Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp319395rwb; Fri, 4 Aug 2023 13:17:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFS7ZNAGxmGSE2LOvPbuMAsgkbTvzF114srbVXs0oTVD/Zr8JwLTZEdwg45CDrmlsF3gBRw X-Received: by 2002:a17:906:153:b0:99b:f58d:1c49 with SMTP id 19-20020a170906015300b0099bf58d1c49mr2657322ejh.53.1691180265653; Fri, 04 Aug 2023 13:17:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691180265; cv=none; d=google.com; s=arc-20160816; b=maQPyp6E5aoo70FVOMAF+Fhxs59xRCDdYLyCqE+RJRbunak43ul27mNjQfEJnwI71L FRIIchLFo+9fuJQGf8oIMyNjCtwkdoHa7o+VqRwJbbv3zfZojqHESO5J1j9W1ClCcGtc zq/NFE5goP6PQS4igJ+qrmsgVqvWZExaedZ4bsD1g0L1ZB8E+Kp1DWFmTIMHtLOBQ0CA 2BTwDpGlOlGGC+LC9PNen2K5SJbS4LdK5rTfoPDKTz+Rb1PX/HBgznpEhDBq5kcvJHeJ aCL9ZSkRRfsDgxuOKlKifuTmfzzzV+5NCqABYjHieLLZMnMCFdg/cMH1KHQL4TEl3gFh JsZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=3eYV/qmJG0sbl9kIxGw8mmbJssqpCy9LZDQ3FKzw738=; fh=6aYc5I3EHZT1Tvc+w1xq3NrPpXkoduYaeW9hdediv0Q=; b=ZMFNhIYLd47zSvgk1JJPmzxNevqJXtNUDUzaMKK92hVjMFFCrW4tfBHifZNrIhtX6S 8OpG+Z66r87qWIaYrmh2++P1G/doQTTBz7giZsHlZU4vfjLcrBfvjC26+6r2RMplUWgw 0xmiSyV/WY4kTydrVG8utvxHKHL6wiPkL9w/woTyjYceb/a+tBsYcnxjXpya+ME3WlXn epWCnamleUAfzTTgD8sZdIDkXfisRzaBcZjHpdZkutig1CBYdXK0zOU/iTGHuXZ5O/qX 4i5JdRmdsr+Fpf4vxdQMRLBMXXwmg3ZMiwCGJSbSiBMv4SDiOG6BrTYZ1t3scCUKriIz rojA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=4kMAPIpu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x11-20020a170906134b00b00992e51fe33bsi2189779ejb.118.2023.08.04.13.17.20; Fri, 04 Aug 2023 13:17:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=4kMAPIpu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229921AbjHDSvG (ORCPT + 99 others); Fri, 4 Aug 2023 14:51:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229676AbjHDSvE (ORCPT ); Fri, 4 Aug 2023 14:51:04 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 102BC46B2 for ; Fri, 4 Aug 2023 11:51:03 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-585f04ffa3eso27340917b3.0 for ; Fri, 04 Aug 2023 11:51:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691175062; x=1691779862; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3eYV/qmJG0sbl9kIxGw8mmbJssqpCy9LZDQ3FKzw738=; b=4kMAPIpux47Jcny+xxQrRGxkMWsor4im2oxpFpZ5h9Q0f27sBmQtM1qjf38AFRC1Sf EdPHWn+NzrAuOj7Ter5/rIoFXRaPf0F7VEwAV0nH/wCfrIt/mZ4LwAvBABxinBeEVM3r MVPNzIdUxdOu8KypAFX88utne4PE1XeBvApfxLsut9cFST/a/oUQKDP23JlAj/CHuSId 2FPfYj5MIB/gbA3udHzvID3Z4vGs04Qn2FwB7zBlix4kNtHTDQ6MQc4Akw8RphZtj6E0 0zvkV3BgvjvpeJbW2SKST9RYJLMxB272WegYWamoqfn2fmEQrCrAEMJoM+A288JVklHr Pb0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691175062; x=1691779862; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3eYV/qmJG0sbl9kIxGw8mmbJssqpCy9LZDQ3FKzw738=; b=Uden94+ZLfuBeuH74IRhgIAmZU1zeMEAQNx+fmdsC9GOCboBqFiIvOucKNfyTwZz9L pItf36gKLynSJauKyaVUcJDnSwEuSF4pLadswLLi8s3j89NWEFhwPzpHulZn2dN1E1eM et/XDvzD/0FjThVWqtxQtrEqx7rJX7wj21hsLjB2WRgh0FdC8EW8eggYqEJkR2eYMf2h 2wWJ1wEiaHmhHyLthA333xYXKoTqCtPx72fbP2aA/YClUOk0hQvSoY9+bnSupdN0+I5+ 4coOsM8LUc/Y+gXGM0DrNkIJnXB0i6PfxKqBxRrk5od6jq/r7P3qIT+65T3XxTXHoD4m Hylg== X-Gm-Message-State: AOJu0Yz3I0j8xyczKQDTX9xJQB87/gKUUBFZvnErWFsJ4RV4Ee+/sIlw yTU9e9XmaY4z2h5c4ZqFPKlEx6bpEZw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a4a9:0:b0:d31:b7c5:5170 with SMTP id g38-20020a25a4a9000000b00d31b7c55170mr10928ybi.12.1691175062337; Fri, 04 Aug 2023 11:51:02 -0700 (PDT) Date: Fri, 4 Aug 2023 11:51:00 -0700 In-Reply-To: Mime-Version: 1.0 References: <20230803042732.88515-1-weijiang.yang@intel.com> <20230803042732.88515-9-weijiang.yang@intel.com> <83d767df-c9ef-1bee-40c0-2360598aafa8@intel.com> Message-ID: Subject: Re: [PATCH v5 08/19] KVM:x86: Report KVM supported CET MSRs as to-be-saved From: Sean Christopherson To: Chao Gao Cc: Weijiang Yang , pbonzini@redhat.com, peterz@infradead.org, john.allen@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com, binbin.wu@linux.intel.com Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 04, 2023, Chao Gao wrote: > On Fri, Aug 04, 2023 at 11:13:36AM +0800, Yang, Weijiang wrote: > >> > @@ -7214,6 +7217,13 @@ static void kvm_probe_msr_to_save(u32 msr_index) > >> > if (!kvm_caps.supported_xss) > >> > return; > >> > break; > >> > + case MSR_IA32_U_CET: > >> > + case MSR_IA32_S_CET: > >> > + case MSR_KVM_GUEST_SSP: > >> > + case MSR_IA32_PL0_SSP ... MSR_IA32_INT_SSP_TAB: > >> > + if (!kvm_is_cet_supported()) > >> shall we consider the case where IBT is supported while SS isn't > >> (e.g., in L1 guest)? > >Yes, but userspace should be able to access SHSTK MSRs even only IBT is exposed to guest so > >far as KVM can support SHSTK MSRs. > > Why should userspace be allowed to access SHSTK MSRs in this case? L1 may not > even enumerate SHSTK (qemu removes -shstk explicitly but keeps IBT), how KVM in > L1 can allow its userspace to do that? +1. And specifically, this isn't about SHSTK being exposed to the guest, it's about SHSTK being _supported by KVM_. This is all about KVM telling userspace what MSRs are valid and/or need to be saved+restored. If KVM doesn't support a feature, then the MSRs are invalid and there is no reason for userspace to save+restore the MSRs on live migration. > >> > +static inline bool kvm_is_cet_supported(void) > >> > +{ > >> > + return (kvm_caps.supported_xss & CET_XSTATE_MASK) == CET_XSTATE_MASK; > >> why not just check if SHSTK or IBT is supported explicitly, i.e., > >> > >> return kvm_cpu_cap_has(X86_FEATURE_SHSTK) || > >> kvm_cpu_cap_has(X86_FEATURE_IBT); > >> > >> this is straightforward. And strictly speaking, the support of a feature and > >> the support of managing a feature's state via XSAVE(S) are two different things.x > >I think using exiting check implies two things: > >1. Platform/KVM can support CET features. > >2. CET user mode MSRs are backed by host thus are guaranteed to be valid. > >i.e., the purpose is to check guest CET dependencies instead of features' availability. > > When KVM claims a feature is supported, it should ensure all its dependencies are > met. that's, KVM's support of a feature also imples all dependencies are met. > Function-wise, the two approaches have no difference. I just think checking > KVM's support of SHSTK/IBT is more clear because the function name is > kvm_is_cet_supported() rather than e.g., kvm_is_cet_state_managed_by_xsave(). +1, one of the big reasons kvm_cpu_cap_has() came about was being KVM had a giant mess of one-off helpers.