From patchwork Wed Oct 12 20:39:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005406 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2ED2C4332F for ; Wed, 12 Oct 2022 20:39:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229747AbiJLUjx (ORCPT ); Wed, 12 Oct 2022 16:39:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229733AbiJLUjr (ORCPT ); Wed, 12 Oct 2022 16:39:47 -0400 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2085.outbound.protection.outlook.com [40.107.101.85]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB4231580A; Wed, 12 Oct 2022 13:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T1++UjU8UbAzexPPupRhIpAeE9QUn5vU1kHq32WDiYUM5BxKYS2dl4VnAKy0GSuNZfrEjJJ6mjddvJ/TzbfTbWgQ7M7H3MQqolkjmlvBl5owgTFM9eY2lbN1XADAsdvw9gOZlxH9Pv+4dMwCUMUPNjFtTaRXECk8ozG0m7QCt559WFGUdtaMkvByta3BcNEp9l+cxGZQgmx7IiiMouY8rAR8nwOxlLAUqXNXa4zkLa3lGwjF4pdnjF0riD8MzhNIWZM+UwAFAahO0bOitHiinCriuMIIBfNUBYKZdoilcmk/hKjlKkNJ9ZVvJlblmfuIc+RK2+KlL7M6sGwkHwhIsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D/w2fVab7DoKlOVdMFsxE+nlc01Dc+jlVOdKyaO0mBc=; b=Z+vBP93bI71+9LiWFh4XzeVprM9ueWCVc0Af+0s6TOjVmGblHk2iC/Z6FLwcMAfkNfyMMtn/yejGrNS9T2jJejcAuXMt72c3wMPMUiX0IyFHVg6hPk+CBQle+4UzYpmQ2p+h3SfI9EPEnNxf4dFvoWt3FV5rKJwX1DEYxKuHHUNA+gcT2jqotMfPunhTtxMWRwc9iBAMaxCtuIJMEhMxVHrXMJCNltR8NKPeOOhXeQrip+0rgW+KCyMfOPovHkX0yqZgHsCJ8KILkRa0C1MVrGDUFLxujhlSzgBi7em4iQfvjH7HWDhGXEIdEw4z/YX88SvclLWpUtCNMAZyRDp8FA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D/w2fVab7DoKlOVdMFsxE+nlc01Dc+jlVOdKyaO0mBc=; b=puQKPL2aZGP+AJN5Wi009kzykeeGApvQlMtBb0D4dSX/0LNxgb5X9qDSDRjHmXvqPjOl3CErNg8jTjU0BAtkgMAcGQlRHgEyKx7wvKWljU9r2MvblRHeZ15Lm7qUe5Zb+2SWrCv/rgqrSZ3hrN6NIk5UCpLthHT2BWkpBVGsZuQ= Received: from DM6PR11CA0013.namprd11.prod.outlook.com (2603:10b6:5:190::26) by PH8PR12MB6866.namprd12.prod.outlook.com (2603:10b6:510:1c9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 20:39:44 +0000 Received: from DM6NAM11FT095.eop-nam11.prod.protection.outlook.com (2603:10b6:5:190:cafe::9) by DM6PR11CA0013.outlook.office365.com (2603:10b6:5:190::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.22 via Frontend Transport; Wed, 12 Oct 2022 20:39:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT095.mail.protection.outlook.com (10.13.172.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:43 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:42 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 1/7] KVM: x86: Move shared CET routine to common x86 kvm code Date: Wed, 12 Oct 2022 20:39:04 +0000 Message-ID: <20221012203910.204793-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT095:EE_|PH8PR12MB6866:EE_ X-MS-Office365-Filtering-Correlation-Id: d759019b-edec-4ba1-97e6-08daac91e504 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YKslPDZaK1MvRTz5zAOWW0/1wgQyrowRAiM8Vr5kv0u0BB+K+ixw+PnTPZXJKOqHSUC0JF0qZyaDSHSY2hZOuWPwIbt8AzS5j3rdbUcmgkLIB99j7NiYuFxc7HK6zD4kUKZ6HN1vrQdvFTqM8C13wav3RYVKOTxkeFusc2Wg8RyoGfvucHyrtWVrZ4nGW0WHlyNv1r56fRHBUqJiNbQTKg84FASy9qKGgScALRtYO061ItjuexsAak0VrY1MumzboXmLKhcR2JKlJkudCgOE1ctilkqrRDzb/Ez5qyIMifXZOKAVe4eePbFaVGxUvDJS2cDRadseLx6/7yLzF3mnn1EYHCYrZAFDRBW4YdZ4pTIxifMHkd2Dajf6cKz2I4Sg1YCc18XPZN5ORhpts51QwVGc3tqXpunJE6G0vNl5FBcCpADYrzmdYohFWMduBr745CbNK3Ypqe2pgg1/rar/cvkYdO7QRN9g6xDO1YrNBql8PZgmPLtrxLYjsbwzIwVSUCRLTWx4omZCskJ7hx/mlKdXmki7tBrpchglKo2PAvSvDnFAt3kuFUGLlh4F+JJtJfWFiKP5XTN/kFF4zS1eVRbdwimhwKjaJahhUAwBXZYWQ84AEihhRPwrEzsJjudwqe9vpb/Rsoqh5Sg/HcEQEgar/o9EtZYQgGGaiy7A+3/7MuK5XWnB2bQOqGBAhxZzfJ80eOhVvja1nGPDY/jCvNuVSxmGNsgXQOIb3Ua949yJ3nJCUxNsE6nCqVBeMNjobWNk/f7tffyL94XaYkV4wMs55vRUwdXTcgRzaE+Wk0g= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(396003)(376002)(39860400002)(346002)(451199015)(46966006)(36840700001)(40470700004)(86362001)(82740400003)(2616005)(2906002)(36860700001)(36756003)(6916009)(40460700003)(478600001)(316002)(70586007)(16526019)(7696005)(83380400001)(26005)(47076005)(1076003)(426003)(8676002)(336012)(8936002)(186003)(54906003)(70206006)(41300700001)(44832011)(4326008)(40480700001)(82310400005)(5660300002)(6666004)(81166007)(356005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:43.8084 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d759019b-edec-4ba1-97e6-08daac91e504 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT095.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6866 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org cet_is_msr_accessible can also by used for shadow stack support in SVM. Move this to common x86 kvm code. Signed-off-by: John Allen --- arch/x86/kvm/vmx/vmx.c | 32 +++----------------------------- arch/x86/kvm/x86.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/x86.h | 2 ++ 3 files changed, 31 insertions(+), 29 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 4558b13d0610..8b79a727b29c 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1845,32 +1845,6 @@ static int vmx_get_msr_feature(struct kvm_msr_entry *msr) } } -static bool cet_is_msr_accessible(struct kvm_vcpu *vcpu, - struct msr_data *msr) -{ - if (!kvm_cet_user_supported() && - !cet_kernel_ibt_supported()) - return false; - - if (msr->host_initiated) - return true; - - if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) && - !guest_cpuid_has(vcpu, X86_FEATURE_IBT)) - return false; - - if (msr->index == MSR_IA32_S_CET && - guest_cpuid_has(vcpu, X86_FEATURE_IBT)) - return true; - - if ((msr->index == MSR_IA32_PL3_SSP || - msr->index == MSR_KVM_GUEST_SSP) && - !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) - return false; - - return true; -} - /* * Reads an msr value (of 'msr_info->index') into 'msr_info->data'. * Returns 0 on success, non-0 otherwise. @@ -2014,7 +1988,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_IA32_PL3_SSP: case MSR_KVM_GUEST_SSP: case MSR_IA32_S_CET: - if (!cet_is_msr_accessible(vcpu, msr_info)) + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) return 1; if (msr_info->index == MSR_KVM_GUEST_SSP) msr_info->data = vmcs_readl(GUEST_SSP); @@ -2363,7 +2337,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) break; case MSR_IA32_U_CET: case MSR_IA32_S_CET: - if (!cet_is_msr_accessible(vcpu, msr_info)) + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) return 1; if ((data & GENMASK(9, 6)) || is_noncanonical_address(data, vcpu)) @@ -2375,7 +2349,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) break; case MSR_IA32_PL3_SSP: case MSR_KVM_GUEST_SSP: - if (!cet_is_msr_accessible(vcpu, msr_info)) + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) return 1; if ((data & GENMASK(2, 0)) || is_noncanonical_address(data, vcpu)) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5786225c0dfa..486e91f4a538 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13475,6 +13475,32 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, } EXPORT_SYMBOL_GPL(kvm_sev_es_string_io); +bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr) +{ + if (!kvm_cet_user_supported() && + !cet_kernel_ibt_supported()) + return false; + + if (msr->host_initiated) + return true; + + if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) && + !guest_cpuid_has(vcpu, X86_FEATURE_IBT)) + return false; + + if (msr->index == MSR_IA32_S_CET && + guest_cpuid_has(vcpu, X86_FEATURE_IBT)) + return true; + + if ((msr->index == MSR_IA32_PL3_SSP || + msr->index == MSR_KVM_GUEST_SSP) && + !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(kvm_cet_is_msr_accessible); + EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_entry); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index a55f262d1e61..fb871be7131e 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -502,6 +502,8 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, unsigned int port, void *data, unsigned int count, int in); +bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr); + /* * We've already loaded guest MSRs in __msr_io() when check the MSR index. * In case vcpu has been preempted, we need to disable preemption, check From patchwork Wed Oct 12 20:39:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005407 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D6E6C4332F for ; Wed, 12 Oct 2022 20:40:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229774AbiJLUj7 (ORCPT ); Wed, 12 Oct 2022 16:39:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229762AbiJLUjz (ORCPT ); Wed, 12 Oct 2022 16:39:55 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2065.outbound.protection.outlook.com [40.107.94.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56B051DA77; Wed, 12 Oct 2022 13:39:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OX8dqll8CHfCj2xDPWYiAAefftNktV53JkXD0ZKxb+92uWmFw1JKo6MAyh9fjS0VyErJ1xNk2LXN1lb3yOB+Dfcf7Fyd3dV+BXLwazaDaP7QRiVY4cKGlBDEUPfEYFQTtu8JBYc9VduvZU+V1bWUe9Rl1efsAgTlQzZbBCfC4+ep9E0vo6inrU414aES7iBxjlOosNAxU4hUln17o6jG/bzdDMHzLpcnYY9pMQO9V31J7IowBLlWVl9LreQhvidlnON5eKqB692D0JN+ccGb0KpeHgVFmiRxx1c1r43JdFpD1EmCYNM4yppu4Ueffp78k9U1x5/YTONT99wkaP0IgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dt+dj9LbZqFlvZOOZzYyuwKJKe/4XVZf+scBZUKDHbk=; b=gkexMMoiujsvhQCBgSdcQlgZwG32OG7PE8nYc9jSfW+LHFEt2+KIRdfPKOeNA+UgID8HlaEG8stY3aTYDr2TqkfMTaXMBPo0uAaPQpiilO8wn+XnFHw+4KhPxaViiu96Fr2wEDxt7X8g33wwa1AHRx9qEc63O8yXewuafvfFBIWm5sCIyBQ8DNLmDZpqSAzJeOxfVJqaqbEWsuRDk+yrhX2+cM+p8l0Boti03p7+odXPs+UJdtP67OvkbZVds8Ytzh8xl3zPCTsx5DCsKHFOejkioFrhC1jJem/NlmeqaLjmvc2S/1d6goSSdTTLSuKOfZ7zhBWo6vFcyLv17oMAEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dt+dj9LbZqFlvZOOZzYyuwKJKe/4XVZf+scBZUKDHbk=; b=ejDIMZ0Oqua6tN3+p/bd67iiycGjCrkzlk1LeukxQ3ymECsJZ6bWtNAhwwLZ0AKdl/tWL/aICwztEeDRAgr2LsXHjok7bC2u9B18jvATmjdzEZ/XEaAP0Lzr5hFArr/cA5NMYjKeJRWthWQZDhi5is3teeZX543u4GK7Fr4Hp0c= Received: from DM6PR06CA0071.namprd06.prod.outlook.com (2603:10b6:5:54::48) by BY5PR12MB4967.namprd12.prod.outlook.com (2603:10b6:a03:1de::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21; Wed, 12 Oct 2022 20:39:46 +0000 Received: from DM6NAM11FT056.eop-nam11.prod.protection.outlook.com (2603:10b6:5:54:cafe::e8) by DM6PR06CA0071.outlook.office365.com (2603:10b6:5:54::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21 via Frontend Transport; Wed, 12 Oct 2022 20:39:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT056.mail.protection.outlook.com (10.13.173.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:46 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:45 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 2/7] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Wed, 12 Oct 2022 20:39:05 +0000 Message-ID: <20221012203910.204793-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT056:EE_|BY5PR12MB4967:EE_ X-MS-Office365-Filtering-Correlation-Id: 0ebb1bb1-51a6-4994-f04d-08daac91e667 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zw6tB0HFT9Le6GMuoxiwNr4c6S9z57fgaIrIiYitRFDnsgWPilXdp4pWzcNg38CuEiCzgs39fOqFV7L8Ebfe3JeV/RAQ/Ob3dHeX8tfl9iKBhvfCaOPg8V7cSVvDWTv+0P9Ms4S6uryB7qPYoffK4nn5qB8ht+z30zdQX91dVPABxqMurO74c6j/FIKMFEWo9hkq+lDbJBYpxk6CtsmlvsC5jLl2LzlUdybuzAIZTTgWezc2glleke7qgA0sMDS8XFlbfl8Mi81mTZ9j95UjyM30vJ2/YhIZLlFpXCwJa7ENj8o7b6/XkuYYCr0Y0mfmHKrTRLA/mubRcn+YPXB6iVztLWKcFjibOdXIUpScqFsLbtXI/039INlG0apLkFlBfgEfWS9aUAvR6YihI3yZxbhfPbM+40HBsYzrBy65medaf6m7ZTUImmkvcCe9CVHDcoDeh4dINg2b4p12CB92xZPB18K8gJWyagP+ykPPNMcyoNHu7s5mPyZ5h5BE8l5v246aOO9rpapXo4njpdc/hF7JtWH8Yqt+luGkEJFaK0pR0e7g1yhrTciwl5B0GGM2XX/YYXqmIZQ5KU03t4uXYQUbuSMeHbJMPOTiBrE+DP2pA5eS3mPM8zpwxxJt1q6m8TRfj8OrQU6ODTFkhRwZoukhKDPjmwwmW5V6AQhy6HJAXVAKHhkeGCa9e1jC5aD/+1CTDI/5Ge/LBJLn44Xro5uFc5i4YfeB+oa8+W9floXjzF5+80+ran1OTkNPPOFslFNW2XPGt8kpFkeyj1c/PcpduF3Vwz0p36HBlVgYu2iBHd2ab1Wq9gqm0AP1OK4MDswGtJeNmPRH8AL4nnsuuw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(376002)(136003)(396003)(39860400002)(346002)(451199015)(36840700001)(40470700004)(46966006)(356005)(40460700003)(81166007)(26005)(36860700001)(82740400003)(47076005)(40480700001)(86362001)(6916009)(316002)(54906003)(8676002)(36756003)(8936002)(44832011)(82310400005)(336012)(41300700001)(2906002)(70206006)(70586007)(4326008)(426003)(83380400001)(2616005)(7696005)(478600001)(5660300002)(16526019)(6666004)(186003)(1076003)(966005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:46.1528 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0ebb1bb1-51a6-4994-f04d-08daac91e667 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT056.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4967 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- Adapted from: https://lore.kernel.org/all/20220616084643.19564-13-weijiang.yang@intel.com/ --- arch/x86/kvm/svm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f3813dbacb9f..1f31a991c745 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2764,6 +2764,31 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.ssp; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -2995,6 +3020,39 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + kvm_set_xsave_msr(msr); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.ssp = data; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + kvm_set_xsave_msr(msr); + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Wed Oct 12 20:39:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005408 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D1BFC4332F for ; Wed, 12 Oct 2022 20:40:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229769AbiJLUkE (ORCPT ); Wed, 12 Oct 2022 16:40:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229771AbiJLUjz (ORCPT ); Wed, 12 Oct 2022 16:39:55 -0400 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2042.outbound.protection.outlook.com [40.107.101.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 152E83385B; Wed, 12 Oct 2022 13:39:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GOQv7rJiX5U51Lt2+6vRQSg1Y65fG+tl0p2wVGgfL+0HFrdbpyFoF/SMVeZdc2Uk1rXQMawtm8wy3z7C2b/jc+PA5KJ0pk9IKhd1MEtTJ9UG/nxCcJs8ACxUWS6MCYw0qY+wN7ysycA4kX6V5roxv3h0b9vY8b9tIoc4sTUvZo39D2ZFCADQr5P/H6CBVWOluzvyWot2Kk6GaS/gMTQyMxRC2yP9XjYSA7rQWlC3uk5QEme8uzfeDpTtx1wZ39GA+UBdxoVsqz3Amaid625KDd2xU7elcoFI7Q30yw1g8IJlBkfDdnBNhVxt8pYBWaVDIyVRfJjBn2m9m91SAbhkaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VyNX6z8e4gthdHPGuuJfzgsp0mXlE0tSFRHic2tYWq0=; b=oAAkrFYl9jy0rCiZgirTukFp37haqhD1UqJ2KX3JMCJkOuO29mlK5R1vBXrMcIO/mm7XWyY4o9nLPjqqpoZlJsEgrzABEScYgB4ageh+sCs6mPWIihxQxtEY9ePtsG0/BUaopOeYYnvhM5Cjbpu5M1B+8kULjf7WV91cL4N+XdVw2gtZgGUqjxSd7b2fTt0pS5srxsz40q3HSeDEZMKTtZFrJvuPzmtAf32G6jOSDMRjVHpEjtZBbY6WCWof797sprob0llfCaH/OnUQhxvvOhyfBK55Cullob2DO9/YepriygWJ+Z+4e4+54IwNxlbnT5NSlmn84ACNKDWGGRo1LA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VyNX6z8e4gthdHPGuuJfzgsp0mXlE0tSFRHic2tYWq0=; b=NsG53Q0F164sZR5n1qb91wL6jFJvc2M6aMzly9WFH8GLZZ/PQMj4CjnUeCFpzQmq/uEav9YIHcATFhXrSBTpXzZ0L22mtkX0pcclzkyFZivwrkWQg86Fk24MTsBGGwJe/Pi+bV9JyFZTq1GEuZsB5+mQBAc/AQJyDsDQ1AFb7is= Received: from DM6PR14CA0061.namprd14.prod.outlook.com (2603:10b6:5:18f::38) by SA1PR12MB7318.namprd12.prod.outlook.com (2603:10b6:806:2b3::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 20:39:49 +0000 Received: from DM6NAM11FT093.eop-nam11.prod.protection.outlook.com (2603:10b6:5:18f:cafe::4a) by DM6PR14CA0061.outlook.office365.com (2603:10b6:5:18f::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21 via Frontend Transport; Wed, 12 Oct 2022 20:39:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT093.mail.protection.outlook.com (10.13.172.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:48 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:47 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 3/7] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Wed, 12 Oct 2022 20:39:06 +0000 Message-ID: <20221012203910.204793-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT093:EE_|SA1PR12MB7318:EE_ X-MS-Office365-Filtering-Correlation-Id: 9c059ffa-4a4c-4f7c-d672-08daac91e811 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 09tpuXlirux46t3RgwFYEFWXvCdWEkjmZ3Bw/pr64wUbl1k7sFTc6dckDKq6bE2if9R4o5cUjbA+6Uhm1CniyzqGjgjIIsvWJU+WrNtA88QVXl1zTJOnGEoHkoCKbjLagHa8zqyTrLGyPI5NBhQUbRPhEt91FywMWPj8v7X1niZCxmBfHsXjL7wWIu99f4F+Q3nBrBpYnZ/s+XV0J0Cpu/c+HNkxqyNFZstLi+HS8uC+ImA3kZd1I2XRr5eXGMbsiH7JAi77A81hukzEMGcKIhgJw/Zlbgc48dUq4Hav3Mb1ueKnxhiC0Y/sho+NtqaSp779FCbRaElI21D/3eH1HoRWCpKZvcbZOl23z5duen2Ttx7lh1b2M93t6a0yw+59HANUrbk/RRG2Eh+zrdTDN3IYEa9plUoMVXof08WK1KXjafMTxm+KKvLoUltzcDjaGBqQNvITKOLwbbqZqezEs1XHT9Z8mNk+xHVUh5VNJhuP1gAA7idEjBZyt8kkIlhjCbTXoOH1NcBecjRdFwIxgmU258/OLe0PAE0yRnVu0HRt4cL9vJr2B98n10K8l2rLQPPyx9XMIg49HJKU5ZlXJonmd1Saw9U7sly5bFUoVjHWh2+oTOfK5BvXrFV1qx/DOiyF8NO42JM6kbgenI1LO4ND6ncwk33J7IUyYmoIMZ3sb33r4LImbRFdjW+u1Maq97N2zSfkshHCGWjTQXXdeWwHkf26hJrliNjH12J2N2as5v5aM5xCvh8WWo/hGqjMaEl86rdVVDmUuZnt8RZ98DM+mCSJChjsDVE+1kHNQAedQ6tfZ1BYuOY4jZTYLYX6 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(396003)(376002)(346002)(136003)(451199015)(46966006)(40470700004)(36840700001)(26005)(7696005)(36860700001)(82740400003)(4326008)(316002)(8676002)(70206006)(70586007)(81166007)(86362001)(40460700003)(36756003)(40480700001)(356005)(186003)(16526019)(6666004)(2616005)(478600001)(6916009)(2906002)(54906003)(47076005)(82310400005)(5660300002)(336012)(41300700001)(1076003)(8936002)(426003)(44832011)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:48.9440 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9c059ffa-4a4c-4f7c-d672-08daac91e811 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT093.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7318 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1f31a991c745..411c815d2d91 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3372,6 +3372,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Wed Oct 12 20:39:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005409 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5C9DC4332F for ; Wed, 12 Oct 2022 20:40:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229733AbiJLUkO (ORCPT ); Wed, 12 Oct 2022 16:40:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229798AbiJLUkC (ORCPT ); Wed, 12 Oct 2022 16:40:02 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2064.outbound.protection.outlook.com [40.107.237.64]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E67846DB2; Wed, 12 Oct 2022 13:39:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NdBJVNznU61oGf+nrCelG5gsTkxTi+Wkt2powbSL3XSZA2DGEVaXJj14DPjr2DPeO4AHaFW4xv+kme8gMyyNBoVS7WG2OVdoLdjhPDTmhbjsHh+KtBJI0/z7iUHPJ63t2iN1FabwKPJGw6mu0if+y/4aMyL9uPBrUHQ7hW0fvFtOv+e1Lx7ni5f+bxPtagB9OHXXpa2SOCMmpcLqweMLQwkNWVDNZd+FBwCS+gTrEGltnot5tsXZKChFZrgYFJJh/MyKgUjJ6r5DZOb54Ed/O2w0z/EmQsbSvg6+ljmxifLnP5nj0LeVxvJN4NIq8RivCdGopSF1XYVGiPyg89BLJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tCaTMiFcosaToXMxM2YR9+g98xZMYjVyHXgWOVbvcI8=; b=IEGWGWxDmskScmmRYEeAjDYf/rzNax9Pr8w/QZcl1JMIVuNO+GWU9DxskuMJfsTnpgwxXlmtCC7VxkSxGF1j9sFvX8oJMNmJuYEF3pv+e+hx2FwkPFlF9me0s6Soj9H/8IhYjwTCRLBetzYepEwjRIIXNpYL8ado3Zgc9HFOUp6Vr5xo7tNTbNUnzZYd8S0i5uxoZ6UrNTIDGRiIKrijGypXJd9rYwUyQ9AwzeC42YeUFa6bXFysI19jvV1GgRX+LDpnuZi0JcMbyHJiwvDF0Z4SJBHpzTe+Rnajt2hpE9dlJuidldWAPtGBrjkYa1KiXTHmXzaC/nzIRMWp354Xrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tCaTMiFcosaToXMxM2YR9+g98xZMYjVyHXgWOVbvcI8=; b=Tn2EiViBwOKnMjzy3MUTxwVDuey77/jpwOXInZI2FR/pPqDxuw4lh3L1yKel1D4Yn7aN//PVNqkpZGUf8QgFKgB1Ylo3MY85EPNcb2mSGC/hcxYHBHpaPLt0t/KNwfCoNyLeXMDSXGHh2VZHGSoZx3Mrbe5ueIgTsqGD5AWRinM= Received: from DM6PR13CA0067.namprd13.prod.outlook.com (2603:10b6:5:134::44) by DM4PR12MB5102.namprd12.prod.outlook.com (2603:10b6:5:391::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21; Wed, 12 Oct 2022 20:39:52 +0000 Received: from DM6NAM11FT060.eop-nam11.prod.protection.outlook.com (2603:10b6:5:134:cafe::c7) by DM6PR13CA0067.outlook.office365.com (2603:10b6:5:134::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT060.mail.protection.outlook.com (10.13.173.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:52 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:51 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 4/7] KVM: x86: SVM: Pass through shadow stack MSRs Date: Wed, 12 Oct 2022 20:39:07 +0000 Message-ID: <20221012203910.204793-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT060:EE_|DM4PR12MB5102:EE_ X-MS-Office365-Filtering-Correlation-Id: d3a9528b-032f-44a6-e046-08daac91e9ed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QmK/pzW+y2zLR4uvQbrFPMv5xGXsJjRhqUhbyNhE16orYLofewqcTiIh5Dp4cojV+Ue91fs1fIZQiNt0j4Yb1amUjGTEYytBf8HmsGxT3ND98q4oFBQKotGYSAGerANKCFmGlUzl/+zS+H9jkiw8dghQH5dTKW+DmjVfyKGDixPB9PjHmADjt6sQwYP7AlTCZCN7BS/6wGRLDrLBxOr+KbFGZ55qJzQIhi9rEcsy6YKXkDumkpd6Jsc8umrpRRr4+19LzoPDgmun/LETjJGzno5u10EU5RlVfcyJGbeDSmzI8dvi9g8lPpn3bjHYfcpC3tEvTtJ1qeyqynZIxiU9U5bc/0YtS84rOnzBrTwzIP+m4hyHaa5ZQdiou4YH74MlrYLE7CEDQ+A6JHaDU+K8H5cEEa37K8Va8qQz7iaEtySYC4CT4d3Cdcx1nwEXrwTP/1xqKk9gfKC5fWGa/cqgE0FwcF/YfevFtsX24pu4W8S2n/rxGil+7Z/JYJkyoaKPUSaFfXJYFRQvTHJ9hWKEYQiPmieOzmDc/y35Hn/cHFOPuqsxZgQrqaF9El0zMrOW4YRUiPYo7PynPeLpa2YLRVFNGBHBUstopiTXvTA0v9TcZywQ56rSzIamb6LhniOMulylCzdRtH/2hRTFj68i/0lvoJtGYrl0no2fAR28/g9e4HJUOrIg4wD9fVEWNGR5L03CSLesSETtkbO5vWw34pujJ7RVdhw8LpvcTJHcED97TO61mMXlj66dNsIti5jNPljylvFoDvG4xjUWFjR9+iQjibhColKr9fW/4b99Ouu2kTs/V/j+vQdliPMX+hje X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199015)(46966006)(40470700004)(36840700001)(83380400001)(36756003)(86362001)(41300700001)(5660300002)(36860700001)(82740400003)(426003)(47076005)(2616005)(336012)(186003)(1076003)(16526019)(81166007)(356005)(8676002)(6666004)(7696005)(26005)(70206006)(70586007)(316002)(54906003)(6916009)(478600001)(8936002)(82310400005)(44832011)(2906002)(4326008)(40480700001)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:52.0481 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3a9528b-032f-44a6-e046-08daac91e9ed X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT060.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5102 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 411c815d2d91..f40d3df2c1be 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -134,6 +134,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1174,6 +1181,16 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cet_user_supported() && guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) { + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, 1, 1); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 6a7686bf6900..c1c3e090ff9d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed Oct 12 20:39:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005410 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09680C433FE for ; Wed, 12 Oct 2022 20:40:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229802AbiJLUkT (ORCPT ); Wed, 12 Oct 2022 16:40:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55932 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229744AbiJLUkD (ORCPT ); Wed, 12 Oct 2022 16:40:03 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CDCA558DA; Wed, 12 Oct 2022 13:39:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J3MC7Hu6iKeyYFpMgUbGcpCm9w+/Zwg6NPJgKLTl2ZoEMzLhaR8Iir07O9vT7VDRRdvQw83cN9MdR40Fpz5JzPq4bDjYTa5AuVZl9W6QUJJ5Pah9HwBgFzmCjN9PtnYvtbY27vdEdBjcK0PXPSJ6ORlw48JxyA3ecdxxGw3XmPMfN541GCqX1TiWENtI6foDN5loL7a/v9OYogQ4R6Lu0ltp2Hzr05FYt9QtBIojguD3ZJ7ACnnN9g40uL2Eb7BZEId5B+Y+v7hbhLE0orNnwevhVvvR7oY4FoTrlQyeYclPN/Y+pda/wDRzVfMaR9P6HoxnbhCza/BtEHRn/6S1dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IjtLWaNLnIOShtJrHhAGGg3GAh42EkK0x9T227Jn98c=; b=iEuIEDAmoTC3wwXveO+OAA6GmUBVOJowmFbzZbsfN3uP39OvbKboQohoCryPMQghHtLQ7EikqcK7y2PNxg3Avf6b0NogSXsrLrSB6Dq62J0HL0DzIIPcldg1/SuvikiExrnKz7O6zN0fKxrTFmFdJ99pdGgcawzYSMps38pZT/p9N6zyGSnd7hCvX2m3t9pe/UQ+hjJjuSlpCB8DhKa2ZK/SH9lfzrF/TxU9L6EV5/rZ/62scHhVvUX5B0LSVvgfOpXsRAm33aGH06hguQGjUACzLABxa1kp5TZjcerajaHdUUjZT1jPk1s5tfziRx7s1r4PWmA+2ZbSY2kxNgurAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IjtLWaNLnIOShtJrHhAGGg3GAh42EkK0x9T227Jn98c=; b=JtLvy3/UMMifNgG1yYBtskJhlSS6J98uuLitoxtcDDN8cfBCxdz2M0RL6x8BYflsmCS7EvPRyP5dQPO59OnJ1Skddd/W+DS89Yg+cYKbwkSdt2ad0FAr8R58ihr1iPdloFC/0O9Q5x/QwwyAB16kmniiycAUXg3daTqwN5oVrpo= Received: from DM6PR02CA0041.namprd02.prod.outlook.com (2603:10b6:5:177::18) by CH0PR12MB5217.namprd12.prod.outlook.com (2603:10b6:610:d0::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.22; Wed, 12 Oct 2022 20:39:55 +0000 Received: from DM6NAM11FT057.eop-nam11.prod.protection.outlook.com (2603:10b6:5:177:cafe::5) by DM6PR02CA0041.outlook.office365.com (2603:10b6:5:177::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21 via Frontend Transport; Wed, 12 Oct 2022 20:39:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT057.mail.protection.outlook.com (10.13.172.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:55 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:54 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 5/7] KVM: SVM: Save shadow stack host state on VMRUN Date: Wed, 12 Oct 2022 20:39:08 +0000 Message-ID: <20221012203910.204793-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT057:EE_|CH0PR12MB5217:EE_ X-MS-Office365-Filtering-Correlation-Id: 3a96f081-4bd4-459f-90f5-08daac91ebdf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nHTwF3oqJth2FzgpnOWhvq7aVZ9GlRYMzBqYk1qi8BuAAp0LjTMrxvk5Wi4DpmeJzA18wz4lQMEHJFA/6fLxsSjYixWkdsOPEtKwTCFbx2Swv0KKtkQ/8vVQG0qvPok2so7r63MdhJJDgS6rR9abQVsoPHH3uRVbUzlv8XUIgAEIRk82BLwKj2pRinZlBLfte4bFDQMDcqcKCDWAHQCNZIR4EnbbjMmom+/vrr7HsYsy2lVcaIHP5u7G88cPDRiQiwY/fjujTbBNeClSMmmsR8lZNeddApOmV3mHRuLgFYjqNUGICMrQNb0FBhf6TarWA/HjBuLKlIY0yP69oq2xO1giHoXjeQx2JNM+Hgs9U1SEiFfYDXsgDDZEo6xdPaxfc6l0dXAPTYB2kCohqkpm84Togci+81jnfR1pYT/HLlCa0jIpdFDaL93S2aP1MABn6kYbLF4SqmnNIaoothgskalLOHEsidtE+N7jEONvgZn4k9yqV8I2HmI/e7d4SlhzVHuislLYCWbVDdiD833a/3ySTzXlDsHYGJssGHf9bnwrbpOKQf5XiMKEix5ZIWGHTwB/FPQiNJgVgnnNlOVp/0q+qJU7f5u2EC8YeNJqdHVg9YjgLiPfzFH07CuKEpE7LYkCksGSBuXifC/7upkuVuG1WtTkXw7PDV722/4mBxOXx1mfqynVxczYT3LA6VikW+bLlfPcI1rv1xXF7q5yC+3lnKCbrQf1ENOK7GE06Z857RbpyA8Gbj8jLnhe4YRPQnVyRThBkp0oU2FpnxZ/nnbACtg1UANkR3heAMhGWJE= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(376002)(136003)(346002)(39860400002)(396003)(451199015)(36840700001)(46966006)(40470700004)(36756003)(36860700001)(44832011)(5660300002)(356005)(2906002)(2616005)(83380400001)(86362001)(81166007)(82740400003)(426003)(186003)(1076003)(16526019)(47076005)(336012)(4326008)(7696005)(8676002)(478600001)(316002)(54906003)(6916009)(70586007)(70206006)(82310400005)(26005)(40480700001)(8936002)(41300700001)(40460700003)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:55.3254 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3a96f081-4bd4-459f-90f5-08daac91ebdf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT057.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5217 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the type B host MSR values before VMRUN. Signed-off-by: John Allen --- arch/x86/kvm/svm/sev.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 28064060413a..a5e72b2c94aa 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3027,6 +3027,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ hostsa->xss = host_xss; + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, + * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on + * VMEXIT, save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp); + rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp); + rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Wed Oct 12 20:39:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE730C4332F for ; Wed, 12 Oct 2022 20:40:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229797AbiJLUkX (ORCPT ); Wed, 12 Oct 2022 16:40:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229814AbiJLUkQ (ORCPT ); Wed, 12 Oct 2022 16:40:16 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2048.outbound.protection.outlook.com [40.107.94.48]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46B3FBBE10; Wed, 12 Oct 2022 13:40:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U8iRMN+3fecQpAqI9WhMa1RrgdFHPUgsO8zsc8uzHnfE9Pv2KX6fQ6+Z7zirvaZN0T5DKCBjfkvEMfiT7p9uSny/++DpXS47oy65Lz/4UMqKm8IrhUq9VPssplItF2v7yIQ3BcHM1QCkrUQSKyGc4z0u2GSyFdF7b/8kU88n7P10af+nLR6HiBidT5T0Cvj/NJddPeh4W+RlKyQ14/uavwAcOXGQHlKHiDTEfpvb421dYQJ5SrPeNobjudb+IZ0vol7gSmvEZ/3kCJ/EzwLHOafG61b0OvFZ09hcLMtES2v73QXTnNdtMtDs/ay/XC6j4cxeUq77fU8jobnKTjK7mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H1LTqa+VzJOJfsMqE1nEI75EN3P6FsslOSeF6BcPNPA=; b=iIUAe/CS2GkZmJFZBeySbpFyHh5JFWPXL5YBnXHO7dLJQDrNop0SyfMDIGCEv+WRSXJCZRivKrujjD36u+sJ7aX04vzM6VHGSnjbduUZmEPqWQyUQM4X6lzSsZn0yGA/wbZDbGZjlGC71Mf46zjtrN7BxNIUH9QvXTP2v8Qj8tGTpd+sMXUnLnn7XNhIid01ZlR+sWzKoquaJd7YTO9kfJ2sZscOQ0Ozi2cW5b3NOGykzgQfKq66vR0aCvdXwH9T15G+YBDV/1AwAjkmI6vxpPyF78mm0BMUf1Tl2AevxC3AXict6sI1GbURouCkKjVkOTdKfb0FwLTBPWSzY10Y2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H1LTqa+VzJOJfsMqE1nEI75EN3P6FsslOSeF6BcPNPA=; b=2QT8zaIV2vB9fNHXY/s8lONupje0/FWpkM+MJPXDbrS5tYS7jPJ11vfQLio7RZN8NYBLEloBC6Lr3UkhfiWhHjjhU364WIlYC7Zz6TM+kuaq6GTr9faw4mR8x5yrn9Un52LO0KjGxv0qMpr84n/Hh/IthVoYGYDumvwW62MRH24= Received: from DM6PR01CA0017.prod.exchangelabs.com (2603:10b6:5:296::22) by PH8PR12MB7207.namprd12.prod.outlook.com (2603:10b6:510:225::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.15; Wed, 12 Oct 2022 20:39:59 +0000 Received: from DM6NAM11FT098.eop-nam11.prod.protection.outlook.com (2603:10b6:5:296:cafe::41) by DM6PR01CA0017.outlook.office365.com (2603:10b6:5:296::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15 via Frontend Transport; Wed, 12 Oct 2022 20:39:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT098.mail.protection.outlook.com (10.13.173.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:39:58 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:39:57 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 6/7] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Wed, 12 Oct 2022 20:39:09 +0000 Message-ID: <20221012203910.204793-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT098:EE_|PH8PR12MB7207:EE_ X-MS-Office365-Filtering-Correlation-Id: 72327a0a-ed9a-4b62-c109-08daac91edcc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6Kt1ahcXXhbMCWFiMyfFaIGU/6OwARgdTCldJoeKnJTIVbYAip7YRRIXoLsCeeMkJxqobrveKgMta8DAGWO2aAUjONwy0BDq4kR/4JKDr92yLx8eHXA00Amb2zQe+7aZ3Xeyhb7KTtu06L6jFg2R0ek4qeMI6qmEMGRls2S2TQPXhUpC2H9UeexR+JUAQ1u3LqDzp4yv43XO8StYEEAn5cet5nRcdR12/x53+FtMw/DlQE3GrnJCYa3jjMpDX9fUPVHtQdcDYTf1CpeaCeYnKW50Y9hR2GUD8zH2CmBr31cBi4lFoXqXYJU55rW+XA+UzKVJ8mStxJ7BVNVzFQAEaV+7wXkARo4EOQahCW+Vf8H47vPWYUfHBKKJ6O/delm+KV7mmq+hRjv0fvHCFRPSaRHy7aUlnoC6qf3dDe7ihg+HOdqXKe3THlQ3AUv48/LLkwPokYaeb59Z6FnL21PSjJJlfKufji56te1RKGvVkWwY3OF5PPu9zg5prlV5iHjNiS4lxjiGF7LQE1KhaqdR4EImlSHNCjFNaRIhYG+F9ez27MphqaZ/9sAPgAd9lZnwHyQTocGDrTcaDU/FJtnlvxT3vVliZGUlYycSjEHc4NkqTTRCQdSeVe0FSVwRbgJFw4InF32OgXJN63u7k+7E9sWIF6XiGfzvf56pLzlKs1KA3M9lzZqrP4O7xnuIkVMWmqt37pz54otXkBzSpeagc/NmcG7nNuobe7veAK1u3A/mwYw4Pd4+9GoUJirTfiePyCawpSzO9kX82u0Qf+Hy/eOGTGXEaOF8i6rC5wypJiZJjuUJzLdt2bP91aiDGR7s X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(346002)(136003)(396003)(376002)(39860400002)(451199015)(46966006)(36840700001)(40470700004)(316002)(8676002)(2906002)(82740400003)(478600001)(8936002)(70586007)(82310400005)(26005)(7696005)(54906003)(86362001)(70206006)(41300700001)(6916009)(36756003)(356005)(2616005)(81166007)(5660300002)(44832011)(47076005)(4326008)(40480700001)(426003)(336012)(186003)(83380400001)(36860700001)(40460700003)(6666004)(1076003)(16526019)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:39:58.5419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 72327a0a-ed9a-4b62-c109-08daac91edcc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT098.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7207 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 0361626841bc..b98c2a1087c0 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -625,5 +625,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a5e72b2c94aa..55730055ee4c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2418,8 +2418,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); - if (ghcb_xcr0_is_valid(ghcb)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (ghcb_xcr0_is_valid(ghcb) || ghcb_xss_is_valid(ghcb)) { + if (ghcb_xcr0_is_valid(ghcb)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (ghcb_xss_is_valid(ghcb)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -2988,6 +2993,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f40d3df2c1be..b474c7e57139 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -141,6 +141,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index c1c3e090ff9d..ad89b1dbe62d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed Oct 12 20:39:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13005412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE1EBC4332F for ; Wed, 12 Oct 2022 20:40:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229924AbiJLUkn (ORCPT ); Wed, 12 Oct 2022 16:40:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229844AbiJLUkV (ORCPT ); Wed, 12 Oct 2022 16:40:21 -0400 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2062.outbound.protection.outlook.com [40.107.212.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A85A74057E; Wed, 12 Oct 2022 13:40:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fGdLmBeiHQuUTU5Fq0Ya2vUQlR/bAzfc8NijdQzXamV/VBsPLDoYjTGYZml2QubMeqCj9NryOSb7CZLQJjOMg+4jCEyM7liBlrfgcDkT6/LgiSFuUZi0PzNhW0YHLgHDekA3+gggp/XsrFNbz6cTUzT9gqk9DkBCfKQHnwEo6qZmSoKzZFj918HpDjlvcieXrcCE0uyTj+dJdz3cFsdy6WmUWKOjHImBzfwivfR+EYU5tfKsIpZtroZ6gU9ojb0W3TfY/3YdKpOEfCAzRlm9on00WMPoT59QNMNg9iI6m9iDX6rzq4i6/p5ZQtJ6H0CGsVPf1/Jw0psqHydt1oT0Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yykaEUDx4k4btdvcxxhughkIR/ZXY/PQ+ERv5MKUim0=; b=AzCjOg73YYM47KReOuXIKdSMtNSU2REv1fs6K54e8GsezxoBNPpYoMkLwDgv5XeOk7pzcEwHNSNxvtTUc+SaLMBG6WwcV7rV8g5T/Jhm+5dCJaCunJCEx7Ds6l/ZA4C7Xpn0d3c5lH4qDCp8lxSG4JSmbb8BdKQlHZpcGrlGQ76s0Rsgcb5rPz3FLGI046P4/zDXOhr4pR2mGxU6g1e+1ITi4E+3mG46Ti1PzSMUeg2N1eeRwpYzpl3ulUAKIJAFFNc/N1KBGSPxXl3gW+ICFMp1gJYxoG9IcQsgPoZvu7qyosgR78egP1wUUsRx2SmM8lAljHak/iJIof6VLc+/NQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yykaEUDx4k4btdvcxxhughkIR/ZXY/PQ+ERv5MKUim0=; b=g4h4zw/zVHRqecCijOLJuuVEGfbWuZh5kDz/tpPfyyK+an9kH0ioEZ1vifkhuWMfgYXTQV8K6LveDsQboXnOqCQEVXcMIi2b7ptxGbEWIz5Ts332vlMMM/gJXZXm+O5hhEDYxOqV4vfnWswjHwI+QGAvEwQ7GaOSgDmPv0HtCDQ= Received: from DM6PR05CA0059.namprd05.prod.outlook.com (2603:10b6:5:335::28) by SA1PR12MB7296.namprd12.prod.outlook.com (2603:10b6:806:2ba::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 20:40:02 +0000 Received: from DM6NAM11FT104.eop-nam11.prod.protection.outlook.com (2603:10b6:5:335:cafe::1d) by DM6PR05CA0059.outlook.office365.com (2603:10b6:5:335::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.10 via Frontend Transport; Wed, 12 Oct 2022 20:40:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT104.mail.protection.outlook.com (10.13.173.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Wed, 12 Oct 2022 20:40:01 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 12 Oct 2022 15:40:00 -0500 From: John Allen To: CC: , , , , , , , John Allen Subject: [RFC PATCH 7/7] KVM: SVM: Add CET features to supported_xss Date: Wed, 12 Oct 2022 20:39:10 +0000 Message-ID: <20221012203910.204793-8-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221012203910.204793-1-john.allen@amd.com> References: <20221012203910.204793-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT104:EE_|SA1PR12MB7296:EE_ X-MS-Office365-Filtering-Correlation-Id: bc92e5dc-91ca-4def-fbd5-08daac91efba X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GK/F6oBJPiaktMd7+hopSpjJP7jU1bUd1NCmonryS0IhBV4A7XEBiLWr7k0qaqKXblMxVhB7phSCzi1ZismCfK695skRClHZ44t/XVQdikV3ckg+QifJ+MN6gOdXTh5hHQZGVQg2T8euxNwKyuiFzc0+5yfCx+VHdin7HaDZW+BINZhBdjQnMjMBbRnP5DzE8K0nAMTPsy4xBUqaFUuS795O1vmie67rjxdxG5X+7rg4y+mCyP7Di6XhcxCp0qyWMIlUxhNfkHNrzhVs1L8aOylk/6Aqq+0/tN2PFhSJYHAZuTOsgonZBZZLI7iGZ0HurJyj4oqqzGfSWDAegZvU/O8OssmeE4QJNdyol63LPfjV1AAYUZdW+TpPhEbr3qbGE4arsm8TlFowW96UhdiESaCoSl8BEtJoNyTxBdzv3lQxSIg616jkQ699FVu9IY5zbNobKVlfgc4iHds4FFmnzgvVDSsPqR/+YxN0huS8tPpMkEjGKKoru/mkzulCbmOnKkCNKNlqzNZCngJ1sW6j9HZFUxGJYsfxy5YmkxuKtTlJF8xGhdYkW+53GXaaOoAf7R8nrAlwF6PYiFUcdXTuYYradxHfCIcl9WxK8bjthD3/mlGIv0jsPMbIs+6UpcrBEzkAwOTLgmC7Qt+0EB9acJ28/a2qb3esz26qYg3MwrBlDI237CsVMcXLgUJCABOGiLG6ucIcCk0LLBAuAzGPTXJ30zf1QBtf8upNYNyCX6KJBJIesY/76bAhXuC7c6BvkLXF6XkgqGsQIEhyjJBlYpqiw3IvFFCjPG91ErqnJK7dOVs2/7cdFqSgCq5PyEal X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(376002)(396003)(346002)(39860400002)(451199015)(40470700004)(36840700001)(46966006)(70586007)(356005)(8676002)(82310400005)(4326008)(81166007)(70206006)(54906003)(40460700003)(40480700001)(36860700001)(44832011)(86362001)(82740400003)(6916009)(36756003)(316002)(186003)(16526019)(8936002)(26005)(426003)(47076005)(7696005)(478600001)(336012)(2616005)(6666004)(1076003)(41300700001)(4744005)(2906002)(5660300002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 20:40:01.7809 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc92e5dc-91ca-4def-fbd5-08daac91efba X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT104.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7296 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b474c7e57139..b815865ad0fb 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5026,6 +5026,11 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + } + /* AMD PMU PERFCTR_CORE CPUID */ if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE)) kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);