| Message ID | 20230421134615.62539-15-weijiang.yang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Enable CET Virtualization | expand |
On Fri, 2023-04-21 at 09:46 -0400, Yang Weijiang wrote: > Introduce a host-only synthetic MSR, MSR_KVM_GUEST_SSP, so that the > VMM > can read/write the guest's SSP, e.g. to migrate CET state. Use a > synthetic > MSR, e.g. as opposed to a VCPU_REG_, as GUEST_SSP is subject to the > same > consistency checks as the PL*_SSP MSRs, i.e. can share code. It seems this is exposed to the guest? I'm thinking maybe it should not be. IA32_PL0_SSP comes with some extra checks, so MSR_KVM_GUEST_SSP seems a bit powerful. I think the guest doesn't need it either.
On 5/4/2023 1:08 AM, Edgecombe, Rick P wrote: > On Fri, 2023-04-21 at 09:46 -0400, Yang Weijiang wrote: >> Introduce a host-only synthetic MSR, MSR_KVM_GUEST_SSP, so that the >> VMM >> can read/write the guest's SSP, e.g. to migrate CET state. Use a >> synthetic >> MSR, e.g. as opposed to a VCPU_REG_, as GUEST_SSP is subject to the >> same >> consistency checks as the PL*_SSP MSRs, i.e. can share code. > It seems this is exposed to the guest? I'm thinking maybe it should not > be. IA32_PL0_SSP comes with some extra checks, so MSR_KVM_GUEST_SSP > seems a bit powerful. I think the guest doesn't need it either. Make sense. The MSR is just for live migration purpose, no need to expose it to guest, will change it, thanks!
diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..7af465e4e0bd 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_GUEST_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ae816c1c7367..42211ae40650 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1968,7 +1968,8 @@ static bool cet_is_msr_accessible(struct kvm_vcpu *vcpu, !guest_cpuid_has(vcpu, X86_FEATURE_IBT)) return false; - if (msr->index == MSR_IA32_PL3_SSP && + if ((msr->index == MSR_IA32_PL3_SSP || + msr->index == MSR_KVM_GUEST_SSP) && !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) return false; @@ -2115,9 +2116,13 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) break; case MSR_IA32_U_CET: case MSR_IA32_PL3_SSP: + case MSR_KVM_GUEST_SSP: if (!cet_is_msr_accessible(vcpu, msr_info)) return 1; - kvm_get_xsave_msr(msr_info); + if (msr_info->index == MSR_KVM_GUEST_SSP) + msr_info->data = vmcs_readl(GUEST_SSP); + else + kvm_get_xsave_msr(msr_info); break; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); @@ -2440,12 +2445,16 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) kvm_set_xsave_msr(msr_info); break; case MSR_IA32_PL3_SSP: + case MSR_KVM_GUEST_SSP: if (!cet_is_msr_accessible(vcpu, msr_info)) return 1; if ((data & GENMASK(2, 0)) || is_noncanonical_address(data, vcpu)) return 1; - kvm_set_xsave_msr(msr_info); + if (msr_index == MSR_KVM_GUEST_SSP) + vmcs_writel(GUEST_SSP, data); + else + kvm_set_xsave_msr(msr_info); break; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version)