Received-SPF: pass (google.com: domain of linux-kernel+bounces-166803-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Message-ID: <9b05e2d7-ac1c-e60f-0f6e-f4befea06334@amd.com>
Date: Thu, 2 May 2024 12:46:02 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Content-Language: en-US
To: Sean Christopherson <seanjc@google.com>, John Allen <john.allen@amd.com>
Cc: kvm@vger.kernel.org, weijiang.yang@intel.com, rick.p.edgecombe@intel.com,
 bp@alien8.de, pbonzini@redhat.com, mlevitsk@redhat.com,
 linux-kernel@vger.kernel.org, x86@kernel.org
References: <20240226213244.18441-1-john.allen@amd.com>
 <20240226213244.18441-7-john.allen@amd.com> <ZjLTr0n0nwBrZW36@google.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH v2 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for
 hypervisor kernel
In-Reply-To: <ZjLTr0n0nwBrZW36@google.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?MUpzd3cwLy9QYjE4Q1k2RGdoYUFHd0M0NEprbHNuSEEyQUxzY2p4VlErNU5q?=
 =?utf-8?B?c2FWZ0N5NVVKK2NZblV5bzJxckhYb3V4NHhHemo0NlZaNW9pTGpWMnRwMGU0?=
 =?utf-8?B?NjMwK01WWlRFZ3F0VGFETFVNdC9xY3FCWHlJOC9adDNORUl0SzdXSEM4MU1m?=
 =?utf-8?B?RmZEditOc0kwdUZMUkNzUXdab3ZXeS9GdjVVRVNaeHlTcExKTFVRc2dqVFJL?=
 =?utf-8?B?L0t2c1VGSGMwS3FUTjdyd0crejNndi9mbWZkMkRqalpWck9xOWtBVDl1N2hu?=
 =?utf-8?B?blN1YThpeXdoV01UQiswZFF5c3E2SENRRmRPbzZJYXlocW9jVzFtQ3FaYm1Q?=
 =?utf-8?B?UEhHRkwzeFpFMldYaWdOODBFUW84c1Z0VHhSSlByK0tMVjF2KzZWbkUybkIx?=
 =?utf-8?B?V291U2ZmdmFGSFNzZFFtTGRiUEpiVi9CYVA0MVFFNTJGeDExRE9nT052US9F?=
 =?utf-8?B?ME1BcW9kc3BPL0t1TGY2UXhZWUpSQTBmMXhhTFpqV0MxVWxaSWNNNE5naHN6?=
 =?utf-8?B?QnNIb1Fwa1ZZdmVXSGxURU5UVzhoZlNXNWhKQnRqbS9PVXFROVJqVEtKRGRt?=
 =?utf-8?B?NXBlSlhVOWRjUDZ4WjdtTUVsR2RiMmU2MFpaSjJYbE9mb3VrNjk0QSsyMmIy?=
 =?utf-8?B?SDlLMVZKd3h1b01hb0VhQ2cvL200b1BmSmJ6MkFUNjY5SFJ6bGFKVUZmaGlU?=
 =?utf-8?B?ajQ0RmlQYlNkUzE0NUxVSWttWi9FZ29aTEJ0QWhXa1pqUmpHdFNBMFhwWm9S?=
 =?utf-8?B?czVGV09SL25sYTNEKzFDK05TSmdkeDAwTlFnYlVacElMQXBLcHlFUmVNNHIx?=
 =?utf-8?B?V25PY1ljc2hSMUd4T2dGZ3pDL0ZpUU9nWEFLdnNjZjZsUUlsYkV5cmNid21s?=
 =?utf-8?B?cm5WZnZPUlVtVVhyZmg3ZE9sbWNaR0NKTkovMFZFdWdYY1hZekd1cmg5ZGFZ?=
 =?utf-8?B?Y0RjL1Y4ZVFPbi9LWmI1aXJFTkxyRzlDaDlUQnRwWjFVM3JKR0w5clBnZkI4?=
 =?utf-8?B?anV5YzJsNEI3UWNRTjY1cHU4cEpUeWplSTRLZUlWbTl5d3FVRWdIUWdaWTFN?=
 =?utf-8?B?bUkydkpVbWh3ZlB5a1VNejhiaitldSs3WWhGajliaFlXRmRGbFR1aG9DYUtM?=
 =?utf-8?B?UU5OZ3lmKzhZL2E2VkF1ME5vQXUyTCs2QllHd2J5WXlDdExsTDNhSmZKaCtl?=
 =?utf-8?B?S09pYXowS1VPN2daeS9vRHM1d1VZWU50cUdhMTE1S1dkKzVYSUYyQjBOTVMy?=
 =?utf-8?B?c2h3cklWa1FUUkVWdVh0WWZxbWJwL2NOcVFSajdvLzZkZHJWZUhvSTB4QWRz?=
 =?utf-8?B?NXdlMUg0R0s0QTBtMFc0QjF6T1lwSlFESTNLOXc0Q3loc0dYSCsvWDI0Y0dI?=
 =?utf-8?B?eFV3MnhKeGpCaW9WaUNOcGZpZ0F3OHdXYnhwV3lXempHWEltUTh5eERzLzdh?=
 =?utf-8?B?eVVmTEVDd09kQ1lwMHdHMi9NSUc4ei91emVsNEV1UG9PWVBJT1JPcDJuYkF5?=
 =?utf-8?B?TEpvTkNOdFh0emFuOWMyNVNLMTZUWXlrMldxMGtUQjl4bVBxc2RaT3FNQ2Rz?=
 =?utf-8?B?Ukxlc3pNKzRXc3c3aG5FdzQyRkhOZi8xaTVwMGRxQTV2MkJLaWxSR2VJTmFC?=
 =?utf-8?B?NU1HbjM4Z1I2dWtFMnB1NFhHUk40RGVCSW02VkYwem10d0xQbFVrWlhxb3lZ?=
 =?utf-8?B?bE5rd3J1WU9reXdVNzBVcU4wUlozeWIrV3ZVYXBqVWlNVXpRRW9TQ1lsSFRs?=
 =?utf-8?B?T1RGYzl3Umc4VXdFS1daaFpQWHBIb1F4cG5iR0Q4MENsaHJoRzVoV01BbDgx?=
 =?utf-8?B?dUc3bkFCQSs3Ym02QlBBU3g0QWVNZ01RUm54L3IzMmtKbjBCR3I5UlY2RGU4?=
 =?utf-8?B?Rk9zdHpKSUhSVldGVDE1dG9LSWhpZVFWUmdlcEdtbUx1UlpVcjJlVDlFWGdq?=
 =?utf-8?B?ODFTUTc5K0JSOGZ1Mldnem5NWHhRbDJBQjM5MnhDOTBGaDFGZ1NNeFd3UW9h?=
 =?utf-8?B?ZldOTXhYNU9EUmdPMGNkOGpsM00rQWsxYWF6QklCZW1GZldRb2tmNmY1NlFY?=
 =?utf-8?B?cFR4UW1Xa3NLbHJ0SEVJaXErc3o3MHpMNlluQnhoOUN2M1VpNnNTdkkvS1Vq?=
 =?utf-8?Q?1vDkvMmJUyGn7i4TTuoTL7ouH?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 62e61025-b3d2-4ef5-d4fa-08dc6acfbd03
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2024 17:46:04.3142
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: S+PiAfWqIHI83iJ80fJX4tMQizx9qDFJXUTb3zzTeFKuwOmCG0wa6KJYHZMjEK/JzHjXH5G8G35an1AYM+qXcA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7599

On 5/1/24 18:43, Sean Christopherson wrote:
> On Mon, Feb 26, 2024, John Allen wrote:
>> When a guest issues a cpuid instruction for Fn0000000D_x0B
>> (CetUserOffset), KVM will intercept and need to access the guest
>> MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be
>> included in the GHCB to be visible to the hypervisor.
> 
> Heh, too many pronouns and implicit subjects.  I read this, several times, as:
> 
>    When a guest issues a cpuid instruction for Fn0000000D_x0B
>    (CetUserOffset), KVM will intercept MSR_IA32_XSS and need to access the
>    guest MSR_IA32_XSS value.
> 
> I think you mean this?
> 
>    When a vCPU executes CPUID.0xD.0xB (CetUserOffset), KVM will intercept
>    and emulate CPUID.  To emulate CPUID, KVM needs access to the vCPU's
>    MSR_IA32_XSS value.  For SEV-ES guests, XSS is encrypted, and so the guest
>    must include its XSS value in the GHCB as part of the CPUID request.
> 
> Hmm, I suspect that last sentence is wrong though.  Question on that below.
> 
>> Signed-off-by: John Allen <john.allen@amd.com>
>> ---
>> v2:
>>    - Omit passing through XSS as this has already been properly
>>      implemented in a26b7cd22546 ("KVM: SEV: Do not intercept
>>      accesses to MSR_IA32_XSS for SEV-ES guests")
>> ---
>>   arch/x86/include/asm/svm.h | 1 +
>>   arch/x86/kvm/svm/sev.c     | 9 +++++++--
>>   arch/x86/kvm/svm/svm.h     | 1 +
>>   3 files changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
>> index 728c98175b9c..44cd41e2fb68 100644
>> --- a/arch/x86/include/asm/svm.h
>> +++ b/arch/x86/include/asm/svm.h
>> @@ -673,5 +673,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1)
>>   DEFINE_GHCB_ACCESSORS(sw_exit_info_2)
>>   DEFINE_GHCB_ACCESSORS(sw_scratch)
>>   DEFINE_GHCB_ACCESSORS(xcr0)
>> +DEFINE_GHCB_ACCESSORS(xss)
>>   
>>   #endif
>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>> index f06f9e51ad9d..c3060d2068eb 100644
>> --- a/arch/x86/kvm/svm/sev.c
>> +++ b/arch/x86/kvm/svm/sev.c
>> @@ -2458,8 +2458,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm)
>>   
>>   	svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb);
>>   
>> -	if (kvm_ghcb_xcr0_is_valid(svm)) {
>> -		vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
>> +	if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) {
>> +		if (kvm_ghcb_xcr0_is_valid(svm))
>> +			vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
>> +
>> +		if (kvm_ghcb_xss_is_valid(svm))
>> +			vcpu->arch.ia32_xss = ghcb_get_xss(ghcb);
>> +
>>   		kvm_update_cpuid_runtime(vcpu);
> 
> Pre-existing code, but isn't updating CPUID runtime on every VMGEXIT super wasteful?
> Or is the guest behavior to mark XCR0 and XSS as valid only when changing XCR0/XSS?

It's not really on every VMGEXIT. It's only if those values have been 
supplied in the GHCB will the CPUID runtime be updated. And the Linux 
guest code supplies XCR0 and XSS only on a CPUID VMGEXIT.

Both sides of that can optimized. The guest can be optimized down to 
just supplying the values on CPUID 0xD or even further to only supplying 
the values if they have changed since the last time they were supplied. 
The hypervisor side could be optimized to compare the value and only 
update the CPUID runtime if those values are different.

Thanks,
Tom

> If so, the last sentence of the changelog should be something like:
> 
>    MSR_IA32_XSS value.  For SEV-ES guests, XSS is encrypted, and so the guest
>    must notify the host of XSS changes by performing a ??? VMGEXIT and
>    providing its XSS value in the GHCB.