Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <7fbd23c3-403b-f7c4-27d9-f3368c299435@intel.com>
Date:   Thu, 4 May 2023 14:51:24 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Subject: Re: [PATCH v2 21/21] KVM:x86: Support CET supervisor shadow stack MSR
 access
Content-Language: en-US
To:     "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
References: <20230421134615.62539-1-weijiang.yang@intel.com>
 <20230421134615.62539-22-weijiang.yang@intel.com>
 <175c826d59f1ac77fa588908d3768ffc2e79268e.camel@intel.com>
 <c9747bd0-2a1e-a7ef-4775-b5ca7c00b24e@intel.com>
 <04be1306737a8db851874ff9283401d67edb34b8.camel@intel.com>
CC:     "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "john.allen@amd.com" <john.allen@amd.com>,
        "Christopherson,, Sean" <seanjc@google.com>,
        "pbonzini@redhat.com" <pbonzini@redhat.com>,
        "peterz@infradead.org" <peterz@infradead.org>
From:   "Yang, Weijiang" <weijiang.yang@intel.com>
In-Reply-To: <04be1306737a8db851874ff9283401d67edb34b8.camel@intel.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cTVueTJFQzRBVU02ZWNQcTR0R3UwWEM1ZzFUNi9CQWRvV2ZvRGluMHNiQjVy?=
 =?utf-8?B?TjZhNkNXQ0hrQ3dsMGxBVHNFNFEveFNqeTVQWnZLT29kWUlpRytLUHNZOWoy?=
 =?utf-8?B?ZWJYWUlpYzYvVjdWWHhnRkRQUWtOaG1Lb1h3eXcvalhPYUYxSDljRUlrUm5R?=
 =?utf-8?B?Z2VLSFh6QWFncnFnM09TbnVJWnFLbHJZQmpZbTE0ZUpiUTFwUy93K0VJN0V5?=
 =?utf-8?B?bDBwUUhLbFd3UlFHU3lieEF6WVpodTVYQ1ZTUVFZK05UMG9mWFgxSzJmVVFQ?=
 =?utf-8?B?RjdZaHF5Y0RqbnhHK2FJY3RYTXNjNmtKTUNobDVCN0Yyd0YxN2xsSDUxZXJV?=
 =?utf-8?B?SWtQL2E3ZUpqOWJwQkJRVXpJbDFSbGozZmE3RnRzZHpBTlQ4VjZPOHdaTFJR?=
 =?utf-8?B?YUpXdkltSVhOblptWnJTM2R6SWtOWE15ME5kRVZPc2NpRkR2ZXlMZVZOY2Vv?=
 =?utf-8?B?RWZIbkRybE9nL0ZZT3k2dUx5d2hQSlB1cm1uT1JWaG55bGtpTXUrY1E2YVVp?=
 =?utf-8?B?aWlGN05XL2d0bFovNVp1Rjd1ZUhwRU1pYnBhRjFhY1R6N2ZGL1Q4WkNmWHFJ?=
 =?utf-8?B?TVlBTUJVa1pUZkt2bjFGZHVXWk5Ta3AzT2FzanVzR1Rqb3pVMlRXcks0UDFv?=
 =?utf-8?B?N05XbkZXM0VGMEs0bU5tS2xFYzRXSkhueUtlQTBGSVlxZ0pTdEtUWCtTVEwx?=
 =?utf-8?B?V29nUXp4QWhaSWFBRDlUdTFWMDdVTjVPb0tFaG9VMTVwdVdwMFg4ZjgvOUhW?=
 =?utf-8?B?cnEyWWxUeDNmNXBEc0sreG1xSU9ORktTTm8yMGR6RmtvQXJTMTd3RkxONGxF?=
 =?utf-8?B?Y056YVhZdEs5Q3luTDNlUzRWREx1NDEySTZBeUNXYkVUSVVyZ21xZ0sreGo3?=
 =?utf-8?B?Zy9uWjRXQ0huZmI4bCsybzRwcDZFYzNpenVMNnJJd1lpa1ZkTXRFMmlFQXN6?=
 =?utf-8?B?OFVvcGxxWFZmb2NLd1BHWVlwbHl4bGd4ZjZEM3VVOGpPSXY0MnczZ0lBbmZS?=
 =?utf-8?B?N2h6aGhvZ2tNbnlIeURSMmYxZW84M2FOSnd3aGpKMTFmL0VDNmpLTjlLZTRY?=
 =?utf-8?B?NE51WU1xdVNIMUJpU3NLY1U1aXk4d2hNbFpuQWxLdUx0Q0JJSUNNNUZ1c3V4?=
 =?utf-8?B?UUNaQTdoSEZZSWVXYmZNMHBjRjY5MDMwREFCN0RZc1dtNS8wbVZTb09EbDNO?=
 =?utf-8?B?Ujh5clA4RGErR0VvMzh5RXl2WXRyL05iVDQrcVNBT3crTThVY3doSkFVN0t5?=
 =?utf-8?B?dzB6VnF1RzZXV1hzRm5JeVNHWUtCOXI0ZVZXeVBpUythVHpyelZ0RWJuRm1M?=
 =?utf-8?B?b2ZYTXlGRkNXbG5rdnRvVzVZaGpaOGhSM05kMVdIZlFiYkU0VkFZYjByMFcz?=
 =?utf-8?B?ZUJhVWZzVzQ0NlcvQWl1aEV3bzNFUUNaKzAzU0Z6Z09DL0lIL2RKSTNCTGhw?=
 =?utf-8?B?ZnZHQUNHVzF6TXJkZloxekRZaUxONzJmN3RGQTRtMnFIcUZxWFo5Qm9qc1Jk?=
 =?utf-8?B?QlVYdXkxS3hGZ0s4WVFzVTFVUWlrY1FiL3lGenkyRGhNL29CVzlZeU1QWEhS?=
 =?utf-8?B?bGEybUxENFkvdlUrSFNYMWpweVRYbnozNS9yd1RvbEtxcytwMUg0RGg0TEJ3?=
 =?utf-8?B?YTI4eWdTandkM3UxaEppbXJXVWJRVTNKOUtvelQwRkJnZ3ZrbmkvRlpMNk80?=
 =?utf-8?B?anY5TnR3cFE0Ylg1Z093VkZwbWdTd2xjeVBGQm01WUdoMC93UjBVSDJaSWpG?=
 =?utf-8?B?TnFvYlNBeDhLRlFXL1Nic0QyS0hmU1JtZE1RMm9SWXZlbmNzMlBXcWV5cEdB?=
 =?utf-8?B?ejlBZS9vKzUyaTl6UHFhUlBWVTJGWUhkcmMySXgxSFg0UVJSVDBTcDNvcFli?=
 =?utf-8?B?L2d3ZXpjU1B1YTNxekRSbFFBS0tQWGE0ZHUvT3RZakM2SDY0MXJHVlgxV0cx?=
 =?utf-8?B?VHRDazVyVFd5djAzNitUekd1eGF0WjE1R1h5alJvdFV2Z3N6YVdtTUgrdS81?=
 =?utf-8?B?WUhBZGNRaEdQQnhGWFNhL2d5MGZGTGVWbEx4YUdMYVVSaytva1JaaUJGaFJa?=
 =?utf-8?B?NnBvOTV4dnVUakJqZGt5MHlmTGtYbFpKZFVFMHRQaEVtNTcxQ2tBaHh5QTVi?=
 =?utf-8?B?Q21FZXpuWlZDL09JK29qRng3SVVRcXM1NHZ3dVpUTmE0UHRWV01Hb05QNk92?=
 =?utf-8?B?Z0E9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ac88eb7-6230-4ecf-3836-08db4c6c0071
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4965.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2023 06:51:35.3639
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5EuoMJvL0U7EczBDSW87NXjGYRQ7AIT//zgupyP+YiPe6nlqT9M9OXEXfrK58WK02u9gVz9uZdcRmeSXBfJeeQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7724
X-OriginatorOrg: intel.com
X-Spam-Status: No, score=-8.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,
        URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 5/4/2023 12:17 PM, Edgecombe, Rick P wrote:
> On Thu, 2023-05-04 at 09:20 +0800, Yang, Weijiang wrote:
>> On 5/4/2023 1:07 AM, Edgecombe, Rick P wrote:
>>> On Fri, 2023-04-21 at 09:46 -0400, Yang Weijiang wrote:
>>>> +
>>>> +       incpt = !is_cet_state_supported(vcpu,
>>>> XFEATURE_MASK_CET_KERNEL);
>>>> +       incpt |= !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
>>>> +
>>>> +       vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB,
>>>> MSR_TYPE_RW, incpt);
>>>> +       vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP,
>>>> MSR_TYPE_RW, incpt);
>>>> +       vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP,
>>>> MSR_TYPE_RW, incpt);
>>>> +       vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP,
>>>> MSR_TYPE_RW, incpt);
>>>>     }
>>> Why is this tied to XFEATURE_MASK_CET_KERNEL? I don't know how the
>>> SVM
>>> side works, but the host kernel doesn't use this xfeature. Just not
>>> clear on what the intention is. Why not use
>>> kvm_cet_kernel_shstk_supported() again?
>> I don't know how SVM supports supervisor SHSTK either, here just
>> follows
>> the spec.
> What aspect of the spec is this?

I assumed the supervisor SHSTK states are backed via XSAVES/SRSTORS with

XFEATURE_MASK_CET_KERNEL set in XSS.  This is arguable since implementation

is not determined, but XSAVES is an efficient way to manage the states 
compared with

manually save/restore the MSRs.

>
>> to add the dependency check. Maybe you're right, I need to use
>> kvm_cet_kernel_shstk_supported()
>>
>> in my patch set and leave the work to SVM enabling patches. I'll
>> change
>> it, thanks!
> Oh, I see the the SVM patch [0] is adding XFEATURE_MASK_CET_KERNEL to
> kvm_caps.supported_xss as long as kvm_cpu_cap_has(X86_FEATURE_SHSTK).
> And it does not look to be checking XSS host support like how
> kvm_caps.supported_xss is set in your patch. It should depend on host
> support, right?

Yes, it should rely on host to back the states as long as the supervisor

SHSTK MSRs are implemented as XSAVES/XRSTORS managed.

> Is that the intent of kvm_caps.supported_xss?

Yes, it's used to indicate all host XSS supported guest features.

>
> Separate from all that, the code above is in VMX, so not sure how it
> affects SVM in any case.

I was confused a bit. Yes, the pass-through check is specific to VMX, 
there could

be other implementation in SVM.

>
> I might be confused here. The code just looked suspicious.
>
> [0]
> https://lore.kernel.org/kvm/20221012203910.204793-8-john.allen@amd.com/

IMO, above patch is not necessary as  kvm_caps.supported_xss is 
initialized in x86 part and

shared by both SVM and VMX.