From patchwork Thu Aug 17 18:18:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE681C3DA58 for ; Thu, 17 Aug 2023 18:19:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353326AbjHQSTV (ORCPT ); Thu, 17 Aug 2023 14:19:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353589AbjHQSTF (ORCPT ); Thu, 17 Aug 2023 14:19:05 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2089.outbound.protection.outlook.com [40.107.223.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A8E42D59; Thu, 17 Aug 2023 11:19:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IXFoOkXEe2z74ug0gDdhhHA12WCdMs/s1x87c9VEqUbC0CyTxR1SbOtyQo0yQ+Tl/zEOpXFrE3hfPFfcNBeWrJZ7IyesG9DsEH1X394bwRWkjsOaZ1DPyIzeh8OAeGIC6i4Oll0oLxrQXmFij/bFRd+4GChbJ5bcQy5P6FkI67+2Lady86ZFW5/XCqIsNWGRBn/QM0Md0fHnkN+ny2NrRPUl5fhraEYKDLx0PbK8Y/Uwm6Y0zJoGcmkwRZcCnd4YyiW751tgEfnFzfq3Wn5ZeeQ8Tn61LBKvlHcKTMbU6cd9j8LI0zwsXFHjxN3SHQczdHDnl1OMD0zQlshdJJxNRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZIXTYWpyap8gmMbngRhmC72R8ofQZSMGoDBTBllbesk=; b=YmInD+7XwEcxCqQr9/piiCNY63pprCo+NW5bKo6spocQ0avUnvQKuDH08mzsrsp+HUNSz70l2XPGlIEdhaHofumGdVIfd7yphfMV9CVYLxV/c6hg/NsVwRcmWxbnRp3VPnvgepeKNJpAN/ARXtYfi6/ANoGPATPIQJRLPTxPnawL5gTWuinl4nNfVvCewXU3tELDX3fETn9IcgBF65d8hZmBun8Rxv/XDkj06bMjCKp5LgWvzpHm8R25pxeXXPjyWutD6qgOU6hc1OiDsYdngpApz2JJ/7WW5RCPd8VBgYvUZ/Xs0JhZn6sHYRlBpky/z2UMd7obf7ba9JlVOmldxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZIXTYWpyap8gmMbngRhmC72R8ofQZSMGoDBTBllbesk=; b=xL8yQi4b7fJgJqA7L+Bt8fuNSmEWFMmRm9FI/WTeLeAD77KpcOd+uJJoAHKDeIv6p4Ij5sYVjGdPpmP6R/Vxv1laohtkKvaVoWvHyRuTeVqg8/MrY9O23ajtpPQKPFf+BvHWcsl5YBNxKZa03s5Te3jEEzUKS/ojU/TB83yHwbM= Received: from SA1P222CA0003.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::31) by DM6PR12MB4043.namprd12.prod.outlook.com (2603:10b6:5:216::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.31; Thu, 17 Aug 2023 18:19:02 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::3b) by SA1P222CA0003.outlook.office365.com (2603:10b6:806:22c::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:18:55 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:18:35 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 1/8] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Thu, 17 Aug 2023 18:18:13 +0000 Message-ID: <20230817181820.15315-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|DM6PR12MB4043:EE_ X-MS-Office365-Filtering-Correlation-Id: c278ec5d-db6b-49fd-c1e2-08db9f4e6f1c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: o1q/F0Y7NE8xy+jw77GTqIYyrNuGQuKcwTcS2MzB3yKaUeVLdvqaLJGlgfJg1JUfdVZyuUgQiwCq21FG4GWID6YzcaUyOAJvblwb1HD61DZTCe8F/xmuKQCEUqwFhdwpblWZFMUPGMy0IswQ/p7kJVIIHLFE1CGtYNb4Y4LMovf4/9+VdQqD30R46fnfjRiVJrlE6TvPAjYwDp6kpGNwhgz0C9ix/VkHLHTBr/lkC2OY94Q0zMK5wgBUEqU8gKzycSd81SfVmNGhR0kHUO46sAp1r/ie1g8fc6kBeuahDtdCt4XUrhxo3EiymAsyJLUgNGXY5Duzl+xx2s8oC4+g6jE+PgSx4m8RaUClYqMIkqIrPAVgjCpuCPBfckCrrJba17xHypL0YKvPUNFuvFfBcVnyDind3B2VUmI6smvtgyCffBudqBw7a6qIt4mN7RbAv3NIvCwpiX0DGIwuct6G6gRQrFYdNAJX49otSjgQVoXhj++tXPGBvnZ3kM3MC7WH+bhFQ7TWUOdAMueOD1JGPQrVipaPUAo2UXuNt0r1pJf8G1Og5JSIEk+ZKjldNt1Jw5JM3G1vxhBABx1pfAxBtyeB079cC/fgvS0BVhubkcWt/ZkQ1ytu1zKx09keYpC+5j2Nxkgl6FG172OwJrN5zcDbS5Gj5LcP5RFmjMYzSTtaCDbZHXswxSTQ5wVSQyjZMWQOd4Gqm3LbAbOeHfRzWJNpXb716tF0VBQwgD69vpqoHutb38M8fnzTYSwqlacrJ14SvrWj64kDYy1a0NKF4g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(396003)(346002)(136003)(39860400002)(451199024)(82310400011)(186009)(1800799009)(36840700001)(46966006)(40470700004)(36756003)(86362001)(40460700003)(40480700001)(83380400001)(5660300002)(8936002)(8676002)(4326008)(2906002)(44832011)(41300700001)(1076003)(26005)(6666004)(7696005)(2616005)(16526019)(336012)(36860700001)(426003)(47076005)(478600001)(82740400003)(356005)(81166007)(966005)(6916009)(70206006)(70586007)(316002)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:18:55.9571 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c278ec5d-db6b-49fd-c1e2-08db9f4e6f1c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4043 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- v3: - Updated to depend on the new x86 common msr handling introduced in v5 of Weijiang Yang's series: https://lore.kernel.org/all/20230803042732.88515-12-weijiang.yang@intel.com/ --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8652e86fbfb2..57864e83f634 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2833,6 +2833,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_GUEST_SSP: + msr_info->data = svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3050,6 +3059,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_GUEST_SSP: + svm->vmcb->save.ssp = data; + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Thu Aug 17 18:18:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B869C3DA6F for ; Thu, 17 Aug 2023 18:19:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354243AbjHQSTW (ORCPT ); Thu, 17 Aug 2023 14:19:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353884AbjHQSTT (ORCPT ); Thu, 17 Aug 2023 14:19:19 -0400 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2076.outbound.protection.outlook.com [40.107.100.76]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 259DA2D58; Thu, 17 Aug 2023 11:19:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GyDxmOEvvnMTZeK0+9v2GCkZS+Jm33KQk5zFM9/LBtcjVlMQaJ+InMB9pK4Ijwwsz7M4sUBXQkRRu2BCdIynAeQiwj2vck9WR82Yzw2C23Keao8VgobG1t+nsr+uoFbHcCNxofJaVfkdtuIf5JcI5dR5g0kXAV7ChdTfKyer+SuamM26EQyc8BPVIhZvGL2+PzAG5QVMqETWuWNXEA3yJw4Z5hStg6evcmbGCshNDnu1lJKp+bjvy1lBxZt6rmf/BzpUL9UqjW5J/DZ06V6OUz5B8sv0+4Z4SY9fjyMKxLR50szt5lB7HONDSnc9LHJLGLDVzzXf/XD4ci8uQYRyKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Lg+fY/TPZAKbhggrbz33jHVbwo7q85OxXIEkVMyi2fg=; b=XQCTHuCtQol0cbjLdQnkUXK93fylvEHHxC2IWQ9tG/DqGoChuNSZJxmQWoR52zG9BLHujqymyhMLsSaUozcJPvPVkBB1EhRz2jasUH8he2YVcbV2X2PAgTPiYSln8qLQ06Gxfp34WqgVZAq0bOezM4q4O76rnnR7pBQZT2qRaLBddbLS4UtD3KkcUYfdtP062C4bNy7RMA7moT2ASC2PipAUa+eOcjYXKQFhMlOZWL/Odxu807tRjRXISkP7f2Lgss1kXOjGkGj0a806Ic5zYLVtPSUXiLFjbbM1GJwiA0ccffwsTEJxYdz8UfMwep/zaLNnc+f2IIGfc2ENHmTcmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lg+fY/TPZAKbhggrbz33jHVbwo7q85OxXIEkVMyi2fg=; b=z5/OSUvX4A4N9lsoTx9BWnmHG5FHxHrut7UEFYvgqE4oKpptBn6K/TUejtTowtmcMY/8rGfD8XMkVPAiJ30NwQw95Rgts2iKFXwaPGPxb2ThDtirteU8hHXt9RbAx++83STmSq0OcXMusBFIVsY8sOuh+dWi+KoritBeErTwZEo= Received: from SA1P222CA0029.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::24) by DM4PR12MB6304.namprd12.prod.outlook.com (2603:10b6:8:a2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.30; Thu, 17 Aug 2023 18:19:15 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::6f) by SA1P222CA0029.outlook.office365.com (2603:10b6:806:22c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:19:15 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:18:55 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 2/8] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Thu, 17 Aug 2023 18:18:14 +0000 Message-ID: <20230817181820.15315-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|DM4PR12MB6304:EE_ X-MS-Office365-Filtering-Correlation-Id: 9dec0118-55d2-4bde-cd35-08db9f4e771c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: myON7DmcchKfQb35OwW/kOwuYphmQCHoHiOiQEGaUp49kP/f3LkQRdo5+MOBjPRCQNTT5OhM938gAOMC8POVIFrsF2C4q6fGI2k4yrjTbNU3n3qnxt2pk6YsNaGqRMJXT+84g8jSYhRzfVYQfya6glcNk7iPeYwBdeUOPgQ+TdvSHriWpsPC2MnIWQPe4IDiWrlErQEiTGm8d1y5LZKpzU/NfmR8B9ADfiRX9pwpQvFjUL8WB3iz57vkUXhQ6SvbdKEC1Wy7DEVC+xl4WQ9kRgde3feUmTDn5yUhxO8fWiSQN8sfWNxKYQ7ATtFfws2jy8ic9vpedd2TbU7dqjBTAb417Jn6JGjPNkyo+xNjYwpr6Dy4l3s/rYI4i/5iqkEInSyg63tn+BGon65d4VDBX9wi1s0Xnl9YYqe0/ivXcwFBzNrTSoHGEu/IYamnVKrXBgtBP6YqfsCVYPLAa9/vJgaUmyDQQg8rUcr1ER1woYps2nuzG90PZi1HYhd90kJAAcFQtoIoCFmBa0SAE3cN10LrboLNMCTVBLGoH54F2bI0GgGXcJ0cRor91AOCsEhi/4i9Gink+Ne2SFL6jmx61MzJ4bCZVJX156dcwHQA/VA2EFqd2pPucrP6fh9c2JeMd4fgHNGjg5RckYTNrz0f6/ig9RRhobKIS4g0SkfxCKZfCinGER15B97UWfRmkBhxqRrdqqTRpluyGdrOUdewRRYlHTPK78b0mgu1ba9LdDlmkkXBO+4W7KfjglW+TasRJn560EaLGPxPtAuAUwaQ6g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199024)(186009)(1800799009)(82310400011)(46966006)(40470700004)(36840700001)(316002)(54906003)(82740400003)(356005)(81166007)(70206006)(70586007)(6916009)(5660300002)(41300700001)(36860700001)(44832011)(47076005)(8676002)(8936002)(4326008)(26005)(40460700003)(2906002)(16526019)(478600001)(40480700001)(336012)(426003)(86362001)(36756003)(6666004)(7696005)(1076003)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:15.7073 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9dec0118-55d2-4bde-cd35-08db9f4e771c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6304 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 57864e83f634..1ac5b51c3f2c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3386,6 +3386,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Thu Aug 17 18:18:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46315C3DA6C for ; Thu, 17 Aug 2023 18:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354264AbjHQSTx (ORCPT ); Thu, 17 Aug 2023 14:19:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353986AbjHQSTU (ORCPT ); Thu, 17 Aug 2023 14:19:20 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2078.outbound.protection.outlook.com [40.107.223.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10D202D73; Thu, 17 Aug 2023 11:19:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PgfCK0+HsUIwKW7TrODEZZpjIvlSrOoOl2zQ17UK5MPaA73D21aaKIyG6QKrZ76Mcvs/MJpjEA/CGFW0HK/SIMmIrSm0tYosFXgdqstac0m+zVooGFzfSH8d3nVnmB9WuMMooADaUrUnlV4m+Bj/4Y7+p8BF3/2endZqz7cN0In79tvYHnxtKrhTNGzoSThTmtTOcGjA+DgdVKRbI/huIPV1ZgKOB3Aqy25wGl7i3yRcG7ymVVLUOYQ/qqr/X/u1uAu6SRtdFyGk7ge6WmZV5K3vDuCc1vTLofHmbKI9hcKjNJ0rlHLeam8fqjfo9sAAXhDPemUjuZytFbCuBXckHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g15sc15CoRCkRsRPHaaIt3oO09gAZ3I7EIGksz3qt9E=; b=igdjjHWv4aOq4hff4o3T6BkuSZo/z2LalJhLS2StUaIw70hUJgD4Qvxtf6RvuLV5un1K9xiTSpROklhtrM0A/axDjLCDK+WoKJksnY5cKcxNmF/GZMmlmscg5LC0FJvFqeu1Y0DVG7IKALY3CgoWKv1wBTuTKGl2isDIzyFlYvY6eO/KoRF64i4Aye2FfZZPuySb9D4mCxCItMVsrOf8tLiMGqp0xK6FdJ92gBxRpz+HUOV31nyfI2acfM2KqFyimJ+e4Hl0XaGY8QJUTCv4+gRqhd01pflucGqDOVdlAPlt7pOU82kz+n+iYfG8JXwERzzZWMladOacz/m9QYucMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g15sc15CoRCkRsRPHaaIt3oO09gAZ3I7EIGksz3qt9E=; b=Zl5+cQ6u2R4//3BscLZeAmlhlbAjZBTPu98ChW4LfXX3JEYQqtSkuZKemRGyZSjgaLokFlISh5KwpQzqm5arI4PJ6beWh7Q6W28A1sjrlqYwbJWiQZlT1cwOCRwozmZ9sNv5qBgmaGEjbGxO8azua+fOdYACdKVQMs8PeR+yCVM= Received: from SA1P222CA0028.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::30) by DM6PR12MB4282.namprd12.prod.outlook.com (2603:10b6:5:223::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.31; Thu, 17 Aug 2023 18:19:15 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::ff) by SA1P222CA0028.outlook.office365.com (2603:10b6:806:22c::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:19:15 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:18:55 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 3/8] KVM: x86: SVM: Pass through shadow stack MSRs Date: Thu, 17 Aug 2023 18:18:15 +0000 Message-ID: <20230817181820.15315-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|DM6PR12MB4282:EE_ X-MS-Office365-Filtering-Correlation-Id: 2cfbe9fd-061a-450c-30f0-08db9f4e7700 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3Z8kpsRiXLcd/9ulLdOg95wj0Rkqq7lBFGknHbygG3/QTOZJRxjm/9l3mJ6tq4UmV/2qajiLxXJyof+eTxdvphWaXUFo9hb+qmWDiV8V0IYT227nykQzEOStkavrCB+Y4RsMN4tdXGcnmvxfkp7UkA9IUKd+sLiiaL115XUO34R5OtJhIwK/79SeYNnPdCKTYFrJq+Ein9mNNiSWYNZ6bHT3Rm0xw4AtYpHSem23mtljVq2zFohuSEfCAxKRzWqIq+HKLrE9tY2/AUjIFRVU0KOCEcD1yWWPFsPV1SgwFxOPhA8r9+apIm9iVRR94hwmGloamfl2YCkIAxJ7fNA80VAF3XCrBhQ5F/Qt1yYJdWh3CgtH9MVgkAdzA2xXvHZ/fmHumnmDnC+ORovt32j+WRUQRWbl3x1Faa9kciqUzAYXkIKlOSVUdvbIEOHpJ6yeEINj++AtmMDIwEFQ9gtGaU05zxUAA4Ba+PyRFZhz2j1AyrxuMKD2RXVEQUnc1elzNHe4/E/kic0Kz1ZPW02xxbpvPf+nperAME/SWaAt35WX+Cso5Yg6Wo1LAKkA62QsmNGqZQLIIw9R2VOHp1wh5RI156lye2gH5DfMD5rPQXUQEPOkyUFLjDE78pjzodzLQGLhP+m1nlP7tK56N7SGL3oLg1NgkDzb+8ftidDimuqKji8HYyeLJtUdg2nFuSO2nss6XVOyZ5klIzivZx4eWO63pA89j0RONXXuPyD0oInFSE+nCIiWZly1CXvhB01Su0w8Q7k+Mfaq3Lq1DXQHfw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(39860400002)(396003)(376002)(346002)(82310400011)(1800799009)(451199024)(186009)(46966006)(40470700004)(36840700001)(40480700001)(83380400001)(40460700003)(54906003)(316002)(6916009)(70206006)(70586007)(478600001)(356005)(82740400003)(81166007)(2906002)(41300700001)(5660300002)(8676002)(4326008)(8936002)(36860700001)(47076005)(426003)(7696005)(6666004)(1076003)(26005)(336012)(16526019)(2616005)(44832011)(86362001)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:15.5198 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2cfbe9fd-061a-450c-30f0-08db9f4e7700 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4282 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen --- v3: - Conditionally pass through MSRs depending on both host and guest shadow stack support. --- arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1ac5b51c3f2c..dd67f435cd33 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -140,6 +140,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1205,6 +1212,25 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled = guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, + shstk_enabled, shstk_enabled); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 800ca1776b59..f824dde86e96 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Thu Aug 17 18:18:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57634C3DA70 for ; Thu, 17 Aug 2023 18:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354281AbjHQST4 (ORCPT ); Thu, 17 Aug 2023 14:19:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354239AbjHQSTW (ORCPT ); Thu, 17 Aug 2023 14:19:22 -0400 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2041.outbound.protection.outlook.com [40.107.100.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BA252D73; Thu, 17 Aug 2023 11:19:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F7A958xGjyMwAllEP7BA5JmVsfvgFly1PvIyCY10K2Ll2a/seRljaVwxYdBgEmS5yrHc+GV9xE/7MXfgPwC/W5wtVNzGzI+zbBHqKFsnJs+/9e/Qc041WgUdE2SdbjjVkzosSYQHsyCaXxPQ3JWLf1giuopDCIQlw8hiUqNxTFeGKOIQJEmV7BMqdvY3m2ol38ApxjHNSKV8u7vgRDEzP8O3vIXNG6fnPzjA2+ZDvMZQ2pbbnPKtYdcOjcefN1OMdlgTVxKAPMujIroWMbxZSUSOsdCLCasojdhk53aoVyi76Q5HtfYngDrn0FM1v5RQeV9QtCrkc2HS4JoHslv/sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O8Cm8jYRmlV/YjOV5FO2vnlowfSTltbLVYrJbNi3xNk=; b=gsZPOGgfvi5IjzDHZfIKkEb3Z5kmPpBWfRZLKcRIjW/qdPQ+1X+1lSxQqG1tvNB/fjT8UmZ2/ss1Ipnb4kxPEkuTLeF7m/KXeYRPicQRfYD5birFj3IOlaNjpeUc5r1y6jTVX5rlMsu86oJ5xeiiqSKxfH8nTvIb6cFmaOgtM+B8Ms67JJREz2bpuNSCCQmRg5zy1f3QyTgp1vCEgV7C1PieeSlgu0Snhvt1uyLpcJi6FgMHvZfi3dQMu2yDEMSj3Qns0qSIZWpBMjeenOnkI9ipmSylL0M4MhJdFCpx3tVqUgwQINYhD/FSlHWwyb0MFDKvSNbR6MX99EGcpoQtWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8Cm8jYRmlV/YjOV5FO2vnlowfSTltbLVYrJbNi3xNk=; b=UoC2mc2nA2gu7oYs+YuygDPiHgLO0qjg1YjpZB7rxEfPIK+p+Od0baGqa6Gq2tKgkVu2NdjOib0gzP97cmIc5EV+qC2z3GtvIvPwXCdBPzBHXWA+96BzUcTMcGL83U1csLT5Gjy+eXV8eE8JxeffQTr+d+p7a2Iz7ddNvVyNW4A= Received: from SA0PR11CA0183.namprd11.prod.outlook.com (2603:10b6:806:1bc::8) by PH7PR12MB6785.namprd12.prod.outlook.com (2603:10b6:510:1ab::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.29; Thu, 17 Aug 2023 18:19:17 +0000 Received: from SN1PEPF00026369.namprd02.prod.outlook.com (2603:10b6:806:1bc:cafe::21) by SA0PR11CA0183.outlook.office365.com (2603:10b6:806:1bc::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.17 via Frontend Transport; Thu, 17 Aug 2023 18:19:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026369.mail.protection.outlook.com (10.167.241.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.15 via Frontend Transport; Thu, 17 Aug 2023 18:19:17 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:19:02 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 4/8] KVM: SVM: Rename vmplX_ssp -> plX_ssp Date: Thu, 17 Aug 2023 18:18:16 +0000 Message-ID: <20230817181820.15315-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026369:EE_|PH7PR12MB6785:EE_ X-MS-Office365-Filtering-Correlation-Id: 8e58c2dc-ab8b-448a-101d-08db9f4e77e6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hfcjSUDePj1QmXBkEAtTp6P8ZhkTDI8bmnEQmlefw69dKwGjNL6fcYgRpFVl0gTsj25mQascpV7rHe5FB5iHcFu5A92PElcnlDCm2ftTH8sVHsy+4r2/Gm6OF4+FIfA1AD7BWelN6cm8nH1r37dB/q0Gj/lzy29eC90ZmjOW/aXzkGsBbLnh9NResZY1RBJdK3i4nUxPJA+/SHt0qreOQiPIWjLUez+e3wz7v59DztuMtcxTMJug1QX4s0jr/TA/xzZkupwMkb/YhrAIY5GAq0zXWE3RnPUN7Wpj081+wC0rruSzMcNNQ85Nw0apJXRJ4fOZEBljAYhN5lu4kDtkuII0O7K7d31ft2kWt2cthOh5ZjLtCeTBdHkNA8W1jEabavt9DQWZjmFmDvli5lqeVZqRasNLoaM/NezKMwkQElft+62ji4wsSZVfR3+acc5Yt1b9nfRokkA6DUWFdwJ4x/LrhfYDmyeKArXYNN9+UBGXbLKTEmO10yc6JfObX++LEsmEJx09NDqSB40sCybJg/8w8wjYvFaZkfOmSfdOVOJDO9bSsaPzG0TDuaQbEgUwuzFLtUfs5OvD4gT4/5YbXWxto6B8fTE8tTbxLOuDyauqFU621/jeYG+0YAdgt+EHF6VDQqySRjKvkgT8TECaksRX/lZse2hWtakVdkshnIlfRhX1StbMix3Dm6WGQcFZJTEPKiZr4RXFTIftFbo2HM6NhC1/e93i+kCj1mr18GqjAS7mPkfQgvfPpoQFXLm7A/NkAfZ1SICrY6zTPIFWIQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199024)(186009)(1800799009)(82310400011)(46966006)(40470700004)(36840700001)(316002)(54906003)(82740400003)(356005)(81166007)(70206006)(70586007)(6916009)(5660300002)(41300700001)(36860700001)(44832011)(47076005)(8676002)(8936002)(4326008)(26005)(40460700003)(2906002)(4744005)(83380400001)(16526019)(478600001)(40480700001)(336012)(426003)(86362001)(36756003)(6666004)(7696005)(1076003)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:17.0419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8e58c2dc-ab8b-448a-101d-08db9f4e77e6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026369.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6785 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Rename SEV-ES save area SSP fields to be consistent with the APM. Signed-off-by: John Allen --- v3: - New in v3. --- arch/x86/include/asm/svm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 72ebd5e4e975..d14536761309 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -361,10 +361,10 @@ struct sev_es_save_area { struct vmcb_seg ldtr; struct vmcb_seg idtr; struct vmcb_seg tr; - u64 vmpl0_ssp; - u64 vmpl1_ssp; - u64 vmpl2_ssp; - u64 vmpl3_ssp; + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; + u64 pl3_ssp; u64 u_cet; u8 reserved_0xc8[2]; u8 vmpl; From patchwork Thu Aug 17 18:18:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356850 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 035DDC3DA58 for ; Thu, 17 Aug 2023 18:20:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354294AbjHQST5 (ORCPT ); Thu, 17 Aug 2023 14:19:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354236AbjHQSTW (ORCPT ); Thu, 17 Aug 2023 14:19:22 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2063.outbound.protection.outlook.com [40.107.243.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B96822D58; Thu, 17 Aug 2023 11:19:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MRW93ECiCSDgbwEkPjDKH/LXG/Hf57D9z8Mouv1Mgapz4bkTgeyDbJpVjmZ5IOfjX1bj0PYTca1gEIKwWcmuxvBZRe7tIbqwNn+4d7B152OP7Du45Pc0uCwomVBJwl6bhBAyFRQcAaZP0ct4Nla7QPVw4uXAPDyyqB+H+REwuD5Acsk9RZk2/u9oWm3u6mh5AceQpaxFkVkRzANw5apnVdjL2M7+iSM3G78pXOdENdZ8h+esOjH3ghwK6FZ2gEUxQonDsJgMds7WOhbLNw7RrRpDQU2v4WZgGgnMULU1c8YqAe7WT/trMIhcApgVzO4MxXuXAYCBlpfVhD/PeizrPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UIr75Neepd2qt+7JJ3WDANWh1fjDpvkb16EW7Zo1BAo=; b=F3kanseTjdGFoHfxpJQn2Y85JbupJQOHK9VFgyB2KAorrrSruEJUfmKJNvcCUYCl5bCtELA+561s8KqLlHL0MBELK73nl5BQxlgfzIuw3ZPWZUfvaHjS8qFFdE7OD1Jomyk7o5nmyzol93yCTP90p+m5OYc4aq0xbvVTG3bKTfYvdrkfYTnTddAWVMI/AAFYnWqV87qB+egiW9NqMaaVs1vTlzwFO0yGXcf1Mu9AWnVgJb/9+khQ5krZ15ThBHsO6lhB39z9OMmj+hJe63ylJWnRcszG2otv9VLOc3K1eu5LUlGYz1qAL/yCukMUIKtcoVyeqByT/83SrZyxKNAz/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UIr75Neepd2qt+7JJ3WDANWh1fjDpvkb16EW7Zo1BAo=; b=jQKdXEwMXwpTWS0hyNcY40EKU6AypXZv7hudWATfeXGI767bD6Fa8teJtTQn+ifO0/QZagPVxyq2q4Y0ttjyMA/cqIKsegZ1kEWnbIpFrLwDG3+3Yt4tfANlQ9FiqSBgIH334Lak5PmnsEWAANHzymyXnS6JRSt49l5UihNddSE= Received: from SA1P222CA0022.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::19) by CH3PR12MB9025.namprd12.prod.outlook.com (2603:10b6:610:129::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.29; Thu, 17 Aug 2023 18:19:17 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::6d) by SA1P222CA0022.outlook.office365.com (2603:10b6:806:22c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:19:17 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:19:15 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 5/8] KVM: SVM: Save shadow stack host state on VMRUN Date: Thu, 17 Aug 2023 18:18:17 +0000 Message-ID: <20230817181820.15315-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|CH3PR12MB9025:EE_ X-MS-Office365-Filtering-Correlation-Id: f7ac313c-f854-480e-c157-08db9f4e7833 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: L8OqGzgmaM3+0aMmEjLAbLpVrj4N5znN1pbbxhSYS/+WzNLAcC/CtkNNtqWr9/FIL/cna0phSFB6i70sF33iJzjwYNSNX73m88MFCsoFbBGcaxgUBJX1e7JOfVOA+niWdEsItUpzfW/kAbRMFNlGH3+aYJdTgSCldtLvoHDW7HbgwkXEk4Kgm7/pHcTc51CqvI14rApY0AUrYNCt+jB0ot9gZi53VgZbuddCCtgd4NADpcnEUoUOu7QcrdKa8/O7fy4X7UGVSCD5NtWO+M/9GGafZXQCiwq0Mrnp/qar73a5GQUMnoG4DzratssiSb1cbYIfvCOFqLBu25XIVcCuC8J6LbelAfK73g3cAbAgQh0m5fQ7KobwH/STaE6hL5v+2sGqsdKIjwr/L2vr4QfX/FoiNytr4za6MTxJZbmclUeZ846pzMbVL+AlLf7RKiq58lKWCbr98C+MlEci3W02yPZPqd0aRxqD6MLClR0ujs1sAm6CmOeqwt5BEZsXiDRJjV+rM1OgED7o5XdThRW+cWX26u5M5Jf5tW/jJ6HC4nvdr8aGldDIJstKU2exOvFNViapujpIe4E7tYG8dPNBQsnM6EV2qTAwClgbAW3BsMfGVK4C6LKNovBm59cp2fvAAoN6EFKRUu9oSqa7J7RzOuBp94kI1184Q4R0y/lKI4RUBp1fIXuaj5vUjZx4+M337TEbwWr110USz+JFdEWF/RJ+x4NiMaMMucQedRD+SeIyTZq5wFKGeqKlGDPPfOOhKazveQ6XdqVyQqh0gpkrqQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199024)(186009)(1800799009)(82310400011)(46966006)(40470700004)(36840700001)(316002)(54906003)(82740400003)(356005)(81166007)(70206006)(70586007)(6916009)(5660300002)(41300700001)(36860700001)(44832011)(47076005)(8676002)(8936002)(4326008)(26005)(40460700003)(2906002)(83380400001)(16526019)(478600001)(40480700001)(336012)(426003)(86362001)(36756003)(7696005)(1076003)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:17.5355 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f7ac313c-f854-480e-c157-08db9f4e7833 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9025 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. PL0_SSP, PL1_SSP, and PL2_SSP are currently unused. Manually save the other type B host MSR values before VMRUN. Signed-off-by: John Allen --- v3: - Don't save unused PL0_SSP, PL1_SSP, and PL2_SSP MSRs. --- arch/x86/kvm/svm/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2cd15783dfb9..021ead4dd201 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3097,6 +3097,15 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) hostsa->dr2_addr_mask = amd_get_dr_addr_mask(2); hostsa->dr3_addr_mask = amd_get_dr_addr_mask(3); } + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET and MSR_IA32_PL3_SSP are restored on VMEXIT, + * save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->pl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Thu Aug 17 18:18:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356852 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67657C52CDC for ; Thu, 17 Aug 2023 18:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354272AbjHQSTy (ORCPT ); Thu, 17 Aug 2023 14:19:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354238AbjHQSTW (ORCPT ); Thu, 17 Aug 2023 14:19:22 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2085.outbound.protection.outlook.com [40.107.92.85]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A02892D75; Thu, 17 Aug 2023 11:19:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ctjobi0E5ZW8wuB6ZPVyGnao6Yrz7QGv7tuJig/UvSsv3h6+9ItfE4RwQbQvFanhJYXBQCk6UghUUbx1yHkHqhUj3QxCCVO2OPXaelrTf2oY/TJi/jsIvjp76DOSVYHKj3ily5WHrWbnob/D+FA05L0cBkVnS/xdwDMl4FKUpRw281IyJNfY3g765oWz1jiuk36/sEEpFvB3bDl/duBQmStO/rKg+LXQ9EUBVzl/iXGdBG89Z9YG1Lo8l3ZGpx4b615s/KRyMf1X8j66Uxxte8k8d0GU5gWc8PPVBVpTR6ZMd348TipRMqrpN/UaTZIZAJSXx/JYkQZoaYGATw0RPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ac3a6gZe3/Xkxj4CGYSHjfoXS3T2cAThSFV1wbR8HnE=; b=apVQDZP6QwzG/gDr2GCn0TPa37MnmSt5FusfaKeIYmNprPXLp3IJst/dDsA301l27ekJLWntoSqFELKRzxrpT30hHwX3kYM5scNKmn9GT+yi3CgqUfuQbqJSiaAPhOVV7JMkInBohjWQcZsMuxUquTLgl4BBRbYve4d1/BYQiDZuw+hFguTvFP9rvnR7tRB83qjrMtW9tsozeSgo01hZDEHLVrSNGpoZELDeCaIvYcDBz75t0FYos0FKWH43J/bRygKMcvr6ABZ68HTn0h/kyxbUkUH923582YlKeAY8zS4Ft3DA/ahAXmHl1gAKdrTo/Tv/xH2HjWfx2A4KJ4xS1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ac3a6gZe3/Xkxj4CGYSHjfoXS3T2cAThSFV1wbR8HnE=; b=Lv+YVZsQ/xQgbKWd84CT7TFz7RQsV5uyLQETqucOFmy/91bQ2P6m/p2WxFQcrjTZH2aQLdrNgRMCAbMKOOrUvFIp1oieuYy35firkeRm+5G7HZ6XFn5kjoIx4ebuJq4lIVqGjzxKdqYD052bm5L6YE5pGK+01BYsZUDYMc2ugKw= Received: from SA1P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::29) by SJ2PR12MB9116.namprd12.prod.outlook.com (2603:10b6:a03:557::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.29; Thu, 17 Aug 2023 18:19:18 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::bc) by SA1P222CA0013.outlook.office365.com (2603:10b6:806:22c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:19:18 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:19:17 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 6/8] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Thu, 17 Aug 2023 18:18:18 +0000 Message-ID: <20230817181820.15315-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|SJ2PR12MB9116:EE_ X-MS-Office365-Filtering-Correlation-Id: ed093b8a-008b-4adc-820b-08db9f4e7895 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TMHPZ2aA0zpxPu2bfPvY2UgGRDCDLwPGGG03XBG3GRDvmOwBdpyzcN8acFb4ACrrkBXWDTojdywDQaTwheTtGnmQ9SIs0paZ3SU/cbXxqxa96kRXlsCXJt6hiSdT4zkzcHUu7YIsMD4mvhQEhHiIG3eWbmP/EQjWqQcMu8FysKlnyvzsh1Juzq2InXnjOxQS5z7CJngc6TmACq486mZT6YfHdoHkJDdeaUSrRO3+xlrD9DnlT+AtqYPhLJt3UlH/4i2MiGI4t4V0TNibMZuv1GT4nwmrVeQWZFzDUcsDjFkBGw19XRAswR0X3kBgvzJUUTf/oUBwFPnNO7O9eFo7+EF6wKcQeXzgbqrwamcBUaEfUN6Wpqi8JYWnfdi0tRR34pIrFPiEEc5XNbrrqO6laTycjmH42bd9d4Yeqy1kcjJdumgEopEL3DGFLlAeGugQKLTuq2tQSKGl3y3+WUz9PBuyg4pVJAvtZ1JjskbG5W1BkaqN6nXzyfhrg8+kc1DHRFdAqh4abCmwuI3REN/7kHx/GGfUu++8P+YCmeN6SEOcyOPUCP3bf2trlbCI1mj8GbT3HJhPaZwp8GGLpcQVDFr7a8ect0CIO+/sjILDLW2DKtrJEXfDiUYsHjJNQcRxZDJnqfDPVENL03aIX3ObpG4/Z0r84ntyusKa5x8RHkiun5KR+7Se+N7fU0J28sVB9ccRMtj0yQIj+w6t6pRnimduZLBsPwzg1xLT1wNCeuAvG7zQCHAom9rKGiKIPLg6nJ3aHlULcgDvHKFN/vlF3g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199024)(186009)(1800799009)(82310400011)(46966006)(40470700004)(36840700001)(316002)(54906003)(82740400003)(356005)(81166007)(70206006)(70586007)(6916009)(5660300002)(41300700001)(36860700001)(44832011)(47076005)(8676002)(8936002)(4326008)(26005)(40460700003)(2906002)(83380400001)(16526019)(478600001)(40480700001)(336012)(426003)(86362001)(36756003)(7696005)(1076003)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:18.1605 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed093b8a-008b-4adc-820b-08db9f4e7895 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB9116 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index d14536761309..890ec51eb9d6 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -678,5 +678,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 021ead4dd201..5db76675b416 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2442,8 +2442,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); - if (ghcb_xcr0_is_valid(ghcb)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (ghcb_xcr0_is_valid(ghcb) || ghcb_xss_is_valid(ghcb)) { + if (ghcb_xcr0_is_valid(ghcb)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (ghcb_xss_is_valid(ghcb)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -3031,6 +3036,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index dd67f435cd33..683bf18b965d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -147,6 +147,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f824dde86e96..87b6831bac42 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -29,7 +29,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Thu Aug 17 18:18:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5B3DC52D74 for ; Thu, 17 Aug 2023 18:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354310AbjHQST7 (ORCPT ); Thu, 17 Aug 2023 14:19:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353884AbjHQSTZ (ORCPT ); Thu, 17 Aug 2023 14:19:25 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA55F2D59; Thu, 17 Aug 2023 11:19:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GMoSWxydUrH9eOI+jTMr8hvf7LdVJwDTqEr5VVTFdUi25N9HuxgHnDabrQiLTTWck5ISbwtMvDty2XTNZZoy8WnYlhvwGME55d/xhLgMbjHKXoqXBKTwjdEjWPlKefEc1upg+4H8cDvNi4vlZhuMOJgT22/VKi+EmRcbkUTz08jWzG/f4m6i5kOrePXYLF4lnxjTNguOPKpyFGqaHldC6jG6twLa3SUwAocSMappS62SgvcSkLaL/M0iUXtgZyaxuOocF5S0i0RHACExsuG1QFBfaLya4keOniYGz4kggYnmYVrW1F7H9RynPZIkRXPAzoSRESpMRYZkAAZa3ZUBGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E+zNrQYSmD/VbVxG31O35vdjsp1BsfF56x/uNwLdBsg=; b=ASw48bPQFSVNvU4zbnqFNdiFwEt5QxpajVLLxRDrnNEj1ht5GQ2XbXCXi7V5CA/+dpgkvGq+/IzV/VDMGv1W3rBtGZxDqm+LoofEv7tvSKPL1qucoUjJgEhtKBDsVIBedIGl18B/fyqApUeOIhsugfJVCW+jPjQQ4Sn2FJQc8Rkzi+kXknMBXLq5F7Mpc1aC1EBhZYKLUUh28rj2jswkvqeyGQks0AzVP3aKm9iyygYSwZbsmYJnhaAwZjUaMxF9BKblck5/3HoE/sPdzd4uMjQp3Vyav7GaWgWzuGNpuCLG3blVs2eV6Va4O84xCPox0pOD8CkNK/MzTUiz03cnIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E+zNrQYSmD/VbVxG31O35vdjsp1BsfF56x/uNwLdBsg=; b=XOx9+YnV9bfArJ5ubwhX4qtiG2zrQH9e86At0R60UvHg3OQ8oEgYCyS41Q13qFV05C3oGpf1+oJz+hvH3KYVN6nwzj/uchFEXVQnlqqtQ/sI3+dGMV1i5QcbGOTp6NM1yhZN+CWUbLeOqqSgPB/LXfGekdzst500+iofoOZhfdY= Received: from SA1P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:22c::29) by CYYPR12MB8704.namprd12.prod.outlook.com (2603:10b6:930:c2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.30; Thu, 17 Aug 2023 18:19:21 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:22c:cafe::95) by SA1P222CA0013.outlook.office365.com (2603:10b6:806:22c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33 via Frontend Transport; Thu, 17 Aug 2023 18:19:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.14 via Frontend Transport; Thu, 17 Aug 2023 18:19:21 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:19:20 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 7/8] x86/sev-es: Include XSS value in GHCB CPUID request Date: Thu, 17 Aug 2023 18:18:19 +0000 Message-ID: <20230817181820.15315-8-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|CYYPR12MB8704:EE_ X-MS-Office365-Filtering-Correlation-Id: 891f227a-2fd4-4557-ce3b-08db9f4e7aa6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7021PuxzS4eQQj/4OobPzlDQeYxwIvq4HjCsVqtb4keGHNzPD5nUJoUuuxU3PLxsM3rpw94aeY9pMmhX4kd/GGtpL9vi3TMLx3rdpCSqkH0WdjA8nohCiyAVD2uGEIAneX0C+nGrd7Z0fzipbNQjxyJfUTIbXkdYkozeXiJurxmg0qBFgf9mnw8a71evHE5kk8zt9R+Q4gjqXvtfbxbDB9L22l6K7rz+tmPYr9+iXjfnhJ8wrCeY/psYDxNjkUSv+VtP3ClZx+sHdT8ah6uCEUopud/VKle31nhRXb4bzjTzBCU+HY1ynMSyr8l3Cte+jfOyK9VWLze+/f2hhXaIpxT/GSV6Q5XwAwTyBn6TdxHDWbq1aX0oD+Chr/JrnFuNbsrzJgnn+3lPChqI51+EEmdgvrl2zFoE3foHovDDXD+9BPpGAEPMUyOYppp5ZKpcWudGtaA34S2v4XXHWkkQLfiUZV7ivnV0Wdlx2hjK9WUa2ASiYWMmU7nJYy3KQ3tak9XUusSlz8qVKAGk7gNcGZpGJkXMqTn7J56d6l90KpAh2KNGMRuq0SoAUB1zTwaEJLVktzZvQJDt91Lp/V23w3zfTDxKM53CD+wi38FqTY9s1bOwVwmwub2EfQBGeMaSoTaahmcW+vkOZAcIPID6933aMrKY/tcq8js/2pDNTYjv0OL8U+h16qz1/6L/kBVs4QZNj2gHz+IMfeBHMpOixbLRJWxJGvUKVfZTd2WrpDCzFlH6O0NAmMaxe9GH+J8oRnaDgqGefkyIoNPWGeOPbQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199024)(186009)(1800799009)(82310400011)(46966006)(40470700004)(36840700001)(316002)(54906003)(82740400003)(356005)(81166007)(70206006)(70586007)(6916009)(5660300002)(41300700001)(36860700001)(44832011)(47076005)(8676002)(8936002)(4326008)(26005)(40460700003)(2906002)(83380400001)(16526019)(478600001)(40480700001)(336012)(426003)(86362001)(36756003)(7696005)(1076003)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:21.6449 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 891f227a-2fd4-4557-ce3b-08db9f4e7aa6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8704 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), the hypervisor may intercept and access the guest XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. The rdmsr instruction needs to be called directly as the code may be used in early boot in which case the rdmsr wrappers should be avoided as they are incompatible with the decompression boot phase. Signed-off-by: John Allen --- v3: - New in v3. Merged KVM support series and this single patch for guest kernel support. --- arch/x86/kernel/sev-shared.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 2eabccde94fb..e38a1d049bc1 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -890,6 +890,21 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, /* xgetbv will cause #GP - use reset value for xcr0 */ ghcb_set_xcr0(ghcb, 1); + if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) { + unsigned long lo, hi; + u64 xss; + + /* + * Since vc_handle_cpuid may be used during early boot, the + * rdmsr wrappers are incompatible and should not be used. + * Invoke the instruction directly. + */ + asm volatile("rdmsr" : "=a" (lo), "=d" (hi) + : "c" (MSR_IA32_XSS)); + xss = (hi << 32) | lo; + ghcb_set_xss(ghcb, xss); + } + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); if (ret != ES_OK) return ret; From patchwork Thu Aug 17 18:18:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13356854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B156C52D72 for ; Thu, 17 Aug 2023 18:20:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354323AbjHQSUA (ORCPT ); Thu, 17 Aug 2023 14:20:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354262AbjHQSTp (ORCPT ); Thu, 17 Aug 2023 14:19:45 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2076.outbound.protection.outlook.com [40.107.244.76]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 870D02D59; Thu, 17 Aug 2023 11:19:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FNyef8qIEJm3wKLob8tXe/Cn+nVQXszAKv8H+fhgjSXiM+HJCMbNHXNHyltpfEsAtWwWDedKgO7uYtUvn9TNZAMuC046/38ytxKjb+vHfmG0QFpErjr5KkhBIv7NgDOday5Xp4vMFQa8bbXY0Cd2rwCqNTC2MdK/InBP7xCcj/o8Ty3DlvIn6c2+/7OPIV2Cm+aoA9UKjuH+Y8kUN315tkVbZ1cC5RtrP6OKZDB0rSV2A5VkqEkoc5T1z+eJCKXjImCwtUBwYL730RKQhNMOYOdF666iMos1700+0mZqaBnPsy3lS09gAZ0D9d7qvgbGUiJTIUqgvr0bmOIeJJMGaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zz6O1fNahd5V0Ha9xhmSWOpUvgB48Xx9L4msBIbs8ok=; b=kEjnlJzEiEISYPqnhMoxbFYrXq4mylpFMjfXTQpe+H7ljDk/1ifrecPCBjzS3zB1Z1K3TGPrfwTAE0rs30nj0wf/0XHum46FkIWn1XP+RdxAoq6Pdp4sM9jMjOWgvj0KJS8pRFnzjBvS5scN0l92eXzTWAqei90WQjOdxQ3t1nXG3YO0YH2w5ihyNy7fWfmLa4flrm/fvgYy2tJivqIAv+D2e5t47xkwWRM+5nNqfP5CwfIFMDegUX3FcKpfOylhDSU4HGXxXSR6OzWwOJSzVqQETkaqunVWCdcx0mfF3J5e9qyvjUmuwP4jNXh4S8HcBSeEETvbRwViVCdpzBjRMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zz6O1fNahd5V0Ha9xhmSWOpUvgB48Xx9L4msBIbs8ok=; b=rmN0nJiU/A65ks/BDxVYp3eEcafmrNpDLKEtUuT0JgCcS3bpkJppNCUm1p4dUcxB91pq2gpJTQv1CLylX5e7RRsf8N47i5mBjzE7mM8OJHfxEq7AcASyqZKIA063TSOZkRvY32dzv5ZfN+ilWkOrCnnNECKilZJDmnFALzDejzM= Received: from SN4PR0501CA0120.namprd05.prod.outlook.com (2603:10b6:803:42::37) by IA1PR12MB8538.namprd12.prod.outlook.com (2603:10b6:208:455::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.31; Thu, 17 Aug 2023 18:19:41 +0000 Received: from SN1PEPF0002636D.namprd02.prod.outlook.com (2603:10b6:803:42:cafe::a2) by SN4PR0501CA0120.outlook.office365.com (2603:10b6:803:42::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6723.6 via Frontend Transport; Thu, 17 Aug 2023 18:19:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002636D.mail.protection.outlook.com (10.167.241.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6699.15 via Frontend Transport; Thu, 17 Aug 2023 18:19:40 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 17 Aug 2023 13:19:23 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [RFC PATCH v3 8/8] KVM: SVM: Add CET features to supported_xss Date: Thu, 17 Aug 2023 18:18:20 +0000 Message-ID: <20230817181820.15315-9-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230817181820.15315-1-john.allen@amd.com> References: <20230817181820.15315-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002636D:EE_|IA1PR12MB8538:EE_ X-MS-Office365-Filtering-Correlation-Id: e165db64-cabe-4191-c347-08db9f4e8600 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WeL2jEBPBii3PjZL6VmwBwa4AxIrzUUOMgnNsuCfT+k+pu5uVkCFXdURW7cUGKk/TFU+nvwFkfaQ08HAYekc0d0ARoW6e66SVL9eiLtjrf0MmOAieHmdtCVOB+Jquo+iYLZsf9LpGFO1UWT30q7mP7Yl4TH/yHEtTeFQd9zn+HhF0F/r0ckHzuVV8zA1hhiNtvPmtZtHl5vuxWOZ8/wVmEkwSpeEZVhkfslv504hJdXONFoC30W48GVwJeVA86i15Y+M7x4YbEkOVYD1OnxWQ/xQpOeXUZ2Bb8UjrL94tlyYkNY/qKH/XbPdvgVrRBzhQuqFw2sY+t0454qQ4PoCFEbR0j8TvAbRCyYzJo/JgJQjsyfH93h7pXnCaHd26MjyfYmyLggpAK61OmvU8IHM3U3xDF41IfDSzu3Dsn8DKZDAftM5m88HbZxljJ1r2iNiB+xBu0kTTTkvaIeWarD7G0iRZTLaYHrUj7pbCyHi9QaTfudGv7ZITg10piGqC8j5Hs0EV5Rk2oeDpknuSdxX31TcC2ThFNOl4O6PKkTtt8VIASDpalOiO9v4tqux1lJ5Sxfl0QXlh2FFrl/LzdT2nUeJ16zZ9UYi+xjOPdLvItVGvkzRGi7oe+ZKcGxZcxuX7y6MsEdvIf0de5hfBYd1zWaTbVn4Jkr4pE6c/JkR8x6rQwysgQ63SaDdVpJrIxZ1H30+t1MAdG/CuPQCK//rILzESGQB5clJMvE6KmkHVvKlZ4n0qrphHR/w9A2T2Tm2qkhjmfF1RuVTGtE0mQOrOA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(39860400002)(396003)(376002)(346002)(82310400011)(1800799009)(451199024)(186009)(46966006)(40470700004)(36840700001)(40480700001)(40460700003)(54906003)(316002)(6916009)(70206006)(70586007)(478600001)(356005)(82740400003)(81166007)(4744005)(2906002)(41300700001)(5660300002)(8676002)(4326008)(8936002)(36860700001)(47076005)(426003)(7696005)(1076003)(26005)(336012)(16526019)(2616005)(44832011)(86362001)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 18:19:40.6894 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e165db64-cabe-4191-c347-08db9f4e8600 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002636D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8538 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen --- v2: - Remove curly braces around if statement --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 683bf18b965d..685f8715a716 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5105,6 +5105,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + if (enable_pmu) { /* * Enumerate support for PERFCTR_CORE if and only if KVM has