Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp199124pxb;
        Wed, 3 Feb 2021 03:24:32 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw7l9EgMGnyDKlhfNN8SPYCG67zldLa2gIBhtM2uH9u/O0RLtUuYRHRVT0mJ4OPNysSXYVd
X-Received: by 2002:a17:906:805:: with SMTP id e5mr2679860ejd.104.1612351472158;
        Wed, 03 Feb 2021 03:24:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612351472; cv=none;
        d=google.com; s=arc-20160816;
        b=PGjmf4HROr2ty0NR78UEFt5h+q9vBIae4lciqvqGqc2d+f0PpLT4H0Y7rn/LnjOM3M
         o9QKyc24jWgzQ9TsxgtDsbbrkx6hWRhxOmg1X/1w+zr0xSN6BrjPdwmYVOqdXSmV6Pq3
         T8r1dl9HvHdQDizJlX0Xu3itCfgkAuLAoy4BgsOOGgxRT+uJuhTPUTaKlzQDHw+UWf0W
         5q3uI40P06aD2O2NgtXrqpI8o2Ow8J83OSisA//kTuwybhUoBe5dm8+hvuDYD/J7FBnA
         g2/UnWehHJRpnGNZ2GhMTIPw7HvNvffmuNK+HANjrJepYYxEEwqX3+EXOE7ErBiLKbn6
         +EUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:in-reply-to:message-id:date:subject
         :cc:to:from:ironport-sdr:ironport-sdr;
        bh=pPIlYuRM0h1r1JshsjQd8esXcH9MYjURBFZAQsCauMA=;
        b=jF1dy06coZXCfb7zvw2dHFsCvmBdalGOdn7ChZcOop0lRVd0aQRoOgv5koAKa7sfdI
         03tZf7u0k8M0mfbf4s3XY34dxWFA+25zrmxMPq4US3hy4/JFRWSlY3R206oqk6EBK7Gb
         L+zzdb0JO3nV8HvfFBlxyseTkx6DoNa6eeNMjngLALxggdosuArRTSVDejGx8Ir5D1rm
         wpBVn1bHKv4n6R+mD3V+eM5UcvEO2ZINj3/zLnPZChLB9+z8MSgChQKxrn4KSXYFjJTy
         z7q2by1hd169IwRYlncpBMJRDJnrWGAlpLE7F7PFSnpVlqHt+JIlpTZnJ6No4Y4YNTgB
         ZbYg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y14si1124848edm.154.2021.02.03.03.24.07;
        Wed, 03 Feb 2021 03:24:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234193AbhBCLXG (ORCPT <rfc822;lkmldmj@gmail.com> + 99 others);
        Wed, 3 Feb 2021 06:23:06 -0500
Received: from mga01.intel.com ([192.55.52.88]:28325 "EHLO mga01.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234116AbhBCLXC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Feb 2021 06:23:02 -0500
IronPort-SDR: sggTV0+etuRJmIMt16bAMm70pfBkCVCHAT/IYZ5X8HXgW1U/ACDdcg+uTg3EfwaeIXmPBt6V1O
 FGwDJoxqVQ0w==
X-IronPort-AV: E=McAfee;i="6000,8403,9883"; a="199981262"
X-IronPort-AV: E=Sophos;i="5.79,398,1602572400"; 
   d="scan'208";a="199981262"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2021 03:22:12 -0800
IronPort-SDR: 50jYEXoZRq6Xq1+aXeb2z+cZ6+FKiEuQ/iJ2HYLq5WsBvkom41LNDewIxgetUnOLEXsi+Isw2g
 UnABJQ1RI74w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.79,398,1602572400"; 
   d="scan'208";a="480311113"
Received: from unknown (HELO local-michael-cet-test.sh.intel.com) ([10.239.159.166])
  by fmsmga001.fm.intel.com with ESMTP; 03 Feb 2021 03:22:10 -0800
From:   Yang Weijiang <weijiang.yang@intel.com>
To:     pbonzini@redhat.com, seanjc@google.com, jmattson@google.com,
        kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     yu.c.zhang@linux.intel.com,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Yang Weijiang <weijiang.yang@intel.com>
Subject: [PATCH v15 03/14] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES
Date:   Wed,  3 Feb 2021 19:34:10 +0800
Message-Id: <20210203113421.5759-4-weijiang.yang@intel.com>
X-Mailer: git-send-email 2.17.2
In-Reply-To: <20210203113421.5759-1-weijiang.yang@intel.com>
References: <20210203113421.5759-1-weijiang.yang@intel.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <sean.j.christopherson@intel.com>

A handful of CET MSRs are not context switched through "traditional"
methods, e.g. VMCS or manual switching, but rather are passed through
to the guest and are saved and restored by XSAVES/XRSTORS, i.e. in the
guest's FPU state.

Load the guest's FPU state if userspace is accessing MSRs whose values are
managed by XSAVES so that the MSR helper, e.g. vmx_{get,set}_xsave_msr(),
can simply do {RD,WR}MSR to access the guest's value.

Because is also used for the KVM_GET_MSRS device ioctl(), explicitly
check that @vcpu is non-null before attempting to load guest state.  The
XSS supporting MSRs cannot be retrieved via the device ioctl() without
loading guest FPU state (which doesn't exist).

Note that guest_cpuid_has() is not queried as host userspace is allowed
to access MSRs that have not been exposed to the guest, e.g. it might do
KVM_SET_MSRS prior to KVM_SET_CPUID2.

Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/kvm/x86.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 30a07caf077c..99f787152d12 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -110,6 +110,8 @@ static void enter_smm(struct kvm_vcpu *vcpu);
 static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
 static void store_regs(struct kvm_vcpu *vcpu);
 static int sync_regs(struct kvm_vcpu *vcpu);
+static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu);
+static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu);
 
 struct kvm_x86_ops kvm_x86_ops __read_mostly;
 EXPORT_SYMBOL_GPL(kvm_x86_ops);
@@ -3618,6 +3620,12 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 }
 EXPORT_SYMBOL_GPL(kvm_get_msr_common);
 
+static bool is_xsaves_msr(u32 index)
+{
+	return index == MSR_IA32_U_CET ||
+	       (index >= MSR_IA32_PL0_SSP && index <= MSR_IA32_PL3_SSP);
+}
+
 /*
  * Read or write a bunch of msrs. All parameters are kernel addresses.
  *
@@ -3628,11 +3636,20 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
 		    int (*do_msr)(struct kvm_vcpu *vcpu,
 				  unsigned index, u64 *data))
 {
+	bool fpu_loaded = false;
 	int i;
 
-	for (i = 0; i < msrs->nmsrs; ++i)
+	for (i = 0; i < msrs->nmsrs; ++i) {
+		if (vcpu && !fpu_loaded && supported_xss &&
+		    is_xsaves_msr(entries[i].index)) {
+			kvm_load_guest_fpu(vcpu);
+			fpu_loaded = true;
+		}
 		if (do_msr(vcpu, entries[i].index, &entries[i].data))
 			break;
+	}
+	if (fpu_loaded)
+		kvm_put_guest_fpu(vcpu);
 
 	return i;
 }
-- 
2.26.2