Received-SPF: pass (google.com: domain of linux-kernel+bounces-169595-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Message-ID: <83bb5f3f-a374-4b0e-a26d-9a9d88561bbe@intel.com>
Date: Mon, 6 May 2024 17:41:04 +0800
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and
 advertise to userspace
To: Sean Christopherson <seanjc@google.com>
CC: <pbonzini@redhat.com>, <dave.hansen@intel.com>, <x86@kernel.org>,
	<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<peterz@infradead.org>, <chao.gao@intel.com>, <rick.p.edgecombe@intel.com>,
	<mlevitsk@redhat.com>, <john.allen@amd.com>
References: <20240219074733.122080-1-weijiang.yang@intel.com>
 <20240219074733.122080-25-weijiang.yang@intel.com>
 <ZjLRnisdUgeYgg8i@google.com>
Content-Language: en-US
From: "Yang, Weijiang" <weijiang.yang@intel.com>
In-Reply-To: <ZjLRnisdUgeYgg8i@google.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WG9DREUxV1NXbEc5THc1emlMY0FqaWE0S2ZqZ3MxeTNKeXlLVXd0ejhNMzNX?=
 =?utf-8?B?MDJ3Y3IyZFlzM0FvSUtZc0R3RHRLVm5GL1YrMlFyRnA2bngvdGxNYm5ZanRT?=
 =?utf-8?B?L2FXc2syUHE5R0FPWUVPcFVxRjB2VmJxWHFOWTZlU2FHR3F5TUVCV1o0eVpH?=
 =?utf-8?B?bXNPMURsSkVFUlllb0s2QjQzRDlvR1I5NUk5VXJUS2V4NVJWaHJhbk5oUjRU?=
 =?utf-8?B?cUJkZEs4OHltNGdpSFc0cDJRQXNFQUdFQnBaMDM3ak9xWVpIeGE0RmI4eWVJ?=
 =?utf-8?B?c1FYYUpON3VxKzcrWEI2OWoxWUVqaHE5NzZsMmQzWFN4T3NiRnNuOWVlT3N4?=
 =?utf-8?B?NFI3QnhBWTU1V0xKNUxpVERqSnBXTXZNSHIvOVh0WnQ1dTlDengrc1NvOXdV?=
 =?utf-8?B?MWNoaWFsSDdZMk5HcWpPRGlPeEtrS0FZcXMyWDV3cjNsekkzWllwWFUwdnZt?=
 =?utf-8?B?T1RkZ2xUQkpqY0UwbUJlemJGZjNNWTBjemladEZOamgwZDh6bm5xZ2xmN3BZ?=
 =?utf-8?B?QlA0eDVZOGlzUUdaU0MwTkJZMUdvTVpIc2N2ckljOFBEcitUTmNqanNZS29P?=
 =?utf-8?B?RjA5MllzUmdFNlUxNWVkQjB6dEQ4amVwUjF2Mk9uM1JSSjNpZW4zWVNJVGxH?=
 =?utf-8?B?a3h1WTZhdGpsV1VGbUM5SWx2T3ptbEt5OWxwQnZlT1dzM0dzMDg4SlZBTnZl?=
 =?utf-8?B?QThZWERmNmRVc041K0llVUdpbDFuaVVHSklpNHEvdm5jZEM5OUNQUUhsNEFX?=
 =?utf-8?B?dURNdnFWTHVhU0xncWhqLzFwTkhIWEZHTFBYSFRhcTVvOGxaNEFPeXF2UjBV?=
 =?utf-8?B?L0RkTGsyM3RHWTRLbjRXSHRSQVhIY21TQ0VRd1pwWVUwOXZnS2JySlFEQlpw?=
 =?utf-8?B?MUd5SXNuMCtpdVQ5NEFxdjlJems2d2h1MTRHZnE1eVR1emNJaXFSaHNTOVZn?=
 =?utf-8?B?dHUwbXNLVHh2Tmc4Z1Q0RzFUQThoT2h2YVBXOGVLSjhDb0hUMW1RS0VBV215?=
 =?utf-8?B?QTI0OGNiMVM1WjdtNU1KNHVRZ2tRdTk4M0FqWGxJdldqakVVMEhvaGhOandD?=
 =?utf-8?B?TmVZeXhuQnArU1VHUEVsSzlvb2dPclhha2xBUnY2RzR1ZG95ankxcm1vR1VQ?=
 =?utf-8?B?Z3grYzJocmo4dUh1NmNLQy8zdFZhWkkxL3habURwYlVIanFyalhsaDVRR25s?=
 =?utf-8?B?STQ0QzNQOXRBblhNemw1RkhFRnBhS0J4dXNVVldodlAyNzY1dTJKS2tIZmVQ?=
 =?utf-8?B?N2oxVDBtL1k0eTFoQTdITEt2QmdwblZ6LzRLb0YwRnE0dWp1UEJadE5kM24r?=
 =?utf-8?B?ekVzUm4xaEhhWERNM3JUTThSeGVWVHVXMFo2YVVJYlpneXEvdWJicXoxemJS?=
 =?utf-8?B?QVpVMi8yQ2VnVHk0dzdPYmpKbUFlZ3VRY1lmL3UybGM4bU9KWWZGampMd1p0?=
 =?utf-8?B?dFJVNzhNRXA5MURkRUNLaWdXdDdGbm5FWDUxNHZQTnRxcGxZZ3VzejV0YUxT?=
 =?utf-8?B?SlZXM2JUc1BlenhzS091T1JMcnpzLzZFT2M2YW9oakptSXRzS0NHbXl1NVJH?=
 =?utf-8?B?cmE4MkNSZ0dhTU1ibE9NeVpEMnZ2UnhLakEraVJzV2ovQWZIeHJFb1k5ekgx?=
 =?utf-8?B?T1RpRDNENTNuMExrUWE5c3A5MjhlRE1RU3F1Wjk0N3UwVjUvenUyMEduWDlj?=
 =?utf-8?B?UnVBaXcvWlRQdTlHZnpDOWVRYU5yVzV1WTlIZ29lYnlTQTRQTWZudEd5YXIw?=
 =?utf-8?B?WVh6ZTZ4QTM2dkRkMnp6ZlB2V0hSNXJramowNmVhWXpsc3drTHZuZDlzU3Z1?=
 =?utf-8?B?cWxzMS9WbXhmeHI3WnNlN01NTTkyOFZ4WGp5YU5NQnp3ZHlxUWJCQWJtUWFl?=
 =?utf-8?B?K3gxSlVYN0xjQUQ3cHNMZngxN0ZmS0RpTHBlcUhIYU5QbTg2aTlQNTJ5NGZL?=
 =?utf-8?B?WGxDeGdXWUpOQmg2c1lSNlhkUDI4QytwaGdtc3BvYnJsMlBMYlZZMHJtOWd5?=
 =?utf-8?B?TVF2czEycmhFZUZQZzZ1VFoybVBOVG1kakZjRmkvazhLM0VEN1hVbUpPVkVz?=
 =?utf-8?B?S0E2WFBwM3hQRTg4TWcxQVE2NDFkNjBWa1U4c3dsRVFSb0VFeUpKMnlvWm5Z?=
 =?utf-8?B?cmZiQ3RmL2lWWHlMOFlxVHhUamwxZXF4OE45Q3U4OE16am9FbmlvT1AwbkxL?=
 =?utf-8?B?cmc9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: a387e2df-8e08-4be6-c8bc-08dc6db0aa69
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4965.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 May 2024 09:41:12.3984
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ykL7fLOoAS+t0lWok7SBDKwACa7GzqcH+Xy5AZ4ec0Gf3z9cIm3CpsyZQ6XfGzrJugTkl6CF+Vd2XpQYEePrxg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5245
X-OriginatorOrg: intel.com

On 5/2/2024 7:34 AM, Sean Christopherson wrote:
> On Sun, Feb 18, 2024, Yang Weijiang wrote:
>> @@ -665,7 +665,7 @@ void kvm_set_cpu_caps(void)
>>   		F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
>>   		F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
>>   		F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ |
>> -		F(SGX_LC) | F(BUS_LOCK_DETECT)
>> +		F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK)
>>   	);
>>   	/* Set LA57 based on hardware capability. */
>>   	if (cpuid_ecx(7) & F(LA57))
>> @@ -683,7 +683,8 @@ void kvm_set_cpu_caps(void)
>>   		F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) |
>>   		F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) |
>>   		F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) |
>> -		F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D)
>> +		F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) |
>> +		F(IBT)
>>   	);
> ...
>
>> @@ -7977,6 +7993,18 @@ static __init void vmx_set_cpu_caps(void)
>>   
>>   	if (cpu_has_vmx_waitpkg())
>>   		kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
>> +
>> +	/*
>> +	 * Disable CET if unrestricted_guest is unsupported as KVM doesn't
>> +	 * enforce CET HW behaviors in emulator. On platforms with
>> +	 * VMX_BASIC[bit56] == 0, inject #CP at VMX entry with error code
>> +	 * fails, so disable CET in this case too.
>> +	 */
>> +	if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest ||
>> +	    !cpu_has_vmx_basic_no_hw_errcode()) {
>> +		kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
>> +		kvm_cpu_cap_clear(X86_FEATURE_IBT);
>> +	}
> Oh!  Almost missed it.  This patch should explicitly kvm_cpu_cap_clear()
> X86_FEATURE_SHSTK and X86_FEATURE_IBT.  We *know* there are upcoming AMD CPUs
> that support at least SHSTK, so enumerating support for common code would yield
> a version of KVM that incorrectly advertises support for SHSTK.
>
> I hope to land both Intel and AMD virtualization in the same kernel release, but
> there are no guarantees that will happen.  And explicitly clearing both SHSTK and
> IBT would guard against IBT showing up in some future AMD CPU in advance of KVM
> gaining full support.

Let me be clear on this, you want me to disable SHSTK/IBT with kvm_cpu_cap_clear() unconditionally
for now in this patch, and wait until both AMD's SVM patches and this series are ready for guest CET,
then remove the disabling code in this patch for final merge, am I right?