Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp15738399rwd; Mon, 26 Jun 2023 00:09:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4uy73GfDRxd/t2k6kHVVQbntHtbYbQgqs1l5aBwDbOnYqctviz3aZ4KGjukNBGqUKEw1u5 X-Received: by 2002:a05:6870:7690:b0:1b0:3f7f:6733 with SMTP id dx16-20020a056870769000b001b03f7f6733mr1572982oab.44.1687763355559; Mon, 26 Jun 2023 00:09:15 -0700 (PDT) Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g10-20020a63520a000000b00542d3727da9si4548270pgb.464.2023.06.26.00.09.02; Mon, 26 Jun 2023 00:09:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fSSVK4G3; arc=fail (signature failed); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229571AbjFZGsv (ORCPT + 99 others); Mon, 26 Jun 2023 02:48:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229530AbjFZGsr (ORCPT ); Mon, 26 Jun 2023 02:48:47 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AFFE1A7; Sun, 25 Jun 2023 23:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687762126; x=1719298126; h=message-id:date:subject:to:cc:references:from: in-reply-to:content-transfer-encoding:mime-version; bh=G4xIFCnajOeaXMdjLnqoOt4RN0FFcIV6Du8Dt+aKcmU=; b=fSSVK4G3pYsVnLpErx5hSKIqzTTbdIaQCS16bvUtG18KK8z0dbyQLP97 +F1Au/q+Ck3eDlP1raAtFkLCpDJS/fEXJK87bbGCyo95XUUVRruCN2W0+ 6wnvZiGTTbLidLXDpQkkmPKP8VMAIa203wKsJDps0h805CAQrWlWQgA8q /xTY0D8bmkY+iqSiDP/8GeajIZn3WNTyXEyzTNyrITAeH+mtbG1K2MKPv xtpE3RRBQEI67G7khkvR9+E98k/Hx1TI9hY/ppXdUd4LspTIoVxl2XngP +3KyktUHBPK4X9XjL5XHVSRa83R/fO6xF3+bTrnuMzZkKH+9aZnaADrVq A==; X-IronPort-AV: E=McAfee;i="6600,9927,10752"; a="361232425" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="361232425" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2023 23:46:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10752"; a="666183801" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="666183801" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga003.jf.intel.com with ESMTP; 25 Jun 2023 23:46:39 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Sun, 25 Jun 2023 23:46:36 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Sun, 25 Jun 2023 23:46:36 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Sun, 25 Jun 2023 23:46:36 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.172) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Sun, 25 Jun 2023 23:46:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jhHk452e+oYMMTDYBZi/YseSH8Lu/eo7m5/h7VBvyOyTCvIukhWOn0bF//i7ltzjPaTDOGv7/Nd/njRGpovSCmBRWDUEFNJ4XMlKarbEYQnc6o+nOB3zpquCwpISFyLzt7zTtakuJIwojFTZhsFW8YJO8PRbCsA+aq23TI5qSAXLmMDZ90ajLTkb+PD2+MzgWagi0YNl//CJ0IoU7eBfMho7b4+Xiv/wpej5TJYg9Y64wP+pRLkD+X3X899DQzR6NOEvtbRFFTW8cr4ioF5w4OQyMplgb3o7t8rFtyIYefsooTISkIYC69D5DKkcaM40o2/STG1EnQ8QAS17od9s4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kTcCXcREA5A39GmO6MVtvQOyk9q4BfFVENPy7cBdLA8=; b=WFd3l765lGsVNmv6CugQ86GiuVr0e9R4HMALYKbXjJQS1etNMSS61O4x7vNX+dbjE0Ny1z5UbYD6fXk83BoGLKWpPi8QyR/yVkWADqFoR7H47bMdFfbw3RXzZv+UREn7J/n7i5IE9GiMonktN5Q5MpI03fCpIGE0da9OIQcedEU/Kli5FtoYmRZgbuxBu4K29OhMs/5cgIpAvVWjH7LGLk5JJFvLwYsnr+ILb7x9qCGoO+BPN4KHP29ocfbfyhubHFt5ssPsCQ8NhHOSGhj2sPIWgl6y+gq7qlAXSyokLpsNhKZgY6uIJJm3+gXdhgaL25Dc6LYXIVXkrRhCzjpA4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from PH0PR11MB4965.namprd11.prod.outlook.com (2603:10b6:510:34::7) by SA2PR11MB5019.namprd11.prod.outlook.com (2603:10b6:806:f8::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Mon, 26 Jun 2023 06:46:31 +0000 Received: from PH0PR11MB4965.namprd11.prod.outlook.com ([fe80::4707:8818:a403:f7a9]) by PH0PR11MB4965.namprd11.prod.outlook.com ([fe80::4707:8818:a403:f7a9%6]) with mapi id 15.20.6521.023; Mon, 26 Jun 2023 06:46:31 +0000 Message-ID: <05938690-53f4-0173-9f3b-5acc729982a4@intel.com> Date: Mon, 26 Jun 2023 14:46:20 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 00/21] Enable CET Virtualization To: Sean Christopherson CC: , , , , , , , References: <20230511040857.6094-1-weijiang.yang@intel.com> <147246fc-79a2-3bb5-f51f-93dfc1cffcc0@intel.com> Content-Language: en-US From: "Yang, Weijiang" In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: SG2PR06CA0225.apcprd06.prod.outlook.com (2603:1096:4:68::33) To PH0PR11MB4965.namprd11.prod.outlook.com (2603:10b6:510:34::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR11MB4965:EE_|SA2PR11MB5019:EE_ X-MS-Office365-Filtering-Correlation-Id: 315702c7-188f-43f9-f1f7-08db761112b4 X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: glrOQw9G5TgrODOwkTTJIxJNjanIc0He9OiPlJXhFXmlI0Wcpjmo93j/Per1RUevBiMaSegFa3nXSeFsWZdUA9aTrz/sHfRZJ8U+VJZbrq47H9iN41j2b20gSn0yS5ZbOFR5H1SxT0WLaYrW2gheVe/W8ycQmrFZVxK39NayKDW9BZbjjSQD5APgFh/L66bTNvjBAJfho28+PfnfxKdJIzgZxotevJon9WftCQ1iV2w/3GM/URdGHP+ZtVOw16ZUij3WQBwtZyZZeZEWsKstnMoPvQTswks2SgBtrguuvqV/fm8rphFUbJSn77HELD1vysyTxwn+ZBKc2y8HrKmY95N2DDpaNf6ZLIyz3J8uuG3Q2y91+zd8EpBSSbCkp/ZAHB1V8u7StuS0vD0sixIXFrnMWvWZpipnkOTNVazLzP9gOlql/cm12t1RvmTPNF0RbPSichLH7FkJRhwhQYfXKNxbdTOI/Dq/kgiZK+4VZ7Hw8GQwQH9Okabx9qA8E6TS9zQEcz7BW7rPe/8teUQrQXnhriq8p5BvPy31t1uqLw+Ni+gnbZ7fN71NJoL26FG2cYLEYlP0IcOgXs+c1PNlGwLo0ULdxSayfSRTBzba1h9vPsEf/wRDJV8Qm29U+lIXzYU8cix289/MqxjNV4pWFQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4965.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(396003)(366004)(346002)(376002)(136003)(451199021)(2906002)(26005)(186003)(2616005)(38100700002)(53546011)(6512007)(6506007)(5660300002)(83380400001)(41300700001)(66556008)(66946007)(66476007)(8936002)(8676002)(36756003)(31696002)(6666004)(82960400001)(6486002)(86362001)(4326008)(316002)(478600001)(6916009)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NDZzV2JDNG9Dcm5sTmxrMlJJQUpaSlVxZXRLUEdCRkRsSTNodFBJeGsxRzlV?= =?utf-8?B?dVJhWXpOU1p0QmRHTC8yUE5DdUMxV0huSFFDSUdSRUlLdWRpbGx0UEVxVldO?= =?utf-8?B?MU9WWjYwMWJKOWhzYllrRWJqcytWTXlobGlJRzhYWEltYmhVcUJMQnBKVkVX?= =?utf-8?B?TFp6SlIvSy9PMHpYN1h0dVVzZjVRUXVkQmdMczNzUWNDOGw2UXFQKzRxM2dS?= =?utf-8?B?Q05adzl2bUdnMmFuemxJbUpzUDNQL2F5QTh1TWZsL3BLNXVFa29WTXFIWjcw?= =?utf-8?B?eWU1RGJKcExlL1Z3K25VY3BWV1VVTnVkamVNdlhrZWtrVSs0akZQSDU5VTZ3?= =?utf-8?B?SEdUQndxdGRIYU9KejRUTFUrUzZBdUJTQ2p6RVZHM0NTUVcrRmNBdDAzbmtF?= =?utf-8?B?RFVGUFdOVUZiWDJ3UWFjTXRUei9aaldhcGZzZDVxdnR5UXRTQkNpVFA3UUlk?= =?utf-8?B?MXRSVUdsQkRkeXF0djBZazNRZThySU9jc1NyR0V5c1dRZVVRNEk1azVTK2xh?= =?utf-8?B?Zkt5M1o2NWVJdUhLdkZGMk53b3l3UXp0Rjl5NzZOcklaeW1NTnk1UFlwZ2dt?= =?utf-8?B?dmFLYm1wanM0M1Qrb1NrYlFPYU44V3Y4S1piSWx5Zzl1eXdOc0ZFeTVzVlZO?= =?utf-8?B?NFBBTjlib2ZJSHNSSzJNZms5SERjQzVLQzlxU05mbTc5elBIbjJwQnd5VGYv?= =?utf-8?B?WDd1VEZoOFNXSytJN3lkRGxDU2dzbU91c1FhK2JRdW1jL3F6bzE5WGJTb0hK?= =?utf-8?B?M3JJZFJCTEFCNG1RTjZXT0RtME5ETElLa3RTQU5FS1RoTnhUTUQrY1BEVVA4?= =?utf-8?B?czdBZVJvY0lmOHlNblJ1ZGdMYTBtMjIyNFNhWmVGeGcvSldka0JaNnFibjZU?= =?utf-8?B?NjhuWWhWazFPOCszWUdXV3BPU0UwU3BHQW9DN2huOUFKK2ViWC9vU01lZFhT?= =?utf-8?B?Q2ZPUEl2WlArUmFpcXNYZW5FZmljLzN2NSt0Y1RWcGdubDVvTnZsclpMUXZB?= =?utf-8?B?Ujk2aHM3VXlVMU9MTGNQQ0loSlU2Wm81UlE4UWpZQ09GRXE0YUdkRHZMUHJL?= =?utf-8?B?UTZJMlc1bWZiVVlDQW4rYVJ6em5zT0dpUFJVZXQ5dmVWMkJSTXNLa2VmWE1J?= =?utf-8?B?WTRKNlExeVp3eWJxQ0M0RFpTbEVqY25LZWhSUXZoQlZnKzV4WWRaV0hRZG5a?= =?utf-8?B?NHVlRFlKUGFsdzFNbmUyZ0Qzb0pmdXRHUjhkVXVYVXAyUjVjd3hiZlprUXhI?= =?utf-8?B?d3pFMjk4NWM0VEJrUVFyV1ZVYWNZaG9Xa3dvRkpWTW1lZWlWdGxGMWdKUzFF?= =?utf-8?B?ODA3UWp6L1RNYVVjVXRMQnlPdkpoekNyaGhSQk8zWVJjRjBGOGhTZVgzSzhz?= =?utf-8?B?VmE3elc2V0lGT1dFWnhQVkFuYU1Wb21uVlBtQjBBems5ZDl2aERTUDRFMkpu?= =?utf-8?B?bDBxbjBySGd1VXV0Rk8yRkhUN0FDaFM5eFBWeUF6eWVFYXU1V0dlekk1U3Fj?= =?utf-8?B?YVFnOGg3YStmSlNWbFpsaU9JdTB1Q0hmTDA3cDhuMnJRWndmZVBXdWlMZ0JT?= =?utf-8?B?R0g0OWlaRTZoOUpwNVZsQnJqNFNKU3l6WEVnQWhFV3JmcFRRSEk2eUtPN2J6?= =?utf-8?B?WHQ0ZnJmN2dQNlBVeHg4V0FmT2Naa0FhSkcvVDQxODlzVk1PK0haUTIvSVF4?= =?utf-8?B?VElPbGYvMEM0MERCMVVOaEY0RFp6bitGVVFNK1BHQS8vWXZ4QjR6TlF2cUp3?= =?utf-8?B?UHVXQnp3SEE5ZThUL3dVV2tCVFJabzNqYmJ6ZzB6SFZ1RjluaTZ2QlZoR08z?= =?utf-8?B?UllJTHh5dE9DZmZVNU00SW5zZGFPT2RkaWt6UUU0cnNBVWk0SFI0eTg3NUFK?= =?utf-8?B?YTNXTUhXcW5Xd1NodDU4bjllb3h1TlFqMHlPL1kwNnJjTXZCRTJNLzN2bFBK?= =?utf-8?B?cHhGVm1MQ1h4ZEp6d1VRTWh1QmRRak16VG5VaWFHL2RNMmdIbEU5Y0VJNVB0?= =?utf-8?B?MFBIZVlUYXlIKzJnUVdLU2FHbkZZazdhVU5nSDhNMWxWWnE4TVpaVlNtcE9J?= =?utf-8?B?cnFSWWZ3ajhOb2NDNW83Y3ZuVkRxdUVhV0Q0bW9yRXdHQi83cDd2UjBKZzFS?= =?utf-8?B?M1lsVVZQbW8xR2MwdXhucG8zeDhLeU54OWtCVnp4cDZIZkEyQnpQQ1ltSU44?= =?utf-8?B?N0E9PQ==?= X-MS-Exchange-CrossTenant-Network-Message-Id: 315702c7-188f-43f9-f1f7-08db761112b4 X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4965.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2023 06:46:30.7244 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9QEodK30OxER0kh9MAqGRsyKjWAtfzIqRPdtaluMXksEq/atGn7rdFCPicd7eS1beaBCYPVZsR/tRgFusmmcdA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB5019 X-OriginatorOrg: intel.com X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/24/2023 4:51 AM, Sean Christopherson wrote: > On Mon, Jun 19, 2023, Weijiang Yang wrote: >> On 6/17/2023 1:56 AM, Sean Christopherson wrote: >>> On Fri, Jun 16, 2023, Weijiang Yang wrote: >>>> On 6/16/2023 7:30 AM, Sean Christopherson wrote: >>>>> On Thu, May 11, 2023, Yang Weijiang wrote: >>>>>> The last patch is introduced to support supervisor SHSTK but the feature is >>>>>> not enabled on Intel platform for now, the main purpose of this patch is to >>>>>> facilitate AMD folks to enable the feature. >>>>> I am beyond confused by the SDM's wording of CET_SSS. >>>>> >>>>> First, it says that CET_SSS says the CPU isn't buggy (or maybe "less buggy" is >>>>> more appropriate phrasing). >>>>> >>>>> Bit 18: CET_SSS. If 1, indicates that an operating system can enable supervisor >>>>> shadow stacks as long as it ensures that certain supervisor shadow-stack pushes >>>>> will not cause page faults (see Section 17.2.3 of the Intel® 64 and IA-32 >>>>> Architectures Software Developer’s Manual, Volume 1). >>>>> >>>>> But then it says says VMMs shouldn't set the bit. >>>>> >>>>> When emulating the CPUID instruction, a virtual-machine monitor should return >>>>> this bit as 0 if those pushes can cause VM exits. >>>>> >>>>> Based on the Xen code (which is sadly a far better source of information than the >>>>> SDM), I *think* that what the SDM is trying to say is that VMMs should not set >>>>> CET_SS if VM-Exits can occur ***and*** the bit is not set in the host CPU. Because >>>>> if the SDM really means "VMMs should never set the bit", then what on earth is the >>>>> point of the bit. >>>> I need to double check for the vague description. >>>> >>>> From my understanding, on bare metal side, if the bit is 1, OS can enable >>>> SSS if pushes won't cause page fault. But for VM case, it's not recommended >>>> (regardless of the bit state) to set the bit as vm-exits caused by guest SSS >>>> pushes cannot be fully excluded. >>>> >>>> In other word, the bit is mainly for bare metal guidance now. >>>> >>>>>> In summary, this new series enables CET user SHSTK/IBT and kernel IBT, but >>>>>> doesn't fully support CET supervisor SHSTK, the enabling work is left for >>>>>> the future. >>>>> Why? If my interpretation of the SDM is correct, then all the pieces are there. >>> ... >>> >>>> And also based on above SDM description, I don't want to add the support >>>> blindly now. >>> *sigh* >>> >>> I got filled in on the details offlist. >>> >>> 1) In the next version of this series, please rework it to reincorporate Supervisor >>> Shadow Stack support into the main series, i.e. pretend Intel's implemenation >>> isn't horribly flawed. >> Let me make it clear, you want me to do two things: >> >> 1)Add Supervisor Shadow Stack  state support(i.e., XSS.bit12(CET_S)) into >> kernel so that host can support guest Supervisor Shadow Stack MSRs in g/h FPU >> context switch. > If that's necessary for correct functionality, yes. > >> 2) Add Supervisor Shadow stack support into KVM part so that guest OS is >> able to use SSS with risk. > Yes. Architecturally, if KVM advertises X86_FEATURE_SHSTK, then KVM needs to > provide both User and Supervisor support. CET_SSS doesn't change the architecture, > it's little more than a hint. And even if the guest follows SDM's recommendation > to not enable shadow stacks, a clever kernel can still utilize SSS assets, e.g. use > the MSRs as scratch registers. Understood, thanks!