Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp863895rdb; Tue, 23 Jan 2024 18:48:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IExFw85iBpNiFNT5bN9DVAfp25PsdoVRsO7avrDAs/PV4rwO2JEieUxFvxUmsZBxcAzHUMq X-Received: by 2002:a17:906:3145:b0:a30:d9c8:cb73 with SMTP id e5-20020a170906314500b00a30d9c8cb73mr492457eje.30.1706064536647; Tue, 23 Jan 2024 18:48:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706064536; cv=pass; d=google.com; s=arc-20160816; b=y5QxFsOSImzZhYrI9LT/DlbbuDwgOYjagWeuWtlaDANS3QT3f9KS6qklQpr37XhMGw Vua9y46sQLKzteQ4rvgNuTBbwZCk7vX2hxrFCnbHU/kRoXFQsrdWy7mgN6tgTNoygyNg H7418yUGYtuYIUHPV3yCbFnxSI/4I8++x/q6WTeufl96ZcDjr5KqIiuaJ2Sf8Y0WL0Hw daytxj3teI/DZmS0QQg1RgD25rt3OwmzVJT7OfbxlOXfD9ZqcpDpU0sZHlxIcPK3lJ6D y+gnH81RLG/bjgQxeRFI8rOIl9oNcWxn1neYfpXKCoyAKy6SqFKTzORi9XausWKInvNG 8ghA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ijpNyn/5Wpla4XE+Kg/fyd19a5O/G29tgXcIRUPOygQ=; fh=D+u40KSnYgjUYLGDRdXdD62xsMHg3nFDmpf3sEnyojA=; b=FR3xp9GZcJ5ebxkaRi/IhibehswVOOC0DlYG9Qe6Jr7CGGSQ/5wprxx4qwC7rM8h3U yt8IcRH51iuSwH/FzqAQEqUuEWlMgYdafAKfD/MJMqsBXXg5ETezMxPFWx6qfAhbkias ZwyJqsSD1no13Sfbi3I18Bjo0FaebNFP5Y0oyezU6QymzHrUW8mY8rffPp7dAnChI12X cmVLMZSMHPXlqGP1XkSzIYVsMjV0J6JjUiI/2RDtt/WFsayvQDJii8htQrzOxofonghe JtRe5zeI7NwQMdwDHE8G7gKo3SJcuQds5yDAaCm6Z0L97Drt+7tIR425KUJbTTUaGfCF 86AQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Do3HmADP; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36338-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36338-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id gw6-20020a170906f14600b00a3093cbb1basi1895978ejb.986.2024.01.23.18.48.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 18:48:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36338-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Do3HmADP; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36338-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36338-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 411E11F220A3 for ; Wed, 24 Jan 2024 02:48:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 640A01947F; Wed, 24 Jan 2024 02:42:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Do3HmADP" Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACAA718026; Wed, 24 Jan 2024 02:42:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.55.52.120 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064166; cv=none; b=s/THc3EdidnvTdX7pj4Tgtv5NqAgMTllrnAFafNdtpxSSLOYhvFASeue8RPGrD9np8gRl4pm/AftvxuJdyED7iTogXfST2ebbzk2uahSfLWfRYF0L9oF2B9Gmfkd+O8RNrioBaKgzzby0P344wa7N5blQ2K0lA78GYj2/Qd3PhU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064166; c=relaxed/simple; bh=4OgIxio6Sgg6qCqmMI3dmUyrNdmCfi/Fz+DUsVjuAWg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=acokwRt8UeXMgx8SUtZSlDd9bA7L8/BeX1o6MEbqQ7GwrmgmRj/NkN3lF3zKDxaWWWfMulS2MvJtI6l4AagKh3DNhs0OrvxYPT2MULHzPIQh7PGPgiPyjdAWh2Qh2N3eLw6UFc7DGPXfUbUw2uCqU1AogJVAYRJ7LVOgTiilH00= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Do3HmADP; arc=none smtp.client-ip=192.55.52.120 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706064164; x=1737600164; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4OgIxio6Sgg6qCqmMI3dmUyrNdmCfi/Fz+DUsVjuAWg=; b=Do3HmADPcfHmFvdJdeYnqTidAv/3Fl5FDqHA5gRVTW48wWVtNP64r5tz jJoTKkW8yECaE3925vlfgMzv2iGMr/p6Eecr2bnsyRlOtN4Z9J2hDKzQ5 19tvgMkTPlYS+M0tzZHu5jfgzcszeXJWjXLp8I+lVzqPzfihKP7qb2JDg dW580pBBSbtv2m9mCqRGpxOFTrF6YysQRrNTdTONk5AM0FFj8fKBwsgqY RPy7Pu2Hqk0iCOTkZhuRyKqbRsaL1XtjwwvTgA+tSCWMmtA6km+RLlHlP N7oGDwkINAdiWWOBPIT4y5NmfzhUjn1WLVDybYRFxlqqxl+qL5BWnu8lP Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="400586531" X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="400586531" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="1825890" Received: from 984fee00a5ca.jf.intel.com ([10.165.9.183]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:39 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, yuan.yao@linux.intel.com Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v9 17/27] KVM: x86: Report KVM supported CET MSRs as to-be-saved Date: Tue, 23 Jan 2024 18:41:50 -0800 Message-Id: <20240124024200.102792-18-weijiang.yang@intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240124024200.102792-1-weijiang.yang@intel.com> References: <20240124024200.102792-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Add CET MSRs to the list of MSRs reported to userspace if the feature, i.e. IBT or SHSTK, associated with the MSRs is supported by KVM. SSP can only be read via RDSSP. Writing even requires destructive and potentially faulting operations such as SAVEPREVSSP/RSTORSSP or SETSSBSY/CLRSSBSY. Let the host use a pseudo-MSR that is just a wrapper for the GUEST_SSP field of the VMCS. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/kvm/x86.c | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 6e64b27b2c1e..9864bbcf2470 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -58,6 +58,7 @@ #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 #define MSR_KVM_MIGRATION_CONTROL 0x4b564d08 +#define MSR_KVM_SSP 0x4b564d09 struct kvm_steal_time { __u64 steal; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index d21f55f323ea..b2f6bcf3bf9b 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7007,6 +7007,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) case MSR_AMD64_TSC_RATIO: /* This is AMD only. */ return false; + case MSR_KVM_SSP: + return kvm_cpu_cap_has(X86_FEATURE_SHSTK); default: return true; } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b418e4f5277b..a7368adad6b8 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1476,6 +1476,9 @@ static const u32 msrs_to_save_base[] = { MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS, + MSR_IA32_U_CET, MSR_IA32_S_CET, + MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP, + MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB, }; static const u32 msrs_to_save_pmu[] = { @@ -1579,6 +1582,7 @@ static const u32 emulated_msrs_all[] = { MSR_K7_HWCR, MSR_KVM_POLL_CONTROL, + MSR_KVM_SSP, }; static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)]; @@ -7428,6 +7432,20 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!kvm_caps.supported_xss) return; break; + case MSR_IA32_U_CET: + case MSR_IA32_S_CET: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + return; + break; + case MSR_IA32_INT_SSP_TAB: + if (!kvm_cpu_cap_has(X86_FEATURE_LM)) + return; + fallthrough; + case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + return; + break; default: break; } -- 2.39.3