Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp862910rdb; Tue, 23 Jan 2024 18:45:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IH9LX0/jLJdcy1BU7hZL/TSMA/ppr5Was1RF56FmA0w8M9cKumlZsVCwCNnq51eT+iUOZUU X-Received: by 2002:a05:6808:14d5:b0:3bd:ce3f:4daf with SMTP id f21-20020a05680814d500b003bdce3f4dafmr680784oiw.102.1706064349599; Tue, 23 Jan 2024 18:45:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706064349; cv=pass; d=google.com; s=arc-20160816; b=Cl9s/JgsOMM2W1ojSTVIYcaX0UG2SvlZwElh6y7JdlL4FjmInZ4r8l8ze5sYBaWU4+ TLemmcKc27oE/ecpyvlWQRFabWv35rfIN3FAqge3tX8aDOImPUuCOWhhy/7QwLqHb2eZ R0MF9M2+pc5xea72mlfvDCZUnRD+GHqOCNfyJ0ufUjonOqsi84ISGIYiMCD1X2upI+Z8 0WSCcwMJG6M97qEF6lXSpAM+VVsSf3y509HGqW9Mx/wj6wgKP3f9c9fNLscVXwtSagqv hpKbCtHVTjAcDZvawyKAhDMjJvQndxZ/Dovd4oxWGhAd7FVmFR6LdhynGYdy5Ysp2UtB zcog== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=I9jnzHNjw5TPqj3yN/gtbE0r0ak40MVmpD0RkPa4Xls=; fh=D+u40KSnYgjUYLGDRdXdD62xsMHg3nFDmpf3sEnyojA=; b=prv9zQLrcW+vTatMiVgCQWWQAOnnLVsceXImJnkgPcM1Hnrxo01Rqq3a0FlLimulEy tj6FeuHpGmuCXQBdBOZU4drTluWTsXq+sgYwo6GJrk9EmpdkQczHMTYrZ6VzzSaeCOyC sih9yPv7BKOepkTLnoma7k7ag/znPqL6cuQJxnMecb+YhMeucgY29Zc1sqYzewNKX6bt 7ZGxdggaY/GCSQCm6o1uZktf6hSY7Oq4eJyMtn2I+vlRgljJqrhHK1jt0Yhj/nuNLg/A 2Urv4M6vKASDx9qwVI89vcOaAq9EsE0Jy1fsIwot/Zstrh07AFEyBNK64YKZEb1n4BFp sWmA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=R2d4WT9Q; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36323-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36323-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id z11-20020a056a001d8b00b006dd86ec1467si908723pfw.281.2024.01.23.18.45.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 18:45:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36323-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=R2d4WT9Q; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36323-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36323-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 58199B22B78 for ; Wed, 24 Jan 2024 02:43:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 930F3E56D; Wed, 24 Jan 2024 02:42:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="R2d4WT9Q" Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFA2C63AA; Wed, 24 Jan 2024 02:42:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.55.52.120 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064155; cv=none; b=Cntl0zVV7b24EdpO63ekpzm4fkDix2UfnG27lPU+/4ANJ+ep3SNoMIQzACZRffujqsmOgVkNlevOqQOqsUHuTyVsmsmm1uZmfHG7Fv6GA4/3CHA05lBDWPz/eOTTTTzjdnDDdqohSqgSRNEzUX1wlulfY7XRCwyuTYxfhf+MF3M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064155; c=relaxed/simple; bh=O+In4X9Kp5bd1+hICvCOfi4/QLtmFNAek1QhOW3ItLM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TxvXNz5QW40sb2f3z4wTDyAfKjSbf6dNJvzMAxCR9mndOaaS3WQ/eV4rr0V7arbEbP3SGMUmMElScFavzYb55a/6Qldlekp9fwii3bIankAa6LD3tagrf0/dsJj7FFzkgaUDYko3gVV2upDZ64243NkGwbiAFhFDS02Q48ms/GI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=R2d4WT9Q; arc=none smtp.client-ip=192.55.52.120 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706064153; x=1737600153; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=O+In4X9Kp5bd1+hICvCOfi4/QLtmFNAek1QhOW3ItLM=; b=R2d4WT9QSXucDnqCFX6yTgxDpy48S/wywNI+GxfG69mu3j2fP4SWLtwH U9jfJR4/tA1qGruS9GatrKHUOGd3fTjxYTWk/8gbhehFuXH8149pK33t3 2xuAEEgWa2YGQGl/DTAabfSzgAz3d77GAdSckQTyp989xRpSG5Cl9eCPs C4fwGanQCgfQrUNeJZUFTCFB7DehrmPMC7G4O7/l8exUEpaSap5Z/cAiK l9GjiParh3WaeXS92sdnzd2n5p/F3NX7NboNXAgitl0jWcs7HLnFzJZ8I QwvEpIv5lrbaNUh2E6mEa0h72I+oPr8YHOV4E382kYAvfY6kLGVrvNl8D w==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="400586424" X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="400586424" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="1825815" Received: from 984fee00a5ca.jf.intel.com ([10.165.9.183]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:30 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, yuan.yao@linux.intel.com Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v9 02/27] x86/fpu/xstate: Refine CET user xstate bit enabling Date: Tue, 23 Jan 2024 18:41:35 -0800 Message-Id: <20240124024200.102792-3-weijiang.yang@intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240124024200.102792-1-weijiang.yang@intel.com> References: <20240124024200.102792-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Remove XFEATURE_CET_USER entry from dependency array as the entry doesn't reflect true dependency between CET features and the user xstate bit. Enable the bit in fpu_kernel_cfg.max_features when either SHSTK or IBT is available. Both user mode shadow stack and indirect branch tracking features depend on XFEATURE_CET_USER bit in XSS to automatically save/restore user mode xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever necessary. Note, the issue, i.e., CPUID only enumerates IBT but no SHSTK is resulted from CET KVM series which synthesizes guest CPUIDs based on userspace settings,in real world the case is rare. In other words, the existing dependency check is correct when only user mode SHSTK is available. Signed-off-by: Yang Weijiang Reviewed-by: Rick Edgecombe Tested-by: Rick Edgecombe --- arch/x86/kernel/fpu/xstate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 07911532b108..f6b98693da59 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -73,7 +73,6 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, - [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -798,6 +797,14 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_kernel_cfg.max_features &= ~BIT_ULL(i); } + /* + * CET user mode xstate bit has been cleared by above sanity check. + * Now pick it up if either SHSTK or IBT is available. Either feature + * depends on the xstate bit to save/restore user mode states. + */ + if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) + fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); + if (!cpu_feature_enabled(X86_FEATURE_XFD)) fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; -- 2.39.3