From patchwork Thu Dec 21 14:02:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182099 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp288574dyi; Thu, 21 Dec 2023 01:26:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IFjKintoJTHbOJsQL0SJKk+GdTScHnU1hLis7W/9C32r62wNIjnCsBjBPVxE8BnIAuvDqQx X-Received: by 2002:a05:6a20:914f:b0:194:c98f:e334 with SMTP id x15-20020a056a20914f00b00194c98fe334mr1295211pzc.6.1703150783809; Thu, 21 Dec 2023 01:26:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150783; cv=none; d=google.com; s=arc-20160816; b=AMu9MXo3U7K9lDZLRrg1qMIVqwDn+IF/ZlKN2KGrjksqpkUmWrqNQgVp4NY4Y4g8uO 7BChIulXYP8OSa2T3GTLJgGGkPE6voujwVfb6GwpoRgmSekPRA07pKDjSapqy2BBqmuE r8JjS2YJWHP9APs7eUSTd/gZgTU0lsl+Pmd8kl4nLse1oUhBJ+9ZRU2tfkBunqeJSeyT BfzMMwzRupnkufE0Tk+f/o2QlL9VNK3TCx2ZNCGHPqK5tKNDKOxEzi0DkAjSN8nODFpS Mz2tMm3/wnxEEv+qtVMlawNuncueeBlNjISDwZTlFkX4/478CriUBE8poVV0vyNBJuS/ GdeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mV2bq58ycyg1LFuciIh50RjNESRmqVAe6x0wSkquCB4=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=sVjzte7TK2kNH9Ys/Up794kLx28AEmct3AbTMecZ5jC6HVJVyMQPbLSBgek64FBLRX FBlmHjhTL+o5VL1qUKfepsQ7Ext52qCza2nJ+k1jJxqG7lYPxqIgmpAqCaDCRrpt1PKw qeM9dFqtr0ibphdjtOOZZCTi9m56WgALA3aTJwAewdtf2P+bToEPC9pHtP8LfJLpscxm E2lYUdSA3r0VqlelFfPSJ5KNw7APZqWaBueOrsPvobSurXsKNcNiKt99XwNCfQ3dHieo EczGxGHgNM98S8XnaPrNPaLSZthIscdP3JmJ6yp2sD4jeUrMrF0qZMETCGNfrjNaORRc AKHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JAPYsE3H; spf=pass (google.com: domain of linux-kernel+bounces-8073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8073-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id e1-20020a170902744100b001d0d3795b3fsi1165900plt.284.2023.12.21.01.26.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:26:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JAPYsE3H; spf=pass (google.com: domain of linux-kernel+bounces-8073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8073-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 60166B266B3 for ; Thu, 21 Dec 2023 09:17:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 61CB058112; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="JAPYsE3H" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCB0A5467F; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149431; x=1734685431; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VvF0PBScwCsWmxl1ZnSXv9NBr/c+xJKpYRCNE4wuI0c=; b=JAPYsE3HN+zpGT3mmErYaHbVMdVszXCcJ2n/AwFxh13PXX8niJN5RAZD nT9+Q3IGlrWOOSbdE85ewAu9GfWUxziyNMiogjjEIx9sl28Z2rSRQ6VBX bjhjF87At5x4mZJccH5ho2C2rFto3HX0GF5RiZC98tOXj3xTHwUohcWOT XFIDtwbBZzCuXxh/HkOCnDwfC8ZyPXZxzk3zJVYX/nizm7YcYeT1gj4qU LW7OrSbRqJFcDq3f07s6cm82MCX9s2fOGJ6eJUDTB+rew520CcEwugQJZ zsWhQrbwDQofgQhKrzd7E3ZKdwwLHSKKaWGw1gGVsLk1d4pVmMOYa7a73 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729667" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729667" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028565" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028565" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 01/26] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Date: Thu, 21 Dec 2023 09:02:14 -0500 Message-Id: <20231221140239.4349-2-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785883036314756649 X-GMAIL-MSGID: 1785883036314756649 From: Sean Christopherson When granting userspace or a KVM guest access to an xfeature, preserve the entity's existing supervisor and software-defined permissions as tracked by __state_perm, i.e. use __state_perm to track *all* permissions even though all supported supervisor xfeatures are granted to all FPUs and FPU_GUEST_PERM_LOCKED disallows changing permissions. Effectively clobbering supervisor permissions results in inconsistent behavior, as xstate_get_group_perm() will report supervisor features for process that do NOT request access to dynamic user xfeatures, whereas any and all supervisor features will be absent from the set of permissions for any process that is granted access to one or more dynamic xfeatures (which right now means AMX). The inconsistency isn't problematic because fpu_xstate_prctl() already strips out everything except user xfeatures: case ARCH_GET_XCOMP_PERM: /* * Lockless snapshot as it can also change right after the * dropping the lock. */ permitted = xstate_get_host_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); case ARCH_GET_XCOMP_GUEST_PERM: permitted = xstate_get_guest_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); and similarly KVM doesn't apply the __state_perm to supervisor states (kvm_get_filtered_xcr0() incorporates xstate_get_guest_group_perm()): case 0xd: { u64 permitted_xcr0 = kvm_get_filtered_xcr0(); u64 permitted_xss = kvm_caps.supported_xss; But if KVM in particular were to ever change, dropping supervisor permissions would result in subtle bugs in KVM's reporting of supported CPUID settings. And the above behavior also means that having supervisor xfeatures in __state_perm is correctly handled by all users. Dropping supervisor permissions also creates another landmine for KVM. If more dynamic user xfeatures are ever added, requesting access to multiple xfeatures in separate ARCH_REQ_XCOMP_GUEST_PERM calls will result in the second invocation of __xstate_request_perm() computing the wrong ksize, as as the mask passed to xstate_calculate_size() would not contain *any* supervisor features. Commit 781c64bfcb73 ("x86/fpu/xstate: Handle supervisor states in XSTATE permissions") fudged around the size issue for userspace FPUs, but for reasons unknown skipped guest FPUs. Lack of a fix for KVM "works" only because KVM doesn't yet support virtualizing features that have supervisor xfeatures, i.e. as of today, KVM guest FPUs will never need the relevant xfeatures. Simply extending the hack-a-fix for guests would temporarily solve the ksize issue, but wouldn't address the inconsistency issue and would leave another lurking pitfall for KVM. KVM support for virtualizing CET will likely add CET_KERNEL as a guest-only xfeature, i.e. CET_KERNEL will not be set in xfeatures_mask_supervisor() and would again be dropped when granting access to dynamic xfeatures. Note, the existing clobbering behavior is rather subtle. The @permitted parameter to __xstate_request_perm() comes from: permitted = xstate_get_group_perm(guest); which is either fpu->guest_perm.__state_perm or fpu->perm.__state_perm, where __state_perm is initialized to: fpu->perm.__state_perm = fpu_kernel_cfg.default_features; and copied to the guest side of things: /* Same defaults for guests */ fpu->guest_perm = fpu->perm; fpu_kernel_cfg.default_features contains everything except the dynamic xfeatures, i.e. everything except XFEATURE_MASK_XTILE_DATA: fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; When __xstate_request_perm() restricts the local "mask" variable to compute the user state size: mask &= XFEATURE_MASK_USER_SUPPORTED; usize = xstate_calculate_size(mask, false); it subtly overwrites the target __state_perm with "mask" containing only user xfeatures: perm = guest ? &fpu->guest_perm : &fpu->perm; /* Pairs with the READ_ONCE() in xstate_get_group_perm() */ WRITE_ONCE(perm->__state_perm, mask); Cc: Maxim Levitsky Cc: Weijiang Yang Cc: Dave Hansen Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Chao Gao Cc: Rick Edgecombe Cc: John Allen Cc: kvm@vger.kernel.org Link: https://lore.kernel.org/all/ZTqgzZl-reO1m01I@google.com Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kernel/fpu/xstate.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 117e74c44e75..07911532b108 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1601,16 +1601,20 @@ static int __xstate_request_perm(u64 permitted, u64 requested, bool guest) if ((permitted & requested) == requested) return 0; - /* Calculate the resulting kernel state size */ + /* + * Calculate the resulting kernel state size. Note, @permitted also + * contains supervisor xfeatures even though supervisor are always + * permitted for kernel and guest FPUs, and never permitted for user + * FPUs. + */ mask = permitted | requested; - /* Take supervisor states into account on the host */ - if (!guest) - mask |= xfeatures_mask_supervisor(); ksize = xstate_calculate_size(mask, compacted); - /* Calculate the resulting user state size */ - mask &= XFEATURE_MASK_USER_SUPPORTED; - usize = xstate_calculate_size(mask, false); + /* + * Calculate the resulting user state size. Take care not to clobber + * the supervisor xfeatures in the new mask! + */ + usize = xstate_calculate_size(mask & XFEATURE_MASK_USER_SUPPORTED, false); if (!guest) { ret = validate_sigaltstack(usize); From patchwork Thu Dec 21 14:02:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182072 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp283259dyi; Thu, 21 Dec 2023 01:13:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IF2qwKHLeUGwohsPQeJNZj3ZdtmstTwhJ4g+VYeGd5VhD1br70x/U4q7EbObnUxnLBhAjoA X-Received: by 2002:a05:6808:1443:b0:3bb:721d:8ac2 with SMTP id x3-20020a056808144300b003bb721d8ac2mr2512893oiv.69.1703149987491; Thu, 21 Dec 2023 01:13:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703149987; cv=none; d=google.com; s=arc-20160816; b=etOCjL7pLhSBH2KP/X6nLNfYVFKq3N63JxWnifbuytWt+5g4f+d+CAJ5nA2W2jM97g y0YRL2T4FzfmmEmasfahUlKjf8ikrTnVn/UJruMKK0mWPgkn9VnWJgv/rzpYUXbNgaf9 TlNfNhSixn1SwjCC/NrMOD4NuuBfQ6/5sJZ6+zN5QWwfmP35Mu+PO2HFTXGs3e2PaKDq dzxe0jXTh+c+wciU4nOrZI5IAOyAjgWYdo1cl0AGGUwY2jfvTK7WRVN6kg0mtrsP19SM +GueGks7oRde8kLZ1s41ZT8g9zaW3NK5SJPFNQ3bd7EVgFCZncA3CW7GreKQQxqJZAZY 1dPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=I9jnzHNjw5TPqj3yN/gtbE0r0ak40MVmpD0RkPa4Xls=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=BfGukhiYdamlko+RyZ0DvpxCPFesbsgCZ1+YfoHDa1l0llTMN7bTSFXCgkjm1h8f3n XbGvA6p7kLiffdXAVtrOBu7W8DGyx/Rtey8X95hEPi3m88lYrt+1jbij1vzpDGqoTii0 6wiH9f56y6pORcZjQF8qcqE4CO83NhBpyMaZtZI8FSaKXjk+MBxcbehiZv8QjVCqL35l dQ4QAaU/obyDcBahYIULdZ2eDp+Qv87SXlRC8W2cpgx2CqxLhUPGf+9iCoSYyCRyHiO7 Z61bnOjCq+Rmc5c+pNvGbv0Fi973l+Nmcv1XYkw20b1hX1dIJ/yqqPiUyDfEvJAFbH8i XDfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CcQThKvh; spf=pass (google.com: domain of linux-kernel+bounces-8060-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8060-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id z16-20020aa79e50000000b006d8174b97efsi1240871pfq.104.2023.12.21.01.13.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:13:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8060-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CcQThKvh; spf=pass (google.com: domain of linux-kernel+bounces-8060-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8060-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D4CE428268F for ; Thu, 21 Dec 2023 09:13:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 05FA0537EB; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="CcQThKvh" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A67C4C63D; Thu, 21 Dec 2023 09:03:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149425; x=1734685425; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=O+In4X9Kp5bd1+hICvCOfi4/QLtmFNAek1QhOW3ItLM=; b=CcQThKvhCRj/PRkKCY7SMPWg1CdKG/6/sjVd5yYCXlQxAM11fkKBxE8d aaem5ioZrtVImG8hJEK4QASCN+ijNSPs9sx+I5IAzcZ1U1LZePtEHbPJJ 8seLaxUm7cBLghz74mt8d+1JKA5diSU5At8mhKB6hq5K9dHyP4KCizT3a +hSGhwQ+zymrZmvvNh6rAxqKjvP15bwQqT1vO1LlPiImR2d+TrDi8wOLM ydhRTu+XDfDuyZ9LC6WZZ5VsJ42Cm0CXa6tO85xrb96O/vjZVNU0Hhyl5 1aXxtq8WAwNc9suC+Wx5AjHFsIXGhV13YJFn8znmcp2Mr42ULfg/o6iG4 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729602" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729602" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028567" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028567" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 02/26] x86/fpu/xstate: Refine CET user xstate bit enabling Date: Thu, 21 Dec 2023 09:02:15 -0500 Message-Id: <20231221140239.4349-3-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882201192998444 X-GMAIL-MSGID: 1785882201192998444 Remove XFEATURE_CET_USER entry from dependency array as the entry doesn't reflect true dependency between CET features and the user xstate bit. Enable the bit in fpu_kernel_cfg.max_features when either SHSTK or IBT is available. Both user mode shadow stack and indirect branch tracking features depend on XFEATURE_CET_USER bit in XSS to automatically save/restore user mode xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever necessary. Note, the issue, i.e., CPUID only enumerates IBT but no SHSTK is resulted from CET KVM series which synthesizes guest CPUIDs based on userspace settings,in real world the case is rare. In other words, the existing dependency check is correct when only user mode SHSTK is available. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Tested-by: Rick Edgecombe --- arch/x86/kernel/fpu/xstate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 07911532b108..f6b98693da59 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -73,7 +73,6 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, - [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -798,6 +797,14 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_kernel_cfg.max_features &= ~BIT_ULL(i); } + /* + * CET user mode xstate bit has been cleared by above sanity check. + * Now pick it up if either SHSTK or IBT is available. Either feature + * depends on the xstate bit to save/restore user mode states. + */ + if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) + fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); + if (!cpu_feature_enabled(X86_FEATURE_XFD)) fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Thu Dec 21 14:02:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182088 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285939dyi; Thu, 21 Dec 2023 01:19:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IHFRIbux/MKD4ZBFtSUG9uVVKD0aHcT5mbfsp4SpCfuF+mczWvLXO/14pS2DDZ0WKRnFpo2 X-Received: by 2002:a05:6e02:1a06:b0:35d:59a2:2a2 with SMTP id s6-20020a056e021a0600b0035d59a202a2mr30393015ild.66.1703150393493; Thu, 21 Dec 2023 01:19:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150393; cv=none; d=google.com; s=arc-20160816; b=khzSbto/2JPQXxmGfaS667eJ/svMd7Dvq0E6O/b1PCNJKfAuLSpBryWTj8snLaT6fR h/3UCuDp/D4IjS+yqpxJ+lF6MyvyLEJMKH6DW/Q15mNwXNqAK65dN2/DNwqeVMqQH9ix lDFl6UTcz66xFN3TsfVaXvdgDTW1cSevFw7H6NL54oQQ/pi/NPLe5MJuYh3hkfnA3WUO 9FK6MFF7W/05kKbMgI5bUb/L2XMtf4K71Smep2RlbtaaDHhd0W92HwXSf9bWGd864Boo azWaUp7QOk8BxQZ2F241SRq+n3VEJHYwz/4UcgS3x/tazThUQ21WoZkBpugRU01PSRyq Ph8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=nDp+HCtH7eEc9q080AXX2yz1RTdmvNtnpgMOutQrVRE=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=shQ9/00eyi6R00tuvofWByFYbHBUYDkYvC2Uxd6uuaFqehuf3ZGxyN7UNbT68QKTP7 JhD0LyaAz44NgRlTLmKy97+tBoCSyoaGQ4jJZoGTPezVYruaXrFIi7SJLx1G+j2W1og+ Z5ziCZhbfeVfRY827OAsJDrU0BWK0xm/o7prtzSpMv7QdND19LD4BVyZeXfY5cFaNbMc kT8FOaSob4qZcreg6hKysk6ufIlnQkNdt0rLhQcEdF+t9k02M1LkKnIUJviDWjG8XYtd LxT43Y9ePCfCwKz02tQc4O6SYlBzBrlERN38wSQ2gu4+AHQ3/RaveYuadmQ+bHnq4bZ/ 3ZbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XxMu7SUI; spf=pass (google.com: domain of linux-kernel+bounces-8062-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8062-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id o26-20020a63731a000000b005b92842d469si1303234pgc.62.2023.12.21.01.19.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8062-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XxMu7SUI; spf=pass (google.com: domain of linux-kernel+bounces-8062-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8062-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8A906B223BE for ; Thu, 21 Dec 2023 09:13:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E21FA54BC5; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XxMu7SUI" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E14A4CB50; Thu, 21 Dec 2023 09:03:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149427; x=1734685427; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zDQRJW1MEJIyRReHbn6CnswFHThkqwgVHPSva/vwncA=; b=XxMu7SUIzXipM3zjSuEoEa7npqGWYQxyTWw6gxxb1ogten5PMrh9YWix D56xczN57b/fze4uWIYN2K6Nve1yR38vW3ESsgkQD91n2tZ0cLuZB/7iH xcDeb9g4Im4XiIsVXr5tgjRy7oImA0IAjU6Ix3iRSAJCm7u+0OJ7xASnv 7OLyhHmSjL672Har8LIp038tX6TmmRtIGUAiU8RZFfZcjctibIuwyeGNV oD1n3lcvq6FZgmNPlLg3SIp4tUgfeDpG82ev9oVJkAHSrlXubPuzQaJp4 5ZS7TYn9f34/Ze8kCgETTj8ou5yZ4Kb36Zg9IzY1SH6ZgJx0Rh9UNawkb w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729612" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729612" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028570" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028570" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 03/26] x86/fpu/xstate: Add CET supervisor mode state support Date: Thu, 21 Dec 2023 09:02:16 -0500 Message-Id: <20231221140239.4349-4-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882627181359674 X-GMAIL-MSGID: 1785882627181359674 Add supervisor mode state support within FPU xstate management framework. Although supervisor shadow stack is not enabled/used today in kernel,KVM requires the support because when KVM advertises shadow stack feature to guest, architecturally it claims the support for both user and supervisor modes for guest OSes(Linux or non-Linux). CET supervisor states not only includes PL{0,1,2}_SSP but also IA32_S_CET MSR, but the latter is not xsave-managed. In virtualization world, guest IA32_S_CET is saved/stored into/from VM control structure. With supervisor xstate support, guest supervisor mode shadow stack state can be properly saved/restored when 1) guest/host FPU context is swapped 2) vCPU thread is sched out/in. The alternative is to enable it in KVM domain, but KVM maintainers NAKed the solution. The external discussion can be found at [*], it ended up with adding the support in kernel instead of KVM domain. Note, in KVM case, guest CET supervisor state i.e., IA32_PL{0,1,2}_MSRs, are preserved after VM-Exit until host/guest fpstates are swapped, but since host supervisor shadow stack is disabled, the preserved MSRs won't hurt host. [*]: https://lore.kernel.org/all/806e26c2-8d21-9cc9-a0b7-7787dd231729@intel.com/ Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 14 ++++++++++++-- arch/x86/include/asm/fpu/xstate.h | 6 +++--- arch/x86/kernel/fpu/xstate.c | 6 +++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb810074f1e7..c6fd13a17205 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -116,7 +116,7 @@ enum xfeature { XFEATURE_PKRU, XFEATURE_PASID, XFEATURE_CET_USER, - XFEATURE_CET_KERNEL_UNUSED, + XFEATURE_CET_KERNEL, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -139,7 +139,7 @@ enum xfeature { #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) #define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) -#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -264,6 +264,16 @@ struct cet_user_state { u64 user_ssp; }; +/* + * State component 12 is Control-flow Enforcement supervisor states + */ +struct cet_supervisor_state { + /* supervisor ssp pointers */ + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index d4427b88ee12..3b4a038d3c57 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -51,7 +51,8 @@ /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ - XFEATURE_MASK_CET_USER) + XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) /* * A supervisor state component may not always contain valuable information, @@ -78,8 +79,7 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ - XFEATURE_MASK_CET_KERNEL) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index f6b98693da59..03e166a87d61 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -51,7 +51,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers (unused)", + "Control-flow Kernel registers", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -73,6 +73,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -277,6 +278,7 @@ static void __init print_xstate_features(void) print_xstate_feature(XFEATURE_MASK_PKRU); print_xstate_feature(XFEATURE_MASK_PASID); print_xstate_feature(XFEATURE_MASK_CET_USER); + print_xstate_feature(XFEATURE_MASK_CET_KERNEL); print_xstate_feature(XFEATURE_MASK_XTILE_CFG); print_xstate_feature(XFEATURE_MASK_XTILE_DATA); } @@ -346,6 +348,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL | \ XFEATURE_MASK_XTILE) /* @@ -546,6 +549,7 @@ static bool __init check_xstate_against_struct(int nr) case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_CET_KERNEL: return XCHECK_SZ(sz, nr, struct cet_supervisor_state); case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); From patchwork Thu Dec 21 14:02:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182073 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp283456dyi; Thu, 21 Dec 2023 01:13:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IFvmi14IlYh3YAy21hGJ+5y0w7oKBP6HN8Aov7bPz+ig4VpQ6lsR5Qbvqt2DS1I83UiMwQg X-Received: by 2002:a17:906:e205:b0:a23:6276:2830 with SMTP id gf5-20020a170906e20500b00a2362762830mr3097567ejb.76.1703150017556; Thu, 21 Dec 2023 01:13:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150017; cv=none; d=google.com; s=arc-20160816; b=Xf7AAkGSkYoTq0VUZc/kpyCv8u4VCJU2ZM7z8GCcS8kc7b9fEko/LsiytE0s+PQ99O eTN/S/ioCNkK54PckG8TWgi2GTM6CCZgRcxippEU0GiU6g3A4DoEv+15rF/XYD1UORzs JU7ewdBopwKBk/kY2pXtLqF78Uo2MvvxD5Tc8JOG8GW6HvQmxwUhp49Bo9XSLF7KvzsR lgiaVZnB2R5qzaHrfHJZa/nIDyI9QS2rAMC0Q/Upbu4z8LJsrczWDEOblU2iHNTdFj4K 3+tQ5Fdaq7Zh0l3UIN5E2YvVXlS7A7HItaoOkTNLa21gBeGDDWg/7JnXP4jHhXdAmPrI 67fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=GubGxx2X2q6NnDB0Ehb0rthq8k9JezSSuwmhH+DDY0U=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=tiPR4j6czRV1FBKcSZfYd+qplD25iOJkqW0prbTBUnYwzjZoubnp+hxip36vJZZxBr tOm0lHCFM3bosF24bV7r/ILTMnKK8nG8Wc380R2m2/XoSBuAk+MA7+qkmoMgB0SM7e+G +61HJIOUrBszrmIzkzVIPz1+ttST7lEI6DeMEMAHzRIgOt1zvA0PU4XnoYnVfKdsj7wG QvjKI8eJ/9DpNSwVxv6JvytgHk+/SmS74mqa17KowwY4chcWg+YjCV9dEdea8z7FIPXP 4LVwGEv1C38oOT0C2vAMagrAu4kubOYu5Hn2mVb9R7AwnBh9g5LuAemlm8xP04zYD8es vfTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BxfEhmEa; spf=pass (google.com: domain of linux-kernel+bounces-8061-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8061-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id p24-20020a170906b21800b00a235ebeef93si671683ejz.797.2023.12.21.01.13.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:13:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8061-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BxfEhmEa; spf=pass (google.com: domain of linux-kernel+bounces-8061-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8061-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 30FD41F24BE5 for ; Thu, 21 Dec 2023 09:13:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8276D54645; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="BxfEhmEa" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC3E84CB42; Thu, 21 Dec 2023 09:03:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149426; x=1734685426; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QMG+Yk4D8j/JmasRk+1daUK2kCpsOOtXnCC9FPmPDII=; b=BxfEhmEa8HZE7dP3RQbc9VI0k7IfcLwalctm68Nv7/rL8RlvXXJR4L61 yvrumOdnvLcLboUHHCnPH7ReyM4NHqPmVh0ajNCgI12t5T5YXGsPXG7IQ 4xy/HpB+wsUrMpson2/YSE9l2eiY9onXR34mjDZ+I2E/0gAHe0n/WKg+i Iqanr4XFAg1PSWwqWiLXLHGOB8rurOMj0W1x0f2o72eUCmqTkBFX8UpE9 BJgiZYxzXA06YEVuycnf3hqSJGyJ/QWBHSUSZbiuLt5KRDF6MH2mvDRKm ojnxfo3aRDFgaECpdVl3vCNCmF3fST9XvdrXymEfZvhJnpVCh3xh54fkd A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729607" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729607" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028572" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028572" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 04/26] x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set Date: Thu, 21 Dec 2023 09:02:17 -0500 Message-Id: <20231221140239.4349-5-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882232940578370 X-GMAIL-MSGID: 1785882232940578370 Define a new XFEATURE_MASK_KERNEL_DYNAMIC mask to specify the features that can be optionally enabled by kernel components. This is similar to XFEATURE_MASK_USER_DYNAMIC in that it contains optional xfeatures that can allows the FPU buffer to be dynamically sized. The difference is that the KERNEL variant contains supervisor features and will be enabled by kernel components that need them, and not directly by the user. Currently it's used by KVM to configure guest dedicated fpstate for calculating the xfeature and fpstate storage size etc. The kernel dynamic xfeatures now only contain XFEATURE_CET_KERNEL, which is supported by host as they're enabled in kernel XSS MSR setting but relevant CPU feature, i.e., supervisor shadow stack, is not enabled in host kernel therefore it can be omitted for normal fpstate by default. Remove the kernel dynamic feature from fpu_kernel_cfg.default_features so that the bits in xstate_bv and xcomp_bv are cleared and xsaves/xrstors can be optimized by HW for normal fpstate. Suggested-by: Dave Hansen Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe --- arch/x86/include/asm/fpu/xstate.h | 5 ++++- arch/x86/kernel/fpu/xstate.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 3b4a038d3c57..a212d3851429 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -46,9 +46,12 @@ #define XFEATURE_MASK_USER_RESTORE \ (XFEATURE_MASK_USER_SUPPORTED & ~XFEATURE_MASK_PKRU) -/* Features which are dynamically enabled for a process on request */ +/* Features which are dynamically enabled per userspace request */ #define XFEATURE_MASK_USER_DYNAMIC XFEATURE_MASK_XTILE_DATA +/* Features which are dynamically enabled per kernel side request */ +#define XFEATURE_MASK_KERNEL_DYNAMIC XFEATURE_MASK_CET_KERNEL + /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 03e166a87d61..ca4b83c142eb 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -824,6 +824,7 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) /* Clean out dynamic features from default */ fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_KERNEL_DYNAMIC; fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Thu Dec 21 14:02:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182094 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp287504dyi; Thu, 21 Dec 2023 01:23:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IEAa2mIGz5RyYaPRpr9Z8hr10+t+Ur91fjHbuYt6DXYs/41GQ5usPuo3nxa3JwlDrXu09wx X-Received: by 2002:a17:902:d549:b0:1d0:6ffd:9e22 with SMTP id z9-20020a170902d54900b001d06ffd9e22mr26897663plf.116.1703150624643; Thu, 21 Dec 2023 01:23:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150624; cv=none; d=google.com; s=arc-20160816; b=TyF6z7WjSPj/60gZ0HqtQUWamWBxiqqhrlCiO5/OCBrYTrRkiHjPf2IX9wOFVMX/OI f3M7g4FxSeT3mk5aZKsg4wjfBgBpkk4t4LN5p4PwbYRFpJPLvLcyNEYRZaSr3cOgcM4H 5bw0BIkUGaREdRQXDC/MmgEAA72zH38x/eQ7YDc87f4JW115qFWLx/solZOLuRCEZ01E RA5wftlVuK5zFBQhm8eohTL8A9LuVj0BC1pz2yNvHPvZElS+OGMuoONxHJnmbeJsnNel ylOe09whH/h7Vciu7dpjd5jM2MHmg8MOyT1mEzmldKpsNWSX1ZM/YDjtwRulAVLcFsZR LL8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=iHZDSHh/ZRPx7ZFJd6B7TRQPmPuADRJeb49nPG/fGzE=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=GjRXjUzIPYR6DmLhFi39/cZSbaupp3ojSXF8LJYPJdQqelUQoehZbRuleShRKjaaEx goqKZuAmurnlKd6EvIeA1xyLL3wywl2Uwku9MIRq3kZUv6JCKvIPVvVWivgmjTeN7Qs1 GmljzU7QE+zUnztpJBMd6JG5gR1UWHZmK1ry+HUClQWCmWqK5QOb5nJa5nWiDgn6rN9Q QJHDx8EodtscU2VW7iFaeIqmzlhRz8+3/SLel4aEtUp4odniV5kVVAw91PUwDpHgR3l2 kJukz1dU7ucfPQhkkCk9/e5gUeVD9eydimZf5wnordVD8HsLGVcvGSx7uzdxPm+hTfTE QnKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OuBpwSAm; spf=pass (google.com: domain of linux-kernel+bounces-8067-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8067-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id c6-20020a170903234600b001d3ed273d50si1243424plh.450.2023.12.21.01.23.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:23:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8067-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OuBpwSAm; spf=pass (google.com: domain of linux-kernel+bounces-8067-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8067-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 560F6B25CCF for ; Thu, 21 Dec 2023 09:15:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DBBC3563B2; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OuBpwSAm" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 389084D138; Thu, 21 Dec 2023 09:03:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149429; x=1734685429; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=vrM9JR0H5kr1MYXHBciwu2UwrgHEa2/kyZQ0I41qdRQ=; b=OuBpwSAmq6NhPDDZbOAo1rVjJ9q0KJ9WMfdLLsInAjs99R4M4M/Jnb8M wOL/80hXlgxe6ofUWQ2bVpcR564cMYkTyyi1GwsyGeB5MfCc87qNkRSS9 NzwAlHzpBjQEUEu/rsoJLPm8+kjwxfxm+B36ahaxubLdXdIysS6IG9F5a uruD7YXdd9ju6l98i/i3zKC+VSwvmZavqIvCQ6P0zKAGjktY2vWtU0Rpl iE1OGDs/Ggdwl7z34Hh/bweiDJugVjtiaJaNOT7SRJ17GtLvEAeo5hSU9 zAKJqwqz85VO1MkAEtSVIWGN6sn7Jl2o4iFFZHJSWFVCez10e+sRHNZP7 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729637" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729637" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028576" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028576" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 05/26] x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration Date: Thu, 21 Dec 2023 09:02:18 -0500 Message-Id: <20231221140239.4349-6-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882869444606972 X-GMAIL-MSGID: 1785882869444606972 Define new fpu_guest_cfg to hold all guest FPU settings so that it can differ from generic kernel FPU settings, e.g., enabling CET supervisor xstate by default for guest fpstate while it's remained disabled in kernel FPU config. The kernel dynamic xfeatures are specifically used by guest fpstate now, add the mask for guest fpstate so that guest_perm.__state_permit == (fpu_kernel_cfg.default_xfeature | XFEATURE_MASK_KERNEL_DYNAMIC). And if guest fpstate is re-allocated to hold user dynamic xfeatures, the resulting permissions are consumed before calculate new guest fpstate. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 2 +- arch/x86/kernel/fpu/core.c | 70 ++++++++++++++++++++++++++++++-- arch/x86/kernel/fpu/xstate.c | 10 +++++ 3 files changed, 78 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index c6fd13a17205..306825ad6bc0 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -602,6 +602,6 @@ struct fpu_state_config { }; /* FPU state configuration information */ -extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg; +extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg, fpu_guest_cfg; #endif /* _ASM_X86_FPU_H */ diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index a21a4d0ecc34..976f519721e2 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -33,10 +33,67 @@ DEFINE_STATIC_KEY_FALSE(__fpu_state_size_dynamic); DEFINE_PER_CPU(u64, xfd_state); #endif -/* The FPU state configuration data for kernel and user space */ +/* The FPU state configuration data for kernel, user space and guest. */ +/* + * kernel FPU config: + * + * all known and CPU supported user and supervisor features except + * - independent kernel features (XFEATURE_LBR) + * @fpu_kernel_cfg.max_features; + * + * all known and CPU supported user and supervisor features except + * - dynamic kernel features (CET_S) + * - independent kernel features (XFEATURE_LBR) + * - dynamic userspace features (AMX state) + * @fpu_kernel_cfg.default_features; + * + * size of compacted buffer with 'fpu_kernel_cfg.max_features' + * @fpu_kernel_cfg.max_size; + * + * size of compacted buffer with 'fpu_kernel_cfg.default_features' + * @fpu_kernel_cfg.default_size; + */ struct fpu_state_config fpu_kernel_cfg __ro_after_init; + +/* + * user FPU config: + * + * all known and CPU supported user features + * @fpu_user_cfg.max_features; + * + * all known and CPU supported user features except + * - dynamic userspace features (AMX state) + * @fpu_user_cfg.default_features; + * + * size of non-compacted buffer with 'fpu_user_cfg.max_features' + * @fpu_user_cfg.max_size; + * + * size of non-compacted buffer with 'fpu_user_cfg.default_features' + * @fpu_user_cfg.default_size; + */ struct fpu_state_config fpu_user_cfg __ro_after_init; +/* + * guest FPU config: + * + * all known and CPU supported user and supervisor features except + * - independent kernel features (XFEATURE_LBR) + * @fpu_guest_cfg.max_features; + * + * all known and CPU supported user and supervisor features except + * - independent kernel features (XFEATURE_LBR) + * - dynamic userspace features (AMX state) + * @fpu_guest_cfg.default_features; + * + * size of compacted buffer with 'fpu_guest_cfg.max_features' + * @fpu_guest_cfg.max_size; + * + * size of compacted buffer with 'fpu_guest_cfg.default_features' + * @fpu_guest_cfg.default_size; + */ + +struct fpu_state_config fpu_guest_cfg __ro_after_init; + /* * Represents the initial FPU state. It's mostly (but not completely) zeroes, * depending on the FPU hardware format: @@ -536,8 +593,15 @@ void fpstate_reset(struct fpu *fpu) fpu->perm.__state_perm = fpu_kernel_cfg.default_features; fpu->perm.__state_size = fpu_kernel_cfg.default_size; fpu->perm.__user_state_size = fpu_user_cfg.default_size; - /* Same defaults for guests */ - fpu->guest_perm = fpu->perm; + + /* Guest permission settings */ + fpu->guest_perm.__state_perm = fpu_guest_cfg.default_features; + fpu->guest_perm.__state_size = fpu_guest_cfg.default_size; + /* + * Set guest's __user_state_size to fpu_user_cfg.default_size so that + * existing uAPIs can still work. + */ + fpu->guest_perm.__user_state_size = fpu_user_cfg.default_size; } static inline void fpu_inherit_perms(struct fpu *dst_fpu) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index ca4b83c142eb..9cbdc83d1eab 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -681,6 +681,7 @@ static int __init init_xstate_size(void) { /* Recompute the context size for enabled features: */ unsigned int user_size, kernel_size, kernel_default_size; + unsigned int guest_default_size; bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); /* Uncompacted user space size */ @@ -702,13 +703,18 @@ static int __init init_xstate_size(void) kernel_default_size = xstate_calculate_size(fpu_kernel_cfg.default_features, compacted); + guest_default_size = + xstate_calculate_size(fpu_guest_cfg.default_features, compacted); + if (!paranoid_xstate_size_valid(kernel_size)) return -EINVAL; fpu_kernel_cfg.max_size = kernel_size; fpu_user_cfg.max_size = user_size; + fpu_guest_cfg.max_size = kernel_size; fpu_kernel_cfg.default_size = kernel_default_size; + fpu_guest_cfg.default_size = guest_default_size; fpu_user_cfg.default_size = xstate_calculate_size(fpu_user_cfg.default_features, false); @@ -829,6 +835,10 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_guest_cfg.max_features = fpu_kernel_cfg.max_features; + fpu_guest_cfg.default_features = fpu_guest_cfg.max_features; + fpu_guest_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + /* Store it for paranoia check at the end */ xfeatures = fpu_kernel_cfg.max_features; From patchwork Thu Dec 21 14:02:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182076 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284186dyi; Thu, 21 Dec 2023 01:15:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IHP4MYal3Jxjp+ZoJ+q8jhLniN20/+GlHDmYd5LS1EoCvRX7rZ2yA/K8eD98ULRthK5ztDz X-Received: by 2002:a05:622a:1792:b0:425:4043:4199 with SMTP id s18-20020a05622a179200b0042540434199mr31802558qtk.69.1703150115291; Thu, 21 Dec 2023 01:15:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150115; cv=none; d=google.com; s=arc-20160816; b=qI9DiNIOkX/4YCZtQzWVIvzweMN/qsJfMs//15L+XiXiKouSf34guLSJI0VzGTYrzl h19Pw9Xurhw36mK6WgesKPsuwSlTAvtSf7P9RCtm23NZqTGSQO/SbtnbLC5R8aJzuidS 5MgL5ubEXweAnGtfu3HPxzfsKKkOmnfkjWO9/vhCgFuX0JjQCi/+KeqncgVfJcw4sXY3 P+AfwW5HUsKbr+H2+6e92KtegqVOjwuaCTaqIV2g7wdKhdodKUynVzFqW5qTrirSDex2 WyO74R7+9wlXUvmeplrUa4Vk086yQslFWLF/ZCsKFmq1K7yljODxXs3LTIPcYHuuc+x1 CPtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=smj8s6baAZuIJIHtjJRZW7xnvsgIC+pdhpBhHmYmtPQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=PNoDv4r3BosJo2G0xQKko3WpFg9ZoLex2Y525CWCuYoaqRgJG2qth/vjGsmqP2N0fL R6CUPqof19yHhk3fFPqewF9ycNJDCGK5hQxXtkjynjD0peEB7dtMuCQ7Q9Ts3+VwiFBq oozdElH+DoCZAkzk/PjbdUyBJfbHDkCkPJYGw2aGacgQPspZnJJ6S/qZKGK3Xry7LI8C rVk9/6fB9hdcXKTjiiUDBJ6gx0uTR6O4nS39wHRAegTmU2aV4t+F0BVGGcNzZOyaZRBQ nuS70MvpXtDce0adi1fz+RGO2MgugmlxFxYl5EOgG0hmaeF+e13OepvbucCe45m79Fto +Gwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ck1ZKy95; spf=pass (google.com: domain of linux-kernel+bounces-8066-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8066-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id u2-20020a05622a010200b0042377597590si1728994qtw.379.2023.12.21.01.15.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:15:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8066-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ck1ZKy95; spf=pass (google.com: domain of linux-kernel+bounces-8066-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8066-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 13ACD1C21D2E for ; Thu, 21 Dec 2023 09:15:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5F11155C32; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ck1ZKy95" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A37FC4CDE0; Thu, 21 Dec 2023 09:03:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149427; x=1734685427; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=N6bKvF/wjxHav2Jw8JLBlRUTjnJbutaCfY+j5c1XrYo=; b=ck1ZKy95V7YjYuEz9fFjkMsQFGUauiX7hqrTb3TVHoZoDGhbQYuHh0nn uS3sXjlEkoRtYdssjfpzJ/sCme7qvctyyVwpzRHR33HeXi3o1grWxXMfQ +3CpgSRtm77dCyrcUrbHfD+wl0qJcS/QBgmY4PovcVqU4ur5slGPdyQ60 IW/HougPV26F0TXZ9oaCILIEfuvebc3HLj3tCg2qJ/k7XSqk9mfroZEON 94VCy/kTm11RedWLo2wmh4aKDCO9xcBx21DKuwXet3GmBrikxupbZD7uJ KmAjBajbsYYyA5l9LZq8pCDi665jvpvZdnX/PU3jw1+H1TuuF3T+9YIgP g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729618" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729618" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028578" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028578" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 06/26] x86/fpu/xstate: Create guest fpstate with guest specific config Date: Thu, 21 Dec 2023 09:02:19 -0500 Message-Id: <20231221140239.4349-7-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882334857722706 X-GMAIL-MSGID: 1785882334857722706 Use fpu_guest_cfg to calculate guest fpstate settings, open code for __fpstate_reset() to avoid using kernel FPU config. Below configuration steps are currently enforced to get guest fpstate: 1) Kernel sets up guest FPU settings in fpu__init_system_xstate(). 2) User space sets vCPU thread group xstate permits via arch_prctl(). 3) User space creates guest fpstate via __fpu_alloc_init_guest_fpstate() for vcpu thread. 4) User space enables guest dynamic xfeatures and re-allocate guest fpstate. By adding kernel dynamic xfeatures in above #1 and #2, guest xstate area size is expanded to hold (fpu_kernel_cfg.default_features | kernel dynamic xfeatures | user dynamic xfeatures), then host xsaves/xrstors can operate for all guest xfeatures. The user_* fields remain unchanged for compatibility with KVM uAPIs. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kernel/fpu/core.c | 47 ++++++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 976f519721e2..0e0bf151418f 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -250,8 +250,6 @@ void fpu_reset_from_exception_fixup(void) } #if IS_ENABLED(CONFIG_KVM) -static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); - static void fpu_init_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; @@ -272,25 +270,54 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu) gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED; } -bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +static struct fpstate *__fpu_alloc_init_guest_fpstate(struct fpu_guest *gfpu) { + bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); + unsigned int gfpstate_size, size; struct fpstate *fpstate; - unsigned int size; - size = fpu_user_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + /* + * fpu_guest_cfg.default_size is initialized to hold all enabled + * xfeatures except the user dynamic xfeatures. If the user dynamic + * xfeatures are enabled, the guest fpstate will be re-allocated to + * hold all guest enabled xfeatures, so omit user dynamic xfeatures + * here. + */ + size = fpu_guest_cfg.default_size + + ALIGN(offsetof(struct fpstate, regs), 64); + fpstate = vzalloc(size); if (!fpstate) - return false; + return NULL; + /* + * Initialize sizes and feature masks, use fpu_user_cfg.* + * for user_* settings for compatibility of exiting uAPIs. + */ + fpstate->size = gfpstate_size; + fpstate->xfeatures = fpu_guest_cfg.default_features; + fpstate->user_size = fpu_user_cfg.default_size; + fpstate->user_xfeatures = fpu_user_cfg.default_features; + fpstate->xfd = 0; - /* Leave xfd to 0 (the reset value defined by spec) */ - __fpstate_reset(fpstate, 0); fpstate_init_user(fpstate); fpstate->is_valloc = true; fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_user_cfg.default_features; - gfpu->perm = fpu_user_cfg.default_features; + gfpu->xfeatures = fpu_guest_cfg.default_features; + gfpu->perm = fpu_guest_cfg.default_features; + + return fpstate; +} + +bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) +{ + struct fpstate *fpstate; + + fpstate = __fpu_alloc_init_guest_fpstate(gfpu); + + if (!fpstate) + return false; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state From patchwork Thu Dec 21 14:02:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182075 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284032dyi; Thu, 21 Dec 2023 01:14:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IGSz13uCZ/L+KIJ4WMiuSvixEZ1dQ2iyjv0+3Omv5QEWTeiIVRVSwCZBfwpTk0UmIxHwMD3 X-Received: by 2002:a17:906:c2:b0:a26:97fb:a410 with SMTP id 2-20020a17090600c200b00a2697fba410mr1007653eji.88.1703150095237; Thu, 21 Dec 2023 01:14:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150095; cv=none; d=google.com; s=arc-20160816; b=yzzTDAA+HzhW55nWsavR6XeOaen4yBzSIXFSzc/kQbgPv2EqBc7WpHzvurs2e1G5mv JCQ6od9ZbFSvzzFx9ToIF87aDaICou/1331tRiacaH9ZtIfpmWndA5hoPom1qTAfBAcg GuYaZrziAuf1Tjx19Q/Ivab0lzoxOYCjhORxpssmllXDbCZASTzyiUNWxI9VWvQaQIcg pRRNlP4GBexZEblWxh5btFp4w4F0qasA0jQsHv6Zm9E0ODGvR03hsi61lbhvVQENBBxy Hof8zrGE0fOFVl1DlqMy50OhbLVlmDioguZlUFAow7AJMGtco9NVKKfKMHDx3ejdXsmy PK0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Vywl8Unj2mhX4UP2DwGw99j6x9g/03rqeqRsNYcumUI=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=KxPpbpk8nBHQRJflvGXtJoFckTPd142PqvF7nevvLfy9YoXnfS9b1JC0rUeSHdV2sp /FcXOZHKRWR3n/ruAyoOxh25iSGHEX3hUVT/oZgRUiuONrAUgrxS4ajz0e7lB9EC+fSp +0Y6GKVDUv8OfqAvlay+VRrCmtOWE0/2YphhscaVjVgKs/I65E9lM+pnZLt39LUfj3Gg /bZ+vax3jzsLP+JY77Xyxq8PG/m/s2xEKU0BPGjCsBnErFfIgvjdB0WJhObcl8LkO9Qd bo8V6LacSO3VuWtU4Y01cAjSJRyQrMTGbK/LYlvkNQLONKHDgzbI8eswPoSzrONQtUzK tO9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dpanSWS6; spf=pass (google.com: domain of linux-kernel+bounces-8064-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8064-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a10-20020a170906368a00b00a2362fdcd72si615317ejc.708.2023.12.21.01.14.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:14:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8064-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dpanSWS6; spf=pass (google.com: domain of linux-kernel+bounces-8064-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8064-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id AD0BA1F210D7 for ; Thu, 21 Dec 2023 09:14:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E950555787; Thu, 21 Dec 2023 09:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dpanSWS6" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF6134D109; Thu, 21 Dec 2023 09:03:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149428; x=1734685428; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Rs0sLmUkvny/jzDhJajlhzctZKCGIsR8BlL5L8UWwmc=; b=dpanSWS6x8TEKO6PNf7ceqBT1ofOnd6cnKOrM7XA8QrrYkvpdFwaIUI6 QLxnRtyS3HEE5yPa3bcHLlLXb3fgDrkNpSuX2kE2ikDNMvEx6JDc6eXUt BnH000FYd4n9d/QVGuXBfvqCIKldc8xJpKnyPxgXVAhsI/5PKcQ8Mhshd A/oZlDhXa44XUX3NnO9GKKG8lVbgHf+BOC615cz1HvhO6KLPriWIRsTJu LIGdrpKmtz3XAEUr2/r6Tya5tvcyxnH67BORMzXpZ9v4PmdyfvIFN1705 zWfH1peBHias62cPKDSG8T2OVdVTE27LwK5Z66MIerYjcrhZZHnzTy5cD A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729630" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729630" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028583" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028583" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 07/26] x86/fpu/xstate: Warn if kernel dynamic xfeatures detected in normal fpstate Date: Thu, 21 Dec 2023 09:02:20 -0500 Message-Id: <20231221140239.4349-8-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882314265795740 X-GMAIL-MSGID: 1785882314265795740 Kernel dynamic xfeatures now are __ONLY__ enabled for guest fpstate, i.e., never for normal kernel fpstate. The bits are added when guest FPU config is initialized. Guest fpstate is allocated with fpstate->is_guest set to %true. For normal fpstate, the bits should have been removed when initializes kernel FPU config settings, WARN_ONCE() if kernel detects normal fpstate xfeatures contains kernel dynamic xfeatures before executes xsaves. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Reviewed-by: Maxim Levitsky --- arch/x86/kernel/fpu/xstate.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 3518fb26d06b..83ebf1e1cbb4 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -185,6 +185,9 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && + (mask & XFEATURE_MASK_KERNEL_DYNAMIC)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */ From patchwork Thu Dec 21 14:02:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182079 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284737dyi; Thu, 21 Dec 2023 01:16:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IFLctqRhUJokLpB0V1mq8v1P1HUAZEZ74kN/RjzMSnEIYSSeV1gv+rbfcWcLtZZWyW8NbPx X-Received: by 2002:a05:620a:6008:b0:77f:8dc1:963b with SMTP id dw8-20020a05620a600800b0077f8dc1963bmr17904091qkb.105.1703150202229; Thu, 21 Dec 2023 01:16:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150202; cv=none; d=google.com; s=arc-20160816; b=G+VXWNEaxFgEipxIoPKEdGeo54qYSBDCVWHxR91Kt3Ujt1bPsYhgPHxcQHthZJ3feT NP+6F5SzN+lq1TSxynngLf8urEsIsMPTEOcy/KAkHlrKD2iXay375ocKXZ+sXdUnr+6t 05vTHXeZAROwW0fRDBViZzaNz7w4uvnDFk4eZ39pSZZNSK9fLlHjliKAgSoKOmM6IT95 EMwipzDhDFsBjMJnr15vbtvAKsXc9h/322doiT/Il9NCy6d2Q7Soij8WinFqFfb78jiN LuUMGzuDbpCGliC9TkpXmBJhTMiKNN7k2RShX2gJb5WXAKzQwZ3Y9smDToxg1zI7bW89 I3kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=gtFO1Vg0jgqVzXlngOwYN/apmLTItHTSgdjyEsgOMqk=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=kb/r5Kj1cptDiiy8DtQstHkUjimF9odtqj4fN0wHuMQkTP03McjWBBkXfes/4Gu2xp AE3CeRYFrZNIuGy6vWOClI4ntB9JnH2RMC5gTlmGqg40Hgyb2SVnfpgu5nDvXG0VZLeY etWKUr9uNYUS52gqG5UX2pBgXKNAnSLuEP9BiOjyoHaXPK/OkH9fX0Ot8lwkKdAVBp1B 9gHTeTct6ruIe11TlOpZpjxw5ThbDoNFzAwTLXBn1lnua/3MykRKJKhB/ZRQe29P1AG3 GhnvMFKfycusL6rJDi/qoOgdwxAi/TA+ZYyYFgAO10TbEG8Cp2Dhc2fxD/9pJZE6Eztj DApw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Q/RqZ4sd"; spf=pass (google.com: domain of linux-kernel+bounces-8070-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8070-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id x22-20020a05620a449600b0077d69adf6b2si1932888qkp.356.2023.12.21.01.16.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:16:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8070-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Q/RqZ4sd"; spf=pass (google.com: domain of linux-kernel+bounces-8070-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8070-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id F05781C2200F for ; Thu, 21 Dec 2023 09:16:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 15BC456B93; Thu, 21 Dec 2023 09:03:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Q/RqZ4sd" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A918F4E1D0; Thu, 21 Dec 2023 09:03:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149430; x=1734685430; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=80A9OCb5g70NX77dvI1N49bHlokeM5y3fENbkVjwY90=; b=Q/RqZ4sdjzCVUPB5rZDSHECI4rY5M4j9NxHdqiv5MZU+ebfdkUL67O3P mUfDT/0kzBxggI5pEe93vR1uOY1T3JSDX9V44q1IoqwpWjRHKe4IC5iCU k4y2rtGQxagK25RkQhTswXpWKOQX2Ue7t19KOrMhZoRRonT7dDP+uvjVY cTTKY+TcRXKvsnJuutZCC8aKPa44l7IohbpOyzVcsEF+lRP4jYRDkxGnA 6DCZzVAvQ8dABhCbLsJHkZtq92u6BA6AAWGRGS6AHjYB061dhlnkvzVNO XMWvKZr1KQzZKqXLw2KvzPFvAzbkGk0wRhQkAFTfB57S+6RfVgPUOj5RC w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729648" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729648" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028584" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028584" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 08/26] KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data Date: Thu, 21 Dec 2023 09:02:21 -0500 Message-Id: <20231221140239.4349-9-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882426219062208 X-GMAIL-MSGID: 1785882426219062208 From: Sean Christopherson Rework and rename cpuid_get_supported_xcr0() to explicitly operate on vCPU state, i.e. on a vCPU's CPUID state, now that the only usage of the helper is to retrieve a vCPU's already-set CPUID. Prior to commit 275a87244ec8 ("KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM)"), KVM incorrectly fudged guest CPUID at runtime, which in turn necessitated massaging the incoming CPUID state for KVM_SET_CPUID{2} so as not to run afoul of kvm_cpuid_check_equal(). I.e. KVM also invoked cpuid_get_supported_xcr0() with the incoming CPUID state, and thus without an explicit vCPU object. Opportunistically move the helper below kvm_update_cpuid_runtime() to make it harder to repeat the mistake of querying supported XCR0 for runtime updates. No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/cpuid.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 294e5bd5f8a0..624954203b40 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -247,21 +247,6 @@ void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) vcpu->arch.pv_cpuid.features = best->eax; } -/* - * Calculate guest's supported XCR0 taking into account guest CPUID data and - * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). - */ -static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) -{ - struct kvm_cpuid_entry2 *best; - - best = cpuid_entry2_find(entries, nent, 0xd, 0); - if (!best) - return 0; - - return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; -} - static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, int nent) { @@ -312,6 +297,21 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); +/* + * Calculate guest's supported XCR0 taking into account guest CPUID data and + * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). + */ +static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 0); + if (!best) + return 0; + + return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { #ifdef CONFIG_KVM_HYPERV @@ -361,8 +361,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_apic_set_version(vcpu); } - vcpu->arch.guest_supported_xcr0 = - cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); + vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); kvm_update_pv_runtime(vcpu); From patchwork Thu Dec 21 14:02:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182074 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp283922dyi; Thu, 21 Dec 2023 01:14:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IEnphYf6L0Vsh8/71XCd6uKEHHCyWk8LOeSo/8s7BbVrcEzhFEXN0svmaKC6iwqyFEa7qBB X-Received: by 2002:ac8:58cf:0:b0:427:90b2:bac1 with SMTP id u15-20020ac858cf000000b0042790b2bac1mr2286275qta.23.1703150082262; Thu, 21 Dec 2023 01:14:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150082; cv=none; d=google.com; s=arc-20160816; b=WD+GoY7iEcWWtfn516y9RNBPn14YRo2lfaAvVNFMuUP4LXP1h5KN0IeQh/d7KlEFLc jycphbL1sEDWHjkG9WORXBL6oZnsT+pCpTQomuRDmLkbXReoPJpr/ymDO1QQf24tHejO xJEmtSf2qlZCaaVbxM5zRcYv1w5mV2xMIDTNTHL0umfkSTD5WzYF8f2lAcku003EUe5P twcCPUsM97nCF+QoTjvwlq77NiRg9vimSuvTfhoLQvWe/QUBzz+7d0etECWpJRyc3+Mm 9zet7y5ZDtxC8OlVcdt+PePnhkNJnFsSTEt7czzQNI2db6zM4IpTiIoWvZGzxVS7bkI9 lhyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=EL/vZkZ3eowEEsZzmjvhX42Kwh6tadgfvJrpuQIYfn8=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=Ibo6W4r5NJ4udhxPMyy00c/YI4Gi8NdwapDXF4fzEdpOSWkO4rE+eYXp3jE07xcB/c l628vrZIoFGAJ2O0MxliMyVUrn+UAXJKVKxvw2TE2KB+VuSAMSqBSU+zmoS+J6MvNrro HugdLW84hq5dvP6AYkVXu7T+RolV6CF4mlKE16gtBK9WRilqBJ9DyAeQBFz4Lmn2HP6P x7mS0yqeHanXeDeGYq9BZEwV072F69+bCfdkxWapOTuSHiOh02Wx1sH1cxUqJ4d3tWjL F67NZiJclMH+ghADbr6QjBpTbSTZIj/EaPVeldiqjquHv9e8QLFzZfDoFoCs0wXhtanM rJVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LTJzGaNi; spf=pass (google.com: domain of linux-kernel+bounces-8063-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8063-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id b16-20020ac85bd0000000b00425433fec1csi1654060qtb.483.2023.12.21.01.14.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:14:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8063-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LTJzGaNi; spf=pass (google.com: domain of linux-kernel+bounces-8063-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8063-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 145421C20A44 for ; Thu, 21 Dec 2023 09:14:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9B8C154FB2; Thu, 21 Dec 2023 09:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LTJzGaNi" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E41F4CDF9; Thu, 21 Dec 2023 09:03:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149428; x=1734685428; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mnzEVlzgWkMulqUCa41he1GtyrHqz8Magus+6evCOOA=; b=LTJzGaNizoqYbxkx2pqnJ0yXqtm8ANr0PCM7x2J0G+kbQE7erB9Egb3+ rrMb0nbCWI82+AQg/2Mlm/gf/SucAFsP27wHndt9niAydOqAoseNJPLHt SqQp5IOUVnvqqiAFkNlclWFBBpxfb+8tQSJ+xhUmHkk7H9HCig+ZnsV/X TbGNmiLvOp9fDhYWKllWTcX7l7xzGD3OJT77wa5c6DOKK1dp+3aCuCou7 HT/bIp6aVlHbFwDJQGcsGURX5CTpItDuARISmk6F2ODrD6B66eBZKmtbE 8uTkgaZZ5zLUtUMaAgBtnsJNmiw9JgD1zKGdbm87vJ1ZeJmJSf4soZxtn w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729624" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729624" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028587" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028587" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 09/26] KVM: x86: Rename kvm_{g,s}et_msr() to menifest emulation operations Date: Thu, 21 Dec 2023 09:02:22 -0500 Message-Id: <20231221140239.4349-10-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882300741063667 X-GMAIL-MSGID: 1785882300741063667 Rename kvm_{g,s}et_msr() to kvm_emulate_msr_{read,write}() to make it more obvious that KVM uses these helpers to emulate guest behaviors, i.e., host_initiated == false in these helpers. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 4 ++-- arch/x86/kvm/smm.c | 4 ++-- arch/x86/kvm/vmx/nested.c | 13 +++++++------ arch/x86/kvm/x86.c | 10 +++++----- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 7bc1daf68741..5c665165024c 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2013,8 +2013,8 @@ void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu); void kvm_enable_efer_bits(u64); bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer); int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated); -int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data); -int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data); +int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); +int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu); int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu); int kvm_emulate_as_nop(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index dc3d95fdca7d..45c855389ea7 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -535,7 +535,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, vcpu->arch.smbase = smstate->smbase; - if (kvm_set_msr(vcpu, MSR_EFER, smstate->efer & ~EFER_LMA)) + if (kvm_emulate_msr_write(vcpu, MSR_EFER, smstate->efer & ~EFER_LMA)) return X86EMUL_UNHANDLEABLE; rsm_load_seg_64(vcpu, &smstate->tr, VCPU_SREG_TR); @@ -626,7 +626,7 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) /* And finally go back to 32-bit mode. */ efer = 0; - kvm_set_msr(vcpu, MSR_EFER, efer); + kvm_emulate_msr_write(vcpu, MSR_EFER, efer); } #endif diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index db0ad1e6ec4b..b2e9853584b8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -958,7 +958,7 @@ static u32 nested_vmx_load_msr(struct kvm_vcpu *vcpu, u64 gpa, u32 count) __func__, i, e.index, e.reserved); goto fail; } - if (kvm_set_msr(vcpu, e.index, e.value)) { + if (kvm_emulate_msr_write(vcpu, e.index, e.value)) { pr_debug_ratelimited( "%s cannot write MSR (%u, 0x%x, 0x%llx)\n", __func__, i, e.index, e.value); @@ -994,7 +994,7 @@ static bool nested_vmx_get_vmexit_msr_value(struct kvm_vcpu *vcpu, } } - if (kvm_get_msr(vcpu, msr_index, data)) { + if (kvm_emulate_msr_read(vcpu, msr_index, data)) { pr_debug_ratelimited("%s cannot read MSR (0x%x)\n", __func__, msr_index); return false; @@ -2686,7 +2686,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) && kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu)) && - WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, + WARN_ON_ONCE(kvm_emulate_msr_write(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, vmcs12->guest_ia32_perf_global_ctrl))) { *entry_failure_code = ENTRY_FAIL_DEFAULT; return -EINVAL; @@ -4568,8 +4568,9 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, } if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) && kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu))) - WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, - vmcs12->host_ia32_perf_global_ctrl)); + WARN_ON_ONCE(kvm_emulate_msr_write(vcpu, + MSR_CORE_PERF_GLOBAL_CTRL, + vmcs12->host_ia32_perf_global_ctrl)); /* Set L1 segment info according to Intel SDM 27.5.2 Loading Host Segment and Descriptor-Table Registers */ @@ -4744,7 +4745,7 @@ static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu) goto vmabort; } - if (kvm_set_msr(vcpu, h.index, h.value)) { + if (kvm_emulate_msr_write(vcpu, h.index, h.value)) { pr_debug_ratelimited( "%s WRMSR failed (%u, 0x%x, 0x%llx)\n", __func__, j, h.index, h.value); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 27e23714e960..0e7dc3398293 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1976,17 +1976,17 @@ static int kvm_set_msr_with_filter(struct kvm_vcpu *vcpu, u32 index, u64 data) return kvm_set_msr_ignored_check(vcpu, index, data, false); } -int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data) +int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data) { return kvm_get_msr_ignored_check(vcpu, index, data, false); } -EXPORT_SYMBOL_GPL(kvm_get_msr); +EXPORT_SYMBOL_GPL(kvm_emulate_msr_read); -int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data) +int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data) { return kvm_set_msr_ignored_check(vcpu, index, data, false); } -EXPORT_SYMBOL_GPL(kvm_set_msr); +EXPORT_SYMBOL_GPL(kvm_emulate_msr_write); static void complete_userspace_rdmsr(struct kvm_vcpu *vcpu) { @@ -8386,7 +8386,7 @@ static int emulator_set_msr_with_filter(struct x86_emulate_ctxt *ctxt, static int emulator_get_msr(struct x86_emulate_ctxt *ctxt, u32 msr_index, u64 *pdata) { - return kvm_get_msr(emul_to_vcpu(ctxt), msr_index, pdata); + return kvm_emulate_msr_read(emul_to_vcpu(ctxt), msr_index, pdata); } static int emulator_check_pmc(struct x86_emulate_ctxt *ctxt, From patchwork Thu Dec 21 14:02:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182078 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284558dyi; Thu, 21 Dec 2023 01:16:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IEYlguF81nZ3YcJPiDEmxIOUvrzGkPWZxPfnkNe+z3X97fXwwAjc5dTtmYR4J/SqWvpeqRH X-Received: by 2002:a05:622a:5c9b:b0:425:9957:5fd3 with SMTP id ge27-20020a05622a5c9b00b0042599575fd3mr692670qtb.0.1703150178253; Thu, 21 Dec 2023 01:16:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150178; cv=none; d=google.com; s=arc-20160816; b=yLVb34KWGtkRiFV4NP5N1f9BehOmOAeFbwgQcDB6QwjYQ3Ctxw0wvGEpgd6KxIdTe9 B1N4+ZFJENHogCySIcmU/lDNyCWRFnHbcCbn9kifCKd8WoVnKBhHxSc3iEtNzjirZRA1 kh8LbA1GdCGJrMyWFIJN83Xu+6d6W9wXmjrhz6NesMe2ysQv5LwxB/aglscYCWTmriOI je7z6WF67+c4tRcougU9J4w1z9/3BCv6s+8xY3Yapboh2jXNLGuX+w1KDQiu/I0Ir05c im75P1hbijebeIref4o5FVgV0KVC1RGhbPFw0lxrhyImWfhxWf6XBZxHPSuN6FkBDfXH VSfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=NcDENkm2zmS8KmC2+RYVL3E73gGw5nUgtjFWSHp3UIU=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=c/6PLn+x5Qh7k4VtaCEG5O0gYIgLRVsFvL9GMynglS7ecmSM3c2Z9hLC7jwWAt2kUJ ariw0rULEwxVgPUsYt2PLrSruB5JSxQFkmxL1kbqeCiupTPS12xWycU1YdjFCYxIxSNk H+LI8CeRegNxvgv4hS18k+g+O7du/DlrHxfBTAlKeXDyg7itqo7cDx3XC+9zTvsdAZpf bsmR4Av8CG/xWyuxSvUY6mQzieOZGp2khP/0DzhClogMhx4jW+h6BcB+eCLiYkhhitPR 2xTnWESE0fOsDLsxJTaq/6DBc+jj43alQ8adXDpfq2mjYSnm8dL0iSFHQsXgl2io3kPN yQXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dRAUm9s9; spf=pass (google.com: domain of linux-kernel+bounces-8069-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8069-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a6-20020a05622a02c600b004278e60d52bsi1668956qtx.563.2023.12.21.01.16.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:16:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8069-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dRAUm9s9; spf=pass (google.com: domain of linux-kernel+bounces-8069-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8069-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0DF241C225FB for ; Thu, 21 Dec 2023 09:16:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9676F56762; Thu, 21 Dec 2023 09:03:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dRAUm9s9" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 476234E1AF; Thu, 21 Dec 2023 09:03:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149430; x=1734685430; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=cxpPX3Wn0VREKtBeuHc/MZkj33xyM0sqH6UvdE/wBRo=; b=dRAUm9s9l+HdfkPkw6Ny/09VX8iYFOFRjA6Jm6Mhz/xAiryCSGgVvN4F 2hPWVA2xre0Qplv9A/PVpemPM8HDJXqrYeKVN0x5Vzs1t7vBisyP4h3u/ eGxl6NRJFXdVZmYEAEmY7flK8XlkaqbMnOFZdvdpOJt3MTjyZaMhSDxZL QEeUDCMgMK03gjmSIIDmELiIWb/mf6BcdFpFLa4RBDOSXtX7KGD1teRuX wPibCDDVgIEJwjXH/KZm6QexLFhpPxhZZWAQ7+y8n8vEPDhv6VLCWf/ET Dvcvbmf2CgNmgy0FjWVC6e3PO1E/AEgZB+2jfzBXEFpkp05v/J1/0qk6h Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729646" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729646" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028589" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028589" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 10/26] KVM: x86: Refine xsave-managed guest register/MSR reset handling Date: Thu, 21 Dec 2023 09:02:23 -0500 Message-Id: <20231221140239.4349-11-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882400880153256 X-GMAIL-MSGID: 1785882400880153256 Tweak the code a bit to facilitate resetting more xstate components in the future, e.g., adding CET's xstate-managed MSRs. No functional change intended. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0e7dc3398293..3671f4868d1b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12205,6 +12205,11 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) static_branch_dec(&kvm_has_noapic_vcpu); } +static inline bool is_xstate_reset_needed(void) +{ + return kvm_cpu_cap_has(X86_FEATURE_MPX); +} + void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) { struct kvm_cpuid_entry2 *cpuid_0x1; @@ -12262,7 +12267,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) kvm_async_pf_hash_reset(vcpu); vcpu->arch.apf.halted = false; - if (vcpu->arch.guest_fpu.fpstate && kvm_mpx_supported()) { + if (vcpu->arch.guest_fpu.fpstate && is_xstate_reset_needed()) { struct fpstate *fpstate = vcpu->arch.guest_fpu.fpstate; /* @@ -12272,8 +12277,12 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) if (init_event) kvm_put_guest_fpu(vcpu); - fpstate_clear_xstate_component(fpstate, XFEATURE_BNDREGS); - fpstate_clear_xstate_component(fpstate, XFEATURE_BNDCSR); + if (kvm_cpu_cap_has(X86_FEATURE_MPX)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_BNDREGS); + fpstate_clear_xstate_component(fpstate, + XFEATURE_BNDCSR); + } if (init_event) kvm_load_guest_fpu(vcpu); From patchwork Thu Dec 21 14:02:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182081 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285069dyi; Thu, 21 Dec 2023 01:17:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IGjnekiYtUdJldb2EE8FPFLWY/B+pwDWRAByKYXfQPwLphM8F9hEuKI7zb1aayYUU6dJVl4 X-Received: by 2002:a5b:892:0:b0:dbc:6a10:5186 with SMTP id e18-20020a5b0892000000b00dbc6a105186mr732626ybq.41.1703150244905; Thu, 21 Dec 2023 01:17:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150244; cv=none; d=google.com; s=arc-20160816; b=IZjQ3mOF8CTjXzQeit/YuFY16mQDdtG5c8yfwjteb8r0I5qDQVprkMSLBevqATFHZw u5y5IGFDTyAP/3vJL5ifbFs9yiFg00X1BLtmc5y5bk++HSkrud12UDsbUiOqj2T8yLiR ym344/StPMm3F7go5yWoVtKdxf1WVJE1K2wTe5AhVFpUQFzpF8QmzTUeQBDdhOud9jKa TNSK26XWuzvLO+oEDWyaErhaePxmGx693hITnaEAEa7xEqHM+VtdGVHNvojRSuWsqYeD cXa/35+EeFkGQwBpl70I044IdKKJlibNzwK98Kp9xPpO7Q+1y0lLwEtnknf5wM0BteIf t5bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=9JYoab6c3rHHRq6OrTPR3OcKszlE7ng1XVK2yaTtBXo=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=DAphMcSlh0sQvw4AffWORIyFo0aYVd3fbP6Z9x2/v+ib2he/QU/kHkvy51MfvnsiY+ curdxrdQCR3RTqdpSxxXeBepGlGB3lyM+Jd8fWe/i6JFCg+OumUZOzNN5k8fcmCAbz9e gOZty7NqEE1prqVo5zzWqqOglQEHChJGqy3JlaG4RJ0PhAYzOB122ivjJkQ962JW9e7G Q25M4IntD1NdrHBbk5Ym46AqVVDCWmZow1YHa21MK+EQvpjrchhCrteFMIEXzN+m5hSd JVL2Xk2XY2DSv6vdEpZDISKNzM2/g5Z0EnxWBnbd1D3WUVrdk+z/aTjQ2bY3wzKZgaH0 DcOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Mdpi7fLE; spf=pass (google.com: domain of linux-kernel+bounces-8072-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8072-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id u2-20020a05622a010200b0042377597590si1728994qtw.379.2023.12.21.01.17.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:17:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8072-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Mdpi7fLE; spf=pass (google.com: domain of linux-kernel+bounces-8072-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8072-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A1E2C1C224AB for ; Thu, 21 Dec 2023 09:17:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2477F5788D; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Mdpi7fLE" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B465554673; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149431; x=1734685431; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=deVC/2fUZfj8WeG3WjFFJ61TeWJaKY/1dV/6Kp3bPHY=; b=Mdpi7fLE4f7HTd8VD75HWp6Ft81hpUdOAVJhHceMFD9X/02iPJTh2Lp+ zQ23K9fb9VP0BrK1DuvH4ugpxLwu8YuRywjOgm+ul5HHfgwG5mk7eDick vdhZnCjjWMVorQSkn4PZdMRGdMkX5KOozNBlyi2jWu/g5ld+czilWnOjF Zq0g+EpOG93d8JIuNCKZODWr6U2n+8F3S6XMos98Qxl64jSgZRFt776D9 NzH8FT/MR5qLwoF+QTqsvqaD8+92PTkv6mHj5zr51mrgIes68xCHCJmbU IjbijG4+KjOVf5yUChieiXJXIKO1VuhucahATIPMSErj3JQghU4ngiNvH w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729662" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729662" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028593" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028593" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:10 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 11/26] KVM: x86: Add kvm_msr_{read,write}() helpers Date: Thu, 21 Dec 2023 09:02:24 -0500 Message-Id: <20231221140239.4349-12-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882471513941124 X-GMAIL-MSGID: 1785882471513941124 Wrap __kvm_{get,set}_msr() into two new helpers for KVM usage and use the helpers to replace existing usage of the raw functions. kvm_msr_{read,write}() are KVM-internal helpers, i.e. used when KVM needs to get/set a MSR value for emulating CPU behavior, i.e., host_initiated == %true in the helpers. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/x86.c | 16 +++++++++++++--- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 5c665165024c..40dd796ea085 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2012,9 +2012,10 @@ void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu); void kvm_enable_efer_bits(u64); bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer); -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated); int kvm_emulate_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); int kvm_emulate_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data); +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data); int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu); int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu); int kvm_emulate_as_nop(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 624954203b40..acc360c76318 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1548,7 +1548,7 @@ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, *edx = entry->edx; if (function == 7 && index == 0) { u64 data; - if (!__kvm_get_msr(vcpu, MSR_IA32_TSX_CTRL, &data, true) && + if (!kvm_msr_read(vcpu, MSR_IA32_TSX_CTRL, &data) && (data & TSX_CTRL_CPUID_CLEAR)) *ebx &= ~(F(RTM) | F(HLE)); } else if (function == 0x80000007) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3671f4868d1b..594c9e025f95 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1920,8 +1920,8 @@ static int kvm_set_msr_ignored_check(struct kvm_vcpu *vcpu, * Returns 0 on success, non-0 otherwise. * Assumes vcpu_load() was already called. */ -int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, - bool host_initiated) +static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, + bool host_initiated) { struct msr_data msr; int ret; @@ -1947,6 +1947,16 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, return ret; } +int kvm_msr_write(struct kvm_vcpu *vcpu, u32 index, u64 data) +{ + return __kvm_set_msr(vcpu, index, data, true); +} + +int kvm_msr_read(struct kvm_vcpu *vcpu, u32 index, u64 *data) +{ + return __kvm_get_msr(vcpu, index, data, true); +} + static int kvm_get_msr_ignored_check(struct kvm_vcpu *vcpu, u32 index, u64 *data, bool host_initiated) { @@ -12296,7 +12306,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) MSR_IA32_MISC_ENABLE_BTS_UNAVAIL; __kvm_set_xcr(vcpu, 0, XFEATURE_MASK_FP); - __kvm_set_msr(vcpu, MSR_IA32_XSS, 0, true); + kvm_msr_write(vcpu, MSR_IA32_XSS, 0); } /* All GPRs except RDX (handled below) are zeroed on RESET/INIT. */ From patchwork Thu Dec 21 14:02:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182104 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp290547dyi; Thu, 21 Dec 2023 01:31:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IG5kC9Y2hHb7wDWaiCsnRBoIEYxJcnJs+BS+vu0XCiTxiZxPzrgGGHhAB7o16M02JbQgFje X-Received: by 2002:a17:903:2350:b0:1d3:eb29:4a23 with SMTP id c16-20020a170903235000b001d3eb294a23mr4138634plh.84.1703151077974; Thu, 21 Dec 2023 01:31:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703151077; cv=none; d=google.com; s=arc-20160816; b=slyxgAGUyRtxt2G+zBQiWdRVPOLfRCmFFaZ9ehaToTDXXB64APYIp0udEGwOFptEZL HYDU57kBYETrIh8v9O02Dk8lKeQP5PxfJognjRPhXl2xP5Ba/u7mAm/ze9ZXx/gmhsdu R1/SfyxPCXQjTvI2LsBst037gDD5pdvstZDqAqhbujSGFIMR0QkjnSpZcDgyzrBTj4VN q7t69RzIlxvhUZWrScVpGpQhIUbTqx1ayqDjeyCD2TRZAgHKgynYUFnquT88V9v0XQHS kwGrB6N6JNUPJcytfLhPZvbeEeLHVAsaB6f22jYYZo9/X21mvDmTAAzgx4IhSeCGyVPz AAeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=dJFJSLlnaQA4+7DAio3F4Xa3gj03ms0ZUCKyWoq2Jlo=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=q6+nWpy+zRGAQ4qJWLNTApza+nVR6YwIEnp798QEorG2npJcpYjFgmeayim1QvOXG7 AC4PlKQzPOG3uh9iaAFykNPmVFubl8JaLxBnUmOLmtodS33NJWQX/Jcd1nkmJUyW/+le 7O5uMl+9hOcYIi9WxKv3z3NQWUPkFDbpqObbkltiTso6MCOSZwGDbMpncDA4Gh0IQy3a 6NnvVzaYU3OVVBCXi3Fv5Z2EWvH5L8e+egQEfB1PMc/3c0h8hDMuQSOKqCVxT3sCz6ye Rr10PEX7CcdQ8Uzf1bdUcyAXMb4jemvFfsHIiWPq7MD/2QWKrAEjkGRzkRu7cNisK7KT 00GA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DTPXkwad; spf=pass (google.com: domain of linux-kernel+bounces-8081-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8081-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id jb1-20020a170903258100b001ce5b8081a5si1179949plb.382.2023.12.21.01.31.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:31:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8081-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DTPXkwad; spf=pass (google.com: domain of linux-kernel+bounces-8081-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8081-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3C19CB22A0B for ; Thu, 21 Dec 2023 09:20:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6211C5B1F4; Thu, 21 Dec 2023 09:04:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DTPXkwad" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29DDC57892; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149436; x=1734685436; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=T3X3fq7AuhPHM7WBbIb8WSrvU0kDaKc1Pze+7ySZgmo=; b=DTPXkwadQomHmYUAJApWB3QTmecm6hxN6LGwSdA20O33cfl/db3+FdBI nnEzAeBEECjCFkl/Rp3gfukdboPuQru3gq3ZKIXrE7R2A/LjrOtPlpLlG Qk63IpbRujHhi7jYPjy8KDNX9/dcwsqArK7zgIw1ibmfnYqIyOnAAyEQR a4tbHKF8dhuLCF2CdkEnLfGUIYNEKTci8/p2X48SPZST92IQgEXqbjwyk tVoyoGEUm0MJOo28L6fZAcDW9wpici/JLachYJH3cz01K5T+6mTtHXPPI TaJei2Pd4bQGfNmLUVOydcxPPcp8h3vUmLHJaRL1fr9ETvHJ6T7BYW/On A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729721" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729721" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028597" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028597" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 12/26] KVM: x86: Report XSS as to-be-saved if there are supported features Date: Thu, 21 Dec 2023 09:02:25 -0500 Message-Id: <20231221140239.4349-13-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785883345002938126 X-GMAIL-MSGID: 1785883345002938126 From: Sean Christopherson Add MSR_IA32_XSS to list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Before enabling CET virtualization series, guest IA32_MSR_XSS is guaranteed to be 0, i.e., XSAVES/XRSTORS is executed in non-root mode with XSS == 0, which equals to the effect of XSAVE/XRSTOR. Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 594c9e025f95..b3a39886e418 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1464,6 +1464,7 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_UMWAIT_CONTROL, MSR_IA32_XFD, MSR_IA32_XFD_ERR, + MSR_IA32_XSS, }; static const u32 msrs_to_save_pmu[] = { @@ -7374,6 +7375,10 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR)) return; break; + case MSR_IA32_XSS: + if (!kvm_caps.supported_xss) + return; + break; default: break; } From patchwork Thu Dec 21 14:02:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182077 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284540dyi; Thu, 21 Dec 2023 01:16:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IHpgMBgF3GgnKU1Wx3dlji8aaIrJktubU/1QtxDStmkLbCc1Bbl+SmUD0otDUezLUk6BHe8 X-Received: by 2002:a50:c94d:0:b0:54f:478f:9bbe with SMTP id p13-20020a50c94d000000b0054f478f9bbemr10773428edh.37.1703150176144; Thu, 21 Dec 2023 01:16:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150176; cv=none; d=google.com; s=arc-20160816; b=Cua2HiQn4ZMOBZl3Qr6BoP60IrmpU+IFR+H0w0Qs9TuDgqjmYhb7c/G6/EML1Kwb8S RxT1wYMKey/dBUIdSNgDG9khaaD9k3UZ84d8e62qf3HunAGTUVpxLzDP3dQtAzxH1mZy 2OzRRq7TrQMPctTnVtU2xzJIUVhw1l26aoTW1H5NeVeOm05XNEeeqVTvuDL7pd785izt bca63+jTh3k4mFavt6QivomaVi3+bpLrmhnpPRrOdkiEu+pZsI46BQ7MgD6x/wr5dFEV fR4V/retqlfKNuMAW39ea+KbhilkUgOvWHDq9CnHwha3HJim5WiOESQrm7JmPIjSag9M my3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=IUd891AT8iP1S6A7F/3xY4ZO2KRfYqDtuEquwIRa9u8=; fh=GH5waOuli6h9Set3ggYc/VU0NXbCWcgfIqnPtXKiONQ=; b=TVB5cnfAPI1LOtqes2S2ZL9fb270GxvUvcecVv/nhWFCVzRgFex9kFgExJSKTC4IFt LV+XusWSdC1Tuzm5qeHBEJ6KiATGUJclvsqycShOYsWaWToxHkEtydWChjB+q8k/6/6g oqvHnYImS54feONGqMPEVbYkbw05H9CnffOJxbQGti1BRtdZcD/JkEVxFXYp+XFzASyx /2QZawiyFmI0V38ITFtMRnGClvwJQaNpaNCR7uMMJepWw3OpjatSZ75uToU4AuzD8KBA LgZSO4V/DL2mavfYUI5nbQSELJXVE7AynegXpTR/bXbZn83zZxx4zmbCA6xhuJS2uTKu KOcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nVoBPIdy; spf=pass (google.com: domain of linux-kernel+bounces-8068-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8068-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id z11-20020a056402274b00b0055417c6a82dsi495360edd.476.2023.12.21.01.16.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:16:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8068-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nVoBPIdy; spf=pass (google.com: domain of linux-kernel+bounces-8068-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8068-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BE3361F21FEF for ; Thu, 21 Dec 2023 09:16:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8698E56754; Thu, 21 Dec 2023 09:03:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="nVoBPIdy" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03F204D5B6; Thu, 21 Dec 2023 09:03:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149430; x=1734685430; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Lh/HRtmyTmg9PjjoKlPhg0GrQura9c97fLsX2mTq5DU=; b=nVoBPIdy7oFzTQEUjtPrOPugDUe/AxzDYGphjsLftP2YKQljss/57AC2 Ub0VxFANnObppsqfGvyTj7rXoPP3tR1Z/jAJgCTBQTc1OmRnImhb+z0xJ kGPqL9H+3zK07rxC0iu8aibX/NHrN7X5I5UdYjmNLcYX6o2G54xifWba2 Ll5SHYnxQpbisQYrQEIFlT6YJJJSdHESjPei0LVl2ire5vNnibSnyrIkL fFst536pTYybhQr6qJo8PigG3vKwA3OpDTRfIegvHaExKQcumiV/pa9Jw t2qSm4LjYj0rStaHbkkNtnzPmXTunodQ78QJxsJdfsVYSIi4msBVgIsPF Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729643" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729643" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028600" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028600" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v8 13/26] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Date: Thu, 21 Dec 2023 09:02:26 -0500 Message-Id: <20231221140239.4349-14-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882399061483235 X-GMAIL-MSGID: 1785882399061483235 Update CPUID.(EAX=0DH,ECX=1).EBX to reflect current required xstate size due to XSS MSR modification. CPUID(EAX=0DH,ECX=1).EBX reports the required storage size of all enabled xstate features in (XCR0 | IA32_XSS). The CPUID value can be used by guest before allocate sufficient xsave buffer. Note, KVM does not yet support any XSS based features, i.e. supported_xss is guaranteed to be zero at this time. Opportunistically modify XSS write access logic as: If XSAVES is not enabled in the guest CPUID, forbid setting IA32_XSS msr to anything but 0, even if the write is host initiated. Suggested-by: Sean Christopherson Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c | 15 ++++++++++++++- arch/x86/kvm/x86.c | 16 ++++++++++++---- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 40dd796ea085..6efaaaa15945 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -772,7 +772,6 @@ struct kvm_vcpu_arch { bool at_instruction_boundary; bool tpr_access_reporting; bool xfd_no_write_intercept; - u64 ia32_xss; u64 microcode_version; u64 arch_capabilities; u64 perf_capabilities; @@ -828,6 +827,8 @@ struct kvm_vcpu_arch { u64 xcr0; u64 guest_supported_xcr0; + u64 guest_supported_xss; + u64 ia32_xss; struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index acc360c76318..3ab133530573 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -275,7 +275,8 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_e best = cpuid_entry2_find(entries, nent, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) - best->ebx = xstate_required_size(vcpu->arch.xcr0, true); + best->ebx = xstate_required_size(vcpu->arch.xcr0 | + vcpu->arch.ia32_xss, true); best = __kvm_find_kvm_cpuid_features(vcpu, entries, nent); if (kvm_hlt_in_guest(vcpu->kvm) && best && @@ -312,6 +313,17 @@ static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vcpu) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } +static u64 vcpu_get_supported_xss(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry_index(vcpu, 0xd, 1); + if (!best) + return 0; + + return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nent) { #ifdef CONFIG_KVM_HYPERV @@ -362,6 +374,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) } vcpu->arch.guest_supported_xcr0 = vcpu_get_supported_xcr0(vcpu); + vcpu->arch.guest_supported_xss = vcpu_get_supported_xss(vcpu); kvm_update_pv_runtime(vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b3a39886e418..7b7a15aab3aa 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3924,20 +3924,28 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.ia32_tsc_adjust_msr += adj; } break; - case MSR_IA32_XSS: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) + case MSR_IA32_XSS: { + /* + * If KVM reported support of XSS MSR, even guest CPUID doesn't + * support XSAVES, still allow userspace to set default value(0) + * to this MSR. + */ + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES) && + !(msr_info->host_initiated && data == 0)) return 1; /* * KVM supports exposing PT to the guest, but does not support * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than * XSAVES/XRSTORS to save/restore PT MSRs. */ - if (data & ~kvm_caps.supported_xss) + if (data & ~vcpu->arch.guest_supported_xss) return 1; + if (vcpu->arch.ia32_xss == data) + break; vcpu->arch.ia32_xss = data; kvm_update_cpuid_runtime(vcpu); break; + } case MSR_SMI_COUNT: if (!msr_info->host_initiated) return 1; From patchwork Thu Dec 21 14:02:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182080 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp284918dyi; Thu, 21 Dec 2023 01:17:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IENyBKsFm6H5jvKsNdebEVh8l036dTg2AdMqGW1gwkBN66qtaLvnhZcUnS9H9sinRxwugGf X-Received: by 2002:a50:c25a:0:b0:553:9fab:6cb6 with SMTP id t26-20020a50c25a000000b005539fab6cb6mr1976095edf.74.1703150225422; Thu, 21 Dec 2023 01:17:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150225; cv=none; d=google.com; s=arc-20160816; b=NWXwEw9bPbs62Ppczscz8PQPLy++j27hBIeDAS1g9SIHA9VWj1vXGfWwsaGj+CBqef EkIGKEVUglzzFBahpQ3sDi77xB5VcUdnr+BvclAcTFfZU/kndzp1DUaJuawlgmYtULlA 2ZrFPCiHA4S65p6yo/eHIb2203LeIrlxbccXQMB5qU+VMujoRRebbIIFwEGIpmudEBaL IByE98gF1v5YLmWaa6GYj7znrbxTrpPZ9emPXSGhjcYOXvSlglTI0xbGnZoqvrKU0MFU f9v1S4gBpTo35B/xLH/DGO9j/PztYARYKkjxmEAiikx2stYxVQj1aDJFEIjIWNrYQWr9 vuGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=JNCb7nNQ/BSHNgUXwg7W/Xr+UXiq7Cw77wzBKtaIHsA=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=OYFeXSRsQchtUToozMn4/gSwqOi7LdVLtukOApBilMAhJWtIq3pr/H+XCKprH2FTCy Qpd2NDhgYI9MsdbkPYnAuPxVXwoH2svKOP76u9fzWxvyiVA+2isi63Ozg2H3MlOhsFJ6 JgWQIpQWjAbSZGn5Uu+93NNT41aCuRWkkfz7gwBRp+nEltgj5LMEfs2cTx6ixsVY8fKG rUecigO4vUd0q/rndflHV8lxldYI6uwRO/HaWw26yTCIBoM/TyMABDLAGMrM+OerxxTB EDM8q30D3R6xhr20XsK370VVcqA4gOV8FRt0T3tooQa5cjCCIsjJB6TPaftKcwxRGHlp mIeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Glfp35Nz; spf=pass (google.com: domain of linux-kernel+bounces-8071-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8071-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id z15-20020a05640240cf00b00553a7ad6cfcsi683960edb.504.2023.12.21.01.17.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:17:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8071-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Glfp35Nz; spf=pass (google.com: domain of linux-kernel+bounces-8071-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8071-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0D3561F21734 for ; Thu, 21 Dec 2023 09:17:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 97BBE5732E; Thu, 21 Dec 2023 09:03:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Glfp35Nz" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22E7E53E04; Thu, 21 Dec 2023 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149431; x=1734685431; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0UE5IUCUA6slej5/EM6zfvBhsHMVYZs9Yfo7sj2LfOU=; b=Glfp35NzN1ho94K2H/gU1v3xKJJ0feXY3Bx04leO5r3CgN5u3g4G3RvS tyKpOxg3/OQ2u1NGoh37WHyxwO7fAZOWuv0CaaSLykibF+etPTN83+x+K e3+sZyJX4lfaVgjIaYswm2IrB34Ibh+TuhEOJtt/jqLhubeUAG2rJ60+0 C3vySkDhL2OvGitbPyV11EToSR3OloSyDqpMoP2wQZHDa6lTef22cQx9m tmcbuK4b3zhwrbjDibHUTq84kym1w3/9pj5JyQfBKSO/t6S9sttR0Wt7t r/pHBiBb30ESlw6N8NeTEshw/qXi21zRJYVIwgIKQwIEM0pIuwe7iVVw8 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729657" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729657" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028603" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028603" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 14/26] KVM: x86: Initialize kvm_caps.supported_xss Date: Thu, 21 Dec 2023 09:02:27 -0500 Message-Id: <20231221140239.4349-15-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882450328845418 X-GMAIL-MSGID: 1785882450328845418 Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if XSAVES is supported. host_xss contains the host supported xstate feature bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM enabled XSS feature bits, the resulting value represents the supervisor xstates that are available to guest and are backed by host FPU framework for swapping {guest,host} XSAVE-managed registers/MSRs. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7b7a15aab3aa..f50c5a523b92 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -226,6 +226,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) +#define KVM_SUPPORTED_XSS 0 + u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9715,12 +9717,13 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); kvm_caps.supported_xcr0 = host_xcr0 & KVM_SUPPORTED_XCR0; } + if (boot_cpu_has(X86_FEATURE_XSAVES)) { + rdmsrl(MSR_IA32_XSS, host_xss); + kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + } rdmsrl_safe(MSR_EFER, &host_efer); - if (boot_cpu_has(X86_FEATURE_XSAVES)) - rdmsrl(MSR_IA32_XSS, host_xss); - kvm_init_pmu_capability(ops->pmu_ops); if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) From patchwork Thu Dec 21 14:02:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182089 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp286149dyi; Thu, 21 Dec 2023 01:20:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IFHSic7MXB1wOM+rhDrE4duvTVO63URwxp263EGm350H254GUW07la1oybBwSz9exf6dPh9 X-Received: by 2002:a17:902:c943:b0:1d3:6c2e:3e98 with SMTP id i3-20020a170902c94300b001d36c2e3e98mr5330667pla.116.1703150421609; Thu, 21 Dec 2023 01:20:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150421; cv=none; d=google.com; s=arc-20160816; b=N6NLsLsWmb0lCF9NHkdsuGa0jI9y7Qf+YH62YnlgD/iUKdXaSbU80REA+vrWSK1U3k sT3+3dykk3EEV77Qeqbcp5CMGFGkb2DzvxmbKlVcqCIVJCYjhVsoeqW/fqWxaXLg6ChV F3IEUXzFFlvmQNW7dfOHyWif9qCb34t4SYfkvM/naf/lHl8FUpHsHUmQnulSRANeUf08 /zF4HABhw5Zm30MX10Xe7GhSlVJ9AW3sziXuCJPQjd4GrwtLX4GTa5M5cs9v4hefET8B AkAuiYkFO/yv2C705JUBd4GFQ3aK1tI+KmULfJCc/5K/Jh6LK7FE/oTMQRcsiArTrf96 ESYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=VL3riO4wl1z8S8zC0ovJqRLywPdpK9/6DEgyMNBRMEk=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=D+4kwfJ0asnCBp5ICU9W6I5uyyt1GtcERlDrS4/sBhFZYTuMAP3t097QQAOWGPZRSH 8+TO6y/WQLFW5OM0dJMH5oyBZugb1XM9/+qkOOXtkKLPtLxymErtmqPFF7hub2nM/PGH GbhJ2lbRT5g4Su+L4tQByrZj9ooQCpKXFXYUhm+E1zXXm97w2Rjip4+1o8jQImZSFl4/ /MtAaudh47xoxf5xmA/BqGQvchrgH9Pl1u9S1L9t6VNvlotrJq46ufEbs/1+lWxIrCx4 UNZYb0wMZ5hGU/U8udfWvOET4KZ9TbxuAy+g7ddzPzvZsBZGycU5/yj2+8IvLVrZL51M hSkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cf2wEis5; spf=pass (google.com: domain of linux-kernel+bounces-8082-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8082-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t14-20020a17090340ce00b001b3d6c68bd1si1175571pld.643.2023.12.21.01.20.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:20:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8082-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cf2wEis5; spf=pass (google.com: domain of linux-kernel+bounces-8082-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8082-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D40E4282209 for ; Thu, 21 Dec 2023 09:20:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 726555B1FF; Thu, 21 Dec 2023 09:04:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cf2wEis5" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 231AA5788A; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149436; x=1734685436; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=LMZ9WqVy19AK6b6saLJ6FfZQNW3F536pCoX8lK5esR8=; b=cf2wEis5AnaungqbO7Gii8n5ljVukR0UcTi8PhdWbK/zi2Qj/sYqF301 2wPlQnIy8n6wzD2smDsmxOsIwTlteJDheM/ZJuexxVYk66qgSoAKAFU58 9MoETWVFlhSMRwSpsdAmKCE6tDUOJf0RHUU03vdEqW5xnoHN53djZrUbo EwR9X9C+nrfqXkkJDq9y75lM/azHDGfcrIk8++IuhCdRRKPeopV4wMYYC 8OJbxFrNOklpmCfRNiNy9SRxeHyZVKfkjsd3vkKi7RrrPoGyl67LjE4Lq ukxSzBKMsbbibtZflogh+csepZ1im6trUMc5gPDjRoo0q7ZLxDM4T2KgW g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729711" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729711" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028609" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028609" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 15/26] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Date: Thu, 21 Dec 2023 09:02:28 -0500 Message-Id: <20231221140239.4349-16-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882656738088052 X-GMAIL-MSGID: 1785882656738088052 From: Sean Christopherson Load the guest's FPU state if userspace is accessing MSRs whose values are managed by XSAVES. Introduce two helpers, kvm_{get,set}_xstate_msr(), to facilitate access to such kind of MSRs. If MSRs supported in kvm_caps.supported_xss are passed through to guest, the guest MSRs are swapped with host's before vCPU exits to userspace and after it reenters kernel before next VM-entry. Because the modified code is also used for the KVM_GET_MSRS device ioctl(), explicitly check @vcpu is non-null before attempting to load guest state. The XSAVE-managed MSRs cannot be retrieved via the device ioctl() without loading guest FPU state (which doesn't exist). Note that guest_cpuid_has() is not queried as host userspace is allowed to access MSRs that have not been exposed to the guest, e.g. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. The two helpers are put here in order to manifest accessing xsave-managed MSRs requires special check and handling to guarantee the correctness of read/write to the MSRs. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 35 ++++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.h | 24 ++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f50c5a523b92..bde780ae69bf 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -133,6 +133,9 @@ static int __set_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static void __get_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static DEFINE_MUTEX(vendor_module_lock); +static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu); +static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu); + struct kvm_x86_ops kvm_x86_ops __read_mostly; #define KVM_X86_OP(func) \ @@ -4509,6 +4512,21 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) } EXPORT_SYMBOL_GPL(kvm_get_msr_common); +/* + * Returns true if the MSR in question is managed via XSTATE, i.e. is context + * switched with the rest of guest FPU state. + */ +static bool is_xstate_managed_msr(u32 index) +{ + switch (index) { + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + return true; + default: + return false; + } +} + /* * Read or write a bunch of msrs. All parameters are kernel addresses. * @@ -4519,11 +4537,26 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data)) { + bool fpu_loaded = false; int i; - for (i = 0; i < msrs->nmsrs; ++i) + for (i = 0; i < msrs->nmsrs; ++i) { + /* + * If userspace is accessing one or more XSTATE-managed MSRs, + * temporarily load the guest's FPU state so that the guest's + * MSR value(s) is resident in hardware, i.e. so that KVM can + * get/set the MSR via RDMSR/WRMSR. + */ + if (vcpu && !fpu_loaded && kvm_caps.supported_xss && + is_xstate_managed_msr(entries[i].index)) { + kvm_load_guest_fpu(vcpu); + fpu_loaded = true; + } if (do_msr(vcpu, entries[i].index, &entries[i].data)) break; + } + if (fpu_loaded) + kvm_put_guest_fpu(vcpu); return i; } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 2f7e19166658..9c19dfb5011d 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -543,4 +543,28 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, unsigned int port, void *data, unsigned int count, int in); +/* + * Lock and/or reload guest FPU and access xstate MSRs. For accesses initiated + * by host, guest FPU is loaded in __msr_io(). For accesses initiated by guest, + * guest FPU should have been loaded already. + */ + +static inline void kvm_get_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + rdmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + +static inline void kvm_set_xstate_msr(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) +{ + KVM_BUG_ON(!vcpu->arch.guest_fpu.fpstate->in_use, vcpu->kvm); + kvm_fpu_get(); + wrmsrl(msr_info->index, msr_info->data); + kvm_fpu_put(); +} + #endif From patchwork Thu Dec 21 14:02:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182083 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285509dyi; Thu, 21 Dec 2023 01:18:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGqFha424Y9MGKLCPluoVpczCBTUYZI2NDpSTalZ0XhLjk3QYbGwgsaM7dVYzLQalru4/xy X-Received: by 2002:a9d:74cd:0:b0:6d9:f71c:ce8a with SMTP id a13-20020a9d74cd000000b006d9f71cce8amr22429941otl.26.1703150314424; Thu, 21 Dec 2023 01:18:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150314; cv=none; d=google.com; s=arc-20160816; b=nO7dMsMP8gKzUmWaK90zMbV2zIbLlFyxz05BrQ79tO5Uz0ez2LzH4F7eIIuLCkYnHJ AvEa3wy2aQa2eAyH/+ibG9e/bY4T87MFGR/Q7h7hBOrVfYUQHuSt9BUYtXcyJ1GhIumB Wb9ILndEhEfy518sGxFzXolDCLGEMBr0rLEqYFsNktYjtvwJBVDRATIqDMtKZSZrkcmU /NH3/CIz4vamsV6CuKlWipHdWc5NU72mfNx6JutvyA/KySW2r7tUw1EveL478z1ZSUPm TEVKaJk75pvg22fIiq9t7BrATMixKBeZ6jU12nDSP9w/wuT1miI52pYpvkWXRrYlrhIr kJsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=rcWaR+yiGdoTGspD+NvygDz+Rk8ahPn5psAm2Get8vo=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=BCcUCgUNTS61KtinzOH/k1Ae15vR5hWhrBS//PgO/L+973OTzCxdVRnLSDBUAjGK8F QfUsx4QzfHF2SlUmok91YegXC6zZdcPklO8d/ubheNRlbJOxlPw/hkFn0JixQSndzTxx RdoQQWZXOpcoM6mDloxzIt1HAngKUfAtEMVMREoPJp1CA1O8hSFTxGR66nO//loTzzCY 9OC1CZJi5MiYGZSRrnWuBD2H5oQ2S6WzAuv05JB1vhb1fmfq5gIAlAO73+vy+lDKG7Sf 3nolJtxexdG88mNqWMK+lcw17HMRNLZUfUm8uuyPOm+t6xpNQ2115fCi4n1+OpaVvXow DgPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HP4bYwHe; spf=pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id k65-20020a632444000000b005c6091a7ebcsi1268813pgk.231.2023.12.21.01.18.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:18:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HP4bYwHe; spf=pass (google.com: domain of linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8076-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2140628680D for ; Thu, 21 Dec 2023 09:18:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D9D0958AC7; Thu, 21 Dec 2023 09:03:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HP4bYwHe" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C3C756390; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149433; x=1734685433; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ky/X9OZtJn3bDUIMsiZj6Q/CKpBiasfn5wmoF4H7EIQ=; b=HP4bYwHeBsjZ0gFZQPOzJiXiszsrxhfub4hIcBJhAcyyWceq6G399mrf WjSdr0Q1dCj1VcjPsyKNATO7j+BTcQgzjJBFjAl2R30XkW5+5aBMWtUJY I4RGhEtkVlKKLIxJTnpCE8NOgN9TbEefgG80O1AiBDob4+oofRYnrsr+c bDyrRBHHNz4WMbl7OpTCUeLQDOdlf1Wv+UB2/xA2Ex2JEl7jhGHiGPKvp fujF11srDAGUSSYyV6IrHhIeXOhvI1KbLF3IZjS7k46+iS+bUqPUMklFh TmzxNRg1lnIW3dFrk4q2+KmXTlpPRar1aR8YdP85FTr8Y4HU/RfaVeCxZ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729689" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729689" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028612" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028612" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 16/26] KVM: x86: Add fault checks for guest CR4.CET setting Date: Thu, 21 Dec 2023 09:02:29 -0500 Message-Id: <20231221140239.4349-17-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882543991634904 X-GMAIL-MSGID: 1785882543991634904 Check potential faults for CR4.CET setting per Intel SDM requirements. CET can be enabled if and only if CR0.WP == 1, i.e. setting CR4.CET == 1 faults if CR0.WP == 0 and setting CR0.WP == 0 fails if CR4.CET == 1. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index bde780ae69bf..b418e4f5277b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1006,6 +1006,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) (is_64_bit_mode(vcpu) || kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE))) return 1; + if (!(cr0 & X86_CR0_WP) && kvm_is_cr4_bit_set(vcpu, X86_CR4_CET)) + return 1; + static_call(kvm_x86_set_cr0)(vcpu, cr0); kvm_post_set_cr0(vcpu, old_cr0, cr0); @@ -1217,6 +1220,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } + if ((cr4 & X86_CR4_CET) && !kvm_is_cr0_bit_set(vcpu, X86_CR0_WP)) + return 1; + static_call(kvm_x86_set_cr4)(vcpu, cr4); kvm_post_set_cr4(vcpu, old_cr4, cr4); From patchwork Thu Dec 21 14:02:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182082 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285326dyi; Thu, 21 Dec 2023 01:18:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8b1ktubB3X1hoiX/jg9dgrT22NbKIzf+A+/26eB6qwuKrV5dQ0tOSeKwwmc4ud70YJrKT X-Received: by 2002:a17:906:856:b0:a1f:821a:11a7 with SMTP id f22-20020a170906085600b00a1f821a11a7mr419838ejd.25.1703150287275; Thu, 21 Dec 2023 01:18:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150287; cv=none; d=google.com; s=arc-20160816; b=qkFgXQ1EydmYGRnb4AhR6tr7abO6DmC+nCA99U66XQkWu15tgF3Tu/gG4H43UaJAx9 rykQg5WVKuTrAXAN6eUhFDiDmHQAHwpOIpBtIhdqOUSUzxWacI00ycOWsM1m9ZiGzCbt 66xuf+UlI7tEHZJkfxUadHCG+XMMDYu9XXgE1ScXJCtHIG3NLsjk1aBx2uU7ZVUdhxIs RNhQjMp/mTFi76+NbWgNB92rwbnb1zkUR8JS6OF3yk+iz6UUjUTgMm+tyElkkXygrvSO uFDE4ugGcC5tujdM70iEvwRvxBfFfClgLTNrSoEytXBM72H/xZIUDhZ2POBzWmxrIU7f 8P8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ijpNyn/5Wpla4XE+Kg/fyd19a5O/G29tgXcIRUPOygQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=KqlNRyKeh3xzZ1nco9cZ/JTlyFdapPNjw+Udo/6KK3rxZj/P/+r4Wzxri7iqERQgnF +DIGV8zwov5HUF+9FqD8RHgNcNrcawpJCbFRAMXD8Syzy5BVivy1oZfTY+65yiYDvW9O w1nFEqLGFl3OmtxQ0bR4DN1Jp5nt59SXbauL6h1p810+dP4ecfT3fkX8+1H15lyZgsNS E5yu7bDoySDBXX3sPTFVYIEyyk3/iHAN0Wb6QVAAJQheK1Z9j9VgMYRIv+/seLNz2VWT glg5IV8EaXbX9nCOTkbZoJnAZNSlAS6tU60mX0b0JOOMYDDJEkurCx13Q9ETzxnCDMjV Skeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XpkKiNh7; spf=pass (google.com: domain of linux-kernel+bounces-8075-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8075-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id fi1-20020a1709073ac100b00a26ac57b980si55783ejc.16.2023.12.21.01.18.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:18:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8075-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=XpkKiNh7; spf=pass (google.com: domain of linux-kernel+bounces-8075-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8075-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E05E21F243A6 for ; Thu, 21 Dec 2023 09:18:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 27535584E1; Thu, 21 Dec 2023 09:03:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XpkKiNh7" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B163B55763; Thu, 21 Dec 2023 09:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149432; x=1734685432; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4OgIxio6Sgg6qCqmMI3dmUyrNdmCfi/Fz+DUsVjuAWg=; b=XpkKiNh7AXE07srRYCPCA5mSUfU6FuTZoVm0JNpq6GIYR+dW8YU11KBJ vj4JBWrAIH+VKT9wbBGxuwKuNJVfxJSw+R+F8eIfMSyKRuS8WB/8hf+Wa Zt26F9WeXssrgd42OWjJg/ZY9OsxKorrXJPJI+J4pcAKmtB+AEqGJ2gOj YOQ/fliFqyFk9JYVBaEH/sScB592zrTjR1DMwlJJ9uVAqPyjVZZAvUBFI 2aPvJ4s/dzPnUYMPXuOIfxfScFN6iPP0zLIXmd/+KfTaMb8HuDnClm1R3 C+qzknQK9s+cooL5gcXSDQuDbFSDGlBtSmv+bwhRPqwolzayFyunQjq8Z g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729678" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729678" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028617" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028617" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 17/26] KVM: x86: Report KVM supported CET MSRs as to-be-saved Date: Thu, 21 Dec 2023 09:02:30 -0500 Message-Id: <20231221140239.4349-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882515498615523 X-GMAIL-MSGID: 1785882515498615523 Add CET MSRs to the list of MSRs reported to userspace if the feature, i.e. IBT or SHSTK, associated with the MSRs is supported by KVM. SSP can only be read via RDSSP. Writing even requires destructive and potentially faulting operations such as SAVEPREVSSP/RSTORSSP or SETSSBSY/CLRSSBSY. Let the host use a pseudo-MSR that is just a wrapper for the GUEST_SSP field of the VMCS. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/kvm/x86.c | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..9864bbcf2470 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index d21f55f323ea..b2f6bcf3bf9b 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7007,6 +7007,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) case MSR_AMD64_TSC_RATIO: /* This is AMD only. */ return false; + case MSR_KVM_SSP: + return kvm_cpu_cap_has(X86_FEATURE_SHSTK); default: return true; } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b418e4f5277b..a7368adad6b8 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1476,6 +1476,9 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS, + MSR_IA32_U_CET, MSR_IA32_S_CET, + MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP, + MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB, }; static const u32 msrs_to_save_pmu[] = { @@ -1579,6 +1582,7 @@ static const u32 emulated_msrs_all[] = { MSR_K7_HWCR, MSR_KVM_POLL_CONTROL, + MSR_KVM_SSP, }; static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)]; @@ -7428,6 +7432,20 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!kvm_caps.supported_xss) return; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + return; + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cpu_cap_has(X86_FEATURE_LM)) + return; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return; + break; default: break; } From patchwork Thu Dec 21 14:02:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182087 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285944dyi; Thu, 21 Dec 2023 01:19:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IE3uuoorxAKvQopu2hv+0s4XH5eEXC4YDTSt/Y14Og7cu4lwmbNoepcakHK/FIoRLZCSSGi X-Received: by 2002:a05:6214:f28:b0:67e:f91c:bac7 with SMTP id iw8-20020a0562140f2800b0067ef91cbac7mr521896qvb.39.1703150394231; Thu, 21 Dec 2023 01:19:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150394; cv=none; d=google.com; s=arc-20160816; b=K9vhYIU58jO8oBoYZr+gGXYFZFqyL04NiyBYu726lZ2SLLilyCIQ8gVuavmf73Pitc 6OPKDcYqli+pU/5uzv6o5hNt9+92GXRUL6Qeoqu/D1uVSKU4g6expRVUqJ3Idb/84BO5 yY72HsVegbiBiEOEMA2HH9JqB/GGogMBs62FZduH0qf10C3kmU5wDV+j82xNWC/8BI8t K16ZUVMPmVPAHoQUJun53i9YshPNwMIEACjgcmK00VnJyRjoZN8dPXXv4KD0M4xtVuN5 EjhrFdARZI0o29NVz4UDIGTuYjfbtbl2nWSEM+6fDVNNjA6SugdwrZBTdHgfa2UQdvC4 7m9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=bFsaq7ZDpXPjZd856rU5LGTdBbJYbWNlE9z86mc9Jis=; fh=GH5waOuli6h9Set3ggYc/VU0NXbCWcgfIqnPtXKiONQ=; b=rkvdwhOof+C3iKcSjI362j5NunI+lYXeV3OzjOfKBDCIpokobeWYdgWzOl6J+mNI4a Lr1APuu1lmOUZpVuVdAsKOjMLd2p6Me+mjgZmNDl0EnVTiueILu7lCfz9je9+2sVjncj RDIaOCAa65/gHT+Iz6j4J4Nr/Yth9bj+xWz+F4J5qIaRHh0AbeexjLBBWXeSJ7cSL9qX fHq7LaZHjvfOJGildmfQq+i/tWYQT6im4wjpIFJnZ5ujKtJi1g2nU+qSCaJAMnAOGP8E FKg4dOEIqkzSF+WPIywPHrjII+Md1YBvtBW2xzmRJbXjDAyrC9oYIpuArvu3S6FSNPyT 3vZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HXq8C5h9; spf=pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a19-20020a0ce353000000b0067ade4b5b48si1721764qvm.74.2023.12.21.01.19.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HXq8C5h9; spf=pass (google.com: domain of linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8080-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D459C1C21060 for ; Thu, 21 Dec 2023 09:19:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CF5F15A869; Thu, 21 Dec 2023 09:03:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HXq8C5h9" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54BDF55C28; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149433; x=1734685433; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ky/BGy7YdiRQEiX3OiH3FB749KKoV/jpv2wQq4kCc/0=; b=HXq8C5h9PnCGFsidjcjhd+j8LbqCdWB+k8wnWaHjwIMsXnPvf9AVpg+r P9PL1Jrqfi3IYbTkugnNcUZMhGCJUOlJIZJ4LiFz5XDqN1dkvsq77ghVe R/2Rf+T1+lexkTLameGtRVxWz7CXCMcI5bfmLdX9UuzFtlZHugnqjJp2W XKSGxJD2nnYOr0YR88fXFCsRw23soqojf3vncKcPDtpLegz98YM1buDoq QN3ArbDZ8VSpmvKeGKQoc6m3p9xusRfAXxokt2g6eMy0R6qn58Woa29iT DHU0QpSxmZkhzQ66roo2fuMgoM2UwCHTa6J2V6bbtQXf1Ep2sLODEheVv g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729679" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729679" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028622" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028622" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v8 18/26] KVM: VMX: Introduce CET VMCS fields and control bits Date: Thu, 21 Dec 2023 09:02:31 -0500 Message-Id: <20231221140239.4349-19-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882627775690191 X-GMAIL-MSGID: 1785882627775690191 Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that have no CET. Several new CET MSRs are defined to support CET: MSR_IA32_{U,S}_CET: CET settings for {user,supervisor} CET respectively. MSR_IA32_PL{0,1,2,3}_SSP: SHSTK pointer linear address for CPL{0,1,2,3}. MSR_IA32_INT_SSP_TAB: Linear address of SHSTK pointer table, whose entry is indexed by IST of interrupt gate desc. Two XSAVES state bits are introduced for CET: IA32_XSS:[bit 11]: Control saving/restoring user mode CET states IA32_XSS:[bit 12]: Control saving/restoring supervisor mode CET states. Six VMCS fields are introduced for CET: {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. {HOST,GUEST}_SSP: Stores current active SSP. {HOST,GUEST}_INTR_SSP_TABLE: Stores current active MSR_IA32_INT_SSP_TAB. On Intel platforms, two additional bits are defined in VM_EXIT and VM_ENTRY control fields: If VM_EXIT_LOAD_CET_STATE = 1, host CET states are loaded from following VMCS fields at VM-Exit: HOST_S_CET HOST_SSP HOST_INTR_SSP_TABLE If VM_ENTRY_LOAD_CET_STATE = 1, guest CET states are loaded from following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Chao Gao Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0e73616b82f3..451fd4f4fedc 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -104,6 +104,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -117,6 +118,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -345,6 +347,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -357,6 +362,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /* From patchwork Thu Dec 21 14:02:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182100 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp288648dyi; Thu, 21 Dec 2023 01:26:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IEMTIJdNsVrCrFF2aTYJoBZ4YiPYwvvCuy7S6awdqurpv9SX9A6R6rII2qU/RXShGfltKBR X-Received: by 2002:a05:6a20:429c:b0:194:9600:1a42 with SMTP id o28-20020a056a20429c00b0019496001a42mr530757pzj.28.1703150797112; Thu, 21 Dec 2023 01:26:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150797; cv=none; d=google.com; s=arc-20160816; b=vNd3K7lnZw3Iz1+YWmBOCVKARcicDK6Oba8uW9OA+bsOvFcyX/+VQI+pRJXCh8YfuT pYKYBxTxnCvT9AXt0+CfRCSkOBD4wQoCmPBivRfkvMK9UJ+C0GNuJVBfPwtWoR8euGE8 DHh8hDMdceGqpT0j61to0HAA/K0QiDRF7jPxp4Z5P++BgNv2X/Z2jBp8yf6f99NTCVu/ T6r8uhm6ilVP+nih3A8d+ROcIC0EoFIqCWULkAUEe4rqXwkxNm31B5RQIeWwN6SRTp+u czKajadXDa0P11mo9N+N48gtohIGCN0XmH3agYj15jg0oGmyluuTvTbNLiBy0Tiudsss chWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=AJ+4U2msN7QZ9ZpIY+THcHcxA5uA7/W3GKth94CrRwQ=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=WpcS4xJf9neUiBvWZInLZeorT30mCY8FMln58WWH6V4MP+fWql+mn7tYiIaoebLD7R 4FKRoWm1bzT3lcpzkeWPG3mbSCnu+G+EJjpEhTowSL1ABsSN2WqXv3awL6QAxqXfm1rf lkDK04Oh1U/znmPZWp2KRaYtji/66q45LFkyAcX2xD0hWRm8GJ2jgeY4gfXCN9SxTerH veuYB0jxN2pcgBVrpzn01RUN8Px7lkA7QYLg5G+AJXEjwmrOB+r++qcImaaJs3O0smLm mAKjbHfyegshi/4Th18PeNOXYJ09fgCynKNA45LngoLhom1GGwgM0+eKDvzELLrErtRP jb4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=N1n1CC4F; spf=pass (google.com: domain of linux-kernel+bounces-8074-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8074-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id z28-20020aa79e5c000000b006d08c480130si1265126pfq.214.2023.12.21.01.26.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:26:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8074-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=N1n1CC4F; spf=pass (google.com: domain of linux-kernel+bounces-8074-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8074-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 47116B26703 for ; Thu, 21 Dec 2023 09:17:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A16005812C; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="N1n1CC4F" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43F3454F88; Thu, 21 Dec 2023 09:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149432; x=1734685432; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=F9opDfCZwYUSpXz1rhkoPf6Q6E9dmRJye3dTlxS+ZDs=; b=N1n1CC4F5ObPAITsmi0cegntltIVFM7nezGqCGuhZFQYXB2l9z3YddhF 5eDGToU9b38gVTTcJ87/k3a+kKv9dePa0Cwxym11Doc7MUJJlIMKK7oPH J7+K6TGPq05vpdltosm7m6Jttshbn/48D6qwtpzRt86S847yvabndtu+I z4wszExk6W1awXfRtMsAVNMadz6H1/lODSA7LVV1tWDl6bU+t6APX0036 eQINKLHWC0iws3d+mpYp1q9U48KlZXq2jj4vLIa5q5buuBb6hFs0CvDfR Jz9gVdrTlljaWJ6zWxtjtwOV8IrvO/BKei5cRvBz5ehxqAEOIX9ySlU3X w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729672" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729672" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028625" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028625" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 19/26] KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT enabled" Date: Thu, 21 Dec 2023 09:02:32 -0500 Message-Id: <20231221140239.4349-20-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785883050048386160 X-GMAIL-MSGID: 1785883050048386160 Use the governed feature framework to track whether X86_FEATURE_SHSTK and X86_FEATURE_IBT features can be used by userspace and guest, i.e., the features can be used iff both KVM and guest CPUID can support them. TODO: remove this patch once Sean's refactor to "KVM-governed" framework is upstreamed. See the work here [*]. [*]: https://lore.kernel.org/all/20231110235528.1561679-1-seanjc@google.com/ Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/vmx/vmx.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index ad463b1ed4e4..daf0c0a3e29c 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -17,6 +17,8 @@ KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) KVM_GOVERNED_X86_FEATURE(VGIF) KVM_GOVERNED_X86_FEATURE(VNMI) KVM_GOVERNED_X86_FEATURE(LAM) +KVM_GOVERNED_X86_FEATURE(SHSTK) +KVM_GOVERNED_X86_FEATURE(IBT) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b2f6bcf3bf9b..29a0fd3e83c5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7764,6 +7764,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LAM); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_IBT); vmx_setup_uret_msrs(vmx); From patchwork Thu Dec 21 14:02:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182086 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285931dyi; Thu, 21 Dec 2023 01:19:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IF+Z12T4pXvkLHVc0sasCbaJu1+ROmdhPinrjp4UGru1GH1JZQ39syrEPtQcAbx6urPtv+l X-Received: by 2002:ad4:5d62:0:b0:67f:3d92:e866 with SMTP id fn2-20020ad45d62000000b0067f3d92e866mr8451413qvb.80.1703150392500; Thu, 21 Dec 2023 01:19:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150392; cv=none; d=google.com; s=arc-20160816; b=C912Lz6Ji5VjSl4lAhw87qVjXHoahSVXIigjH4/pES/neB0sGuynz6ZEI799JyQKUe h64hDUS6f8TwmwE8KaMx6H9HvAr8gVUZ6fGDZm+KtcTFzakCzxNqDeU/yUlH/NgqbTj9 E28Htj9fO4jDN7ZOQVL8mIWRBidHBPvVNWgDtA4Mba31BGTMia5PoWiqWMouY/SQibnN eBpUkxwEZIKKv6987GPDtOQGB2F6Sz12y31SflZwifvNfEWySOhO6a2tQ5qjHlfdpwn5 gUdxg0SULnOHO1Cz9GF7WALSxzU+X4OBNLuRbiqUqfGbDXuEnztczv9aQYFknPHfm6/J OFDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=XaKfT2nQXgaiOPEp3ziWUkNpA2I9e5/Jv4AO41svX3I=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=oiLTaCgQSpx0M242vv509lewAGzw4/dorRRwXU5CXzpNRjn0X2BQYCpWjCXYpDBibZ NfosAcbYDXZ0eajP25atRft0KObaq5UQKBsisbLKlJXrHvjmhadKwkOCJsRVZSS/ZMrC PTb8rRvSmnTsBbn3dJhBGruGco+gzkUllaYNbBVTbTNE75NyK6vpSVuxuJxp9Udw0ol4 Msz4UOphAnJrKOrdocgk/56YYAPdyGZp/FR9Yh7WmSq1xIsuZDGvW1WFtKMucSD9EeTt hKtq1g88pwM5zcfTchZI38qP0EU88+jlQMUukOAyM6qgrPmMSyxkEPy4V3RqrtcebgZL FugA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="HEUjBg/d"; spf=pass (google.com: domain of linux-kernel+bounces-8079-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8079-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a19-20020a0ce353000000b0067ade4b5b48si1721764qvm.74.2023.12.21.01.19.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8079-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="HEUjBg/d"; spf=pass (google.com: domain of linux-kernel+bounces-8079-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8079-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id EDD2D1C20307 for ; Thu, 21 Dec 2023 09:19:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B21D45A847; Thu, 21 Dec 2023 09:03:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HEUjBg/d" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F49057308; Thu, 21 Dec 2023 09:03:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149435; x=1734685435; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KjDe60Yb7E8XbbbfTdTf5HJMHBxDk3I1fydRBBz9T98=; b=HEUjBg/diXbRy0yIOLMjfBat8EVZ3R8tIY/mjO7gnc1y/vHBDovqlAid WnjTeodNXpUZ1GCr+q+XjzKjsbAc3LS2dw2tI9PyaQgBNJ8l/Hmr1O/TT RFvY2jBH2MaRXwAYqTMsKR6WRBp/J/5WffctgmVdHx0HtOvy2AE3gm/3C OxwzZYQ/ywndAB9ToaObote5fvjBouV5WQJUYZrST3TvTGXxfKBsiiBuw 3PEasWNAz9ftM+7See9PCt1Ki/H53FI9BekhGPOCcfOe0yEaOIEpS3cio 7+Px4e5oj5vs8zAeqzD+c0wY4qs6iufAwWG3j0MHJLvpmYA+SHY3g4DWK Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729709" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729709" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028627" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028627" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 20/26] KVM: VMX: Emulate read and write to CET MSRs Date: Thu, 21 Dec 2023 09:02:33 -0500 Message-Id: <20231221140239.4349-21-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882625931959259 X-GMAIL-MSGID: 1785882625931959259 Add emulation interface for CET MSR access. The emulation code is split into common part and vendor specific part. The former does common checks for MSRs, e.g., accessibility, data validity etc., then pass the operation to either XSAVE-managed MSRs via the helpers or CET VMCS fields. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 18 +++++++++ arch/x86/kvm/x86.c | 88 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 29a0fd3e83c5..064a5fe87948 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2106,6 +2106,15 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; break; + case MSR_IA32_S_CET: + msr_info->data = vmcs_readl(GUEST_S_CET); + break; + case MSR_KVM_SSP: + msr_info->data = vmcs_readl(GUEST_SSP); + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE); + break; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); break; @@ -2415,6 +2424,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else vmx->pt_desc.guest.addr_a[index / 2] = data; break; + case MSR_IA32_S_CET: + vmcs_writel(GUEST_S_CET, data); + break; + case MSR_KVM_SSP: + vmcs_writel(GUEST_SSP, data); + break; + case MSR_IA32_INT_SSP_TAB: + vmcs_writel(GUEST_INTR_SSP_TABLE, data); + break; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version) return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a7368adad6b8..cf0f9e4474a4 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1850,6 +1850,36 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type) } EXPORT_SYMBOL_GPL(kvm_msr_allowed); +#define CET_US_RESERVED_BITS GENMASK(9, 6) +#define CET_US_SHSTK_MASK_BITS GENMASK(1, 0) +#define CET_US_IBT_MASK_BITS (GENMASK_ULL(5, 2) | GENMASK_ULL(63, 10)) +#define CET_US_LEGACY_BITMAP_BASE(data) ((data) >> 12) + +static bool is_set_cet_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u64 data, + bool host_initiated) +{ + bool msr_ctrl = index == MSR_IA32_S_CET || index == MSR_IA32_U_CET; + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return true; + + if (msr_ctrl && guest_can_use(vcpu, X86_FEATURE_IBT)) + return true; + + /* + * If KVM supports the MSR, i.e. has enumerated the MSR existence to + * userspace, then userspace is allowed to write '0' irrespective of + * whether or not the MSR is exposed to the guest. + */ + if (!host_initiated || data) + return false; + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return true; + + return msr_ctrl && kvm_cpu_cap_has(X86_FEATURE_IBT); +} + /* * Write @data into the MSR specified by @index. Select MSR specific fault * checks are bypassed if @host_initiated is %true. @@ -1909,6 +1939,43 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, data = (u32)data; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated)) + return 1; + if (data & CET_US_RESERVED_BITS) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) && + (data & CET_US_SHSTK_MASK_BITS)) + return 1; + if (!guest_can_use(vcpu, X86_FEATURE_IBT) && + (data & CET_US_IBT_MASK_BITS)) + return 1; + if (!IS_ALIGNED(CET_US_LEGACY_BITMAP_BASE(data), 4)) + return 1; + /* IBT can be suppressed iff the TRACKER isn't WAIT_ENDBR. */ + if ((data & CET_SUPPRESS) && (data & CET_WAIT_ENDBR)) + return 1; + break; + case MSR_IA32_INT_SSP_TAB: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated) || + !guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + break; + case MSR_KVM_SSP: + if (!host_initiated) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!is_set_cet_msr_allowed(vcpu, index, data, host_initiated)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + if (!IS_ALIGNED(data, 4)) + return 1; + break; } msr.data = data; @@ -1952,6 +2019,19 @@ static int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) return 1; break; + case MSR_IA32_INT_SSP_TAB: + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK) || + !guest_cpuid_has(vcpu, X86_FEATURE_LM)) + return 1; + break; + case MSR_KVM_SSP: + if (!host_initiated) + return 1; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!guest_can_use(vcpu, X86_FEATURE_SHSTK)) + return 1; + break; } msr.index = index; @@ -4143,6 +4223,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.guest_fpu.xfd_err = data; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_set_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr_info); @@ -4502,6 +4586,10 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = vcpu->arch.guest_fpu.xfd_err; break; #endif + case MSR_IA32_U_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + kvm_get_xstate_msr(vcpu, msr_info); + break; default: if (kvm_pmu_is_valid_msr(vcpu, msr_info->index)) return kvm_pmu_get_msr(vcpu, msr_info); From patchwork Thu Dec 21 14:02:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182092 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp286438dyi; Thu, 21 Dec 2023 01:21:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IG0nUz8Agzdr5enfAxSsinb2vBy2TEltOUI6r0xvaVpjqHDqnyB/yJbpi0g8aG/JtTGz6wm X-Received: by 2002:a17:906:28cc:b0:a23:3629:f7b6 with SMTP id p12-20020a17090628cc00b00a233629f7b6mr396820ejd.41.1703150464206; Thu, 21 Dec 2023 01:21:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150464; cv=none; d=google.com; s=arc-20160816; b=iYYgRshthzILBLX7CURP7494P5waSf0IYw21vDmTFlODmIFiOrG3GHW7xYU7iMS+Sc PdejlxaaDnN0UaSz2xxBsu47ayZfyphv/K3IzzNSwvCyJ8NJ24FJTNdpa50GJX6IUIXk YZ05s9M0IaTgCD2aQDQQoItQfarPe4wcA/k9KF0vWxFlZ8EnfAVZjGO0231174SkufmU E9uCWqNfRuhM/bvEj/M2Hd9ezN5+qpDFAkCAHH7glljSdvEa1rblVDcHpPe7/pC9F4ge OiW3gQuHvaEbrmB061HMorDR7YldWbc1PG0kwe/vplXKIqlywJsB1fMCK216iC9rFi6H l7ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=FB1gd/cNykcGhdZovgCz9h+ksFQ0731tfhCymXZaj+g=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=XXnJI0Hy7aUoa78ea0rB3o+cUPSMn98oRfmXG8B7oZH2TkGTdtz6My9HK44LQEYyvw /vGbcd6ItNAoElNbnp71wThOOuweQI1HuSwcaJb4lHyBQ97VeMezmJTeoiXcAI2iIhZc 566F8wXJruVEARl10u8Hz92ignMlC2uiXoTOUoWQqxsdWMpfkv2z+IkD6GOyiJkzu1SO fx6z8hr6+kVJVCX+OW6da8viBWK+tzbkBmPFV65SNFIfCGxJgUdha9uE2oejr+OKYuML rlFHKYVX2RHB6f7PSZe2ey8vEgYeo9tqwEizwhU2usjaujhQhMaVdAYJbuJxxi5VvW6s x7PA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VfHUu1t2; spf=pass (google.com: domain of linux-kernel+bounces-8085-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8085-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id li22-20020a170906f99600b00a236378bbb8si652792ejb.1052.2023.12.21.01.21.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:21:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8085-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VfHUu1t2; spf=pass (google.com: domain of linux-kernel+bounces-8085-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8085-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BA19E1F212F3 for ; Thu, 21 Dec 2023 09:21:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8AF815CD0D; Thu, 21 Dec 2023 09:04:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VfHUu1t2" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88BD559179; Thu, 21 Dec 2023 09:03:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149438; x=1734685438; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RIlIrcwARg/R77yanApRrJd88iL97sRR08F2g5Gmp6A=; b=VfHUu1t2Dti0Sjccf0r4A3PF/eHRH55pW6/1sD0kl5e381bxhtjJJCln MsZt6u8uHsRkXBU8meGS5AX8aXYpkrWrG/+fcj36KKAt8sE4OQKY1K/uh 1bbKIQrzChTu+xTHJ93RNrY7uzcEmPC3pw8FOth9MvA8prjQdGf47FOih kLD1mpnyLq3DXNk7Sf5G9KAkaeKhMGK+d/Ysp4HOMgh6lZJhru4sV/1IH rgfKgE6p0E6r3bMtHgFgAsq9fthPXsmDYsT47sjcEBXDbz4sFFL/lmaRA 0+iJx9HhOF+dV1att0rgRbvHbqPidzaZYgwhxuKvz0JI4Wbeum6OTr1gB w==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729752" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729752" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028631" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028631" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 21/26] KVM: x86: Save and reload SSP to/from SMRAM Date: Thu, 21 Dec 2023 09:02:34 -0500 Message-Id: <20231221140239.4349-22-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882701254323351 X-GMAIL-MSGID: 1785882701254323351 Save CET SSP to SMRAM on SMI and reload it on RSM. KVM emulates HW arch behavior when guest enters/leaves SMM mode,i.e., save registers to SMRAM at the entry of SMM and reload them at the exit to SMM. Per SDM, SSP is one of such registers on 64-bit Arch, and add the support for SSP. Note, on 32-bit Arch, SSP is not defined in SMRAM, so fail 32-bit CET guest launch. Suggested-by: Sean Christopherson Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/cpuid.c | 11 +++++++++++ arch/x86/kvm/smm.c | 8 ++++++++ arch/x86/kvm/smm.h | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3ab133530573..cfc0ac8ddb4a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -149,6 +149,17 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu, if (vaddr_bits != 48 && vaddr_bits != 57 && vaddr_bits != 0) return -EINVAL; } + /* + * Prevent 32-bit guest from being launched if CET is exposed as SSP + * state is not defined for 32-bit SMRAM. + */ + best = cpuid_entry2_find(entries, nent, 0x80000001, + KVM_CPUID_INDEX_NOT_SIGNIFICANT); + if (best && !(best->edx & F(LM))) { + best = cpuid_entry2_find(entries, nent, 0x7, 0); + if (best && ((best->ecx & F(SHSTK)) || (best->edx & F(IBT)))) + return -EINVAL; + } /* * Exposing dynamic xfeatures to the guest requires additional diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 45c855389ea7..7aac9c54c353 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -275,6 +275,10 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); smram->int_shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); + + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_read(vcpu, MSR_KVM_SSP, &smram->ssp), + vcpu->kvm); } #endif @@ -564,6 +568,10 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, static_call(kvm_x86_set_interrupt_shadow)(vcpu, 0); ctxt->interruptibility = (u8)smstate->int_shadow; + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) + KVM_BUG_ON(kvm_msr_write(vcpu, MSR_KVM_SSP, smstate->ssp), + vcpu->kvm); + return X86EMUL_CONTINUE; } #endif diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h index a1cf2ac5bd78..1e2a3e18207f 100644 --- a/arch/x86/kvm/smm.h +++ b/arch/x86/kvm/smm.h @@ -116,8 +116,8 @@ struct kvm_smram_state_64 { u32 smbase; u32 reserved4[5]; - /* ssp and svm_* fields below are not implemented by KVM */ u64 ssp; + /* svm_* fields below are not implemented by KVM */ u64 svm_guest_pat; u64 svm_host_efer; u64 svm_host_cr4; From patchwork Thu Dec 21 14:02:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182090 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp286267dyi; Thu, 21 Dec 2023 01:20:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IEnifH5L0oJgf3jaIeWNYz0mCug+xKl0n+S+mTEPJg2hJZiOEypCMpPvR8KgvVk4I8n0BY5 X-Received: by 2002:a17:902:b489:b0:1d0:cd87:64cf with SMTP id y9-20020a170902b48900b001d0cd8764cfmr10921513plr.76.1703150440202; Thu, 21 Dec 2023 01:20:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150440; cv=none; d=google.com; s=arc-20160816; b=RFN1vB0uZiruSV2TIk6j48q3+E2tcU7S0khck6C+fG4VVtWDRrRTcGIfoR6U/G2tAi Iqe55BYUSev5T5B4a6s0tjPA2C5KvKAdLUJpqXl1WhLYBpG61SwY93cnk5RvXJkO0w7v /qTLnpr2d8f9uzW+Qh/F2sZ1/hCjJjcuY+CF1OUrcBlzYYcIbf0/LFM757JP+3LT7rCE I6JA4tz7PzHjXt1HqJ2z5kLzFxKNtjTx7VENarVVZvKTiS0UEWpaccjllRVr/ijS3rqZ om0RRMAXRwXbvPeikrONNCdj6wAGGgOxYyGT5KD15bBOMvrcAQvxmk/IYhWsxnsLWAjY 8AmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=zCNuBv9tCcjwxH7L7ypsk7gHZFBXGHab5SiPL32Xa40=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=ntM1Zo+ghjw5rZwJOu1rGTHBN3Vliu30mGX4VwdZZ7yGC8PIM7xuVXY7nwlhJaJgcs GSlYr34d0M33LmkBbg42qp5C+vLeqVtfuKsR1Fke55B2nuGdQR4Izo8NQGwcceqJtH+j 000TLjtrTMj6m7pp+HctHkpLCH6UXVAdRgVbkOG8ygMc02l8Tw44sQov8r0LVyKJVTi5 bM1fbE4huNdJ8Cb18D+zOzTo2XkBYBeg/zSoRcg8b5nwhoKgnBGy5JtGMTAifmo04wo+ Tb0XikIgMhxvZF9x3UowOjBY8ELscVAHzsW040IAB2lx+k/Kt2tIz31lTkO0kxLEKi+S hXPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=P0cXIsCh; spf=pass (google.com: domain of linux-kernel+bounces-8083-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8083-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ja11-20020a170902efcb00b001d393941ae4si1181720plb.217.2023.12.21.01.20.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:20:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8083-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=P0cXIsCh; spf=pass (google.com: domain of linux-kernel+bounces-8083-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8083-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id F3F60281265 for ; Thu, 21 Dec 2023 09:20:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2C2D05C066; Thu, 21 Dec 2023 09:04:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="P0cXIsCh" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9EBD584CC; Thu, 21 Dec 2023 09:03:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149436; x=1734685436; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Rp976lNmbwXGmFC0F/2oL/XVVTd66ULVFJacpxwzuyg=; b=P0cXIsChvZzWgYX0e6KNfXN3mo4sp6d8SkLQF7zDDeS0wzwddxUEJNn/ 1U1skIZdBL/lkmvYDqXZbyKgS9zOYHpuP7dNYDTzBGWn7uit3rVXWmRfJ TKaX7+912sdQg7VkHWnwDgJKJ+yxaMg8abn291fZLnd6jHXd8l2EyhTfY ZyzEYbOI7WvXwwetYoQSXtxgAK6g8fmjti1+yqK9H6AioCGetmMSc35iP N8Byan286q+UiOpJ9zZHA4uUI3eVFW7sQCLspDBxfWDeMh+bVfCVLMLxn zRTTZP0CXPok+Pbr6bEzqCEBMESRWNpiTfCwBZQVlKON+A3JQ+CbO3LbA g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729713" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729713" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028638" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028638" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 22/26] KVM: VMX: Set up interception for CET MSRs Date: Thu, 21 Dec 2023 09:02:35 -0500 Message-Id: <20231221140239.4349-23-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882675866443276 X-GMAIL-MSGID: 1785882675866443276 Enable/disable CET MSRs interception per associated feature configuration. Shadow Stack feature requires all CET MSRs passed through to guest to make it supported in user and supervisor mode while IBT feature only depends on MSR_IA32_{U,S}_CETS_CET to enable user and supervisor IBT. Note, this MSR design introduced an architectural limitation of SHSTK and IBT control for guest, i.e., when SHSTK is exposed, IBT is also available to guest from architectual perspective since IBT relies on subset of SHSTK relevant MSRs. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/vmx.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 064a5fe87948..08058b182893 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -692,6 +692,10 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7767,6 +7771,42 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static void vmx_update_intercept_for_cet_msr(struct kvm_vcpu *vcpu) +{ + bool incpt; + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, + MSR_TYPE_RW, incpt); + if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, + MSR_TYPE_RW, incpt); + if (!incpt) + return; + } + + if (kvm_cpu_cap_has(X86_FEATURE_IBT)) { + incpt = !guest_cpuid_has(vcpu, X86_FEATURE_IBT); + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, + MSR_TYPE_RW, incpt); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, + MSR_TYPE_RW, incpt); + } +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -7845,6 +7885,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); + + vmx_update_intercept_for_cet_msr(vcpu); } static u64 vmx_get_perf_capabilities(void) From patchwork Thu Dec 21 14:02:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182091 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp286428dyi; Thu, 21 Dec 2023 01:21:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IGIZYII8Fhvv3CNVdJ0QXD3vR3S2PJiCnb0tv75+5nnpNWBPmuyBerBA+xTsu47ha8bAogI X-Received: by 2002:a05:620a:6284:b0:77f:9e21:f5c with SMTP id ov4-20020a05620a628400b0077f9e210f5cmr15724976qkn.145.1703150462504; Thu, 21 Dec 2023 01:21:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150462; cv=none; d=google.com; s=arc-20160816; b=Ea0+CJlEuUcPXKMj9oBpcPuVA/xspO15ZURJS/3wHhXJ3x4GEArzIKwktaoaujlgMl j2+Wo7Um3OdTSvp90Phxuw5K6lUC6yvCASequr0volr716+q+mokbMQh7wb79vwqBdGi ZEy1BNabCDlQhuLLhZn3iBC+Aeukrk1CPK3kKwaHrrRvaEPN5hvmvZVm36G1sA65WJYE TidA+USPxF41ZAiNStirX8nNjdgHv0RQtLtFTImZ/mVmouYK7ThpKO5rFlezsK2y1IF4 ctVJcrTnZaEY0TUDnh9UyyYFJLKXQCi/m4PIEuGTNZxP1KUNPuVQfqLtcYr4GHXHUk9i ePjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=HJEB8IBqp+oSp3jjPPJWRH+MxsudgoNIfMj9dL/wPNg=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=Zqmfm3uxsLL9qG1x4k+LC1rY4TiyN5xBZoams8vJsNj/TZo1G2O/sUoWwnneg8ZHyI asrSem6aP7+Evsyvg1BbgB8X6whiUmtRxAc7C39ceXXKAiDq/MvWrFG9qqle6zFUdTx9 PErFrNlN9MAHUHjOpwWymUcL3dQeWU+OE0K5dk0IqJ+wNzId1B5UtAwFftVY0OdJE/He DutWa5V1jYaxy4bSotYbTUVLJDnqLxSv634swW8Ihk3gQUqsRhQRJbhC/kqUWTbWQLG2 VPecJiXeYRBF6Vu/Jca4MHTRcLGjfx4cIEqt8ImzSV/JNUKehx944D4g/XnFlvw/CPTT E1tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Lsf0h+lX; spf=pass (google.com: domain of linux-kernel+bounces-8086-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8086-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id h13-20020a05620a400d00b0077f44291e20si1846953qko.254.2023.12.21.01.21.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:21:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8086-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Lsf0h+lX; spf=pass (google.com: domain of linux-kernel+bounces-8086-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8086-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4A8A11C22752 for ; Thu, 21 Dec 2023 09:21:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A477E5CD0E; Thu, 21 Dec 2023 09:04:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Lsf0h+lX" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC12658ACC; Thu, 21 Dec 2023 09:03:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149438; x=1734685438; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lMZtS6Uq1+UmjnNud65lP8wqI6nTT04uC10gnZ4fF20=; b=Lsf0h+lX9MNfCjhhCF29NtXP9vd4NX+ihu+Qwrvpu58lOxwCbnI6BTEC /IVRSwLBkeaaYwbEEhn8uUInpKEeAPrhBf2/THZsdu1fgckvfRVtyPabe 0N001IWZtp0ha96TTdmWIhmpQh9a3TGuwuAoQ9csmpMi+nr7gE+MzGcuF z6wRnpxCzJ39xkXpYpxV3DmDLqR6kM/jM7luv1F+AqX8xy53zOhhzRRSk 5v6MceHNDWWGmE1xTgXsVzpQdWAT/JSEoHUQMYFTYuff6YJJh1Gh0IZJ4 HhrLyJ5KVq9UfYKh11q1qU76LJVoe3er7ABIqKUgRZSSJed68hT1RsBwU A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729740" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729740" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028641" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028641" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:11 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 23/26] KVM: VMX: Set host constant supervisor states to VMCS fields Date: Thu, 21 Dec 2023 09:02:36 -0500 Message-Id: <20231221140239.4349-24-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882699846700209 X-GMAIL-MSGID: 1785882699846700209 Save constant values to HOST_{S_CET,SSP,INTR_SSP_TABLE} field explicitly. Kernel IBT is supported and the setting in MSR_IA32_S_CET is static after post-boot(The exception is BIOS call case but vCPU thread never across it) and KVM doesn't need to refresh HOST_S_CET field before every VM-Enter/ VM-Exit sequence. Host supervisor shadow stack is not enabled now and SSP is not accessible to kernel mode, thus it's safe to set host IA32_INT_SSP_TAB/SSP VMCS field to 0s. When shadow stack is enabled for CPL3, SSP is reloaded from PL3_SSP before it exits to userspace. Check SDM Vol 2A/B Chapter 3/4 for SYSCALL/ SYSRET/SYSENTER SYSEXIT/RDSSP/CALL etc. Prevent KVM module loading if host supervisor shadow stack SHSTK_EN is set in MSR_IA32_S_CET as KVM cannot co-exit with it correctly. Suggested-by: Sean Christopherson Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/capabilities.h | 4 ++++ arch/x86/kvm/vmx/vmx.c | 15 +++++++++++++++ arch/x86/kvm/x86.c | 14 ++++++++++++++ arch/x86/kvm/x86.h | 1 + 4 files changed, 34 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 41a4533f9989..ee8938818c8a 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -106,6 +106,10 @@ static inline bool cpu_has_load_perf_global_ctrl(void) return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; } +static inline bool cpu_has_load_cet_ctrl(void) +{ + return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_CET_STATE); +} static inline bool cpu_has_vmx_mpx(void) { return vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 08058b182893..e9c0b571b3bb 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4371,6 +4371,21 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) if (cpu_has_load_ia32_efer()) vmcs_write64(HOST_IA32_EFER, host_efer); + + /* + * Supervisor shadow stack is not enabled on host side, i.e., + * host IA32_S_CET.SHSTK_EN bit is guaranteed to 0 now, per SDM + * description(RDSSP instruction), SSP is not readable in CPL0, + * so resetting the two registers to 0s at VM-Exit does no harm + * to kernel execution. When execution flow exits to userspace, + * SSP is reloaded from IA32_PL3_SSP. Check SDM Vol.2A/B Chapter + * 3 and 4 for details. + */ + if (cpu_has_load_cet_ctrl()) { + vmcs_writel(HOST_S_CET, host_s_cet); + vmcs_writel(HOST_SSP, 0); + vmcs_writel(HOST_INTR_SSP_TABLE, 0); + } } void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index cf0f9e4474a4..9596763fae8d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -114,6 +114,8 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE); #endif static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS; +u64 __read_mostly host_s_cet; +EXPORT_SYMBOL_GPL(host_s_cet); #define KVM_EXIT_HYPERCALL_VALID_MASK (1 << KVM_HC_MAP_GPA_RANGE) @@ -9840,6 +9842,18 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) return -EIO; } + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + rdmsrl(MSR_IA32_S_CET, host_s_cet); + /* + * Linux doesn't yet support supervisor shadow stacks (SSS), so + * KVM doesn't save/restore the associated MSRs, i.e. KVM may + * clobber the host values. Yell and refuse to load if SSS is + * unexpectedly enabled, e.g. to avoid crashing the host. + */ + if (WARN_ON_ONCE(host_s_cet & CET_SHSTK_EN)) + return -EIO; + } + x86_emulator_cache = kvm_alloc_emulator_cache(); if (!x86_emulator_cache) { pr_err("failed to allocate cache for x86 emulator\n"); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 9c19dfb5011d..656107e64c93 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -325,6 +325,7 @@ fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu); extern u64 host_xcr0; extern u64 host_xss; extern u64 host_arch_capabilities; +extern u64 host_s_cet; extern struct kvm_caps kvm_caps; From patchwork Thu Dec 21 14:02:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182084 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285724dyi; Thu, 21 Dec 2023 01:19:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IFvxKH0c+dZiexIJnWL4ioy0vrTG48TtyS+Zkkc8N+4ApanmHBfu8gViaRJDbiynFW7OShd X-Received: by 2002:a05:6512:3a8a:b0:50e:4e5f:6700 with SMTP id q10-20020a0565123a8a00b0050e4e5f6700mr2217101lfu.103.1703150354844; Thu, 21 Dec 2023 01:19:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150354; cv=none; d=google.com; s=arc-20160816; b=uS2UnAMOIxCn2M9NX61IUiCiYjciimOkNulZ3MFw0MG4/bZvt3SofY3U37YCIk12bR P0byP49QLYNY68QI5tYemotui5mYXOod5MezKfuSWO+KW645IKObrnzEn03lpxlmeO7I LhIQW1OSYtw1qAexTBA8wOga+m8jg6BdhyrE5attEPJdOeOwhSrTkVEJvelUNnYWQCWp YXDW0ET/j1ZtJpYDtLYsUpe2dOjcbBQB42KNghRe6Yac/uv5HhZiINTQHLg/iU8/yLEy qC2QeyeQcxEXS2RxSlNW3jciraCaq5fQWtxiNkpW7calJSsA4XR+jpdm1csoL+yjGMSL kwMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=+OpRymKIUs626050jaMiyQCCiTzWyVHKldzZPwDzmJs=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=a8n2iUe4GIKSjx42Nil0cY4TIUzJMA4Vrvv6FF592+J2ZCkzNWe+oiumfkpekoJUI0 t6gT5SbVqNEWxIp48H9BBISUcAPFXD2GiLx8YdxZUQaOef2l+ILMiejrIpXvlhaDFWNC fezyOQLSBGOqujcP2Uj6NvtOdyBCX1LHc6Tv+yMm6O4u4XW738fJH7YO3DN2s9uOAaig i/vzyE0nInSdCBgB+Cm7CD3VPGsap9t/5Pz7Ns3C8ddmMcI309A0EVZpI5ALmguiLcar RSWzlcev3LXHK4KjAdyXCEZPvvlQA0RJby0lda5yPg6PpJLGBJDbiENFVeLj07SD4Tej FFnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SNdoiLV4; spf=pass (google.com: domain of linux-kernel+bounces-8077-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8077-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id hh23-20020a170906a95700b00a26a962069asi225788ejb.197.2023.12.21.01.19.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8077-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SNdoiLV4; spf=pass (google.com: domain of linux-kernel+bounces-8077-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8077-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 465121F23D16 for ; Thu, 21 Dec 2023 09:19:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C448359531; Thu, 21 Dec 2023 09:03:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SNdoiLV4" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CDDB0563AF; Thu, 21 Dec 2023 09:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149433; x=1734685433; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=joyrJlds/SFQrii3K4ni5puSmr15f7iVA1rz6BGV/qY=; b=SNdoiLV45e0XXtjoL4VbqotK7mZ50ccoASHtF7YdOEJWuQAzlA+joQZx 7bxwLWl+DKjURfVRZJSQtrS6WULLe0gzp4GmMX8VwKrGtEwNrRJ2hAFKV rmh14+zpt6u7+CS/IuN9mEAd1fX0KEhdw6xl1bMPgk19XqiFR1/euAglz fQ+7it9XNIYt2VsIXRQ3y6XHnV7SeBlRZr0+U+sMKSx7c9CLoXHZc8gJk a/DChhdJawIpkIHYgRLuZM/dKYaOSSZoHtbJ1XiNEA6Ma3r1jRtkpGFCf 4XadJF4ngSWM2KcG7kzMUhTjMcXjbpM6QAN86urfqprGDbSIka6EvUozJ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729699" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729699" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028644" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028644" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:12 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 24/26] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Date: Thu, 21 Dec 2023 09:02:37 -0500 Message-Id: <20231221140239.4349-25-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882586112476036 X-GMAIL-MSGID: 1785882586112476036 Expose CET features to guest if KVM/host can support them, clear CPUID feature bits if KVM/host cannot support. Set CPUID feature bits so that CET features are available in guest CPUID. Add CR4.CET bit support in order to allow guest set CET master control bit. Disable KVM CET feature if unrestricted_guest is unsupported/disabled as KVM does not support emulating CET. The CET load-bits in VM_ENTRY/VM_EXIT control fields should be set to make guest CET xstates isolated from host's. On platforms with VMX_BASIC[bit56] == 0, inject #CP at VMX entry with error code will fail, and if VMX_BASIC[bit56] == 1, #CP injection with or without error code is allowed. Disable CET feature bits if the MSR bit is cleared so that nested VMM can inject #CP if and only if VMX_BASIC[bit56] == 1. Don't expose CET feature if either of {U,S}_CET xstate bits is cleared in host XSS or if XSAVES isn't supported. CET MSR contents after reset, power-up and INIT are set to 0s, clears the guest fpstate fields so that the guest MSRs are reset to 0s after the events. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kvm/cpuid.c | 19 +++++++++++++++++-- arch/x86/kvm/vmx/capabilities.h | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 29 ++++++++++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 6 ++++-- arch/x86/kvm/x86.c | 31 +++++++++++++++++++++++++++++-- arch/x86/kvm/x86.h | 3 +++ 8 files changed, 89 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 6efaaaa15945..161d0552be5f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -134,7 +134,7 @@ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ - | X86_CR4_LAM_SUP)) + | X86_CR4_LAM_SUP | X86_CR4_CET)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 1d51e1850ed0..233e00c01e62 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1102,6 +1102,7 @@ #define VMX_BASIC_MEM_TYPE_MASK 0x003c000000000000LLU #define VMX_BASIC_MEM_TYPE_WB 6LLU #define VMX_BASIC_INOUT 0x0040000000000000LLU +#define VMX_BASIC_NO_HW_ERROR_CODE_CC 0x0100000000000000LLU /* Resctrl MSRs: */ /* - Intel: */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index cfc0ac8ddb4a..18d1a0eb0f64 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -665,7 +665,7 @@ void kvm_set_cpu_caps(void) F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) | F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) | F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ | - F(SGX_LC) | F(BUS_LOCK_DETECT) + F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK) ); /* Set LA57 based on hardware capability. */ if (cpuid_ecx(7) & F(LA57)) @@ -683,7 +683,8 @@ void kvm_set_cpu_caps(void) F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) + F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) | + F(IBT) ); /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ @@ -696,6 +697,20 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); + /* + * Don't use boot_cpu_has() to check availability of IBT because the + * feature bit is cleared in boot_cpu_data when ibt=off is applied + * in host cmdline. + * + * As currently there's no HW bug which requires disabling IBT feature + * while CPU can enumerate it, host cmdline option ibt=off is most + * likely due to administrative reason on host side, so KVM refers to + * CPU CPUID enumeration to enable the feature. In future if there's + * actually some bug clobbered ibt=off option, then enforce additional + * check here to disable the support in KVM. + */ + if (cpuid_edx(7) & F(IBT)) + kvm_cpu_cap_set(X86_FEATURE_IBT); kvm_cpu_cap_mask(CPUID_7_1_EAX, F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index ee8938818c8a..e12bc233d88b 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -79,6 +79,12 @@ static inline bool cpu_has_vmx_basic_inout(void) return (((u64)vmcs_config.basic_cap << 32) & VMX_BASIC_INOUT); } +static inline bool cpu_has_vmx_basic_no_hw_errcode(void) +{ + return ((u64)vmcs_config.basic_cap << 32) & + VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + static inline bool cpu_has_virtual_nmis(void) { return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e9c0b571b3bb..c802e790c0d5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2609,6 +2609,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER }, { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS }, { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL }, + { VM_ENTRY_LOAD_CET_STATE, VM_EXIT_LOAD_CET_STATE }, }; memset(vmcs_conf, 0, sizeof(*vmcs_conf)); @@ -4934,6 +4935,15 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */ + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + vmcs_writel(GUEST_SSP, 0); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK) || + kvm_cpu_cap_has(X86_FEATURE_IBT)) + vmcs_writel(GUEST_S_CET, 0); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + IS_ENABLED(CONFIG_X86_64)) + vmcs_writel(GUEST_INTR_SSP_TABLE, 0); + kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); vpid_sync_context(vmx->vpid); @@ -6353,6 +6363,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0) vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest); + if (vmentry_ctl & VM_ENTRY_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(GUEST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(GUEST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(GUEST_INTR_SSP_TABLE)); + } pr_err("*** Host State ***\n"); pr_err("RIP = 0x%016lx RSP = 0x%016lx\n", vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP)); @@ -6430,6 +6446,12 @@ void dump_vmcs(struct kvm_vcpu *vcpu) if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID) pr_err("Virtual processor ID = 0x%04x\n", vmcs_read16(VIRTUAL_PROCESSOR_ID)); + if (vmexit_ctl & VM_EXIT_LOAD_CET_STATE) { + pr_err("S_CET = 0x%016lx\n", vmcs_readl(HOST_S_CET)); + pr_err("SSP = 0x%016lx\n", vmcs_readl(HOST_SSP)); + pr_err("INTR SSP TABLE = 0x%016lx\n", + vmcs_readl(HOST_INTR_SSP_TABLE)); + } } /* @@ -7966,7 +7988,6 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_UMIP); /* CPUID 0xD.1 */ - kvm_caps.supported_xss = 0; if (!cpu_has_vmx_xsaves()) kvm_cpu_cap_clear(X86_FEATURE_XSAVES); @@ -7978,6 +7999,12 @@ static __init void vmx_set_cpu_caps(void) if (cpu_has_vmx_waitpkg()) kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG); + + if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest || + !cpu_has_vmx_basic_no_hw_errcode()) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + } } static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index e3b0985bb74a..d0cad2624564 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -484,7 +484,8 @@ static inline u8 vmx_get_rvi(void) VM_ENTRY_LOAD_IA32_EFER | \ VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | \ - VM_ENTRY_LOAD_IA32_RTIT_CTL) + VM_ENTRY_LOAD_IA32_RTIT_CTL | \ + VM_ENTRY_LOAD_CET_STATE) #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \ (VM_EXIT_SAVE_DEBUG_CONTROLS | \ @@ -506,7 +507,8 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_LOAD_IA32_EFER | \ VM_EXIT_CLEAR_BNDCFGS | \ VM_EXIT_PT_CONCEAL_PIP | \ - VM_EXIT_CLEAR_IA32_RTIT_CTL) + VM_EXIT_CLEAR_IA32_RTIT_CTL | \ + VM_EXIT_LOAD_CET_STATE) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9596763fae8d..5058c9c5f4cc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -231,7 +231,8 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs; | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE) -#define KVM_SUPPORTED_XSS 0 +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) u64 __read_mostly host_efer; EXPORT_SYMBOL_GPL(host_efer); @@ -9921,6 +9922,20 @@ static int __kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) kvm_caps.supported_xss = 0; + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + kvm_caps.supported_xss &= ~(XFEATURE_CET_USER | + XFEATURE_CET_KERNEL); + + if ((kvm_caps.supported_xss & (XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL)) != + (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + kvm_caps.supported_xss &= ~(XFEATURE_CET_USER | + XFEATURE_CET_KERNEL); + } + #define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) cr4_reserved_bits = __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_); #undef __kvm_cpu_cap_has @@ -12392,7 +12407,9 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) static inline bool is_xstate_reset_needed(void) { - return kvm_cpu_cap_has(X86_FEATURE_MPX); + return kvm_cpu_cap_has(X86_FEATURE_MPX) || + kvm_cpu_cap_has(X86_FEATURE_SHSTK) || + kvm_cpu_cap_has(X86_FEATURE_IBT); } void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) @@ -12469,6 +12486,16 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) XFEATURE_BNDCSR); } + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_USER); + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_KERNEL); + } else if (kvm_cpu_cap_has(X86_FEATURE_IBT)) { + fpstate_clear_xstate_component(fpstate, + XFEATURE_CET_USER); + } + if (init_event) kvm_load_guest_fpu(vcpu); } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 656107e64c93..cc585051d24b 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -533,6 +533,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_PCIDE; \ if (!__cpu_has(__c, X86_FEATURE_LAM)) \ __reserved_bits |= X86_CR4_LAM_SUP; \ + if (!__cpu_has(__c, X86_FEATURE_SHSTK) && \ + !__cpu_has(__c, X86_FEATURE_IBT)) \ + __reserved_bits |= X86_CR4_CET; \ __reserved_bits; \ }) From patchwork Thu Dec 21 14:02:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182085 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285751dyi; Thu, 21 Dec 2023 01:19:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFBjU2is50ouIh355gpFjG9gdhHvkkMRAxszo+ncrUYVQcABlcxtPEkSuxjJC5DKLRaZYre X-Received: by 2002:a05:6122:4d1a:b0:4b6:e1de:16b4 with SMTP id fi26-20020a0561224d1a00b004b6e1de16b4mr662440vkb.25.1703150358412; Thu, 21 Dec 2023 01:19:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150358; cv=none; d=google.com; s=arc-20160816; b=ixSx0pifaNaKtVuA2EhgMB0wolVXn6uz/FfI9aMP1XhRBd5vNEC8g7FMNktQ+YRsst d/KbPpXdeqzx0vy7vqkzGZqW72s2vm84L+J1fXoAgBvi7REyK1gCK7pO4XmVOc+zIyJC ykkKTxYeUUMevkFHjnljJRZHfAKeboXC6OvMD+vWwjoTrKcNFxnAV/dY0nSlYBPcDmK9 gzwQhS5VjTNEPsNVO1Ef2H1btMbA+o1wxibXAuCKWRRhPPxaMFKVZGevNOrRxdU6CTeE 31Bms+eUgTRKx3cERKhOAp4k2QnHb4og2sdPqGcXbEUzHxOGa0zeB80gCjyFUW5VxHy5 RL7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=oJamj3KEbxdUqiy4zxZ2trB3vun34ynFsZH00sBmsv0=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=XYgrbByvnDCbT8KOE7wJrPSkLh5JhX8AmKY/oTxMFIZGn+L6q0FRaTXbF+YKZ4GZVe KCaFKPoDDIoNxIzvs89DCiLKFVt7b/pgxTZYR8eS9MfOeM0+yyFkPn81bmt5kDCSMEIp m81Xvf7J8Q8FYlJL/rIDwIVqNa59Cbvo6T8U+T1fr8IDc4oabA7XaTsiv+uonURtNEeB hQfNNOdlMpJYERUelDVTHp7Xa664BFbqRZPafHJMm1kylyA2OIoOCYBW/1ik8+uhVD4A fSTZBPsWjQHXEaS0g7K59sECYUM9G3nIqSRj5K1JnVTiLxRapL86wfBy4/l5dMFmLPbt it9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DjCL77ti; spf=pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id t15-20020a05620a450f00b0077dc688e20asi1881963qkp.259.2023.12.21.01.19.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DjCL77ti; spf=pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 262EF1C22226 for ; Thu, 21 Dec 2023 09:19:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E20F55954A; Thu, 21 Dec 2023 09:03:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DjCL77ti" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 688F856744; Thu, 21 Dec 2023 09:03:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149434; x=1734685434; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VzRTyBG95NMIc7bDJOln3dLMG8SRjMb/e4tnQdiKqPY=; b=DjCL77tigAO3KL7UkEEvTOTsqQ2OO3vGEUgJSmMMBhLrk3UaCgoO+zJq fe7amsh92yvZD9nH2TyrhEQEhEzo9zoBFEiW0hBHtxlJZncZQ2VWSzLKn xy9ARcdfWN/dyLnXG3qjU4i9jKesNaDj2RuzYezL4YEtHqyrfDaWgFhpW fd2QyVFFHXJUau5ASn+lfoleXB/Km/0vV8Fse1bBWJbhFNiPImPzD6U9b ecUXlfmOpvJDGPB/UZHy+/jDmBeJP9wRDoU7wgedH39+LfXFTOMnI1Tje K3Ho4JYKZepp0cDFr6uSoaEpcZ9lxqdYZp+zAjatdDTv6sF3M/AvnAxjd A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729700" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729700" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028646" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028646" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:12 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 25/26] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Thu, 21 Dec 2023 09:02:38 -0500 Message-Id: <20231221140239.4349-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882590025416041 X-GMAIL-MSGID: 1785882590025416041 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index b2e9853584b8..468a7cf75035 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1230,9 +1230,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2865,7 +2865,6 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u8 vector = intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2882,12 +2881,20 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code != + x86_exception_has_error_code(vector))) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -7011,6 +7018,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index cce4e2aa30fb..747061c2aeb9 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -285,6 +285,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid From patchwork Thu Dec 21 14:02:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182105 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp290794dyi; Thu, 21 Dec 2023 01:31:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IHwp8kLYa+Wyk16xyY/xIQjWwbz3OQvPMEeou4tPxdjPgbKdD02sfwfysURvZVHEBF2rKB7 X-Received: by 2002:a17:90a:b281:b0:286:6cc1:866c with SMTP id c1-20020a17090ab28100b002866cc1866cmr9528865pjr.81.1703151110939; Thu, 21 Dec 2023 01:31:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703151110; cv=none; d=google.com; s=arc-20160816; b=Fif1mglTd+M8X/3gCX54kKwkPEOASt6dcqWjSly42eeFQjoAkLnBrdaNTLp9Zt8F1y btHoXeU3KYZuVSQNQYIEM09BZxaxoJ0HQzUuYcjtCJXPQ2f3xde/+2pu1W2H61lpSFKR ovcbD36IdQm4A27ITISmT9O7JfIFwFoqs91eIwapg1YrJ9FQPujzBXIHHrkv8/KhMt9z 4G3qCilmD/GxHc3lvPFbVB5jP3gL0OzHElaIyvqkKJGohfBcgwINpuMcRA0uqjeo0Bmq /wK6MpA/Bcu78vzP6kPC9nS5+IwmZrUc5wAWI+dWZJUmRiPqa+431k6O/r83mIuQtoIc YaJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=EfXEr0isTI2qeZYuKigC4cW3dgq2u0iYOayvNQrlTRc=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=S8yFv7HcSri2QX16qAiwZsLogAK9pi5CAJ79yxPKYCA/NoJa/bMGp7m1S11990evxQ NXKDhX8nheom7j1ZBh+nv11IG2AWljqmVIleEBieod8WRdYB7sZCM7Dt/BJOKFw7z8bW i+/MYgYS1cFX3SH6CmtyEpMqVozjMZmCdJ7Bv/ki3iQRpKqshOA7/ZswQCgf9uI9ie6M fUNJyDOBNmqvm3xwq/WCMDcainbswtUJ/U3OzE6+9DLE2WxTRK0oEDXqDtZ9sBZMp9Vb AfBfzTvfcW4AsVOwvaMaXtbao3bIyHYJ/Wr/gDe4zCn9GPjEhziM2wc1pXtXrxkWo4De lSzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JLwoMiLd; spf=pass (google.com: domain of linux-kernel+bounces-8084-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8084-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id n10-20020a17090a9f0a00b0028beed57779si913354pjp.123.2023.12.21.01.31.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:31:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8084-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JLwoMiLd; spf=pass (google.com: domain of linux-kernel+bounces-8084-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8084-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C9A28B26F2B for ; Thu, 21 Dec 2023 09:20:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 833865C09D; Thu, 21 Dec 2023 09:04:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="JLwoMiLd" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27C9E584E2; Thu, 21 Dec 2023 09:03:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149437; x=1734685437; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BN9hsBQ2Z+9tGAlANCAp121KNF0ETD1YHCS41SLLuR0=; b=JLwoMiLdTnPdXPNsk0YqHyUCmtESIcgsefq79FtB9kFFOjPnlZk/UZnP 0IKOPBO1ZfXUPvmP11XLQaHDmewpCBuHKTlhpJSb70jljqr+FxCg8BnWT IDT0/fkhEE41Xo9211d3ZcdWkjYT5HPuxN6TyXmyz5Ae/iPk1SMVMg6lr FCWlSy8Fh18UpCHRmHoJmeUOdv4OfgrfJ75MqLajL5F59sx5h+TywJ+0T TTJ3AlbN0uQeoMVeAfGGQe/EBSs3zp6sEcgiFNqNKtf5JLbb5xxVmsAwo yUilP+z/flYau7vJA5/1g97DuRqDV56WYmcndnqf4JuyQRlBNr5/cewna Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729732" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729732" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028650" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028650" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:12 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 26/26] KVM: nVMX: Enable CET support for nested guest Date: Thu, 21 Dec 2023 09:02:39 -0500 Message-Id: <20231221140239.4349-27-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785883379019885623 X-GMAIL-MSGID: 1785883379019885623 Set up CET MSRs, related VM_ENTRY/EXIT control bits and fixed CR4 setting to enable CET for nested VM. vmcs12 and vmcs02 needs to be synced when L2 exits to L1 or when L1 wants to resume L2, that way correct CET states can be observed by one another. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 57 +++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/vmx/vmcs12.c | 6 +++++ arch/x86/kvm/vmx/vmcs12.h | 14 +++++++++- arch/x86/kvm/vmx/vmx.c | 2 ++ 4 files changed, 76 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 468a7cf75035..dee718c65255 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -691,6 +691,28 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_FLUSH_CMD, MSR_TYPE_W); + /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */ + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_U_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_S_CET, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL0_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL1_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL2_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_PL3_SSP, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW); + kvm_vcpu_unmap(vcpu, &vmx->nested.msr_bitmap_map, false); vmx->nested.force_msr_bitmap_recalc = false; @@ -2506,6 +2528,17 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12) if (kvm_mpx_supported() && vmx->nested.nested_run_pending && (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)) vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs); + + if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE) { + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) { + vmcs_writel(GUEST_SSP, vmcs12->guest_ssp); + vmcs_writel(GUEST_INTR_SSP_TABLE, + vmcs12->guest_ssp_tbl); + } + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) || + guest_can_use(&vmx->vcpu, X86_FEATURE_IBT)) + vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet); + } } if (nested_cpu_has_xsaves(vmcs12)) @@ -4344,6 +4377,15 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu, vmcs12->guest_pending_dbg_exceptions = vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS); + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) { + vmcs12->guest_ssp = vmcs_readl(GUEST_SSP); + vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE); + } + if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) || + guest_can_use(&vmx->vcpu, X86_FEATURE_IBT)) { + vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET); + } + vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false; } @@ -4569,6 +4611,16 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, if (vmcs12->vm_exit_controls & VM_EXIT_CLEAR_BNDCFGS) vmcs_write64(GUEST_BNDCFGS, 0); + if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_CET_STATE) { + if (guest_can_use(vcpu, X86_FEATURE_SHSTK)) { + vmcs_writel(HOST_SSP, vmcs12->host_ssp); + vmcs_writel(HOST_INTR_SSP_TABLE, vmcs12->host_ssp_tbl); + } + if (guest_can_use(vcpu, X86_FEATURE_SHSTK) || + guest_can_use(vcpu, X86_FEATURE_IBT)) + vmcs_writel(HOST_S_CET, vmcs12->host_s_cet); + } + if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PAT) { vmcs_write64(GUEST_IA32_PAT, vmcs12->host_ia32_pat); vcpu->arch.pat = vmcs12->host_ia32_pat; @@ -6840,7 +6892,7 @@ static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf, VM_EXIT_HOST_ADDR_SPACE_SIZE | #endif VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT | - VM_EXIT_CLEAR_BNDCFGS; + VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_LOAD_CET_STATE; msrs->exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER | @@ -6862,7 +6914,8 @@ static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf, #ifdef CONFIG_X86_64 VM_ENTRY_IA32E_MODE | #endif - VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS; + VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS | + VM_ENTRY_LOAD_CET_STATE; msrs->entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL); diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 106a72c923ca..4233b5ca9461 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -139,6 +139,9 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(GUEST_PENDING_DBG_EXCEPTIONS, guest_pending_dbg_exceptions), FIELD(GUEST_SYSENTER_ESP, guest_sysenter_esp), FIELD(GUEST_SYSENTER_EIP, guest_sysenter_eip), + FIELD(GUEST_S_CET, guest_s_cet), + FIELD(GUEST_SSP, guest_ssp), + FIELD(GUEST_INTR_SSP_TABLE, guest_ssp_tbl), FIELD(HOST_CR0, host_cr0), FIELD(HOST_CR3, host_cr3), FIELD(HOST_CR4, host_cr4), @@ -151,5 +154,8 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip), FIELD(HOST_RSP, host_rsp), FIELD(HOST_RIP, host_rip), + FIELD(HOST_S_CET, host_s_cet), + FIELD(HOST_SSP, host_ssp), + FIELD(HOST_INTR_SSP_TABLE, host_ssp_tbl), }; const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs12_field_offsets); diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index 01936013428b..3884489e7f7e 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -117,7 +117,13 @@ struct __packed vmcs12 { natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; - natural_width paddingl[8]; /* room for future expansion */ + natural_width host_s_cet; + natural_width host_ssp; + natural_width host_ssp_tbl; + natural_width guest_s_cet; + natural_width guest_ssp; + natural_width guest_ssp_tbl; + natural_width paddingl[2]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; @@ -292,6 +298,12 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_ia32_sysenter_eip, 656); CHECK_OFFSET(host_rsp, 664); CHECK_OFFSET(host_rip, 672); + CHECK_OFFSET(host_s_cet, 680); + CHECK_OFFSET(host_ssp, 688); + CHECK_OFFSET(host_ssp_tbl, 696); + CHECK_OFFSET(guest_s_cet, 704); + CHECK_OFFSET(guest_ssp, 712); + CHECK_OFFSET(guest_ssp_tbl, 720); CHECK_OFFSET(pin_based_vm_exec_control, 744); CHECK_OFFSET(cpu_based_vm_exec_control, 748); CHECK_OFFSET(exception_bitmap, 752); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c802e790c0d5..7ddd3f6fe8ab 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7732,6 +7732,8 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU)); cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + cr4_fixed1_update(X86_CR4_CET, ecx, feature_bit(SHSTK)); + cr4_fixed1_update(X86_CR4_CET, edx, feature_bit(IBT)); entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); cr4_fixed1_update(X86_CR4_LAM_SUP, eax, feature_bit(LAM));