocate guest fpstate. By adding kernel dynamic xfeatures in above #1 and #2, guest xstate area size is expanded to hold (fpu_kernel_cfg.default_features | kernel dynamic xfeatures | user dynamic xfeatures), then host xsaves/xrstors can operate for all guest xfeatures. The user_* fields remain unchanged for compatibility with KVM uAPIs. Signed-off-by: Yang Weijiang --- arch/x86/kernel/fpu/core.c | 48 ++++++++++++++++++++++++++++-------- arch/x86/kernel/fpu/xstate.c | 2 +- arch/x86/kernel/fpu/xstate.h | 1 + 3 files changed, 40 insertions(+), 11 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 516af626bf6a..985eaf8b55e0 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -194,8 +194,6 @@ void fpu_reset_from_exception_fixup(void) } #if IS_ENABLED(CONFIG_KVM) -static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); - static void fpu_init_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; @@ -216,25 +214,55 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu) gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED; } -bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +static struct fpstate *__fpu_alloc_init_guest_fpstate(struct fpu_guest *gfpu) { + bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); + unsigned int gfpstate_size, size; struct fpstate *fpstate; - unsigned int size; - size = fpu_user_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + /* + * fpu_guest_cfg.default_features includes all enabled xfeatures + * except the user dynamic xfeatures. If the user dynamic xfeatures + * are enabled, the guest fpstate will be re-allocated to hold all + * guest enabled xfeatures, so omit user dynamic xfeatures here. + */ + gfpstate_size = xstate_calculate_size(fpu_guest_cfg.default_features, + compacted); + + size = gfpstate_size + ALIGN(offsetof(struct fpstate, regs), 64); + fpstate = vzalloc(size); if (!fpstate) - return false; + return NULL; + /* + * Initialize sizes and feature masks, use fpu_user_cfg.* + * for user_* settings for compatibility of exiting uAPIs. + */ + fpstate->size = gfpstate_size; + fpstate->xfeatures = fpu_guest_cfg.default_features; + fpstate->user_size = fpu_user_cfg.default_size; + fpstate->user_xfeatures = fpu_user_cfg.default_features; + fpstate->xfd = 0; - /* Leave xfd to 0 (the reset value defined by spec) */ - __fpstate_reset(fpstate, 0); fpstate_init_user(fpstate); fpstate->is_valloc = true; fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_user_cfg.default_features; - gfpu->perm = fpu_user_cfg.default_features; + gfpu->xfeatures = fpu_guest_cfg.default_features; + gfpu->perm = fpu_guest_cfg.default_features; + + return fpstate; +} + +bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +{ + struct fpstate *fpstate; + + fpstate = __fpu_alloc_init_guest_fpstate(gfpu); + + if (!fpstate) + return false; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index aa8f8595cd41..253944cb2298 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -559,7 +559,7 @@ static bool __init check_xstate_against_struct(int nr) return true; } -static unsigned int xstate_calculate_size(u64 xfeatures, bool compacted) +unsigned int xstate_calculate_size(u64 xfeatures, bool compacted) { unsigned int topmost = fls64(xfeatures) - 1; unsigned int offset = xstate_offsets[topmost]; diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 3518fb26d06b..c032acb56306 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -55,6 +55,7 @@ extern void fpu__init_cpu_xstate(void); extern void fpu__init_system_xstate(unsigned int legacy_size); extern void *get_xsave_addr(struct xregs_state *xsave, int xfeature_nr); +extern unsigned int xstate_calculate_size(u64 xfeatures, bool compacted); static inline u64 xfeatures_mask_supervisor(void) { From patchwork Fri Nov 24 05:53:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169248 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983543vqx; Thu, 23 Nov 2023 23:59:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IFT+/77JIDaLQZXTxxFFEw8ylJr0jYcVDSme/Bb2eys0M9kZcZ14mfqoi0NmfNabq7sM0WV X-Received: by 2002:a9d:77d5:0:b0:6c4:a65c:f7bb with SMTP id w21-20020a9d77d5000000b006c4a65cf7bbmr2153387otl.33.1700812785388; Thu, 23 Nov 2023 23:59:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812785; cv=none; d=google.com; s=arc-20160816; b=c3fqwaSRhSDO+aT4zPjCEGQOQMrc/CMt2ET0iD6b0Q1ePFMfFt9EpfV7cGnTxOKOav 6ul/6VjOLlhSPR4nK4l7QyetdE3ee4XpIx0E3aYpg1DuxRMGPan9GLMVRPCX/eS+TtFU PFmNWQS7Nz6IBt3QyyVZopzwdYqrpqIteXgVsOe6vCtoaqTakml1YnP99Zg/B6A/7HBA dDDZ+QbKCjoOTmKmYEZWq1X6ThDTOHxHxEtOSVcXZLufBQbB1ZQyuVOu+qV3EYoS87uT f8xZL608ioOr1Rs7WVlN/s6UZYmFQQDA8ZvGVJfQf4a3HPP6QHc6sC+URNBj0aiM5Fzi 2lEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ekN5WGc3PgcChCKxKpeptrI8wQYIaGhtvTKiVLrQsco=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=i1ONIq6YEyWYknv7Ajgakt12hHIgL53roAiktA/kDAWpDTv1WIIepBWayy046SbzGq McZFe0Nei8s1bI/aHAx4XEcSYXyzyBz06rjeAsZg2q/ffIyWTHkGWpsKKv7weblV5YIc cbq6ExlBHV5jnFD7A957rVgczQT/O9099etNb/odf1I7bpXjJORLPiWRgAOjW1DS924b 1Hqv4IhmvShpuJyhfYRsQWCBnhqNaR5E/OcCZ8rJC2jnvcvYO8/5mvrqVCBdk12cMTSo fha3os1k+PN7kR6vHjRmg13GuqF53J9kQMxsUsN/OPsJ6jjaG9Tg/02r4LZacN+ZX5kh EUzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=k+KLlCkv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id y7-20020a634b07000000b005b9b45ba3c1si3040037pga.563.2023.11.23.23.59.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=k+KLlCkv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 1A2B680942EA; Thu, 23 Nov 2023 23:59:40 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345048AbjKXH7P (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232166AbjKXH6h (ORCPT ); Fri, 24 Nov 2023 02:58:37 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06CDC170B; Thu, 23 Nov 2023 23:58:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812723; x=1732348723; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=YrQMcIE+3fwJeUl1QCEA3wnA4x7/0zKhwJGfXTGGQIs=; b=k+KLlCkvlNLrW2KhO0POnBUiH1TB/JFFg2yq+eUoSZsgYnQIWTc/LL+t TfBwRDSE3RQVeOlkP/vcyCG8mjOdTuYiVVWEPnDC3P/8cK70SFLAIfDWi +RVjnFNI5KrgrkDVY9LBvMi9+A/XBy3gMMChe0dU8mp0UYX3U8YxpOiIT ClftX2zMRwDigJreosROd/iCRnUkMeyZe4Ui7CAYEyq/EviC+CVx1zviC 1AJnMP4+8vn95FnHjdl1XD0rgwc5+x0VCKvPBMkRsXSmrH1Op8VGathM6 um18ub8Chf8oLpqPurY0K1FcGTIckk+Be/smxu4Eh3rl0FUF6BSh8JQN3 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872303" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872303" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629810" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629810" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 07/26] x86/fpu/xstate: Warn if kernel dynamic xfeatures detected in normal fpstate Date: Fri, 24 Nov 2023 00:53:11 -0500 Message-Id: <20231124055330.138870-8-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,LONGWORDS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:40 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431467185596382 X-GMAIL-MSGID: 1783431467185596382 Kernel dynamic xfeatures now are __ONLY__ enabled for guest fpstate, i.e., none for normal kernel fpstate. The bits are added when guest FPU config is initialized. Guest fpstate is allocated with fpstate->is_guest set to %true. For normal fpstate, the bits should have been removed when initializes kernel FPU config settings, WARN_ONCE() if kernel detects normal fpstate xfeatures contains kernel dynamic xfeatures before executes xsaves. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe --- arch/x86/kernel/fpu/xstate.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index c032acb56306..d45f3e570e69 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -186,6 +186,9 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && + (mask & XFEATURE_MASK_KERNEL_DYNAMIC)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */ From patchwork Fri Nov 24 05:53:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169245 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983510vqx; Thu, 23 Nov 2023 23:59:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IERa7X+eVvTESINtF7YzA62X4XEz+olyKkFx3bJqppKQ6fs5GOEI9DrU7EL+jS0BxK9Hb5I X-Received: by 2002:a17:90b:3852:b0:281:3a2:80ee with SMTP id nl18-20020a17090b385200b0028103a280eemr1786577pjb.14.1700812781624; Thu, 23 Nov 2023 23:59:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812781; cv=none; d=google.com; s=arc-20160816; b=j6Dj1YtW2H+0OrXg8gEXWbHuai7m5fO4Vosnx0+871HGiAygDH9zrM1eb4KYPZPmRe whuicgyqdl8ESgCROyKALoSO7NtVW2hNiGzDifo7ntHI5w9wTXXxsQuvCphDk/1jkP8H 0nFVSlSQdiZ69utZbmXSzyrs4JqfMtC6PRuHsRC1Telu38VbX7kpTzHUgONT79mWOsCK +RGwxQu436eRZH6w2VcEV/JP+Egr/bcOc2CipkHvZOoCR24skkOwdKJVMm+c8FgrGLd7 vlz3c3TSAlmaOjV3kgfSSaknJarywdIQV5c06CwcHmCkgCsUTt/KOWvFmGDi7eNQFvtH l06g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hvbibyv9gMZrYN6NtBPC0XdLuEfYMUkmbOvcEPoIoV4=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=w5uEul9lPHSYDV48WO8twBHEywFEubEYPJeiV50fqeIllWz05zEdNLmtdLwKS5BGXY 9PE9oE71y6J0wfOPhF2ZISOblo5KQIFRMBjqUy387ecfqRzDZAQKLN3TV6i2ZEv1OTRC u+JrlVei4qJQXhTUfoEBpu5Gzud4GnwT3JvGsfuaGjTuva0enEOrGdZDfS1IHBpscRK4 8ih7n2g81mz1dsit/1RYYw9UH5sNz3MfXHZjSamibmxObORNkHoahUw2S37iKWthgIm9 0HwiwZ+qx/YR7Y/rb+DYDH0yLmYN98fdGDroGUUj3w4WNklMXkBgYbCqxcwTDE+ikY0u CNnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lor0KWP3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id 91-20020a17090a09e400b002852638479dsi3498268pjo.66.2023.11.23.23.59.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lor0KWP3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 5FB0783303E7; Thu, 23 Nov 2023 23:59:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345032AbjKXH7M (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232071AbjKXH6g (ORCPT ); Fri, 24 Nov 2023 02:58:36 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0ADF61731; Thu, 23 Nov 2023 23:58:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812723; x=1732348723; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PTRYAwAe8AAOFrWsNP3TkNOOKSAeaA8d5OvgMc5L7Ms=; b=lor0KWP31kE5W9nsM8bSqp0fa6z9AJ2HZ68IhATFl9HcxVStaRU5YKYA BlY3Mm05iXNR6NMc8YvqpSilyY6A51tS5WI+zf8osF6725xr5YwhoUeT1 9U3dj4PWeCNnDIO9MMBc57F+4Qb/CQYS7q5+m6J59Ylgm67CjAsCS8Z4I 88TTSN3vmqsJ0YOOxFBnC+Jp44sL31SHmkfD9yQMTC6GuhQa983QscjQL 9+V9RJGcjGrmB3mnmmf4pL9mGcLxc/4MN2ypONVfEZq75u+cgNwANKehT TQhqtNuCwIy/33NdQwiLBC9fUTBtQTSXbfvTgE8K8ufJpO583zlRfw5Hc w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872308" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872308" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629813" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629813" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 08/26] KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data Date: Fri, 24 Nov 2023 00:53:12 -0500 Message-Id: <20231124055330.138870-9-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:37 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431463430493419 X-GMAIL-MSGID: 1783431463430493419 From: Sean Christopherson Rework and rename cpuid_get_supported_xcr0() to explicitly operate on vCPU state, i.e. on a vCPU's CPUID state, now that the only usage of the helper is to retrieve a vCPU's already-set CPUID. Prior to commit 275a87244ec8 ("KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM)"), KVM incorrectly fudged guest CPUID at runtime, which in turn necessitated massaging the incoming CPUID state for KVM_SET_CPUID{2} so as not to run afoul of kvm_cpuid_check_equal(). I.e. KVM also invoked cpuid_get_supported_xcr0() with the incoming CPUID state, and thus without an explicit vCPU object. Opportunistically move the helper below kvm_update_cpuid_runtime() to make it harder to repeat the mistake of querying supported XCR0 for runtime updates. No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index dda6fc4cfae8..d0315e469d92 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -247,21 +247,6 @@ void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) vcpu->arch.pv_cpuid.features = best->eax; } -/* - * Calculate guest's supported XCR0 taking into account guest CPUID data and - * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). - */ -static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) -{ - struct kvm_cpuid_entry2 *best; - - best = cpuid_entry2_find(entries, nent, 0xd, 0); - if (!best) - return 0; - - return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; -} - static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, int nent) { @@ -312,6 +297,21 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); +/* + * Calculate guest's supported XCR0 taking into account guest CPUID data and + * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). + */ +static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 0); + if (!best) + return 0; + + return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { struct kvm_cpuid_entry2 *entry; @@ -357,8 +357,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_apic_set_version(vcpu); } - vcpu->arch.guest_supported_xcr0 = - cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); + vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); kvm_update_pv_runtime(vcpu); From patchwork Fri Nov 24 05:53:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169246 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983520vqx; Thu, 23 Nov 2023 23:59:43 -0800 (PST) X-Google-Smtp-Source: AGHT+IFn36t6tAWgb8VUmu+5M3krdcx5kMPLSOhwZvPHN243gizzdQ38s/JkTZSBhpENRLgIiolt X-Received: by 2002:a17:90a:ce81:b0:281:3a5:d2ec with SMTP id g1-20020a17090ace8100b0028103a5d2ecmr7648216pju.8.1700812782766; Thu, 23 Nov 2023 23:59:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812782; cv=none; d=google.com; s=arc-20160816; b=ZCc+h6NBHHHDEDG7ls/81Am2/54boeTdhdD/Zc26RzQ7+d5uVFjYrE6k4boWKBcWZ7 EQ//SHLonGcpAbYLtmWBpL/mSLwZ2M/DHXVAzQQ6naaIrZzzPAShyKRuJHvxA4fgm4UI +oHOpW24d79+up/R2/z/7hEvLNpaz6/AGE4FBuO2NDbflv5S3/RsLuDu9Gyl4NjwOe2O 7kptJCZsWORPnMi9wyPmPVH7mHtg82SFy8ot7kSAW8KXo7FKNqdwSGvHitcCyCZgcarb m1qvO/bGIwZv9UjeEidORkmainDkYBQFqkigV0Po7S1saFRvFhC+uZKtSCNvJBBhYi/8 4jDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7MbAx5Au/E4oqLtuqNdti1hsqnYHu8hM8lnMo5jwPoE=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=QyyY91liVTWHVH7QY+Yr0Awq6iLUuG2JsEbBEy/OezqwpIMYjAegnG3FE1A9vXZrJF gTmuMpxyeoeZgvHpvRajZ+oB0J0TmIok0UZA1hM6d9eGASGSwRKxKuoNqpUDeP0ob2Ot w4pF7lM3nVG8pDArKhe6Q+7vLhrF2uNEKrDrvybHeNpTfJE9SSMeaP3ntI9XFvvr2Y/f dlM+OK6nTZlW2p09SV+sLvjrE1VgAJY48LOvZY9t6sQg41MnnvenlzjPyka+TCH0spdu Nv0rFEZ8HaR4dQXeNQ844sBxfhSZs5kNb2xxoFGlC/Z1QCqNcxnV0e+HlwLUPEOAwHPy kUcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=klU7WTOS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id s11-20020a17090aba0b00b002801ffd08f8si2940994pjr.51.2023.11.23.23.59.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=klU7WTOS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id CDD5C81E020F; Thu, 23 Nov 2023 23:59:41 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345105AbjKXH7V (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235191AbjKXH6j (ORCPT ); Fri, 24 Nov 2023 02:58:39 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF6BB1736; Thu, 23 Nov 2023 23:58:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812724; x=1732348724; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+zVTw2NMqAsR3RP45H+LXwxmk3uDyVsGEKOnqyimkHw=; b=klU7WTOSIRweKZ851phUD+TOl3Mx3H1VkNZZHgu5suvQXQ68rcypZk7r HfDJ9CgX9hKfpZDE+ziRRLRtLFJc3O7XnCjTS9LsY/fpfmMWda/WnuGtl pN4hLKYqhF0CZTW6crtil1V4egMpQldSszWJLb8/SazjrcpIXr6KsBRCy XG0L3zQnuAaQXmu8/QC6RvXPpwU9CrxCZULvq/rRcPDU5AK8hp5SQ06mj npSnF/yt5TrRvtqcaSFDEhtr33cYlK7Wa+C3ssAxzT9JBrdb6O90ug1bH +KzZf2fO/iLg2JwTX1OUzzcWD6zEnX+mkk8d/qodiHSiJvBFw03OIR752 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872314" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872314" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629817" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629817" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:37 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 09/26] KVM: x86: Rename kvm_{g,s}et_msr() to menifest emulation operations Date: Fri, 24 Nov 2023 00:53:13 -0500 Message-Id: <20231124055330.138870-10-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:41 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431464341465332 X-GMAIL-MSGID: 1783431464341465332 Rename kvm_{g,s}et_msr() to kvm_emulate_msr_{read,write}() to make it more obvious that KVM uses these helpers to emulate guest behaviors, i.e., host_initiated == false in these helpers. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 4 ++-- arch/x86/kvm/smm.c | 4 ++-- arch/x86/kvm/vmx/nested.c | 13 +++++++------ arch/x86/kvm/x86.c | 10 +++++----- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index d7036982332e..5cfa18aaf33f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1967,8 +1967,8 @@ void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu); void kvm_enable_efer_bits(u64); bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer); int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated); -int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data); -int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data); +int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); +int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu); int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu); int kvm_emulate_as_nop(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index dc3d95fdca7d..45c855389ea7 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -535,7 +535,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, vcpu->arch.smbase = smstate->smbase; - if (kvm_set_msr(vcpu, MSR_EFER, smstate->efer & ~EFER_LMA)) + if (kvm_emulate_msr_write(vcpu, MSR_EFER, smstate->efer & ~EFER_LMA)) return X86EMUL_UNHANDLEABLE; rsm_load_seg_64(vcpu, &smstate->tr, VCPU_SREG_TR); @@ -626,7 +626,7 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) /* And finally go back to 32-bit mode. */ efer = 0; - kvm_set_msr(vcpu, MSR_EFER, efer); + kvm_emulate_msr_write(vcpu, MSR_EFER, efer); } #endif diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index c5ec0ef51ff7..2034337681f9 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -927,7 +927,7 @@ static u32 nested_vmx_load_msr(struct kvm_vcpu *vcpu, u64 gpa, u32 count) __func__, i, e.index, e.reserved); goto fail; } - if (kvm_set_msr(vcpu, e.index, e.value)) { + if (kvm_emulate_msr_write(vcpu, e.index, e.value)) { pr_debug_ratelimited( "%s cannot write MSR (%u, 0x%x, 0x%llx)\n", __func__, i, e.index, e.value); @@ -963,7 +963,7 @@ static bool nested_vmx_get_vmexit_msr_value(struct kvm_vcpu *vcpu, } } - if (kvm_get_msr(vcpu, msr_index, data)) { + if (kvm_emulate_msr_read(vcpu, msr_index, data)) { pr_debug_ratelimited("%s cannot read MSR (0x%x)\n", __func__, msr_index); return false; @@ -2649,7 +2649,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) && kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu)) && - WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, + WARN_ON_ONCE(kvm_emulate_msr_write(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, vmcs12->guest_ia32_perf_global_ctrl))) { *entry_failure_code = ENTRY_FAIL_DEFAULT; return -EINVAL; @@ -4524,8 +4524,9 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, } if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) && kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu))) - WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, - vmcs12->host_ia32_perf_global_ctrl)); + WARN_ON_ONCE(kvm_emulate_msr_write(vcpu, + MSR_CORE_PERF_GLOBAL_CTRL, + vmcs12->host_ia32_perf_global_ctrl)); /* Set L1 segment info according to Intel SDM 27.5.2 Loading Host Segment and Descriptor-Table Registers */ @@ -4700,7 +4701,7 @@ static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu) goto vmabort; } - if (kvm_set_msr(vcpu, h.index, h.value)) { + if (kvm_emulate_msr_write(vcpu, h.index, h.value)) { pr_debug_ratelimited( "%s WRMSR failed (%u, 0x%x, 0x%llx)\n", __func__, j, h.index, h.value); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2c924075f6f1..b9c2c0cd4cf5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1973,17 +1973,17 @@ static int kvm_set_msr_with_filter(struct kvm_vcpu *vcpu, u32 index, u64 data) return kvm_set_msr_ignored_check(vcpu, index, data, false); } -int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data) +int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data) { return kvm_get_msr_ignored_check(vcpu, index, data, false); } -EXPORT_SYMBOL_GPL(kvm_get_msr); +EXPORT_SYMBOL_GPL(kvm_emulate_msr_read); -int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data) +int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data) { return kvm_set_msr_ignored_check(vcpu, index, data, false); } -EXPORT_SYMBOL_GPL(kvm_set_msr); +EXPORT_SYMBOL_GPL(kvm_emulate_msr_write); static void complete_userspace_rdmsr(struct kvm_vcpu *vcpu) { @@ -8329,7 +8329,7 @@ static int emulator_set_msr_with_filter(struct x86_emulate_ctxt *ctxt, static int emulator_get_msr(struct x86_emulate_ctxt *ctxt, u32 msr_index, u64 *pdata) { - return kvm_get_msr(emul_to_vcpu(ctxt), msr_index, pdata); + return kvm_emulate_msr_read(emul_to_vcpu(ctxt), msr_index, pdata); } static int emulator_check_pmc(struct x86_emulate_ctxt *ctxt, From patchwork Fri Nov 24 05:53:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169244 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983485vqx; Thu, 23 Nov 2023 23:59:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IFwIgjZvJkRF8LwNMbiU4ArEFNMfv07xZW5UvlhrrLenA75wg6jImKbu+Mx8oj3sfOyiVXl X-Received: by 2002:a17:902:a401:b0:1cf:531c:f5da with SMTP id p1-20020a170902a40100b001cf531cf5damr1612203plq.60.1700812779732; Thu, 23 Nov 2023 23:59:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812779; cv=none; d=google.com; s=arc-20160816; b=r/ks78/YPptmlZsBHsqsgViuCdxFVGA9n5krnJEPk0xHUOdFXZOD2XzovEUojjx7dZ hQ60Uk6R0fq7hv4H/ONFX4YKBVf1LWsLi6xa609FWK7L1EQuoSqERM33fgPr/7Xj0IsP ck0lPbClNgh6lsPhnogcmmzPCNShnk51lxyHywpME1THEwUWK8epwGF+hYVlbd+4V+yT /EMW5nuaet6poQ3nE/S0q3z7MU5N+jfcJOrvy/I8LidKNDpm/7C/Li/jllRw70q85wtU oHH2pd8ieqN4kVmazgurchBcIJ6BetAC2WStDzFTgfWt2dUGQ0oCcm7ikvzwywoRmv3e kL1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8zr9erBg9e1do8EQZqJOyrVFsptfkPA75bbip6SVJ5A=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=PdOWLxIIhDZDeYSg1rsNc+uhgaztciGhYijzBjZrLwgN/Cw0Exr8nrnx8vQKrJ3TI8 Gjcn4fgtvRmFgZybcMTQkBrzhAgSLAjuRDB3GoGiO+WG48fG2f65/+n8VxEANXAnLwsv w3Ne2t+bDXWoPwyTt9vZFqxL5HGD2dFl5yFHQ9OKRKlglLlKvi7yiuSIzylAZovuHGgi sYVQljj7cteXylzJj/CYswq4SigysQ7oSO3HrSD5dh23u+ULkeKclV2LCEvQfqsg6QSa 8NrBeq4xZiev1/W0Pt6+ccozkFrs5NP7WYC2EWWF1dfW9YFfofG+4Ww9t/XRiIpX8NhC ZfxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=idHEpzN5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id lv6-20020a1709032a8600b001cc55215729si3080658plb.363.2023.11.23.23.59.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=idHEpzN5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 9F24783303D8; Thu, 23 Nov 2023 23:59:36 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345072AbjKXH7R (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235132AbjKXH6i (ORCPT ); Fri, 24 Nov 2023 02:58:38 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF1BE1710; Thu, 23 Nov 2023 23:58:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812724; x=1732348724; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hoo4Iwqu83bRaL99m4ilvZ+WdOV6DreLDSnH/3fxOIs=; b=idHEpzN51+O7s0Wil+apR1RyXame7o6nVIkOi8n3PvFSY8bnZVHmFZe2 bMjPK8RQlLYpGBi8aB+WIj7kygbay63JKGL3zD/fpZMzQV+KwRi0UVN4m CWTwxLRxgVuitfj0TAbVOzlSmMehReDz0A41mkjQ26sxFsOWWqpAVqnmt 8EbBkBrXs86lhSJcIPXYF+emNcrA+wnVUUR1eU1X9aQy5KdkQpgiq5Ws+ FuspsKgO6gob6k2a0tLkC1zxxkcGBSLJz5p7Areytzr5nDJ7lFPmWZrpR zGEEuZ0Ml80RvBsyjUt8j1o4KpgHpT42k9A4wkPQpW4PCiqj8e9jZFcyJ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872319" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872319" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629820" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629820" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:38 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 10/26] KVM: x86: Refine xsave-managed guest register/MSR reset handling Date: Fri, 24 Nov 2023 00:53:14 -0500 Message-Id: <20231124055330.138870-11-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:36 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431461421961153 X-GMAIL-MSGID: 1783431461421961153 Tweak the code a bit to facilitate resetting more xstate components in the future, e.g., adding CET's xstate-managed MSRs. No functional change intended. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b9c2c0cd4cf5..16b4f2dd138a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12132,6 +12132,11 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) static_branch_dec(&kvm_has_noapic_vcpu); } +static inline bool is_xstate_reset_needed(void) +{ + return kvm_cpu_cap_has(X86_FEATURE_MPX); +} + void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) { struct kvm_cpuid_entry2 *cpuid_0x1; @@ -12189,7 +12194,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) kvm_async_pf_hash_reset(vcpu); vcpu->arch.apf.halted = false; - if (vcpu->arch.guest_fpu.fpstate && kvm_mpx_supported()) { + if (vcpu->arch.guest_fpu.fpstate && is_xstate_reset_needed()) { struct fpstate *fpstate = vcpu->arch.guest_fpu.fpstate; /* @@ -12199,8 +12204,12 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) if (init_event) kvm_put_guest_fpu(vcpu); - fpstate_clear_xstate_component(fpstate, XFEATURE_BNDREGS); - fpstate_clear_xstate_component(fpstate, XFEATURE_BNDCSR); + if (kvm_cpu_cap_has(X86_FEATURE_MPX)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_BNDREGS); + fpstate_clear_xstate_component(fpstate, + XFEATURE_BNDCSR); + } if (init_event) kvm_load_guest_fpu(vcpu); From patchwork Fri Nov 24 05:53:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169251 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983894vqx; Fri, 24 Nov 2023 00:00:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IE7ApvAFpIkVhHfR/ttaOmQTXiXBBr/cT1+nysFZWLe9ewmYuSQzC2BZorsge8vgJKi4eQ0 X-Received: by 2002:a05:6a20:2584:b0:18b:8744:229f with SMTP id k4-20020a056a20258400b0018b8744229fmr2677809pzd.34.1700812818821; Fri, 24 Nov 2023 00:00:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812818; cv=none; d=google.com; s=arc-20160816; b=LT6i0Ait8dt2ex5oChjvZZvdmtAbdQTS5e8QPHG0GNzsz8nwH3et+4xPZHrzyNSsd5 /sT9xGXIegyXlZG+n0HCWpkaXjnBvPojQf5fe2S5PQeU4PB4nD9mSxY1JC7v5fMdVv1R ql4a4W0EAsOLP27p7Ql+KysKpg2dD8Lt175DjGTXie2FdRB2qCYZEPHa5Jq48YOptB4R DmGvv4cO7pXOj7FM33Sd5ypPVjxbgz8KFs2vXcUeXtHyykMFonShfBAxcAQhm0vJGg2c CDSC6bAtsT58/KVe6iMiIb2oD04z/3NZkXbya7zCP35hdp1vp0Ri6AliFsT7QlrVbA5v p2Gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hxhFoIzL5B3lFJKkL63T0AfTyoGpN2FLwsVuE3I5vWg=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=MiXx1xRteQQyZYN+JRJRtVdKgrMbVvfSYdniIY8tfqtWBSQNnmbmm+jhxZuQGfMM7v qY5LAONqyDm756X9vxBXN1V4gAHadopDTaXiC5MEwzEicOe02uMFmGy1E3XaWHcmXv0f ibWKMu5hErDeHZFEGKoNn2HYxr2lXXWUo6mBIVnZSrsq/v1WxmlYzGelUo0b1BNot2p9 i08RXMaA5Hs8Iv4pYe9a9nVuWUG6kTdPX0qfP82L6TCeq8jt0BKeoL9K6yG4uFoYcDZZ +rW6fWNn9E88EDMSCdghEeizUJuSeQDmwjPv8J6uscrbP8B9FJ7yEWLIms7q+62OCEy7 Ce8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JH021q2K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id x93-20020a17090a6c6600b0027d60ad5caesi3012900pjj.110.2023.11.24.00.00.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:00:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JH021q2K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 1352B8057456; Fri, 24 Nov 2023 00:00:03 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345028AbjKXH7Y (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235193AbjKXH6j (ORCPT ); Fri, 24 Nov 2023 02:58:39 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEA391713; Thu, 23 Nov 2023 23:58:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812725; x=1732348725; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=wQvcCylHnrueW5gPTzTAm+10cFIKd7adj3OOmAizjnY=; b=JH021q2K+w10s862vrm8dxP/Q7b2tF04TdqeuKzI6ZVL0nFEE8IyLyHs Coq/6JSa0d6H6+v+QaBGqXZ9oSiMvpqbaBGVF/qhqstuqmag7tuOqbJ62 NMLbig7tz77h+vBMadDTcxLMRcBi8myxeRUve3XtVB1hzCNQ/Mky9clya XI5oH4FqvMMEtekubCrr/Zup4B+FQJn2oKpCDanR4Hj58nAbB+hrfxJ2Y RbKeDFs1j1K5aZkplYKsemFTvQWFRiiaGiQmhHxtQam/N+xdbZwzXeRtA vdK5H9qyXHAjTSf2UaZA7Iwl5vZEuDiTTkxuXfpYUJR21GcN0MeTixg1u w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872326" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872326" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629823" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629823" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:38 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 11/26] KVM: x86: Add kvm_msr_{read,write}() helpers Date: Fri, 24 Nov 2023 00:53:15 -0500 Message-Id: <20231124055330.138870-12-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:03 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431501936585827 X-GMAIL-MSGID: 1783431501936585827 Wrap __kvm_{get,set}_msr() into two new helpers for KVM usage and use the helpers to replace existing usage of the raw functions. kvm_msr_{read,write}() are KVM-internal helpers, i.e. used when KVM needs to get/set a MSR value for emulating CPU behavior, i.e., host_initiated == %true in the helpers. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/x86.c | 16 +++++++++++++--- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 5cfa18aaf33f..499bd42e3a32 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1966,9 +1966,10 @@ void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu); void kvm_enable_efer_bits(u64); bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer); -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated); int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu); int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu); int kvm_emulate_as_nop(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index d0315e469d92..0351e311168a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1527,7 +1527,7 @@ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, *edx = entry->edx; if (function == 7 && index == 0) { u64 data; - if (!__kvm_get_msr(vcpu, MSR_IA32_TSX_CTRL, &data, true) && + if (!kvm_msr_read(vcpu, MSR_IA32_TSX_CTRL, &data) && (data & TSX_CTRL_CPUID_CLEAR)) *ebx &= ~(F(RTM) | F(HLE)); } else if (function == 0x80000007) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 16b4f2dd138a..360f4b8a4944 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1917,8 +1917,8 @@ static int kvm_set_msr_ignored_check(struct kvm_vcpu *vcpu, * Returns 0 on success, non-0 otherwise. * Assumes vcpu_load() was already called. */ -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, - bool host_initiated) +static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, + bool host_initiated) { struct msr_data msr; int ret; @@ -1944,6 +1944,16 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, return ret; } +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data) +{ + return __kvm_set_msr(vcpu, index, data, true); +} + +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data) +{ + return __kvm_get_msr(vcpu, index, data, true); +} + static int kvm_get_msr_ignored_check(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated) { @@ -12224,7 +12234,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) MSR_IA32_MISC_ENABLE_BTS_UNAVAIL; __kvm_set_xcr(vcpu, 0, XFEATURE_MASK_FP); - __kvm_set_msr(vcpu, MSR_IA32_XSS, 0, true); + kvm_msr_write(vcpu, MSR_IA32_XSS, 0); } /* All GPRs except RDX (handled below) are zeroed on RESET/INIT. */ From patchwork Fri Nov 24 05:53:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169250 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp983655vqx; Thu, 23 Nov 2023 23:59:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IFERAe/8/ScdSF/P6kDl90up+gjLepjbxG4VZt2eHnHS22m9CESGvxifFSHVn+hgAL7zKT8 X-Received: by 2002:a05:6a20:4303:b0:18b:4225:9967 with SMTP id h3-20020a056a20430300b0018b42259967mr2490860pzk.22.1700812799386; Thu, 23 Nov 2023 23:59:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812799; cv=none; d=google.com; s=arc-20160816; b=o5thy8ury4j+WMzde5hPtFxMifwa2rX1uOBeQ12qXnctEujSe3T/fQglFs2Hb1AvLZ qh5zuiS267j9+o36dsPDnTpPIm1uTKuIueD4dq67TWpUqz9EeH/4SgigY4lu+67d/7aD qim0s8cdJEPGE6NMfi4rI7dfReEQ2uTvvh9KfzI28uuQSKsu5oeQGUN7w2AqunSUJhWV VrQCvVwVPuLdp1xB6euVoC4ZRhgcKJDfgL+EYk+rPn8DQm+0mI33EJvdW6EcBweWWrOj 6V0hyX+su7Ft656D05n+6o2K9/MjJtgpJFJ0aVJVICcTZhgWEnHF8PutCb+v/Wu16u0P 2KLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pMTjECMh8fr+g7bhxi2VAadyjoT2T1sc/tGViCHcWnA=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=gt42pAONdaZzOJByTBuObcAbbrcFL3kJF3LabS77/WCgEzm3GIogQwkMCtMTpw+dMp i12FOKJkPvpMtUEeMuOozX5IHE0lX0pPIk+Wkuv7HdyWf6o324F//XGDlc5aTrg+v38B zPBkNGxWfhPzkiHbRQ0nROpOqsUl5qORwlxa6FRqEQxAesEaLfGOS4yx3/yd8mHNMvkB MxwvFOcU9ycaYwZV7UuETHv7L3dXtSpywICEUQi0ozN7skTpZUd0JUz8z5qedgHwyPxz MI6e7TQfrF3sCJpFr2ty0zTFpU1MdE+U3bH6kC/uKu/K4AZ3OWjki06oreEMEI4FDRRJ dYTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BvfzpAqK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id r2-20020aa79882000000b006cb82bb5252si2891056pfl.393.2023.11.23.23.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 23:59:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BvfzpAqK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id E34BE80687C4; Thu, 23 Nov 2023 23:59:55 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345201AbjKXH7l (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232631AbjKXH6j (ORCPT ); Fri, 24 Nov 2023 02:58:39 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFB4A10F6; Thu, 23 Nov 2023 23:58:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812725; x=1732348725; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5NwdFWB8PYqE9sGf4NOEiLQEKXylN+xEDDw+kzJt/SQ=; b=BvfzpAqKXlFPm/yaTspJK3HzWJgd/tkCjhIx3LP7Lkq0OOyuA6vyB1yi ybavQSg41I+2osqGuwqIdVcuG88lvkhZkRgJtQEE4Td7sOl9YuHMqeIeS Jp/cwAsw6Uf8vW9eusCL7srgTe45dI3rjp+HEuJD2+ANtN9UrTNYJLsVQ ZZOwODip4CVINxXIwStSQhte1NPlabuP9Suw3FwisvpRFc3W/Mwb0BPDg l6TaWyqUOTUr/WIkX1kmNUNo3Y3QqpkkXGEp2+6Uji26n93ztRmwimU6Q OaF6ZxX+o3nfPK+bP8jcl6m33YTv6ezw76qMMqOc+a7ehDRPET/yBBING Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872334" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872334" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629826" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629826" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 12/26] KVM: x86: Report XSS as to-be-saved if there are supported features Date: Fri, 24 Nov 2023 00:53:16 -0500 Message-Id: <20231124055330.138870-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 23 Nov 2023 23:59:55 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431481508521636 X-GMAIL-MSGID: 1783431481508521636 From: Sean Christopherson Add MSR_IA32_XSS to list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Before enabling CET virtualization series, guest IA32_MSR_XSS is guaranteed to be 0, i.e., XSAVES/XRSTORS is executed in non-root mode with XSS == 0, which equals to the effect of XSAVE/XRSTOR. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 360f4b8a4944..f7d4cc61bc55 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1464,6 +1464,7 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_UMWAIT_CONTROL, MSR_IA32_XFD, MSR_IA32_XFD_ERR, + MSR_IA32_XSS, }; static const u32 msrs_to_save_pmu[] = { @@ -7317,6 +7318,10 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR)) return; break; + case MSR_IA32_XSS: + if (!kvm_caps.supported_xss) + return; + break; default: break; } From patchwork Fri Nov 24 05:53:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169264 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp985180vqx; Fri, 24 Nov 2023 00:02:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IHcmq8/6DuBbprckzM1IzG7wMxC6xrj0nQdCCC/bPdMlSce/KOgCe/dOyrUNFJaB9CevUie X-Received: by 2002:a05:6830:6b42:b0:6d6:4805:45aa with SMTP id dc2-20020a0568306b4200b006d6480545aamr2181527otb.8.1700812920884; Fri, 24 Nov 2023 00:02:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812920; cv=none; d=google.com; s=arc-20160816; b=1B0AwuNvhpYKn87wbUkOHjfrsynnhQ4V93+EFtQQQ4Rorv0fCCp3WnoHyX9Rzlmhj0 9IJyzKI+YodfTLT2SxumZ64A8cmuMOfxVEQkiBeNAwKDx2QwSB7yi/n6ym/uGCttqRLD KjoaMvopEEPw1vSFwODG9CpyRYB4EYSTGYMvGq1OuLKqj2Qf5ajlIn5Ai5TBDvQQVAwJ ciF2rsi7Y/MzIIZFId6/inQ3KvaNBJcEgl6C3lbO1SEzBOa4kCa7IIGyzHZmc+RcCbJc sljBezLoAYfzb+/7TPPL9ysOttFq/G/ZD9rymNfNOFSZlTOCn8KJZALIDgn05eUyjshx Cf4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tBAXh4Ur2ue6ghbG3n0MNDDdVum9qCudSovqGUkgF1M=; fh=GH5waOuli6h9Set3ggYc/VU0NXbCWcgfIqnPtXKiONQ=; b=gx6ihF3rE5qivDr7lYNy+sPU+liZIw/jHQCKZqn7Ps+SvkkB1TcpqR8N+u5IVBJwTd EOETZSyS3zJROwVTEs/nZe1vHa3u5p3Znsh/nODKS8I/yo5sg7G2YA4W+I4J0XseglRc 0wDCNYYf//bv0GuYZzfFg1iqMbaxfV0WsB1GWsBgpyjyQl39vMzZStlefc6eAVE6aNGm PeD4WuLe2rylsl+ayDfqnLsoP56tMZGrZ4UkXGgQvs3GLT91C/iGw47SXrQNcZOt4TXh OmdNITwNmDgXTZ1/ZP/2S1ytjHJeWCQ901857db1/LvF7wcIExZvygPVEylIyfSICACW lXeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="gZiSVb/e"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id w24-20020a056830145800b006d7f6663071si1086947otp.240.2023.11.24.00.02.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:02:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="gZiSVb/e"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 44AF4808EF42; Fri, 24 Nov 2023 00:00:49 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345066AbjKXH7q (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232516AbjKXH6j (ORCPT ); Fri, 24 Nov 2023 02:58:39 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2503310E5; Thu, 23 Nov 2023 23:58:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812726; x=1732348726; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jVspOmCjg1McK1b3XG5KaxcWZtyy3fHwRn/aLy9fqlo=; b=gZiSVb/eJLERdZxx0/7iO0dENOirLCU5mgdVBx+a0PIaIfMWODmg7LTh ThNp5b8Qw4/66zNwey7p20y3Rm5FP3wZG7ss9U9iN7P2yQVHSzDvgPjb5 s82rQaOaoo1m2NJbfDGB3FmImBaSFxuXc+4wz18DMtWgUkMw2ECYg+qbe GAs8E5pI5VeM/Axyr/wybILa0XXAk6L29Yarxg7iokHB6ImKi2ok/MRFS +YcUB66TRl3amrZxrJx17BbKQCj40a7hJgy9xEy9OqKH8AAHpXi/Err6b 3pgEZ1ikp4ol4hAFB21J6qyUJvVTyBBOlgkP9O6BOozccF8XOhuh7J0vt w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872343" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872343" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629830" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629830" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v7 13/26] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Date: Fri, 24 Nov 2023 00:53:17 -0500 Message-Id: <20231124055330.138870-14-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:49 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431609545772574 X-GMAIL-MSGID: 1783431609545772574 Update CPUID.(EAX=0DH,ECX=1).EBX to reflect current required xstate size due to XSS MSR modification. CPUID(EAX=0DH,ECX=1).EBX reports the required storage size of all enabled xstate features in (XCR0 | IA32_XSS). The CPUID value can be used by guest before allocate sufficient xsave buffer. Note, KVM does not yet support any XSS based features, i.e. supported_xss is guaranteed to be zero at this time. Opportunistically modify XSS write access logic as: If XSAVES is not enabled in the guest CPUID, forbid setting IA32_XSS msr to anything but 0, even if the write is host initiated. Suggested-by: Sean Christopherson Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c | 15 ++++++++++++++- arch/x86/kvm/x86.c | 16 ++++++++++++---- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 499bd42e3a32..f536102f1eca 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -756,7 +756,6 @@ struct kvm_vcpu_arch { bool at_instruction_boundary; bool tpr_access_reporting; bool xfd_no_write_intercept; - u64 ia32_xss; u64 microcode_version; u64 arch_capabilities; u64 perf_capabilities; @@ -812,6 +811,8 @@ struct kvm_vcpu_arch { u64 xcr0; u64 guest_supported_xcr0; + u64 guest_supported_xss; + u64 ia32_xss; struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0351e311168a..1d9843b34196 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -275,7 +275,8 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_e best = cpuid_entry2_find(entries, nent, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) - best->ebx = xstate_required_size(vcpu->arch.xcr0, true); + best->ebx = xstate_required_size(vcpu->arch.xcr0 | + vcpu->arch.ia32_xss, true); best = __kvm_find_kvm_cpuid_features(vcpu, entries, nent); if (kvm_hlt_in_guest(vcpu->kvm) && best && @@ -312,6 +313,17 @@ static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } +static u64 vcpu_get_supported_xss(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 1); + if (!best) + return 0; + + return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { struct kvm_cpuid_entry2 *entry; @@ -358,6 +370,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) } vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); + vcpu->arch.guest_supported_xss = vcpu_get_supported_xss(vcpu); kvm_update_pv_runtime(vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f7d4cc61bc55..649a100ffd25 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3901,20 +3901,28 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.ia32_tsc_adjust_msr += adj; } break; - case MSR_IA32_XSS: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) + case MSR_IA32_XSS: { + /* + * If KVM reported support of XSS MSR, even guest CPUID doesn't + * support XSAVES, still allow userspace to set default value(0) + * to this MSR. + */ + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES) && + !(msr_info->host_initiated && data == 0)) return 1; /* * KVM supports exposing PT to the guest, but does not support * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than * XSAVES/XRSTORS to save/restore PT MSRs. */ - if (data & ~kvm_caps.supported_xss) + if (data & ~vcpu->arch.guest_supported_xss) return 1; + if (vcpu->arch.ia32_xss == data) + break; vcpu->arch.ia32_xss = data; kvm_update_cpuid_runtime(vcpu); break; + } case MSR_SMI_COUNT: if (!msr_info->host_initiated) return 1; From patchwork Fri Nov 24 05:53:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169253 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984310vqx; Fri, 24 Nov 2023 00:00:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IFxjdC4NgL+KCyKdvsR91vxcYgjPascbeu/sAuGsKzaN9hReFY6waixEjO+bEmOSAQy/7bj X-Received: by 2002:a05:6a20:9384:b0:186:1781:d660 with SMTP id x4-20020a056a20938400b001861781d660mr2905845pzh.6.1700812848775; Fri, 24 Nov 2023 00:00:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812848; cv=none; d=google.com; s=arc-20160816; b=QWlrruTIhwaOgsKNXe4FnH9axxIaJkLMPF0rOzvahlMHQwUcWsKqaLx6QOlNKa8wAb VBbxiE+44pK1w7ELKsFclxIwCpEfHW0t0xPLTeaH+5rz+bfdE9iBqob9IeX13mliDffb jXBmp//YRuG0hOXsRl09bczpnOrsELL6wUSBWiHUDiYmJT7AJKRxeaUE4dbetUEpnYvv ti7AJU5ek0d+PapxLf1ONPPglcfMLoXWiNTDxQU8CevwvmJV8Hv4E1KB3XgWjgVKEfob 4ZuHnpF2g59R0jjmqCItPMKqKDtAx81AG6SM6+LcIlcI56Aiaj5g7ccfPmr2flfeitqN EPrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=s9ldnL7UJ/m3RDer8AlJ8NxbL6SoJg8DwiKAsIKns/w=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=zvoWOgC0QA4y83+BT0ndHFz2kYAnIVtXzDDLkNCjIQiGdkVkbgK25TYU+3aIHPWyV1 uuuvINDos20Tzog21Dq7x7gK/YXY/gkeVGk2SS/RN4yX7EHkf2JtF3ZHGFrnnWffLZmT IitK4LhgWGZ/e2YQfgLv5jUwi6czD0SaRqeiNqYk01ZzQtBSq6Nf8zlrUBaQxGAqtxAb bIIcUhdZtOUFG1XHZab8uA4GP00klVc/y5Kbnj6LIEW9mqCTPPtuDnO/9PY3stjmxVA5 3ODL9d//A+1pP2rmfaLpgFQL+jP5KM4qfP6ZOxl0zqX1AYCU26rO56nSBSHrE0us8fN4 3D8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=V2xod0SJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id o21-20020a635a15000000b005b92b048254si3118342pgb.201.2023.11.24.00.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:00:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=V2xod0SJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 1C9098057468; Fri, 24 Nov 2023 00:00:38 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344829AbjKXH7t (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232704AbjKXH6k (ORCPT ); Fri, 24 Nov 2023 02:58:40 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 854E2171C; Thu, 23 Nov 2023 23:58:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812726; x=1732348726; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=o7Q8vACzYsvmsuFlLqVPtKWMbZRZEtypQnXnoxhwti0=; b=V2xod0SJYobbltGEq5SZmkHQZxQIHrpVWK/FQ3PclOsWhxde5lmV3byp l0lLsgEvxC+kTk60MqAa57kCaEaJyNy+CvO2hcsepW+qAdN2w5qrBJjYM idyY962AEaj7rXJHdtYK5Z7/C9Xt6IZblhC1cZ59eaRDGHP/JaAAIH/9m PHK8SqT9luKECPFcFr6gBHiDvDEMJ999HXeKhP5mA5hyCo8b1Ucf72Hme FNhcKK9GdDGuhm5X5vEfrperefWL2NL3cUQPaw5sMH18B7L4rgl+38Svh Qn5jqin2kiZLlLXeBInAQhRb1o475A5zeHM4EX+6CXcI3YChpdrxK8xH/ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872350" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872350" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629834" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629834" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:39 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 14/26] KVM: x86: Initialize kvm_caps.supported_xss Date: Fri, 24 Nov 2023 00:53:18 -0500 Message-Id: <20231124055330.138870-15-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:38 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431534097717469 X-GMAIL-MSGID: 1783431534097717469 Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if XSAVES is supported. host_xss contains the host supported xstate feature bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM enabled XSS feature bits, the resulting value represents the supervisor xstates that are available to guest and are backed by host FPU framework for swapping {guest,host} XSAVE-managed registers/MSRs. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 649a100ffd25..607082aca80d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -226,6 +226,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) +#define KVM_SUPPORTED_XSS 0 + u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9648,12 +9650,13 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); kvm_caps.supported_xcr0 = host_xcr0 & KVM_SUPPORTED_XCR0; } + if (boot_cpu_has(X86_FEATURE_XSAVES)) { + rdmsrl(MSR_IA32_XSS, host_xss); + kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + } rdmsrl_safe(MSR_EFER, &host_efer); - if (boot_cpu_has(X86_FEATURE_XSAVES)) - rdmsrl(MSR_IA32_XSS, host_xss); - kvm_init_pmu_capability(ops->pmu_ops); if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) From patchwork Fri Nov 24 05:53:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169265 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp985149vqx; Fri, 24 Nov 2023 00:01:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IH1ZSTpyOUH7s94mDpVUxJHA/q4PB/j1YGf5iP9201YapigMBEqt5oBq2Hbf2DZzmupF6pM X-Received: by 2002:a05:6a20:258c:b0:186:58d6:ca65 with SMTP id k12-20020a056a20258c00b0018658d6ca65mr2633523pzd.32.1700812918268; Fri, 24 Nov 2023 00:01:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812918; cv=none; d=google.com; s=arc-20160816; b=Wqqfb7K5rcpmYZQWw3Sn8JrKJ2rw+Dcgm9kk+LUFGKTow9Bc7FgMmgWgdTpkfPfXBk abT3nsBE/eQilin3ugFO/203kQxXXan8BqXehIToHg4VcQ7ChmuFGyjwAOP25uW5tItF 016OLLWZWDZkqoiz6cjqtivYI15Xw4X9YqOPqGkZWTEBAF+5xjBnrhmy9Q9pgH+awvhN /tz7LewBDrWg548MExHRTpfPYoksWKcRG/2ihVEOz8jcVTbrq2SJbYVZkuLEwTAXXD/f hvHAA/fB4mtjteOV7enC6pKCvhysJYJCxeSqPCCfFT7RZTaUQqgjZhHAL6rIxNeXapKz iWnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RRbkJkdyp/wrXeiT7l4qb3FaJbPDEdmuYXMzaTdBJcg=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=lRmSVKPKiN1cq2oMO80D0cVte5kEpleNGBkxTv6CtrPZN4T1UQgxPSOdzOdUsgFsBo vFnRpTKWB3DNuDUuxZqwjHT9PN44QRh1mrnofuaJwFDpxJK3fuOuARJcujo7Aek2d13W bztUYExvS/KEsHmsWMwF2BooWKDgNvBf5qNURIOUCVi7Y2t9wRJ3ASiVPwSvrwYV6/RK Qy+tjxGgfM5S6CiFET59H8eksNGsPERfMAWOe7fVvrWYCyAToXtahJCA64BMfR7RNZ92 UMW1aPcAskNVUk2t9YQ7hj5vkRK1l8IrzufDCtLm1QBzfQqkQKT4ZSfyFTclh1H5QKXB avDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iYEWjjAu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id y12-20020a056a00180c00b006cb4d22a272si3168868pfa.48.2023.11.24.00.01.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iYEWjjAu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 301F0806BE09; Fri, 24 Nov 2023 00:01:46 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344912AbjKXIAJ (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229705AbjKXH6l (ORCPT ); Fri, 24 Nov 2023 02:58:41 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 639CB172A; Thu, 23 Nov 2023 23:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812727; x=1732348727; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/jps8O3J9tj+Drgl/U7yfUEGIelR5fxrqFXNDYPm5Wc=; b=iYEWjjAuFzjozj4zeL1H9mpqP+EHVWpIvzOSGfP00CtPKDL1PJCaCBos uVtf3redspe+8aC+3581zLB0RPmjv3T69RcDJW12HKhdUWBF2+QcQ+zfC BjYkAXMfditk2UFZgyDe3dFFf3Eh9mPV+RjHKnlfyMfC6mxnPx0OdKKrz mbDPSaKDDAywOA7EPJpa9aNr9+0R20aOTsSiBtLHytxXpRTSd9zFvdIUd VLxMcgj5/Bfii3CI/nmj5SQIj0LiBdBbmnG4u7B2rnH64+R/D8y0YrocJ hlaq6yT5xgB+rERS14owwGeQxn9yYDJ6iqATdcJHscv9Ij3wQS18X6cVe Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872356" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872356" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629837" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629837" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:40 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 15/26] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Date: Fri, 24 Nov 2023 00:53:19 -0500 Message-Id: <20231124055330.138870-16-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:46 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431606382037287 X-GMAIL-MSGID: 1783431606382037287 From: Sean Christopherson Load the guest's FPU state if userspace is accessing MSRs whose values are managed by XSAVES. Introduce two helpers, kvm_{get,set}_xstate_msr(), to facilitate access to such kind of MSRs. If MSRs supported in kvm_caps.supported_xss are passed through to guest, the guest MSRs are swapped with host's before vCPU exits to userspace and after it reenters kernel before next VM-entry. Because the modified code is also used for the KVM_GET_MSRS device ioctl(), explicitly check @vcpu is non-null before attempting to load guest state. The XSAVE-managed MSRs cannot be retrieved via the device ioctl() without loading guest FPU state (which doesn't exist). Note that guest_cpuid_has() is not queried as host userspace is allowed to access MSRs that have not been exposed to the guest, e.g. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. The two helpers are put here in order to manifest accessing xsave-managed MSRs requires special check and handling to guarantee the correctness of read/write to the MSRs. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 35 ++++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.h | 24 ++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 607082aca80d..fd48b825510c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -133,6 +133,9 @@ static int __set_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static void __get_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static DEFINE_MUTEX(vendor_module_lock); +static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu); +static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu); + struct kvm_x86_ops kvm_x86_ops __read_mostly; #define KVM_X86_OP(func) \ @@ -4482,6 +4485,21 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) } EXPORT_SYMBOL_GPL(kvm_get_msr_common); +/* + * Returns true if the MSR in question is managed via XSTATE, i.e. is context + * switched with the rest of guest FPU state. + */ +static bool is_xstate_managed_msr(u32 index) +{ + switch (index) { + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + return true; + default: + return false; + } +} + /* * Read or write a bunch of msrs. All parameters are kernel addresses. * @@ -4492,11 +4510,26 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data)) { + bool fpu_loaded = false; int i; - for (i = 0; i < msrs->nmsrs; ++i) + for (i = 0; i < msrs->nmsrs; ++i) { + /* + * If userspace is accessing one or more XSTATE-managed MSRs, + * temporarily load the guest's FPU state so that the guest's + * MSR value(s) is resident in hardware, i.e. so that KVM can + * get/set the MSR via RDMSR/WRMSR. + */ + if (vcpu && !fpu_loaded && kvm_caps.supported_xss && + is_xstate_managed_msr(entries[i].index)) { + kvm_load_guest_fpu(vcpu); + fpu_loaded = true; + } if (do_msr(vcpu, entries[i].index, &entries[i].data)) break; + } + if (fpu_loaded) + kvm_put_guest_fpu(vcpu); return i; } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 5184fde1dc54..6e42ede335f5 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -541,4 +541,28 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, unsigned int port, void *data, unsigned int count, int in); +/* + * Lock and/or reload guest FPU and access xstate MSRs. For accesses initiated + * by host, guest FPU is loaded in __msr_io(). For accesses initiated by guest, + * guest FPU should have been loaded already. + */ + +static inline void kvm_get_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + rdmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + +static inline void kvm_set_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + wrmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + #endif From patchwork Fri Nov 24 05:53:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169260 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984933vqx; Fri, 24 Nov 2023 00:01:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IELwl4CZn61GCQrPKPvg8kdx8c1oESi7bs5hy04sseQ7QkrNVambFsqlN3KA5zIJ3XG0DAo X-Received: by 2002:a17:902:bc4c:b0:1cc:29ed:96ae with SMTP id t12-20020a170902bc4c00b001cc29ed96aemr2092461plz.41.1700812900332; Fri, 24 Nov 2023 00:01:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812900; cv=none; d=google.com; s=arc-20160816; b=YpEhZOR3w+1hB1KSNjGpdpDo8DrwSBtc5Q4HSrnzMlsgt+jLexMPCuvTsxBc1bVZtv C3s9HMzYOZRKVM1ESX6DNA97hL/iLiHacIzJ3HILjxTpttwRzvU996re0BH5KYRdMMdV WhjfVHHGaxD400Fi2CcrZVAF2lUjuZMtFm3/NbIwdOGBsTfZGqlpZ4wC4Sy76HgJYcYH vVQhgteKy8vjke80YqGdcAWFVYSIYma+QWUpqUhn/Eo/p6uPe1nimHW0yrYTUKLECw8a 8B2016MpIiiIBccQywcWCNQjNQ2DCpLbEbqZK4C6hUDIweMsrsqbdrqaS5oKB8+kXQyk JEmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3vmvEVAQ5wTL+a2pWk2uma+6N+w8F92ijt2tlpaaFXQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=cSirm1bvxgGJJFHjH1wfcJL4KP+VNxPRB41BK80nGBGh7qbPfWQKwDcIU8g6Dnb3oc wo2P965VakcaaO2egIfVcaFaxsqltqc21gbc9vuqqhwTnq5QPHxka8rr8M8Q0FRXOGIF 432nwHm17uT5wUUWdp3IrnnrKgILsrSiKPhmzZIRR33pQ230FGiaaov4VvBP584bBJQc jc/uGg77pEABDcrwRKDhYXwq/KDdYd9v9ijy77jhX1zLLE6m0cV8hG4SeC6//vC445g2 x0+hDryUUt8RCKlZ8Kxqyv7gi/Bhsf9PIPUGxjCPdTsJS58SPw9w09I/+iZjk4isG6jv WB1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q728Bu+Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id n4-20020a170902e54400b001c62e8c0a38si3052861plf.256.2023.11.24.00.01.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q728Bu+Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id ABB6680A9AB9; Fri, 24 Nov 2023 00:01:26 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232942AbjKXIAB (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232787AbjKXH6k (ORCPT ); Fri, 24 Nov 2023 02:58:40 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A4471726; Thu, 23 Nov 2023 23:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812727; x=1732348727; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PcMmXeXNunX7/wx8POI7uKkie1le/Rqx/XX/i5AXSyA=; b=Q728Bu+QB2pjWo6F+y1CicQRtv6O0DRmL6DqjY0HKKHSgitxZcjkQR2q GgklIvIm7sQU5UaCuHmR3xsi5bvfjxkwQ+8xvNUL7AbYZ7QKldqK61SR1 tWARLATJr6qosWQA7xwnD/e7oqp5DJW9C0bKmZmFivmGdOPG1+iP+Pph/ 4BVrBf6XVAJRn8TN3SwHTSEqBaFZEVvgsBKhV5L5LyoDAFCd2PlxWOAMM kIjJxDcCzICUywQU9O3ncYXg3GRyH2b9GiUhRkOrFKDvm2u6OoLe+PQZ2 nOTZx3usS6w7VLGielY0WTROY4v97HfT0RFHSKrPzJ52oj8CcY+cZHzGe Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872363" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872363" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629840" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629840" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:40 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 16/26] KVM: x86: Add fault checks for guest CR4.CET setting Date: Fri, 24 Nov 2023 00:53:20 -0500 Message-Id: <20231124055330.138870-17-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:26 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431587476155488 X-GMAIL-MSGID: 1783431587476155488 Check potential faults for CR4.CET setting per Intel SDM requirements. CET can be enabled if and only if CR0.WP == 1, i.e. setting CR4.CET == 1 faults if CR0.WP == 0 and setting CR0.WP == 0 fails if CR4.CET == 1. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fd48b825510c..44b8cf459dfc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1006,6 +1006,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1217,6 +1220,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); kvm_post_set_cr4(vcpu, old_cr4, cr4); From patchwork Fri Nov 24 05:53:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169255 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984358vqx; Fri, 24 Nov 2023 00:00:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHSFUnN8KpAtAPBmLL8Beh79ozSdyb0us+a9PI3lO8uZzkQBzaM29YipW2Xl9tv8rR2d3Te X-Received: by 2002:a9d:7581:0:b0:6d4:7c93:bf00 with SMTP id s1-20020a9d7581000000b006d47c93bf00mr2373355otk.23.1700812852440; Fri, 24 Nov 2023 00:00:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812852; cv=none; d=google.com; s=arc-20160816; b=ao9J77zFu+V1nnk6+eY0ZBAra+OUQJYiMWoF4q9szi03lWrccoQUaIPiMAije/ehn2 fu4kyvuCp1Ok/7S7DtGLi6bRIbQWlHoJudLRnPNZrREQP5RYH4vOpkhppxZHWXBoXndp ak1bg6dmZINia7Kcqi/NbErOUM+4BQdUmzSO1R8/ZXchOf/59BRMC3wXQPja7/sCbpV1 fXSQTrKMmN7PpVvY5+KV2+Tl9Yosiw5M7WZqtvZtKhs8pYOxOPuEKyQ+ZE6JOE7iDfiY PCxZAbBd90RqZogLj78f/K479vaxL4CtSdRyjCRCKwia6BxDIoMUAfm3SW4k5atqYThi KpUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=j2tIu8OTOCGjjQ9Xp3SbQlHDUwoKQLuFQr1wM41xZFg=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=Z9hTeUEdq7OZdTMy2AOJJ7/7Foclu24jG6VALAoyR4Q3c8j1/YP1e4ck1CN5//yRo5 i1jcrYmjLEgp7Rq/Z2w2s0lyYBEk4UzHviBzDtYgs3n7L1SX/5r4grR91c6BhCnHy7Kn ddnRShIjHOGux2YzwscgTTeWzNASFmGHznex0EVFysIl1imjh4NEKI6548WjbF5EPR2U cVDEStCSJuYYgZV98B3SThu5KM4Oy6/SBOwpqJ6DB94g4eTKTFF4MwZm2kfvSULUE/j9 70pgb51SfA02AdKJUrjUxRk1xJ3sJRVBlTx7zNJjRW3270K+pVoB6inD4poQDIPPAtrW IZ0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eJXHa7QA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id k5-20020a6568c5000000b00577448019cbsi3163985pgt.841.2023.11.24.00.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:00:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eJXHa7QA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 76FBA80998A0; Fri, 24 Nov 2023 00:00:38 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231494AbjKXH7x (ORCPT + 29 others); Fri, 24 Nov 2023 02:59:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232709AbjKXH6k (ORCPT ); Fri, 24 Nov 2023 02:58:40 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33B9E10FE; Thu, 23 Nov 2023 23:58:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812726; x=1732348726; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7gIlli28NAJ1pKc76K/U/2zO+cqXE7s5YVtpL5cIwfg=; b=eJXHa7QA1l9R1PZXdQtJcCPceL0xdfop/+7crl8XQpogZ4QhIEVpsVId 0kBNgkEB3Z7KnQSiXQudvdz2KAlBqJGMSYueaz7yMrfAZJ2NAUtZ6qjkX 3eKl77MeQKadL0/edX5gtNcNLrgU9ZsZKRJW3sL+ebLKpGM0m5/3Ugdn2 tJ3OMKGVZfBhiJC7kr75Zeuc0eutqvXztqtUCjDHneM3vLeElTFof3Vsc fARzBGwDuIbP+wKlYezrAwQpD55GdECoep1r9h9Z4dR7eXs3OmHcsJafE mSEt86guv8jff9pdEWU9EjGvxRS4orIqJWNn0eLP6CjsvC9s4YBQKD7Gy w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872368" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872368" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629843" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629843" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 17/26] KVM: x86: Report KVM supported CET MSRs as to-be-saved Date: Fri, 24 Nov 2023 00:53:21 -0500 Message-Id: <20231124055330.138870-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:00:38 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431537755908834 X-GMAIL-MSGID: 1783431537755908834 Add CET MSRs to the list of MSRs reported to userspace if the feature, i.e. IBT or SHSTK, associated with the MSRs is supported by KVM. SSP can only be read via RDSSP. Writing even requires destructive and potentially faulting operations such as SAVEPREVSSP/RSTORSSP or SETSSBSY/CLRSSBSY. Let the host use a pseudo-MSR that is just a wrapper for the GUEST_SSP field of the VMCS. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/kvm/x86.c | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..9864bbcf2470 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index be20a60047b1..d3d0d74fef70 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7009,6 +7009,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) case MSR_AMD64_TSC_RATIO: /* This is AMD only. */ return false; + case MSR_KVM_SSP: + return kvm_cpu_cap_has(X86_FEATURE_SHSTK); default: return true; } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 44b8cf459dfc..74d2d00a1681 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1476,6 +1476,9 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS, + MSR_IA32_U_CET, MSR_IA32_S_CET, + MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP, + MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB, }; static const u32 msrs_to_save_pmu[] = { @@ -1576,6 +1579,7 @@ static const u32 emulated_msrs_all[] = { MSR_K7_HWCR, MSR_KVM_POLL_CONTROL, + MSR_KVM_SSP, }; static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)]; @@ -7371,6 +7375,20 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!kvm_caps.supported_xss) return; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + return; + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cpu_cap_has(X86_FEATURE_LM)) + return; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return; + break; default: break; } From patchwork Fri Nov 24 05:53:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169263 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp985078vqx; Fri, 24 Nov 2023 00:01:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IFhRL50VzfAp7/Gq9XABKwdnxNpKZntKc6/E6QqLxwPGLBkHBU8JDxmdhxpRTVcHXzB6xXg X-Received: by 2002:a05:6870:1614:b0:1f9:eb69:dbd0 with SMTP id b20-20020a056870161400b001f9eb69dbd0mr1862904oae.52.1700812913298; Fri, 24 Nov 2023 00:01:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812913; cv=none; d=google.com; s=arc-20160816; b=BK5k7Yr8JxRi8zKU5mZ0sn64eDJoXIdij5cyhv/bQ+4L2/hJAtf3Ay5MGP9pfe9k79 UOn6KtNfDfBB3E4Io495turYgfuxPoV6GM0PG35UPNnk3tx87EHUNus3xyLpmjeEla37 2DSXTZRKuFLV5ZufY9ASd6dY2Ue8c5MVuhP37gkpfSMlAKB7L+kJEjvyDukMljoByZDC FnE+uPxdrOFroO/Ix7itO+YoRJJjItwsQq5go5jHSuqAjtYn5NWwzRhnc9DqkvduiL3T Pj4uh0vQ3QAofUUREjjSxR+WSy5J23Arq1F3OLfc4hmbgI8FeGvCUnFCGsmhfOvjXQlX Xt2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Yr+oq5r/xRmeXqyJ/6TeihH1xSFT3OB3mmr8/kWQ2Ng=; fh=GH5waOuli6h9Set3ggYc/VU0NXbCWcgfIqnPtXKiONQ=; b=VyJOhtBz0ESprnsKjucJS1m37jisD7qwhawD9yBp/Gv/m4TZY7E8Fp/aOKaHw7lmsE jPxgXGzPQWI43Lc5ty9UasoH5C+PvFczYzHGbagEABRNW35tFYcRoiL0YSSFIEHFdf+y 2EiP9sgbgdlTh1OIDaWedlG+nOsQ5jRbn/vcSS4j1lwz4IG0i5mtK1cuoqjIgqWovw8e xpJhg+2DHOyh3HxeZMNO4ttr1R/TRG9Esji8LT5FlwQIYCiAR/u2dBnypzvMbJj1H7Y3 vy9BPMui14ZSjGFunwttJVrAJ6I4HDwgoPRck28OJ5Awpfej9gM1RutrydV1h2K6BxxC W4Og== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kBQSqUbk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id v9-20020a9d7d09000000b006d647c8537csi1081616otn.83.2023.11.24.00.01.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kBQSqUbk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 553AA80A97CD; Fri, 24 Nov 2023 00:01:44 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345002AbjKXIAR (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230245AbjKXH6l (ORCPT ); Fri, 24 Nov 2023 02:58:41 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 805891728; Thu, 23 Nov 2023 23:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812727; x=1732348727; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7pXFvzIlPBv7YsxlB7MipwWfzAjim4sbbyjzoKX1zCo=; b=kBQSqUbkTsUvH4YyWu1ntAsVTcBNXlEnq4vj712ywpqQAmfESayO+mho t1G4x+3bLFimSt1gQGXEfuYT+/rJTyI5wMDnAkco7bmISpOf9KVp76Hox EjXtfN7INVDIdXkP/Qc5bv+syOIv4n+IXwy4mMc9ROxKKepFL9m+KFq0n Sy0Qh6+r5eUcn2WiSxh01N6cfqR+xFR4dmdxe19xLV1zuCttfh3fsObz7 tnXuMsCPMhWUb/+pHvANMuhcj+ZZbMXeIoMubl75wJtP6gOaTcJsCDSsD pQRhGKe30bUHYf16Pv8PUlrmH70XYmJ6/IpTrC2SqVZEsyB1VyMz/2p2a g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872370" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872370" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629846" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629846" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v7 18/26] KVM: VMX: Introduce CET VMCS fields and control bits Date: Fri, 24 Nov 2023 00:53:22 -0500 Message-Id: <20231124055330.138870-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:44 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431601394976464 X-GMAIL-MSGID: 1783431601394976464 Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that have no CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores current active SSP. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0e73616b82f3..451fd4f4fedc 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /* From patchwork Fri Nov 24 05:53:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169257 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984607vqx; Fri, 24 Nov 2023 00:01:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFtLQd/HWL0PgaU8zGtX2Py3wCWlNXeq0XJjG9n0E3mz+sWFB5bGF/9pZVspFInGgLDTVd1 X-Received: by 2002:a17:90b:3b8c:b0:285:7f4b:2a6e with SMTP id pc12-20020a17090b3b8c00b002857f4b2a6emr1945508pjb.30.1700812874250; Fri, 24 Nov 2023 00:01:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812874; cv=none; d=google.com; s=arc-20160816; b=NmtOm+qbKuyNclRWfA+Atw0oNNGT24FDq7dc8IsIEU99mEpRYiKJBCj/26IMG9Mpmy orUOAnFBOBBkTjGiRpGyl9vRaid0GLs8SAL7IVDEFNZPGlBW/l5VBG//jOwT2i65ACRY haeFqFNqAS0lrJ+WWyZnzQS7BKGte/suXlJyAI0yoNVgNykkfeDKXuk0UDGatIoJC2mI r7HqAxV5YZQN/o0dj72VmrdhnYjjGeAJ/A78SDkIdNqoMS/QYhT0QWKrFThZWmkAtPsF 31VV+8tiTbLakfrzgkldbjybwONWV+rOgPVxKQCryclTadEv8+EdH+eM7VU05OtG/ALV 9urQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZFgvPMy7Evo9i8PljfA9l3MGdeQAQ0kXhnAjLWkCh04=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=eUDoaObHJel3uBetXJumrISH2eeQi6jMpAvo23RPXNnrhiv58f9zbVOVDvpmhBwjc/ ctNacVMEPJfIwOQ+rlEnigjKCPvsjXhDG6avA/yiOklrEyx3QlbUHCVKEus1PxH02h+m 9c07RRXZUkZwK8USrv2MWpwC1/PT4y2UVzN0uH+ZI7ZvPxawS24E4kFG7FkaFMJ0flHU URff7RPx2qYD6an5HmqpOk+SorqUXQ1sS4kk4csrZHG0zNWKpirJREaul8dxwJblBVsv uICq3rjt9TJZ6oxudnDmzE7tZubRrRRjt2o9K1RXaPUp78dmlRN3HhoIP+me5ERGWFMx YcVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fXRbtmq9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id q11-20020a17090a9f4b00b00277e0d7163asi3173529pjv.32.2023.11.24.00.01.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fXRbtmq9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 4C3908057453; Fri, 24 Nov 2023 00:01:04 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345235AbjKXIAZ (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232847AbjKXH6l (ORCPT ); Fri, 24 Nov 2023 02:58:41 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3603B1711; Thu, 23 Nov 2023 23:58:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812728; x=1732348728; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dKuF/arCze+lNWNbIVwbb5cqE0y+kfgXSzDJUMBR+Nk=; b=fXRbtmq9iS0k//0VwvngbE1bXQuEEuOfmv6YR07Sq+eZGBs23qgjeUun xvsW+CSMvLMEU71TzAMxMopuDOI3lM/D8TpaiUa6aslVzaTV70nO4Td0e L7kqM+RY6qLwsAMZzr2WRU9bK5LZlDtHnfq5Kk31wfWC74EwFLNjqKXke wweqHftBIjJe16xWmiSQCojNbni/6bI7au8ubrAWct9cifRopcXki3DxA rbduMqjvGtaht04JrGrdKUhkLr5QhER6PlQZBkVfx682zMu+18wuYROWl SAXhEbaPt8CMlvA3K8DKVqATi6WzDZCiZWwtqOcmHusfMIB0AyDRn5fAc Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872380" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872380" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629850" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629850" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:41 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 19/26] KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT enabled" Date: Fri, 24 Nov 2023 00:53:23 -0500 Message-Id: <20231124055330.138870-20-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:04 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431560284185930 X-GMAIL-MSGID: 1783431560284185930 Use the governed feature framework to track whether X86_FEATURE_SHSTK and X86_FEATURE_IBT features can be used by userspace and guest, i.e., the features can be used iff both KVM and guest CPUID can support them. TODO: remove this patch once Sean's refactor to "KVM-governed" framework is upstreamed. See the work here [*]. [*]: https://lore.kernel.org/all/20231110235528.1561679-1-seanjc@google.com/ Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/vmx/vmx.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 423a73395c10..db7e21c5ecc2 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -16,6 +16,8 @@ KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) KVM_GOVERNED_X86_FEATURE(VGIF) KVM_GOVERNED_X86_FEATURE(VNMI) +KVM_GOVERNED_X86_FEATURE(SHSTK) +KVM_GOVERNED_X86_FEATURE(IBT) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index d3d0d74fef70..f6ad5ba5d518 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7762,6 +7762,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_IBT); vmx_setup_uret_msrs(vmx); From patchwork Fri Nov 24 05:53:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169256 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984560vqx; Fri, 24 Nov 2023 00:01:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IHhPRNMBrNeESug72PPVyaGxyxAE9Bxi9DIeW3ytPcPpAYJwvulSEUVr/QtufzvY/Zu+R3Y X-Received: by 2002:a05:6870:e391:b0:1ef:b803:4bbc with SMTP id x17-20020a056870e39100b001efb8034bbcmr2091840oad.2.1700812870953; Fri, 24 Nov 2023 00:01:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812870; cv=none; d=google.com; s=arc-20160816; b=O/G5uePMSof3Mgdgm5Y3ZGEhkTRq/wIaZBYC+Tb+sdffWIolejgnKLjOLo2THANFa9 UFFs89lZ0Mi42F6KrOxYgRIJxvjmkxUgYMacZpyI4Wz5uYKFM1mP3ec26OBFU8AzgWyR o5qsFmW7ycJ6m/6wZ1jUWUpdYM91bO11ctcyz+yGGv5m9YqMPsNpTKWSwuDVoDQfyMWB M87bo0YNF0iFkmljdT+col5pAqGr6SG2lNZbEd8wETN6OfXMdW3trldkvmfuksTFc+ZK NFsHcSYkV/ZBcX4CLL0UIWpXGc7cfPDVSITgX23/rbqNOMbDJnLiglFThCuxWLBE0mu8 G4oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hRMTB+dbX9leq+/VVI5aqzgKOQpQirLUdUyHCTBmygQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=nfU71eEZ8oZ9e+J7wHbbLU5zKiD7HKJpa5u46EgVitPDPtl2bih12Lzo1U3V9OoryK afZCsI0/tRxW4z1Ghxi2mC2qk68p84F8YMY2+QfYnQ0lFBU1hHBlh8OsMNz6nRo+kt0P 9MyMqSVgLUu/Wsbp5PIkyVr8kzYBJBlcSqic6hZjR4RtfpwxV4NbHFaqcPKzUKreK/ct F15g/ATZCBt/wtxg6GoEZ+2tDp4Wtohg36Qg4fd2YxbLuUwyk9awyX2PDQR+3cvVu/v6 8/JI2Tt3RmfHwiYfpYLhGN7yeYelocak1WlEsMRaLKsTZF4cNwriG8cPBx3hJ8wrGWGq k5gg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Uyime4Gt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id w5-20020a056870230500b001f5c9110d17si1122552oao.152.2023.11.24.00.01.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Uyime4Gt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 3FDFF80936D8; Fri, 24 Nov 2023 00:01:06 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345255AbjKXIA3 (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232893AbjKXH6m (ORCPT ); Fri, 24 Nov 2023 02:58:42 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 889D110F2; Thu, 23 Nov 2023 23:58:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812728; x=1732348728; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EIDBnN3Fa/jfofaQS+71ohT8d44MUV2gyhWnvNd70ww=; b=Uyime4Gt35a6C0Ng7oXrRq9ns+mW8guoWHyPvCvS8FaY4cWZhv7pIB8i NgMRfiY1TImvcx/0aZAiheZnR49oSL7AKBvGQztzklf6XZ7JiyU3McI6Z xxY7snhjDcipDCR3XM4NiTtLQvBvm7U4CIS1Nqa+AC+EfPtmwpwaCVyDb WyZf28Fhx9vcARmzl8kQSgBpiemUF1035uh16awnoMkEgJEgq2WdvU8a8 8grRNjbkDgQ16MTbWEuJnzGcBvqJx2wpoth58kAT2V0pYKeEP8yvcpyFE gLKrBJ7uHRCTV3XHCJZaWvXdOEllcWRWts+09wQ9EwsT+3dGTHajHeb8o g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872387" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872387" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629853" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629853" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:42 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 20/26] KVM: VMX: Emulate read and write to CET MSRs Date: Fri, 24 Nov 2023 00:53:24 -0500 Message-Id: <20231124055330.138870-21-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:06 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431557117777674 X-GMAIL-MSGID: 1783431557117777674 Add emulation interface for CET MSR access. The emulation code is split into common part and vendor specific part. The former does common checks for MSRs, e.g., accessibility, data validity etc., then pass the operation to either XSAVE-managed MSRs via the helpers or CET VMCS fields. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 18 +++++++++ arch/x86/kvm/x86.c | 88 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f6ad5ba5d518..554f665e59c3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2111,6 +2111,15 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; break; + case MSR_IA32_S_CET: + msr_info->data = vmcs_readl(GUEST_S_CET); + break; + case MSR_KVM_SSP: + msr_info->data = vmcs_readl(GUEST_SSP); + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE); + break; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); break; @@ -2420,6 +2429,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else vmx->pt_desc.guest.addr_a[index / 2] = data; break; + case MSR_IA32_S_CET: + vmcs_writel(GUEST_S_CET, data); + break; + case MSR_KVM_SSP: + vmcs_writel(GUEST_SSP, data); + break; + case MSR_IA32_INT_SSP_TAB: + vmcs_writel(GUEST_INTR_SSP_TABLE, data); + break; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version) return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 74d2d00a1681..5792ed16e61b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1847,6 +1847,36 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type) } EXPORT_SYMBOL_GPL(kvm_msr_allowed); +#define CET_US_RESERVED_BITS GENMASK(9, 6) +#define CET_US_SHSTK_MASK_BITS GENMASK(1, 0) +#define CET_US_IBT_MASK_BITS (GENMASK_ULL(5, 2) | GENMASK_ULL(63, 10)) +#define CET_US_LEGACY_BITMAP_BASE(data) ((data) >> 12) + +static bool is_set_cet_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u64 data, + bool host_initiated) +{ + bool msr_ctrl = index == MSR_IA32_S_CET || index == MSR_IA32_U_CET; + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return true; + + if (msr_ctrl && guest_can_use(vcpu, X86_FEATURE_IBT)) + return true; + + /* + * If KVM supports the MSR, i.e. has enumerated the MSR existence to + * userspace, then userspace is allowed to write '0' irrespective of + * whether or not the MSR is exposed to the guest. + */ + if (!host_initiated || data) + return false; + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return true; + + return msr_ctrl && kvm_cpu_cap_has(X86_FEATURE_IBT); +} + /* * Write @data into the MSR specified by @index. Select MSR specific fault * checks are bypassed if @host_initiated is %true. @@ -1906,6 +1936,43 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, data = (u32)data; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated)) + return 1; + if (data & CET_US_RESERVED_BITS) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) && + (data & CET_US_SHSTK_MASK_BITS)) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_IBT) && + (data & CET_US_IBT_MASK_BITS)) + return 1; + if (!IS_ALIGNED(CET_US_LEGACY_BITMAP_BASE(data), 4)) + return 1; + /* IBT can be suppressed iff the TRACKER isn't WAIT_ENDBR. */ + if ((data & CET_SUPPRESS) && (data & CET_WAIT_ENDBR)) + return 1; + break; + case MSR_IA32_INT_SSP_TAB: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated) || + !guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + break; + case MSR_KVM_SSP: + if (!host_initiated) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + if (!IS_ALIGNED(data, 4)) + return 1; + break; } msr.data = data; @@ -1949,6 +2016,19 @@ static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) return 1; break; + case MSR_IA32_INT_SSP_TAB: + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) || + !guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + break; + case MSR_KVM_SSP: + if (!host_initiated) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return 1; + break; } msr.index = index; @@ -4118,6 +4198,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.guest_fpu.xfd_err = data; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_set_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr_info); @@ -4475,6 +4559,10 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = vcpu->arch.guest_fpu.xfd_err; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_get_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr_info->index)) return kvm_pmu_get_msr(vcpu, msr_info); From patchwork Fri Nov 24 05:53:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169261 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984995vqx; Fri, 24 Nov 2023 00:01:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IHcWkt8Gxy+Gz5OUpm7zT5TZkA95IvIOUU3YuCqme6EZwy9TKGrKpAHjfhRiYnmWX3tj7cy X-Received: by 2002:a17:90b:4f8e:b0:27c:f1ca:f8a6 with SMTP id qe14-20020a17090b4f8e00b0027cf1caf8a6mr2261577pjb.30.1700812904804; Fri, 24 Nov 2023 00:01:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812904; cv=none; d=google.com; s=arc-20160816; b=r1jf3dEMpMlwRmtz8Uuazr9WJfpL76iZWZG3EidYMWFTHSYiGMF3OaD8+gpAaipswF dsePAue6PfcOuL5rx1MuXOxQX61HZ/Svji6q0t50RUgdb3pomQ0dlTEHnOfhtOrRHcE7 IERl508FUJq7/XXgUTGyWzXxJCmp6IKA3mBExLBVIZVOfHkspuYIes1gqPCbnQFnRIyD MM1bcBZGhTD5uH6Fvm/ezgSi8/5czGSW2ISvVYpIxyE51McVfmVDBn+rsXkMYXUtWgWu lRYr5hmHjKu1Wbk5GqmmPt/ZGEIPafXO9z2J+OURbNxiT/lpXBn+dqwPYVFR/l8TIpkd fZ9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oATWuqZfaoQasNlX/+LxRJXKogmfQ7JNjIPWZP7VUQk=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=BGSJh2rJmfeZF8wqIEiYKFWhdXA3m3roeaXp1uJfHBMpIKOVCglYJtaTHHPKUMWQEn ZK+ZXgHvrIXIF9SS+BFZshfNKRt1Jbq0M1G22ekWcigOk+zEwSISX8pBZeyiy850eZjW bwCPEOkn6axLSamK3yW4d3yqE97BhbGmhdnhMiRqJDlEqsh7SUxE7vzxwg7MvMXUxcTa X4zv34GY4yOBTUeOdRJMEfOiBhFO0FQogfouttcAI2lUJsx9F72V0/n0QXodc0epaLUO 7IZMlsHU/k+Rjd8Vj63saQ6ifXYgrPsTDrhMR1DRg19M3WwfSl126byJov5HiyazJ81t tSlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WM6mOB4F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id hk8-20020a17090b224800b0027000086c93si3206471pjb.102.2023.11.24.00.01.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WM6mOB4F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id A43BA836D96C; Fri, 24 Nov 2023 00:01:20 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345277AbjKXIAh (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235206AbjKXH6m (ORCPT ); Fri, 24 Nov 2023 02:58:42 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 314A710F5; Thu, 23 Nov 2023 23:58:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812729; x=1732348729; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=tGGe9HesOYY7ph95a2MeWYdCMfXcHc5B1OvAMO395wQ=; b=WM6mOB4FSQf89uxkF7Kl9IkfNTb5YSJWVFOXdDay8b9d8aZ0p7+b1A1Q 53NNtK3TXsk4LvuvxFsUUgYWmjOU9zEL8NBEjqvrLxyR4p8lwpCAMBAPU +MUYCtXisSv4wkPNpWM4tbnZpQ+HLnVBVxlL2GLUULpjeEBzSs/kED94Y NpT80mm2aWzfM8utG/IWl81NBMmtUFa+9YrsyGcvBCf4dtbe68kHWvdi5 epIITCWbuzfE7srPH4b6cZK9tPC1vhJ4QTaPQeXmXBINArqdAcumteebl c/6VlFSTrEv1hnox1ayfOleXZXrwS0k+8xaua26/j5omUHTnTng7q791j w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872392" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872392" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629856" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629856" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:42 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 21/26] KVM: x86: Save and reload SSP to/from SMRAM Date: Fri, 24 Nov 2023 00:53:25 -0500 Message-Id: <20231124055330.138870-22-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:20 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431592548833156 X-GMAIL-MSGID: 1783431592548833156 Save CET SSP to SMRAM on SMI and reload it on RSM. KVM emulates HW arch behavior when guest enters/leaves SMM mode,i.e., save registers to SMRAM at the entry of SMM and reload them at the exit to SMM. Per SDM, SSP is one of such registers on 64bit Arch, so add the support for SSP. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/smm.c | 8 ++++++++ arch/x86/kvm/smm.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 45c855389ea7..7aac9c54c353 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -275,6 +275,10 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_read(vcpu, MSR_KVM_SSP, &smram->ssp), + vcpu->kvm); } #endif @@ -564,6 +568,10 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0); ctxt->interruptibility = (u8)smstate->int_shadow; + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_write(vcpu, MSR_KVM_SSP, smstate->ssp), + vcpu->kvm); + return X86EMUL_CONTINUE; } #endif diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h index a1cf2ac5bd78..1e2a3e18207f 100644 --- a/arch/x86/kvm/smm.h +++ b/arch/x86/kvm/smm.h @@ -116,8 +116,8 @@ struct kvm_smram_state_64 { u32 smbase; u32 reserved4[5]; - /* ssp and svm_* fields below are not implemented by KVM */ u64 ssp; + /* svm_* fields below are not implemented by KVM */ u64 svm_guest_pat; u64 svm_host_efer; u64 svm_host_cr4; From patchwork Fri Nov 24 05:53:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169262 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp985008vqx; Fri, 24 Nov 2023 00:01:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IGgGZ/1buVowRL/NPeOh/i8jrE9K4PWvmNQdiBv2a52W8VvTlMwuM+h3WV945KNhSNKUpx+ X-Received: by 2002:a05:6a20:d704:b0:181:44c:d6a with SMTP id iz4-20020a056a20d70400b00181044c0d6amr3068480pzb.21.1700812905712; Fri, 24 Nov 2023 00:01:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812905; cv=none; d=google.com; s=arc-20160816; b=AZ4fbtOmlRZSFZUQF++0qM7FZQb1eQA1jChc4Zc9nCielRRf4gTf9rHXnORNDGIgA1 zhAfZUCsNdJCF9XeOI9hmDxOg2/wx1Pz9NakMKe82mwRNq9tC3L41wnJ0KaIkV/pGCqP sSDONk62WCkIyVdnW+h4xzXTQ1R4XpBfeChF5uOd3L1zfwVD5v2SLl+I0mhz8YQ3cUUT 7nx6I99G7C3JUboCfomJuAIPykXshhaZqhd2vX8RDCtbmKw/dV6zX4TPenTTPLsYbt22 GMM5pU5smjDA5O2IMg2NNNiKG4E/9NLP5nBMCJT4txc2hcUfq0vOhEZ+GIiYmH6/hCVn KJ+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=aE9kMJ9kIrzUEh4yr7lsxdSovxM9LhjevMMP2rpPh6U=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=a+hJ4pHsrFnYSyeEeUzum7S2x0IwKRnMRrqTSwMCoWiLVyL+a+NHadrGyXEUB7gOLl lhYqeOP1GR1yPpYrIkB9eGGtQcFF9znPM9TEMd1vL8bAa2AAeJLSbyQNLNdHPXM56OnW 95ddwQ2cak7R86VNXrJygNIxkliH+qcK0s96vObdlUeBgfofWyK38O7o5uM+BkgMZHyX /ndAqFmnMyTxV6c4Tfq5KAFyZ1/4raDqTLaH92FpOazJ7y5X62762mRDrSmTmrdME0YA qwHLwbg5sUxM0biXIeK/mc8sNqjnQKGQLI0qgmS2Y7KGxBEkMRnfx3A61Pu1YYD1kUOG hLSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UJuqdZuX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id 125-20020a630083000000b0057828b85afdsi2948379pga.795.2023.11.24.00.01.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UJuqdZuX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id A4210836D96B; Fri, 24 Nov 2023 00:01:19 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345264AbjKXIAc (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232939AbjKXH6m (ORCPT ); Fri, 24 Nov 2023 02:58:42 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 317221701; Thu, 23 Nov 2023 23:58:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812729; x=1732348729; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZMY42zgIRweQyMfjMH09Kkfx/LB5Hk+BgP/exHBfq/0=; b=UJuqdZuX9JqOnJ++QzWJTz0q7Q07KZPYEvMbT+1c20jk+ak0HsK3C6c6 +yBY34VKX2Cs8s+5V58irPxSr/mbMIIOU/bmcrrK+HyPOCnbqmaC4ho41 PwjrgM/Z4i3x9cEptFB2Nb+U0bCEciXUyKXjckllFvPsAkiFORFNoXcTM RfGc+nbmH17rsr2iJkZ7gcW9LM+lz6n4TCT+DC+QAW1vzDTtzJnV9WagK XQ/bsnnr6GaVDr/DSCEH8R5oMRWRAhPVva5Tu85lHMh1Fill0dBQt5d3P wO0dnAvY3Je60FFI1M5HUc47IzZDv/wgrqooe2E3XjuqPK5auIquGi3Z0 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872401" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872401" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629859" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629859" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:42 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 22/26] KVM: VMX: Set up interception for CET MSRs Date: Fri, 24 Nov 2023 00:53:26 -0500 Message-Id: <20231124055330.138870-23-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:20 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431593316216030 X-GMAIL-MSGID: 1783431593316216030 Enable/disable CET MSRs interception per associated feature configuration. Shadow Stack feature requires all CET MSRs passed through to guest to make it supported in user and supervisor mode while IBT feature only depends on MSR_IA32_{U,S}_CETS_CET to enable user and supervisor IBT. Note, this MSR design introduced an architectural limitation of SHSTK and IBT control for guest, i.e., when SHSTK is exposed, IBT is also available to guest from architectual perspective since IBT relies on subset of SHSTK relevant MSRs. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 554f665e59c3..e484333eddb0 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -699,6 +699,10 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7766,6 +7770,42 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) +{ + bool incpt; + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, + MSR_TYPE_RW, incpt); + if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, + MSR_TYPE_RW, incpt); + if (!incpt) + return; + } + + if (kvm_cpu_cap_has(X86_FEATURE_IBT)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_IBT); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + } +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -7843,6 +7883,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); + + vmx_update_intercept_for_cet_msr(vcpu); } static u64 vmx_get_perf_capabilities(void) From patchwork Fri Nov 24 05:53:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169266 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp986341vqx; Fri, 24 Nov 2023 00:03:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IENVCDhvfe/O4y55VoPTsEmT27TFqcu4zXw3bYQrtRKUlSd0iF6/9LRYbYb3C5tjfLuhUHE X-Received: by 2002:a17:902:eb87:b0:1cf:9790:f23f with SMTP id q7-20020a170902eb8700b001cf9790f23fmr2148256plg.68.1700813010504; Fri, 24 Nov 2023 00:03:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700813010; cv=none; d=google.com; s=arc-20160816; b=WbBqUmVj2BcdTkKUTPOMmeTIVBABafYFMp7eRryYpJzzPPG8bCzSx1QCcVgjoD5+SX ku3LpfCX/99ttoh6MGAQ8A3sH7VORyHOafMwJdPfdA6p4XxLTZTA23Yk2tKmQAIagAMB AnFaez3Fj+SQuPR0kYKYPi8fBs6Whvj+EZnipHGjScEMr8a8zcRhjfA5Wrln8Ml9OpqP Y9pxGB2e9rmEez7dEGpQejLKYjXLlIYdY4ocd1RoUZqLwQM2Og5CENaVYS0fqrOQWbuw Ir7JoT3rIWHSSSzFUPOumh6ufsuhCgPbWV5uN3MtkkXpx0Hzbw89khEFC3+vgzW1GF2J whHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=z/7emyIkxYFlX/wS8/3lYH9znZW4qtCgvWFyT39BPTk=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=s9dg23DDhIAtN8l9rlyR1W7ijWA1rO+qlVH6neOcnG7EWO/OOXGGZnctddi0MXrtY+ vct4jrYZOw1ZI0QOXkEqCQSibcNJejOoa6TpAKn3+k06agU3TYzokK0XmNxeuHlWcnzG t3IVOH4rfgfixJj54AmrmGR3+mvpibzt50zsicziH9RscI3MEmDFmSZ5xOtobj63AfwF 01Vquy95BU63nma62cudfeFTW3eNxQ3NStST5wtyO2nwd3laH9cKsNTZr4MR9ePo9wpF yd1eFhR6Of9Rbkr6L1j3I/AnQHOrp3XNaSoB28sSrdEA2qCqB2xBqUkH+AMRIEHK5vTz TILg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=H0hKszDt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id e15-20020a17090301cf00b001cf68d4a49dsi3000795plh.472.2023.11.24.00.03.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:03:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=H0hKszDt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6E8FD804A64E; Fri, 24 Nov 2023 00:01:06 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345306AbjKXIAl (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344791AbjKXH6n (ORCPT ); Fri, 24 Nov 2023 02:58:43 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1997171E; Thu, 23 Nov 2023 23:58:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812729; x=1732348729; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Uu+RHXNMVs1QKeBoOW3PNausQKD9ZWf/VVOUCvc8XjE=; b=H0hKszDtH+KCpnhfNC2MmwVsUfs7Hcxi8gELEUwXnQHbFqa76/czuCdY kghlFGNsj3lO+eXktJc5PkC/8gmZC6l+thbktLMBct3zMYo+6ZDBEOboZ LRGJsJfND0pVD2xTFE5nYnEqFaaVY4CPtOdAzG8D9dccF9xIl98o9o8K8 vKb4d/7ZdKQzAoVlN+c+FVM0dHuzsEHBQ3pshm4wkQj4UPpW2cFJj9IT/ uNkm1TIjuBdQ0o3ZC6f1YtdRXeHOQdHbf1V3b+oKAx3J6j8Zbm3zSa04r xvuUxQBUxano7YTqcPjjiT513g0sxygpRNDrgeJtT2ku2c8iJCkx3BIwZ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872406" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872406" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629863" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629863" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:43 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 23/26] KVM: VMX: Set host constant supervisor states to VMCS fields Date: Fri, 24 Nov 2023 00:53:27 -0500 Message-Id: <20231124055330.138870-24-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:06 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431703321091058 X-GMAIL-MSGID: 1783431703321091058 Save constant values to HOST_{S_CET,SSP,INTR_SSP_TABLE} field explicitly. Kernel IBT is supported and the setting in MSR_IA32_S_CET is static after post-boot(The exception is BIOS call case but vCPU thread never across it) and KVM doesn't need to refresh HOST_S_CET field before every VM-Enter/ VM-Exit sequence. Host supervisor shadow stack is not enabled now and SSP is not accessible to kernel mode, thus it's safe to set host IA32_INT_SSP_TAB/SSP VMCS field to 0s. When shadow stack is enabled for CPL3, SSP is reloaded from PL3_SSP before it exits to userspace. Check SDM Vol 2A/B Chapter 3/4 for SYSCALL/ SYSRET/SYSENTER SYSEXIT/RDSSP/CALL etc. Prevent KVM module loading if host supervisor shadow stack SHSTK_EN is set in MSR_IA32_S_CET as KVM cannot co-exit with it correctly. Suggested-by: Sean Christopherson Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/capabilities.h | 4 ++++ arch/x86/kvm/vmx/vmx.c | 15 +++++++++++++++ arch/x86/kvm/x86.c | 14 ++++++++++++++ arch/x86/kvm/x86.h | 1 + 4 files changed, 34 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 41a4533f9989..ee8938818c8a 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -106,6 +106,10 @@ static inline bool cpu_has_load_perf_global_ctrl(void) return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; } +static inline bool cpu_has_load_cet_ctrl(void) +{ + return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_CET_STATE); +} static inline bool cpu_has_vmx_mpx(void) { return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e484333eddb0..c658f2f230df 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4375,6 +4375,21 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) if (cpu_has_load_ia32_efer()) vmcs_write64(HOST_IA32_EFER, host_efer); + + /* + * Supervisor shadow stack is not enabled on host side, i.e., + * host IA32_S_CET.SHSTK_EN bit is guaranteed to 0 now, per SDM + * description(RDSSP instruction), SSP is not readable in CPL0, + * so resetting the two registers to 0s at VM-Exit does no harm + * to kernel execution. When execution flow exits to userspace, + * SSP is reloaded from IA32_PL3_SSP. Check SDM Vol.2A/B Chapter + * 3 and 4 for details. + */ + if (cpu_has_load_cet_ctrl()) { + vmcs_writel(HOST_S_CET, host_s_cet); + vmcs_writel(HOST_SSP, 0); + vmcs_writel(HOST_INTR_SSP_TABLE, 0); + } } void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5792ed16e61b..c6b57ede0f57 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -114,6 +114,8 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE); #endif static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS; +u64 __read_mostly host_s_cet; +EXPORT_SYMBOL_GPL(host_s_cet); #define KVM_EXIT_HYPERCALL_VALID_MASK (1 << KVM_HC_MAP_GPA_RANGE) @@ -9773,6 +9775,18 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) return -EIO; } + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + rdmsrl(MSR_IA32_S_CET, host_s_cet); + /* + * Linux doesn't yet support supervisor shadow stacks (SSS), so + * KVM doesn't save/restore the associated MSRs, i.e. KVM may + * clobber the host values. Yell and refuse to load if SSS is + * unexpectedly enabled, e.g. to avoid crashing the host. + */ + if (WARN_ON_ONCE(host_s_cet & CET_SHSTK_EN)) + return -EIO; + } + x86_emulator_cache = kvm_alloc_emulator_cache(); if (!x86_emulator_cache) { pr_err("failed to allocate cache for x86 emulator\n"); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 6e42ede335f5..d9cc352cf421 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -325,6 +325,7 @@ fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu); extern u64 host_xcr0; extern u64 host_xss; extern u64 host_arch_capabilities; +extern u64 host_s_cet; extern struct kvm_caps kvm_caps; From patchwork Fri Nov 24 05:53:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169272 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp988112vqx; Fri, 24 Nov 2023 00:05:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IE2UuB/weOH2Rdx/5z6FnhMod0rMQ+YSrKmPxVYczFm+idUgNTDkqOcCdn2r1U2DbmzqtaH X-Received: by 2002:a17:902:e80f:b0:1cf:5479:38f2 with SMTP id u15-20020a170902e80f00b001cf547938f2mr1999339plg.35.1700813158781; Fri, 24 Nov 2023 00:05:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700813158; cv=none; d=google.com; s=arc-20160816; b=hSJ57yoFev6RjYMPJggUUsTwDvqdLAhmpeDU+IFqdd05kDM8ijPz5Y9IfHuDTQ6Okc iolGfdvY96xBN5xdT+oSBxTQuw9WfwlEHYPt1coe/r5V4srBiWm6ut5HJ4WNWpHpXLfG bkU46SUlX+oWYCghX5/jqYVwGU+eRP19hdc4GSqAFNJpCdxb6UAp/17ZotZdgkc9TaVN Qq+4e9NnI0T/ebZnwoHuQGtmRFHxYogG1q4aEgEzBEE9jkaE/cK8ok+bbAj2OIx9eIBY WHAb5qxGtwKd+1M9aHHoOArnfBQHS7WLxbwsT+RYbNhEqqgBOLmPsQHP3WU02wT26dr/ NGOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rU0JbXz5hwWGfJRf1WF0CU80Y/2HP7p6vp0KBfUT/cQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=FdiV4YvJnf8e3DIN7FSmKTWDroHvyhbW/rf95ckj2OnSN9tJRLGHADWglUkOhGZFG8 R2D4vK2aK/ChWHEfiGQklWQ1ll3XDt1KiFP1jGkqSEXzBqrSH2N9d5Mu4ezGtztFiLmO DSRl0emAWfkLcIYs0zPbXnxKyoVbdSOzMkWgPd8eKk+Aezj4gQcKatAM5YEkgJn9ShRe VASIDKk39j1fvgdWXeVYtEgGJQDKADBmjZmeKWCpnxoSiwcD6vrUpvRJCyom853Gk+xU 8RdAVDu/I0za/d0TsECPx/p30tCSAft2e6JGKiyrNPuOjfs+HV/D7tlTPhYHlMaF9fBB Y5UQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UYmXP12+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id c9-20020a170903234900b001cf5cc12c86si3035958plh.246.2023.11.24.00.05.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:05:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UYmXP12+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 4DB248063BD3; Fri, 24 Nov 2023 00:01:14 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345156AbjKXIAt (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344862AbjKXH6o (ORCPT ); Fri, 24 Nov 2023 02:58:44 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 268321723; Thu, 23 Nov 2023 23:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812730; x=1732348730; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5EVVi4lWcpDnMc26JatCjxAnkluvMbpk2rO+Az8odIg=; b=UYmXP12+feu6+Zu+0afGOg3BpSW2cigkZNikipF8vMOfA/uHruG1T6Wt spLDpD2WGZZu3n8hQRkfHJT7yDCEsnz1oT9JUHbQ0L6nbdagRh9x2TMft 6qN9X2tFmARPskkEeouC58wPiqD91cpoEfdehMFrujWR5Uh0l+3ov9OkS FNw1o8hYOr2BC3ID5mmIsE5ZqCu/8ccP8CjbahDorq43ADAA6LNOBBv5g n5zP9EKxL/FP56vJdeFtTYQW2oPdtSC7KunTlTRUYQ8r8gxkYm9mxjiLM d/Xzx6SMJzWmL0yXze+FBU1vFO1qmfpKcsKWCHaFNHPYhYLVKoh/2IvHu g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872412" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872412" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629866" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629866" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:43 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 24/26] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Date: Fri, 24 Nov 2023 00:53:28 -0500 Message-Id: <20231124055330.138870-25-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:14 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431858391782537 X-GMAIL-MSGID: 1783431858391782537 Expose CET features to guest if KVM/host can support them, clear CPUID feature bits if KVM/host cannot support. Set CPUID feature bits so that CET features are available in guest CPUID. Add CR4.CET bit support in order to allow guest set CET master control bit. Disable KVM CET feature if unrestricted_guest is unsupported/disabled as KVM does not support emulating CET. Don't expose CET feature if either of {U,S}_CET xstate bits is cleared in host XSS or if XSAVES isn't supported. The CET load-bits in VM_ENTRY/VM_EXIT control fields should be set to make guest CET xstates isolated from host's. And all platforms that support CET enumerate VMX_BASIC[bit56] as 1, clear CET feature bits if the bit doesn't read 1. Per Arch confirmation, CET MSR contents after reset, power-up and INIT are set to 0s, clears relevant guest fpstate areas so that the guest MSRs are reset to 0s after these events. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kvm/cpuid.c | 19 +++++++++++++++++-- arch/x86/kvm/vmx/capabilities.h | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 29 ++++++++++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 6 ++++-- arch/x86/kvm/x86.c | 26 ++++++++++++++++++++++++-- arch/x86/kvm/x86.h | 3 +++ 8 files changed, 85 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f536102f1eca..fd110a0b712f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -133,7 +133,8 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ + | X86_CR4_CET)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 389f9594746e..25ae7ceb5b39 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1097,6 +1097,7 @@ #define VMX_BASIC_MEM_TYPE_MASK 0x003c000000000000LLU #define VMX_BASIC_MEM_TYPE_WB 6LLU #define VMX_BASIC_INOUT 0x0040000000000000LLU +#define VMX_BASIC_NO_HW_ERROR_CODE_CC 0x0100000000000000LLU /* Resctrl MSRs: */ /* - Intel: */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1d9843b34196..6d758054f994 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -648,7 +648,7 @@ void kvm_set_cpu_caps(void) F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) | F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) | F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ | - F(SGX_LC) | F(BUS_LOCK_DETECT) + F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK) ); /* Set LA57 based on hardware capability. */ if (cpuid_ecx(7) & F(LA57)) @@ -666,7 +666,8 @@ void kvm_set_cpu_caps(void) F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) + F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) | + F(IBT) ); /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ @@ -679,6 +680,20 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); + /* + * Don't use boot_cpu_has() to check availability of IBT because the + * feature bit is cleared in boot_cpu_data when ibt=off is applied + * in host cmdline. + * + * As currently there's no HW bug which requires disabling IBT feature + * while CPU can enumerate it, host cmdline option ibt=off is most + * likely due to administrative reason on host side, so KVM refers to + * CPU CPUID enumeration to enable the feature. In future if there's + * actually some bug clobbered ibt=off option, then enforce additional + * check here to disable the support in KVM. + */ + if (cpuid_edx(7) & F(IBT)) + kvm_cpu_cap_set(X86_FEATURE_IBT); kvm_cpu_cap_mask(CPUID_7_1_EAX, F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index ee8938818c8a..e12bc233d88b 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -79,6 +79,12 @@ static inline bool cpu_has_vmx_basic_inout(void) return (((u64)vmcs_config.basic_cap << 32) & VMX_BASIC_INOUT); } +static inline bool cpu_has_vmx_basic_no_hw_errcode(void) +{ + return ((u64)vmcs_config.basic_cap << 32) & + VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + static inline bool cpu_has_virtual_nmis(void) { return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c658f2f230df..a1aae8709939 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2614,6 +2614,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER }, { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS }, { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL }, + { VM_ENTRY_LOAD_CET_STATE, VM_EXIT_LOAD_CET_STATE }, }; memset(vmcs_conf, 0, sizeof(*vmcs_conf)); @@ -4935,6 +4936,15 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */ + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + vmcs_writel(GUEST_SSP, 0); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK) || + kvm_cpu_cap_has(X86_FEATURE_IBT)) + vmcs_writel(GUEST_S_CET, 0); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + IS_ENABLED(CONFIG_X86_64)) + vmcs_writel(GUEST_INTR_SSP_TABLE, 0); + kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); vpid_sync_context(vmx->vpid); @@ -6354,6 +6364,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0) vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest); + if (vmentry_ctl & VM_ENTRY_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(GUEST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(GUEST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(GUEST_INTR_SSP_TABLE)); + } pr_err("*** Host State ***\n"); pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); @@ -6431,6 +6447,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) pr_err("Virtual processor ID = 0x%04x\n", vmcs_read16(VIRTUAL_PROCESSOR_ID)); + if (vmexit_ctl & VM_EXIT_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(HOST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(HOST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(HOST_INTR_SSP_TABLE)); + } } /* @@ -7964,7 +7986,6 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_UMIP); /* CPUID 0xD.1 */ - kvm_caps.supported_xss = 0; if (!cpu_has_vmx_xsaves()) kvm_cpu_cap_clear(X86_FEATURE_XSAVES); @@ -7976,6 +7997,12 @@ static __init void vmx_set_cpu_caps(void) if (cpu_has_vmx_waitpkg()) kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG); + + if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest || + !cpu_has_vmx_basic_no_hw_errcode()) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + } } static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index c2130d2c8e24..fb72819fbb41 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -480,7 +480,8 @@ static inline u8 vmx_get_rvi(void) VM_ENTRY_LOAD_IA32_EFER | \ VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | \ - VM_ENTRY_LOAD_IA32_RTIT_CTL) + VM_ENTRY_LOAD_IA32_RTIT_CTL | \ + VM_ENTRY_LOAD_CET_STATE) #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \ (VM_EXIT_SAVE_DEBUG_CONTROLS | \ @@ -502,7 +503,8 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_LOAD_IA32_EFER | \ VM_EXIT_CLEAR_BNDCFGS | \ VM_EXIT_PT_CONCEAL_PIP | \ - VM_EXIT_CLEAR_IA32_RTIT_CTL) + VM_EXIT_CLEAR_IA32_RTIT_CTL | \ + VM_EXIT_LOAD_CET_STATE) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c6b57ede0f57..2bcf3c7923bf 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -231,7 +231,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) -#define KVM_SUPPORTED_XSS 0 +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9854,6 +9855,15 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) kvm_caps.supported_xss = 0; + if ((kvm_caps.supported_xss & (XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL)) != + (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + kvm_caps.supported_xss &= ~XFEATURE_CET_USER; + kvm_caps.supported_xss &= ~XFEATURE_CET_KERNEL; + } + #define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) cr4_reserved_bits = __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_); #undef __kvm_cpu_cap_has @@ -12319,7 +12329,9 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) static inline bool is_xstate_reset_needed(void) { - return kvm_cpu_cap_has(X86_FEATURE_MPX); + return kvm_cpu_cap_has(X86_FEATURE_MPX) || + kvm_cpu_cap_has(X86_FEATURE_SHSTK) || + kvm_cpu_cap_has(X86_FEATURE_IBT); } void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) @@ -12396,6 +12408,16 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) XFEATURE_BNDCSR); } + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_USER); + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_KERNEL); + } else if (kvm_cpu_cap_has(X86_FEATURE_IBT)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_USER); + } + if (init_event) kvm_load_guest_fpu(vcpu); } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index d9cc352cf421..dc79dcd733ac 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -531,6 +531,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_SHSTK) && \ + !__cpu_has(__c, X86_FEATURE_IBT)) \ + __reserved_bits |= X86_CR4_CET; \ __reserved_bits; \ }) From patchwork Fri Nov 24 05:53:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169258 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984617vqx; Fri, 24 Nov 2023 00:01:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IEit9LSaQhsJEcSlgvi4oE35bTkGicoQVR7fnTfBo1GNpc2EYnrITAlROG9Nj+Mku06pLpz X-Received: by 2002:a05:6870:be98:b0:1f9:56b1:4fff with SMTP id nx24-20020a056870be9800b001f956b14fffmr2464550oab.48.1700812875057; Fri, 24 Nov 2023 00:01:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812875; cv=none; d=google.com; s=arc-20160816; b=Ch+rcjznEoxMVP0TjyUaY5fmClWnikOan8hcx+y1xrCXh4Qgum9TBab8sLjnpSiuLV MYNomIZWKzKWg6p7w/EZNo42VH9clg5JTJda56sHPHxQATxUSb/AhwpobnWMDkM1UXAT /p9D9DI/S6tNu1a/CpCzFOzQxBR3VjEW9XzS9gREDVSC/2gY1KmUMbM56uwBN5jD2YL3 YkIyr1eAbR2CzpMq3HQvz+nCyH/Y0qPlUST2IhKkC/xlaiCuPEPxril6TEthBcpqX+ZK fW3mVBy/NJfOSrqsfIUe4XO32IsUmhd8zGRP4uSqYWv8GhX+7HmxEzUps+p5bAznj04l YJRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WjvOqn8fU+Gfo38vtjZnPHLutCyKXsU7713yVMyc7aw=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=l/DolE9UbBtnZNGQ/tQA2VKR4TMkN3GxD4wEBCl8E5hS30Ol9wpOh2EZ4kmHXlGpCd nR9KwEKRqhsUIF2Ou/7G8JTfs1DepaBvFdVyyQYCyWwrX0eOQbA/1knrVGM5FfzAmDYN 2lOs4k576NTASGS9+gouSBhcJ8ojoZk44oGWpPvxfwLdXgKN8jR8ZCgHtUBzgHnuWedB HzGFgPPfk2KpcBQajSK6K4OevNoRRmA8wxltJ0bs8cPoqkajlRefuSeXzvbcp2oO9D80 SCI2PIh6GBmTOvH0dYmYrgKl23rKt/9Ju/eSY75ZVMHAa5SPmJ+ONq/HFF7qUxmoH7Cc YktQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SoeaDXTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id r23-20020a056830419700b006c64f244f17si1206249otu.166.2023.11.24.00.01.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SoeaDXTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id DD3C780998B3; Fri, 24 Nov 2023 00:01:12 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345344AbjKXIAw (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344842AbjKXH6o (ORCPT ); Fri, 24 Nov 2023 02:58:44 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1ED810C2; Thu, 23 Nov 2023 23:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812730; x=1732348730; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RdU5cdmOWwDYJkBHGCqgfVnW0sGc8i9GJIHnqSwTU9U=; b=SoeaDXTFx+BCEJ6apEWzdpJMAg2qbylyNSDeMlwf0Nt+7WhUykVUk6S1 ApfgpWhkDj/S+iVP12J0LRG7N3aY0jcUzCck2fUn2g81aIgaXMEAceH0L 6BRS5Irbi35nuJigys44PCfnhOFftaU6HIIrTvltGcrJ2A7p5QXMhtouZ H9H9b74b4N5aNXHRxM/Am60p/86UvpSZv3jZXCPs0PqNCfbwYz6sJuucG GVuMZxlfJnm0+x2tOINrIu9Fps5ZZfvPR8Clj6tSfn6/gfcz60Gnf+P2W pZ3h1oLdaD1KEm+tMIvvqh4SKOnsd0UrR8eCO3yIbxMDAxdYE5CwvFJiT g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872417" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872417" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629869" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629869" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 25/26] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Fri, 24 Nov 2023 00:53:29 -0500 Message-Id: <20231124055330.138870-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:12 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431561044195276 X-GMAIL-MSGID: 1783431561044195276 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 2034337681f9..d8c32682ca76 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1205,9 +1205,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2829,7 +2829,6 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u8 vector = intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2846,12 +2845,20 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code != + x86_exception_has_error_code(vector))) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -6969,6 +6976,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index b4b9d51438c6..26842da6857d 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -284,6 +284,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid From patchwork Fri Nov 24 05:53:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 169259 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp984894vqx; Fri, 24 Nov 2023 00:01:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IHDMfWZaqvLal7gOuoFpnNfwDpGtYLZ4fy/DuGSbZIkA2kHYk4rKAgcC+Vge6K3p9HQJhB7 X-Received: by 2002:a05:6a20:3d03:b0:185:a762:9179 with SMTP id y3-20020a056a203d0300b00185a7629179mr2829580pzi.1.1700812897545; Fri, 24 Nov 2023 00:01:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700812897; cv=none; d=google.com; s=arc-20160816; b=O8ZQ3hCtlb0wXC5P/6tfTNfDKuddgWsllDolZkLDTeIkrCtv+ONxkkcoP4OSzs2le1 fbcw8OINcWK+n0wEN6aZwj0gdwH51kADMuUaLcCQ4XCNcD8c6lDB+QsW+DuARDVUDtvC WtYRXJMzOGzmmeVIhAYhNwDQaamrUa9dc7y5hKdZ3TqXyseNBP2K2VGqyLKhhKYgDF4M Kdgl6FMA4y43moWsT4ScWYrsispwo2ka3l6ZcV4jXeWSqAuZF8e7Ldh9F0C8kbh0YYFq tOaWvgmULlO2Hm2/KZjL07Mxko+DyqO50Gvb2KMcHLF/EOsUotnBpzbXNokp0q4l+KM8 acDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=J8NllO1PibSbsHS4oc8sNYWJII9ROkE4NxpVvkh1Ul4=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=aSu8EKF/Us+NKIwlLLZSn9UPL4pi8+0jKvrFBNhdrSYAcySqpbOMpcfyfsKtJqke7Y 8G7kdCe7MlQL0haY28OoMqj9u2cERjTWIZDf5vO5sfqlslV3M7F/JN//MeduOrgDo2c0 ZjczPu36VPZobWOonDhVIwcu2yMhCbLL7IOUpNhuBXASD+unWj7LyvosA+Zi6lIGFs6G loieshvgf2FDJY3EF1M+UyZh7RG6fgsQ4ha7gAdOJy/WGf8cDge6tprfS1mmLqGcSe8E nZ4p5qXU1OwNSvr5kTr7rjUX87mNXVu+pp9ONQB0poIimIDf/DBTvZeUvH8mcwTyDMFs 1WJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Pv8ngh4+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id bd33-20020a056a0027a100b006cbed8caa8bsi2458980pfb.111.2023.11.24.00.01.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:01:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Pv8ngh4+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 1E5128056984; Fri, 24 Nov 2023 00:01:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345030AbjKXIA5 (ORCPT + 29 others); Fri, 24 Nov 2023 03:00:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344880AbjKXH6o (ORCPT ); Fri, 24 Nov 2023 02:58:44 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0139710EA; Thu, 23 Nov 2023 23:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812731; x=1732348731; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qxUbjToZvYUB2tfZqGuznwO9zR+QRPiW2NhSgl7PmxQ=; b=Pv8ngh4+Zfhmx0cKPKDRIxVigYQIpBnMGFvfa4VfjgiDtSl3lgRJYNmi rHbgjr+jR7YmpDyMHPDq5Y1KkZj4g6wNQWa7jhRe9QcyPl+bZ4hy1iVRD tNx8DsJrZXbLWZyeJomq+xjxc9f4Lt2qHg+Dll4hOHecA059U3sYr4N3R TdGOmZZTeYxhPuf/RgJpyJBv8rbho3ho/ekoEq9QglvPIIhJOpqMEkD9p Z9zSz1Icas8riTNL7fCRZKc70T8gnRzgy/3rUEEzSApzEFR8iqn+bQqal x0LE4vaaj2huPCLrEGEb9/sfY97i4sc4YJnpgO4AnyJj9GDGEQScWWxec w==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872422" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872422" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629872" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629872" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 26/26] KVM: nVMX: Enable CET support for nested guest Date: Fri, 24 Nov 2023 00:53:30 -0500 Message-Id: <20231124055330.138870-27-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:28 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783431584919946524 X-GMAIL-MSGID: 1783431584919946524 Set up CET MSRs, related VM_ENTRY/EXIT control bits and fixed CR4 setting to enable CET for nested VM. Note, generally L1 VMM only touches CET VMCS fields when live migration or vmcs_{read,write}() to the fields happens, so the fields only need to be synced in these "rare" cases. And here only considers the case that L1 VMM has set VM_ENTRY_LOAD_CET_STATE in its VMCS vm_entry_controls as it's the common usage. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 48 +++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/vmx/vmcs12.c | 6 +++++ arch/x86/kvm/vmx/vmcs12.h | 14 +++++++++++- arch/x86/kvm/vmx/vmx.c | 2 ++ 4 files changed, 67 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index d8c32682ca76..965173650542 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -660,6 +660,28 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_FLUSH_CMD, MSR_TYPE_W); + /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */ + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_U_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_S_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL0_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL1_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL2_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL3_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW); + kvm_vcpu_unmap(vcpu, &vmx->nested.msr_bitmap_map, false); vmx->nested.force_msr_bitmap_recalc = false; @@ -2469,6 +2491,18 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12) if (kvm_mpx_supported() && vmx->nested.nested_run_pending && (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)) vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs); + + if (vmx->nested.nested_run_pending && + (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) { + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) { + vmcs_writel(GUEST_SSP, vmcs12->guest_ssp); + vmcs_writel(GUEST_INTR_SSP_TABLE, + vmcs12->guest_ssp_tbl); + } + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) || + guest_can_use(&vmx->vcpu, X86_FEATURE_IBT)) + vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet); + } } if (nested_cpu_has_xsaves(vmcs12)) @@ -4300,6 +4334,15 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu, vmcs12->guest_pending_dbg_exceptions = vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS); + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) { + vmcs12->guest_ssp = vmcs_readl(GUEST_SSP); + vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE); + } + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) || + guest_can_use(&vmx->vcpu, X86_FEATURE_IBT)) { + vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET); + } + vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false; } @@ -6798,7 +6841,7 @@ static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf, VM_EXIT_HOST_ADDR_SPACE_SIZE | #endif VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT | - VM_EXIT_CLEAR_BNDCFGS; + VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_LOAD_CET_STATE; msrs->exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER | @@ -6820,7 +6863,8 @@ static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf, #ifdef CONFIG_X86_64 VM_ENTRY_IA32E_MODE | #endif - VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS; + VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS | + VM_ENTRY_LOAD_CET_STATE; msrs->entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL); diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 106a72c923ca..4233b5ca9461 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -139,6 +139,9 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(GUEST_PENDING_DBG_EXCEPTIONS, guest_pending_dbg_exceptions), FIELD(GUEST_SYSENTER_ESP, guest_sysenter_esp), FIELD(GUEST_SYSENTER_EIP, guest_sysenter_eip), + FIELD(GUEST_S_CET, guest_s_cet), + FIELD(GUEST_SSP, guest_ssp), + FIELD(GUEST_INTR_SSP_TABLE, guest_ssp_tbl), FIELD(HOST_CR0, host_cr0), FIELD(HOST_CR3, host_cr3), FIELD(HOST_CR4, host_cr4), @@ -151,5 +154,8 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip), FIELD(HOST_RSP, host_rsp), FIELD(HOST_RIP, host_rip), + FIELD(HOST_S_CET, host_s_cet), + FIELD(HOST_SSP, host_ssp), + FIELD(HOST_INTR_SSP_TABLE, host_ssp_tbl), }; const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs12_field_offsets); diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index 01936013428b..3884489e7f7e 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -117,7 +117,13 @@ struct __packed vmcs12 { natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; - natural_width paddingl[8]; /* room for future expansion */ + natural_width host_s_cet; + natural_width host_ssp; + natural_width host_ssp_tbl; + natural_width guest_s_cet; + natural_width guest_ssp; + natural_width guest_ssp_tbl; + natural_width paddingl[2]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; @@ -292,6 +298,12 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_ia32_sysenter_eip, 656); CHECK_OFFSET(host_rsp, 664); CHECK_OFFSET(host_rip, 672); + CHECK_OFFSET(host_s_cet, 680); + CHECK_OFFSET(host_ssp, 688); + CHECK_OFFSET(host_ssp_tbl, 696); + CHECK_OFFSET(guest_s_cet, 704); + CHECK_OFFSET(guest_ssp, 712); + CHECK_OFFSET(guest_ssp_tbl, 720); CHECK_OFFSET(pin_based_vm_exec_control, 744); CHECK_OFFSET(cpu_based_vm_exec_control, 748); CHECK_OFFSET(exception_bitmap, 752); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a1aae8709939..947028ff2e25 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7734,6 +7734,8 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU)); cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + cr4_fixed1_update(X86_CR4_CET, ecx, feature_bit(SHSTK)); + cr4_fixed1_update(X86_CR4_CET, edx, feature_bit(IBT)); #undef cr4_fixed1_update }