From patchwork Wed May 24 15:53:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EDA4C77B7A for ; Wed, 24 May 2023 15:54:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237470AbjEXPyf (ORCPT ); Wed, 24 May 2023 11:54:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232134AbjEXPyd (ORCPT ); Wed, 24 May 2023 11:54:33 -0400 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2085.outbound.protection.outlook.com [40.107.95.85]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF1F6BF; Wed, 24 May 2023 08:54:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XhKwbVHK3DXIYsNKHRgMaBmWL8QkNfJTHghICdGUDk4rFr4jKf8IdWei24NeKWk8gxHWPmHl5EMjwv4BUBnVyw1q/c6ZkGs0xE3cZX9cd0wPi9bpkJEs/8HQjJT1/sH4LbgBoGdefdMDIO6F/c6zH68vng35oiMCxljf8IadmDNM6q82fAjaAiDp5nrNondVWsoh68LM+D6sSTSkMGhZc2nLFn/tuDsAbrF04W7QTDc0f6lozdxNf4ADtKl49u4ODOE/Vl+Lk8K+eBghjxZDXG/bQPTXq1+nY9/DWOsBlgkUYIOwkKUphb+cyamFIuEAxzf8HdXTU7AFH2K9FCNgxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Uj0bkYXsR10s3r/m8xtxss13IhLieX8HsOzV2Z7O/i0=; b=is25l9oGO14Q26VaZ9v3E3431vTfuw84b7xjorlzxRbOEdxrb2jpZaoFCMDMgqs2tJvY+u3RCvm1IZ5hvAb65uynJ4550+AcVl1c1WiGIt3Olk756C9wECH8M/va+DeUFyqrk0eYkVtMRvefffL1xaUP4LAJjpp9JYW8pJ5uFeAsnYRYVnArE4Xpx1Lz7SOrnjF5/6vOxWt5a2cBGXoU7qjcgPwjZ3wMBYHA0J6UMD2jdbvJUMGugKpL0iJPxpqQyu++v0tlFVuZiBhn2fPPj0KkqG0YHaYgEmw28d54J+M03Q7T7mhhiBaUM3P0aN98SkJmigS5+/2FUbiDDNYrYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Uj0bkYXsR10s3r/m8xtxss13IhLieX8HsOzV2Z7O/i0=; b=Br1zPgThllSS3nyZLXzdIEE/twQsEDmxBRvTpm6f3SC+KYy5XB8LRBtF+UvfdTkwwU45cfzO1ZN74sg3/zQaLte0uw3gkS8L1o3cpHnBdlTdII6HOWFsMy8PYh5QCzG9m6x/ha/OT/QzDgf29XSHttLwsMwdABbxyp+lNX7sRW0= Received: from BN9PR03CA0893.namprd03.prod.outlook.com (2603:10b6:408:13c::28) by DM4PR12MB5889.namprd12.prod.outlook.com (2603:10b6:8:65::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Wed, 24 May 2023 15:54:26 +0000 Received: from BN8NAM11FT079.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13c:cafe::f2) by BN9PR03CA0893.outlook.office365.com (2603:10b6:408:13c::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT079.mail.protection.outlook.com (10.13.177.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:24 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 1/6] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Wed, 24 May 2023 15:53:34 +0000 Message-ID: <20230524155339.415820-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT079:EE_|DM4PR12MB5889:EE_ X-MS-Office365-Filtering-Correlation-Id: 1d4d0fbe-5829-44e4-c266-08db5c6f26ca X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bQkRdOaafGdWAe/xDCQaKjsZokIspN2Bj9uMjTJ1i9+g30qKvIUxU+rcmhq1uxSNSZAw9iLTsZNIvZbbBUzEVvMNShCW9cqsazx1AphIE5peVW5de7fMoWCI+wvhLHDkem4dzURvhXp5uu1+J6wUIyzrnlpd6La+GYnc+DYS/DUaWa3o9a34BBcqL3x59tAr1lqOQx+tXXXlY+l4uX2M83MB8H/gM5NyJ3lS73/kotAIdOP1SRM+1dg0SK9VJVUYXzM3ggLuLRICREUBPW4x+YhgE8UQe6f8QfbAZbBUXeILSWkYxMi0Rt+nOIj3RrmJQUMWd/HHvUpyrqOlC8o0fWX0LGitXC0Ld4IV2P5Yf4diD3V08BI8cIGmV2LBlJq0/0uiRZvVel9ykoJm/6UuXxAVRSjUY5wiSCRRWDBzXL/+jpkqHNfKP3t9ObU//xaRMcka0SHfshwvShx+FpYDptvqiThi9je6G1NwEA2Lj+X45UZETO8GkAY4PHYmPU4KEqkR1uAb3i2F6KZSTNl3jxciiBA0BHv6/7W0Wuz8F+lbhdlYtltaHzE+wUcTh1t7244mgWnTe1fx85LBLdRrC4BrakX1VZyScyEV/GZLw/Nu0woz9uW2GJtO7JqOgb0u2oU8ckBkR+i3BU7TrrMZgAFzbxPxqYEh04h5StTP0x0C4GiaSGtxpf2CD9EpuHgg9d0A5etQsAksO1wKkSrOTjQUiNslVWHHyqj/6Gu2RmjdVYImk1lE/h753EnpzLVlEdSR2q55Pl76RzI55zBu6w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(136003)(346002)(396003)(376002)(451199021)(46966006)(36840700001)(40470700004)(2906002)(36860700001)(16526019)(47076005)(186003)(86362001)(2616005)(40480700001)(426003)(83380400001)(336012)(82740400003)(81166007)(356005)(5660300002)(36756003)(8936002)(8676002)(316002)(41300700001)(44832011)(40460700003)(6666004)(7696005)(26005)(1076003)(6916009)(54906003)(478600001)(4326008)(70206006)(70586007)(82310400005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:26.4535 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1d4d0fbe-5829-44e4-c266-08db5c6f26ca X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT079.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5889 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index eb308c9994f9..822d7a65e92a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2800,6 +2800,31 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + msr_info->data = svm->vmcb->save.ssp; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr_info)) + return 1; + kvm_get_xsave_msr(msr_info); + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3016,6 +3041,39 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_U_CET: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + kvm_set_xsave_msr(msr); + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + if (is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_GUEST_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + svm->vmcb->save.ssp = data; + break; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cet_is_msr_accessible(vcpu, msr)) + return 1; + /* SSP MSR values should be a 4-byte aligned canonical addresses */ + if ((data & GENMASK(1, 0)) || is_noncanonical_address(data, vcpu)) + return 1; + kvm_set_xsave_msr(msr); + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Wed May 24 15:53:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80F09C77B7C for ; Wed, 24 May 2023 15:54:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237529AbjEXPyg (ORCPT ); Wed, 24 May 2023 11:54:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236127AbjEXPyd (ORCPT ); Wed, 24 May 2023 11:54:33 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2089.outbound.protection.outlook.com [40.107.243.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A304119; Wed, 24 May 2023 08:54:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ryi5QxoI2NKF1NXJ50wi9tdle25147LCutwsTNnu3pRWdSznMg/OoKXuQ5dWPgLj0RwRhh8dgl8pTOC9Ot3CxeF6Ipg+qYeQ7qmNNWwwQA/q6y9UFZwQa8sSYb7vK+NHNcYdUEBmEk825lnVwlzi079O+J4EYT9YCNbq8bCPbWUnMGgi6YMbtEIaTR+igTItxx4/TAkENmZi7vuBwKQM/tlSEexNl5h6B6NV00jBxqhDLchwN83+y1C0inXCG21c0TalePwuDDDyi2jLZDWo9+beYnV2W4KyVFZlyqHPtjfBsK+OKJqjINmc3JQZe5R6FkUS0C9Lo56A/yE7FsEx9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q6zIH168ovFtPh3MqZF5O+JOgyVJkebtffL5YDCpYbY=; b=f98FAm5ecvqezP1jO0T2nymnsDP0Wd/eFUDROxNn5cdrzTi1vouNjLo9cWcnoTv8fU2rWLuI/M5XOgvqpMrXm677PDyGdQZ3uMCzgf2UWuO9FWTwXjFo8lu8qWrG+T4h6/ul5/9Hb5DsGxcz/qtOVTNnWZtffByLYB2I677mczuyYOtm6/4RXJYWsZ5d8a2rP2HTr2CcFIX2X1FN+EXIBTCmTpM7Gcgmcudqg2i3b7TPZuWYxmzdLbXEu/C1ArGS032+keKGY67Fxu5XZ6NREb93sAYOwCEd6/LAWmnEShqFEOtwefhlOaBsIgum4ISDDYzxvdvsYIIaR0051ilnPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q6zIH168ovFtPh3MqZF5O+JOgyVJkebtffL5YDCpYbY=; b=zdvB45dOJ7AK5PS8SJSXuNVctF5CzmxhuVHyq75LXqI8edE9UUqVU4+Y+yYZhptc2UY/BBwyL17mEaJp69zBtKLGE0A4xWymqMhy95EMp0PDOEyh3fuDChvUG5oJE25kZ/qIubcCGTAD/fE40KKohKiwkvIn+WrLaDIRpPUSAVU= Received: from BN9PR03CA0883.namprd03.prod.outlook.com (2603:10b6:408:13c::18) by BL0PR12MB4913.namprd12.prod.outlook.com (2603:10b6:208:1c7::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29; Wed, 24 May 2023 15:54:26 +0000 Received: from BN8NAM11FT079.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13c:cafe::19) by BN9PR03CA0883.outlook.office365.com (2603:10b6:408:13c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT079.mail.protection.outlook.com (10.13.177.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:25 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 2/6] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Wed, 24 May 2023 15:53:35 +0000 Message-ID: <20230524155339.415820-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT079:EE_|BL0PR12MB4913:EE_ X-MS-Office365-Filtering-Correlation-Id: df79e489-4fd1-463e-be61-08db5c6f2708 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y4vj+o+d6PXxIb++2EPjxdturEJaC1Azt40vPIumiW7iYoG2V2Y74aKBABsrwyCejZr7ejxUSOS61u63y6D9zdRw/qE4Bp1zfS0XMl0uIo8Q92ptJesiXYGQ+uvT1IjcAgOuqwd338+Hsf6m4ycmhWkViHYE11QnHJCewC3AzzmAZXJo2YDhFelwVXSZqVYrRAruDIMkQg4VDTsy6UDKpxYwri3kfhlBaDcm+4tZtOjEKv/yLOUJzpm6MzjgvSn/55MhsASAeKZux4VN99j95Oag4c2cHGFZanLwEj9N6j1vud9CEManWG3E+odVbKAw98Hqj1OrGI/2ddpf+aYrGdyIrTJRcv/3NSsKUYrisfuLQcAkzcj3a0UyKy+R/k2SbSf/NdCCTz0c5rtyZwcqVlWPXh8fU/ai/qzBmDfmAbe8C9MrwqsT5CBr19N9wzaASTn/RbYKB6Lb1PjdYeR3y315vZsQmbmO8W5EYctlaZsNsOxY3wIIkg9OOvTczDnMNHZvr4IhCZwxRov/mzKjGY1N3JaerH8dSQbgx7xaxM1wcZXjmuHYu5wswftfzT90SAUzEI4nkNQH3p/IRDHtmyTwYLCjBCDRjjzh0YveIEoms+F/Wm2ZG1oESIJ+u5TmudkNHcwZaDQeGfa+r0Ef6M7yVJFol4XkBckeO5ENTdXUg3+PI5zmWjdlUX0T3uAMam8gGfJOXzpMHRZe8JGK78dboJsyUoqfQEh/jKKLssUj2/i1jY+oPAmU4SKYXgGgvBuj+MCLuFWJSCjDNLqDvQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(39860400002)(376002)(136003)(346002)(451199021)(46966006)(40470700004)(36840700001)(186003)(81166007)(356005)(82740400003)(40460700003)(26005)(1076003)(44832011)(2616005)(47076005)(36860700001)(36756003)(336012)(2906002)(16526019)(40480700001)(316002)(6666004)(70206006)(4326008)(6916009)(70586007)(7696005)(41300700001)(426003)(54906003)(82310400005)(86362001)(478600001)(8676002)(8936002)(5660300002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:26.8754 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df79e489-4fd1-463e-be61-08db5c6f2708 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT079.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4913 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 822d7a65e92a..6df486bb1ac4 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3392,6 +3392,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Wed May 24 15:53:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2960DC77B7A for ; Wed, 24 May 2023 15:54:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237612AbjEXPyo (ORCPT ); Wed, 24 May 2023 11:54:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237544AbjEXPyi (ORCPT ); Wed, 24 May 2023 11:54:38 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2047.outbound.protection.outlook.com [40.107.96.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63FEF97; Wed, 24 May 2023 08:54:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dbj3zm02rUnSz5WLkhYcdja40favZ7mEG0pOMmesQcwqC6cz1FT6YAgb2wzy9VFOuv7yOesEp7WlM9b3F/6NeVsAobA8MfPpo2sdyYwKZushXvjQRDmL4ta9gRZDf2eCTgb8MbEq83bLhdYeOSXx0a+siJ3c78Evlx1hQqLP2n2rkREh8XjCbut9bY61E6YXFtLfVAMV5JThrbUXXx6P95ptSZ4miw/gcpBX9mzdL6NApguKZLUlScC9EPLHfxj7hP8y2uBFWX9XUf8NlfC4b2E4pWy4INpun8SXg7tJAHfZNTIqhregZFQqcG/9ZpRRnMgllvu3yXYP0trZYJScAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bhJQrei0cPAAxb+GVVGUWNvRMGgni/3k1a10NVoTUFU=; b=Yi8j7K/3818fnxZ51G+MbYHH4S0XD1UQT1P12dkMhvE2C0WADZIHdriqLsmgtaZunXBfTClsK1f4zexQkC4NdcT30dGcI469bP6WHSzctvJT3vT5p231viJgNmoi98bdOEYBrf16xgjF83MOymckljYQzzFAfjfM5WJaueYgBp5BkFygv9pCG3EwndsXf4L0ANm5XLwFdx7N/F1dPPoN3PkPKpvn4dOFkaYHz43AE6TlrmB++xgwJ4debpq9Sl58DoslZAKDWHoPS2HNlf8aJy2TM/YEU0oEwhRcOlxUwjxMNzzKK4ufEGmCE+Ff/kKPf9DfJ4CzoSdQwVISxJ0kfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhJQrei0cPAAxb+GVVGUWNvRMGgni/3k1a10NVoTUFU=; b=H0T7jq/lg1XGAk/ehplL6oeqY+OnTV68UKp7p9Ormp0H1ilbw8fyh7j36jJGbQRPQS0PtrukLmBKBgqQGwULSc3GwsNgh5NG4cPxIYWyl7PZQM8PwWUf/w7Gijr3YGSLPUCmw2sgSoUN+BSa9rxb1ha74IWLe3/Ays5gdFMFk78= Received: from BN9PR03CA0647.namprd03.prod.outlook.com (2603:10b6:408:13b::22) by DS7PR12MB6045.namprd12.prod.outlook.com (2603:10b6:8:86::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.16; Wed, 24 May 2023 15:54:33 +0000 Received: from BN8NAM11FT062.eop-nam11.prod.protection.outlook.com (2603:10b6:408:13b:cafe::30) by BN9PR03CA0647.outlook.office365.com (2603:10b6:408:13b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28 via Frontend Transport; Wed, 24 May 2023 15:54:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT062.mail.protection.outlook.com (10.13.177.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:33 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:32 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 3/6] KVM: x86: SVM: Pass through shadow stack MSRs Date: Wed, 24 May 2023 15:53:36 +0000 Message-ID: <20230524155339.415820-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT062:EE_|DS7PR12MB6045:EE_ X-MS-Office365-Filtering-Correlation-Id: fe640d0f-8462-4d4a-7fee-08db5c6f2aec X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WW5V9zmQu3XAjBLBhlc8V8znETcjtuZvauVlTw70yJXr3ycJIS6c4/SCr4seDT2KIytVS40AAaTYoJUldtxpQyRCs9Pou9kZZG8/2zbAVfEDFm74HMk7o9sgCsXisDRJ8wrmNWTrgA7/vguQ00fyKFzzCGQxgkKhUBvQLTobJGcrNAwC6lTrHE8RFjr3sfY3llHsQOie/GyXZ6CKSQi1F9VYB/svxa+8+xJcAhZC85CN84WspYFSGP5egA/YnM/2I+ELAQNpel2BxpmlRaD96S4BLO1k9nNk3DmvOSERqEE21DDxAaurdbnASFPI9ueT4rpFJgkRT7rBh5hdV2v2/Fs6ZCPAoemLecfwcQX42dHcwbdC1lSCiMalZ2lyRaxPK3cqMlgNV3mRWqWWU/0TOU+3s/4igmFYxSWC/YpoPWNlqpNyCBisRpFCvm92iVjHehOBVKoAxHigiozktVN1MKOZR0HJekX5NEJFR1yduDV7ir5l0WcIYfb6AdDOlht5dUJGo41EZM70AoGT81pOWU02213BGfyQpY//kNTdWPrQbVJMHldMjueARaihAgpTn14HuFf8gOEu61Tr0w4rR9twQ8lmhRvFFOU4ziU4/oHAY0CBAyMjS4ghd2QE93kEVc5juIxfutU+HoSs0v8zdFFf5DZX17lG3FUT/+03WUfBnjeZ88tRmZ8sKI+s413iQCnP3/HCX9P3MNe15cC3kGDN6e3BpVBtbewxR+uFbIhDIs5S6VvwvGzZrOZjuz1o9yuD+2DQXhn6tAKFkukIFg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(346002)(376002)(136003)(396003)(39860400002)(451199021)(46966006)(40470700004)(36840700001)(40460700003)(41300700001)(7696005)(83380400001)(47076005)(426003)(336012)(36860700001)(16526019)(186003)(2906002)(26005)(82310400005)(86362001)(2616005)(1076003)(82740400003)(356005)(81166007)(40480700001)(44832011)(5660300002)(36756003)(8676002)(8936002)(6916009)(70586007)(70206006)(4326008)(54906003)(478600001)(316002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:33.3699 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fe640d0f-8462-4d4a-7fee-08db5c6f2aec X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT062.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6045 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6df486bb1ac4..cdbce20989b8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -136,6 +136,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1181,6 +1188,16 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cet_user_supported() && guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) { + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, 1, 1); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f44751dd8d5d..dad977747a15 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed May 24 15:53:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9EAEAC77B7C for ; Wed, 24 May 2023 15:55:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237550AbjEXPyq (ORCPT ); Wed, 24 May 2023 11:54:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237559AbjEXPyk (ORCPT ); Wed, 24 May 2023 11:54:40 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2052.outbound.protection.outlook.com [40.107.94.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 227E8123; Wed, 24 May 2023 08:54:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LcqegUALGSMSe1JrUaqq2iHxD+vko1qVMaLH97QLz4/swUnKY+mLVIlnJFOEilt4NkYa7eLAhtsPSvSVGW32XwFN6IgFNgu6NuxEVN6BfH7+foynQGUi3xRTZT2+hNzwzwG18Zobtxg9A6yPdFSxlRAigFYOqLIjNaPPmP4uYUdxFz/nB5Az9QQ+3E8afiyWWvleSEUj3hZSoJr6UxI36JI2IHQDwVGXICEac/EhfJXuQlYUwcBLR3Blldep1+paq/6FyUYHOzPAsqFoDl3J3CBnE4EEUMn82hmKBOiY/5SJFoTrHlqCbcHdYpisiOGoPLUwvt4rIyUkljUDaWVc+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tMnY52pgZAV7LxEzaa5TurP4B844esvfFWyoXxyzGrY=; b=WmvI+zLqaa+vHtLOW9QTtg1MBqjGgAKzJnB6Q3cTAZ3RwHrF/6KipL3D/M6jTRChPexX644afwDrvbqI287NTSXURahgqQqCaivIXD5ZkjOtfHD6apj/Nhdi1eO/xsWHtVtmJ1nQhz0VKrHFi1X9p00XaUG1cU8NyBCWYH1ffFaOki5qeAYlIKP2btX3YGYZbkQobxFdUClL0f6TcfBQv5+D4rqh/uAUvpnJsHx72syFB1Ye26ThQ+rozBzvOccz8Cdk/DAQiDNWwrhehlv0nNg6IIWEW+ybv1mE7ZZJ8xDn0FM6ptXVqfRslpFGR6cOXgBxfOBDLxyFGCqAMM4kBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tMnY52pgZAV7LxEzaa5TurP4B844esvfFWyoXxyzGrY=; b=FflzG1NIhGllM/6saZ3fYIejiuUf/NFIb5CuzPM3g0OPX7uhovRBACM9rm1VGnQnFNdrKK+7X6nyY9XGJIqvz82iGFU/BkF625t7wXxlqyAObnagr+MUZrthSoLmtX7zHJxlg03I+tkr4Zd8XDzJ9CaLcxfIM2hrmRyFqP/Y4Mg= Received: from BN0PR03CA0014.namprd03.prod.outlook.com (2603:10b6:408:e6::19) by SJ2PR12MB8739.namprd12.prod.outlook.com (2603:10b6:a03:549::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Wed, 24 May 2023 15:54:36 +0000 Received: from BN8NAM11FT077.eop-nam11.prod.protection.outlook.com (2603:10b6:408:e6:cafe::94) by BN0PR03CA0014.outlook.office365.com (2603:10b6:408:e6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15 via Frontend Transport; Wed, 24 May 2023 15:54:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT077.mail.protection.outlook.com (10.13.177.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.30 via Frontend Transport; Wed, 24 May 2023 15:54:36 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:35 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 4/6] KVM: SVM: Save shadow stack host state on VMRUN Date: Wed, 24 May 2023 15:53:37 +0000 Message-ID: <20230524155339.415820-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT077:EE_|SJ2PR12MB8739:EE_ X-MS-Office365-Filtering-Correlation-Id: 436d93b4-7e98-4f71-fce4-08db5c6f2cc5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6r+uBJ8XUUE5T1wpPmEVoVQjXls9ES2RWV/UyDDTulzmNSiVnbk5LGiEi9CN6XX4s0LhqbxhHGDxqxGvc2UCIZCAA5AUdpgKgX9t1Bct5r5vCrIZNINP2AIKSdAMDXoTXz0Bzd6glxk2byULhMtVf/kG+cCdsKlbfX93rvfvVe7De16Tdsj920OIlryGW8qY7vTntPwGrFdxJ0W1gDmpaddkI+JIj2mimc5v8epHwpoMQQiqQHFRoFl4UndUUw968CDBTldhVRsFdIMEaCyfgZ5bbODIUB0Vkku0QSdWAGIUsQ9DQKQEftiPpyxZABC/wrPYSN9Wj2Y1Vb2IBF4nDlqaTXnKOBUILN2Nwv1iM9VdHMSAbZiJO5ktD+LkE3MV1lA2f9Iyg7xNgQFDT8mLpKjQed5XoRd2BS1r2IlXfRYf3xVuHKCv+YJ23IOsNrloYhBSTBIWTq3OY1fEU1pyvE8cjWh4M2ZG9r+1rnYADwdBwEpFvmYPiUHKsB9r20AlvNe7A4LgonAmobX9SVA0DYmaMWGBkC9RSVeCipaY03jAQ1I1Ryu7Jeav10Ms+X5aynyGU8lUHCG0DhZdLmLWkao7khl0R4XyiEqbzLqH+Ca0osGnzgtuMxLK0i7jCxtQ52nNER7Cns81Z9P6GJfFqXC4bHigUxNTI676jfCwiv/D5CZjWqYhfRWl9ExRECLknd6CDApNYK7LOvp6S8nkfHc/HlmGbCz0q6x2Ibji4UkoNv9tCryvoX4oBfGm+9NU9MZqCxvcZ2yaOxh5DAyg5g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(39860400002)(396003)(451199021)(46966006)(40470700004)(36840700001)(40460700003)(70586007)(4326008)(70206006)(478600001)(316002)(6916009)(54906003)(36756003)(83380400001)(47076005)(5660300002)(26005)(426003)(2616005)(336012)(16526019)(186003)(36860700001)(1076003)(41300700001)(8676002)(8936002)(44832011)(2906002)(7696005)(82310400005)(40480700001)(86362001)(81166007)(82740400003)(356005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:36.4886 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 436d93b4-7e98-4f71-fce4-08db5c6f2cc5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT077.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8739 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. Manually save the type B host MSR values before VMRUN. Signed-off-by: John Allen --- arch/x86/kvm/svm/sev.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c25aeb550cd9..03dd68bddd51 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3028,6 +3028,19 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ hostsa->xss = host_xss; + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET, MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, + * MSR_IA32_PL2_SSP, and MSR_IA32_PL3_SSP are restored on + * VMEXIT, save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL0_SSP, hostsa->vmpl0_ssp); + rdmsrl(MSR_IA32_PL1_SSP, hostsa->vmpl1_ssp); + rdmsrl(MSR_IA32_PL2_SSP, hostsa->vmpl2_ssp); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->vmpl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Wed May 24 15:53:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D00E8C7EE2D for ; Wed, 24 May 2023 15:55:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237665AbjEXPys (ORCPT ); Wed, 24 May 2023 11:54:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237587AbjEXPyo (ORCPT ); Wed, 24 May 2023 11:54:44 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::60a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A71B13E; Wed, 24 May 2023 08:54:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M9eqooEpZqtYyT16D8s2x1Cu73ouNwitRimCbBTnpGpwggGmLuAIFImnKUZXAA64qujkbFAwhqCYanO7dnKsWqdiTZmkYVKrVGIzixXU7qIUOJT0bF4O15IepqKyRtv4vvb2JbgAisqjkCZ/x85VhFgEoghWUGKy8qZ8mKMXH2IoJhmFO/aGSffzPPKl8ShzT2mNi1g/baQRsttoUOYFdVsXuk1Us53PwGXftUM33tvZ0/9XRgyPgDuylhRggnpvDPfprdJqE6EwHC4mEj1/BllnJXYzm/Nk6CM6cAvSQP1tOMxlBXNipQ2zjPpIJ1y5tWTTdlz+XgTxf8MFsGC2YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A2pih2ZZpVPOGOTfrgDGOtFHCoQoQdzuRfKktlUQQ4c=; b=cYr1pum2UYQGpSlf/iiLpj4q3p+WfKNyqfZbve8UJlxQQOiW/J1di3/zUp682Q3vHRl0hOV6SDGn1pOwAAGs7gpbp5HKidKEFg9hsyjfgeucGr5Qajub5RR0Kd0u48HlJlPZvsqP4ggt7epswnG9UmEtiP1YaEOrHZnEcyCciBqwHBYqlghhnVWPShvY1iT6b0BVC8eBFRcLpWp4VWAb/b5wBX+WTa6+V1CLrAN0qjV4VocsMJR7zje62vlUK2oc3Elp9g1+gCcoAzsyLqofPT0BV53GqIVGIWaycWF8fbxZkdWhK1sKXHjPjRUnE2rxFsO20dTBwAlIOkaAtPAEAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A2pih2ZZpVPOGOTfrgDGOtFHCoQoQdzuRfKktlUQQ4c=; b=T4QJZs7MugYIvANoAYopveEVc6ITPbJzOYxM8oXn4Axj6h3/Jr7fozFmIVYGEzH6QMFUmHNvK4VouV/XldwvDSXhVVeu8dDgH0T3jxJ07KwSn5dnXqr6uny1PKr8xCWny52Rhg21fGrye76/c4Aa6xpZDL3clAeID9rFI4C+CBc= Received: from BN0PR04CA0094.namprd04.prod.outlook.com (2603:10b6:408:ec::9) by SN7PR12MB6766.namprd12.prod.outlook.com (2603:10b6:806:26a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Wed, 24 May 2023 15:54:39 +0000 Received: from BN8NAM11FT047.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ec:cafe::39) by BN0PR04CA0094.outlook.office365.com (2603:10b6:408:ec::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT047.mail.protection.outlook.com (10.13.177.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:38 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:38 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 5/6] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Wed, 24 May 2023 15:53:38 +0000 Message-ID: <20230524155339.415820-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT047:EE_|SN7PR12MB6766:EE_ X-MS-Office365-Filtering-Correlation-Id: 04b80d26-77aa-4256-ab88-08db5c6f2e3a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sVBoCyFpbMJSuGT59scEHRBNTpHpvqAg3Mvvy/2y/6cSrXLHi+Z8XmUEFFi0NG92p2Cw8K2kZAus7YqwDhyv9EvCg1jpxfIEeKVY/IiQn/gnaba7uVS9plNe05pwQ79lmt7dhWVObyyK7bCdimFKGJ3x+FNFanU/5PTf53eNHxVnM6zqqaU2aQx1lsRDbAmLG11y2050Da5wmyJhW4eWMQp73H0tE+MnG0+CrESxE9iWhfHsjonfNrpviAnDlBraC3InZyUQF1TR+Veh3aUlBqOg0rMxdSjCLGIy/bOFBKqNokHRmkPX3nA/rs6KtfiugOiQ5VR6jNaDA2rGoO9/pswt/pSQaZSuyr/X1DOTFCIeqH9SLwvdPYoAsyI6AuIpCYQHZWHnNKrvZ1WBDdxyVwKeTQ1B9NL15Y1KVvz7Vj3azHfSB69ACWunUEJFpDk33HDPt/5GQRt/M2urbqXyc1D8LTKkwpqy1K1X56Bqwq3s/bV7nzsSJkT/yegFK9071iN6dqs8TyLr8W9M1nSPe+mkwdKXZyxBs19p+/SNe+2UgHy+heIn0KENTgbinA2PwlN4Ph671WQUg888z7tTAXJnX9PK4Ir+J0xFfsc5Mb2CIbgjqu+cVPYIGb5grYMX3WBPvqtGmcZzDGn9s3lUEJgLz5/O9+FoY+Rut5/8uUJnBGcyCcRT711HEWGeLFLRTpDrpB72sIMq3zu7qR77vFwvX/OJsrbOHn0TeVGt0WbQ6wVocaFKeJI2/vqnAIfFvneIOjulHU/FYScsZbKs+A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(136003)(39860400002)(346002)(376002)(451199021)(40470700004)(36840700001)(46966006)(82310400005)(70586007)(70206006)(478600001)(41300700001)(6916009)(7696005)(54906003)(316002)(4326008)(86362001)(8676002)(5660300002)(8936002)(44832011)(356005)(16526019)(26005)(81166007)(186003)(1076003)(82740400003)(40460700003)(336012)(426003)(2906002)(40480700001)(83380400001)(2616005)(36756003)(36860700001)(47076005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:38.9310 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 04b80d26-77aa-4256-ab88-08db5c6f2e3a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT047.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6766 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index e7c7379d6ac7..8f91376273e0 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -677,5 +677,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 03dd68bddd51..92a7c77bc66b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2419,8 +2419,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); - if (ghcb_xcr0_is_valid(ghcb)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (ghcb_xcr0_is_valid(ghcb) || ghcb_xss_is_valid(ghcb)) { + if (ghcb_xcr0_is_valid(ghcb)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (ghcb_xss_is_valid(ghcb)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -2989,6 +2994,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index cdbce20989b8..6afd2c44fdb6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -143,6 +143,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index dad977747a15..92ac1aefe640 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Wed May 24 15:53:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13254270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCB0AC77B7C for ; Wed, 24 May 2023 15:55:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237596AbjEXPzO (ORCPT ); Wed, 24 May 2023 11:55:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237571AbjEXPyp (ORCPT ); Wed, 24 May 2023 11:54:45 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCE0697; Wed, 24 May 2023 08:54:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e0+eRCyNRbwSxw0IF1sL7ubSzgTPTZqgMj1du0IaGLIWsoiv4CM/v7zIjcUJR6nprmZFTHnhQAhiKoPZJsJ+i5z3mQ1OtRRJCQviI9eFOJa/lX3tOlxUFo0+MJS5skZBou5vJruhk3FTv8g9CyuaCTvwQ5nMuQL3NrJhaxLw4c9k7auKVKoUu0x9yedFSF0ws4vAuWnoASd5vDPsGrzVYfuShPW8N9ak10lp4fXK4lisZQ97SgcFBo22xNIUk+zAaD0FKIb+Kf4BgmTXX2SOcw6/v5+ZvVJRsgW8Ly+UjMrnrhx6ipfi67cBhUoyVRNYzh3YAGj/cnOc7DhnBVmsiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2gFVMMouh7V1LSfGRT5ZG7L0BoHklaeBS0PswjOAMqg=; b=CqoFUCoJV9I+db/JXM1t5Vz5EBE6QWSbIA3JWi2Y+US3w3apzVokgR6/M3naR08XlBR//2qyERAOhuwC/xbLzdSQ/cR4CeQx6hl/Q5JN0qGWdDTJdbTaC71SVa4sidjhdjpkbU7PwWTRQIyO/9F5dEqErGJcgVbtQx6FPhpVPVKW/KLoMVZPQDI92E/v6JYh0PU9++n3osRcfCpdDZ1lBhYkQdXEGWro5EQrqZmqaqJ7sq4j4M6jYHC7KTKyU/Lu02KbAYtwkT3RvCJXntJTjzF2acFeNlW36kfVLrPvd6k4SlbxhuvVs2k9M0+k1yzOdsJzrLub2tLDj/Co5qPAWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2gFVMMouh7V1LSfGRT5ZG7L0BoHklaeBS0PswjOAMqg=; b=EIboHQvp0H0pbgX1JfTQ07dH1UAOAESx/K1Ufw4Gqtv9/oonubpvz5FfDMUz6oe0FYfmbd+inEsakUjP6gKktIvCdnK6oi2lojLg/bwc0SgPM1NJd8wtlNa2hi6zweBm5ze+Dad8AzMneF7rG1HTOrHF6A/MCaSo8o71uxMg3xQ= Received: from BN9PR03CA0691.namprd03.prod.outlook.com (2603:10b6:408:ef::6) by BL1PR12MB5779.namprd12.prod.outlook.com (2603:10b6:208:392::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.14; Wed, 24 May 2023 15:54:41 +0000 Received: from BN8NAM11FT049.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ef:cafe::5e) by BN9PR03CA0691.outlook.office365.com (2603:10b6:408:ef::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29 via Frontend Transport; Wed, 24 May 2023 15:54:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN8NAM11FT049.mail.protection.outlook.com (10.13.177.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6433.16 via Frontend Transport; Wed, 24 May 2023 15:54:41 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 24 May 2023 10:54:40 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v2 6/6] KVM: SVM: Add CET features to supported_xss Date: Wed, 24 May 2023 15:53:39 +0000 Message-ID: <20230524155339.415820-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230524155339.415820-1-john.allen@amd.com> References: <20230524155339.415820-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT049:EE_|BL1PR12MB5779:EE_ X-MS-Office365-Filtering-Correlation-Id: b2d65cc9-d563-4dbc-9f49-08db5c6f2fb5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cdl/5UxarJDRwxbcO675vcS5HxFwh3Iawz7mX4Y16Hgt4j+Lfq4SQ8Nqw0+wmgQN5McviVPixkzxWjtqxgdMbIg0TZiG7r9EFyCXpyGi51pVm0youw/Vp+5Psl8UGVO4XCj/PL9qIGhWNQxF+M8HT4ZnKF0sQD9d8S4bEn7kWabxE5hErm9B01GovL2IZyB7AfxDp/QDz4K3olwMduHLggbw+7q1PkG0k9yVsZmlp6RIsRchANEGSP1L9n8DpTqDMu6dVcyq7PUh/OYPJNSSIZb7BlrdZY89gIt/NDI7WBUnQtSIpyooe+YbR4JxlSUa1pZev9I0Ym++U2ER0TjGdXOtGTxFrZfy9690uw1BjK8Hi9FCr3srp145Ca7hlk82z4ubzD7lMg/RWhJgSdIuCG1z8DJnuaaHRnenZsFTLbo3rgG1J6S6tgzgxlz5sFfl8s8K743eqPMCzLk4CYXalWEm2jMQcsonVrf0wcGtMDrFPG5gaACBvTkMEiKrn2HFIs0jljDRFtMlWA73zqoWYFagB8uJy0ZR6tag8qIebiR9gOty6aXV82YnEeEKoO2XAfsA7sW/gkcRgIJHWsYvH5CzoApbhOvvAQ00PNO25wk5syWhi4vZrqaUgVewS8aL3MbAtikt36TQWuU2Qh1Gz5kDXrAQAiUzmqaQNSxWY6z7W/qOyuv2xNM1csa+LMaErVGspo1J5hTL0HDXhh8CDhnQIbr4rN52gzisVVbBu+v+w9TexPulM/8gaGnAfdPemT4CtnF9WEejqhnRI7hOgA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(396003)(376002)(136003)(451199021)(36840700001)(40470700004)(46966006)(8936002)(8676002)(47076005)(44832011)(5660300002)(36860700001)(82310400005)(336012)(426003)(186003)(16526019)(1076003)(26005)(81166007)(86362001)(2616005)(82740400003)(356005)(40460700003)(41300700001)(7696005)(70586007)(6916009)(70206006)(4326008)(316002)(40480700001)(36756003)(478600001)(54906003)(4744005)(2906002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 15:54:41.4145 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b2d65cc9-d563-4dbc-9f49-08db5c6f2fb5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT049.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5779 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen --- v2: - Remove curly braces around if statement --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6afd2c44fdb6..cee496bee0a9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5070,6 +5070,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + /* AMD PMU PERFCTR_CORE CPUID */ if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE)) kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);