[v14,07/13] KVM: VMX: Emulate reads and writes to CET MSRs

Message ID	20201106011637.14289-8-weijiang.yang@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=V6CK=EM=vger.kernel.org=kvm-owner@kernel.org> IronPort-SDR: ZicaO5qdlZqfiE1OM22QIo4f8RESe/4HYDqX2k5M+d16DZ+jJST+WxLAbG+tdRtckcHN5/btec urK1Cm4eZSZg== IronPort-SDR: 7ScEavtQZnmvzchfgxl69/h7dA0cgyuuULnzEcP+BwNFJTXgWpznkRXnBzzvHkxgyYo28hIUdn lKw337bec8WQ== From: Yang Weijiang <weijiang.yang@intel.com> To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com, sean.j.christopherson@intel.com, jmattson@google.com Cc: yu.c.zhang@linux.intel.com, Yang Weijiang <weijiang.yang@intel.com> Subject: [PATCH v14 07/13] KVM: VMX: Emulate reads and writes to CET MSRs Date: Fri, 6 Nov 2020 09:16:31 +0800 Message-Id: <20201106011637.14289-8-weijiang.yang@intel.com> In-Reply-To: <20201106011637.14289-1-weijiang.yang@intel.com> References: <20201106011637.14289-1-weijiang.yang@intel.com> Precedence: bulk
Series	Introduce support for guest CET feature \| expand [v14,00/13] Introduce support for guest CET feature [v14,01/13] KVM: x86: Report XSS as an MSR to be saved if there are supported features [v14,02/13] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS [v14,03/13] KVM: x86: Add #CP support in guest exception dispatch [v14,04/13] KVM: VMX: Introduce CET VMCS fields and flags [v14,05/13] KVM: x86: Add fault checks for CR4.CET [v14,06/13] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES [v14,07/13] KVM: VMX: Emulate reads and writes to CET MSRs [v14,08/13] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP [v14,09/13] KVM: x86: Report CET MSRs as to-be-saved if CET is supported [v14,10/13] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace [v14,11/13] KVM: VMX: Pass through CET MSRs to the guest when supported [v14,12/13] KVM: nVMX: Add helper to check the vmcs01 MSR bitmap for MSR pass-through [v14,13/13] KVM: nVMX: Enable CET support for nested VMX

Message ID

20201106011637.14289-8-weijiang.yang@intel.com (mailing list archive)

State

New, archived

Headers

IronPort-SDR: 
 ZicaO5qdlZqfiE1OM22QIo4f8RESe/4HYDqX2k5M+d16DZ+jJST+WxLAbG+tdRtckcHN5/btec
 urK1Cm4eZSZg==
IronPort-SDR: 
 7ScEavtQZnmvzchfgxl69/h7dA0cgyuuULnzEcP+BwNFJTXgWpznkRXnBzzvHkxgyYo28hIUdn
 lKw337bec8WQ==
From: Yang Weijiang <weijiang.yang@intel.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        pbonzini@redhat.com, sean.j.christopherson@intel.com,
        jmattson@google.com
Cc: yu.c.zhang@linux.intel.com, Yang Weijiang <weijiang.yang@intel.com>
Subject: [PATCH v14 07/13] KVM: VMX: Emulate reads and writes to CET MSRs
Date: Fri,  6 Nov 2020 09:16:31 +0800
Message-Id: <20201106011637.14289-8-weijiang.yang@intel.com>
In-Reply-To: <20201106011637.14289-1-weijiang.yang@intel.com>
References: <20201106011637.14289-1-weijiang.yang@intel.com>
Precedence: bulk

Series

Introduce support for guest CET feature | expand

Commit Message

Yang, Weijiang Nov. 6, 2020, 1:16 a.m. UTC

Add support for emulating read and write accesses to CET MSRs.  CET MSRs
are universally "special" as they are either context switched via
dedicated VMCS fields or via XSAVES, i.e. no additional in-memory
tracking is needed, but emulated reads/writes are more expensive.

MSRs that are switched through XSAVES are especially annoying due to the
possibility of the kernel's FPU being used in IRQ context.  Disable IRQs
and ensure the guest's FPU state is loaded when accessing such MSRs.

Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/kvm/vmx/vmx.c | 105 +++++++++++++++++++++++++++++++++++++++++
 arch/x86/kvm/x86.h     |   5 ++
 2 files changed, 110 insertions(+)

Comments

Paolo Bonzini Jan. 28, 2021, 5:45 p.m. UTC | #1

On 06/11/20 02:16, Yang Weijiang wrote:
> 
> +static bool cet_is_ssp_msr_accessible(struct kvm_vcpu *vcpu,
> +				      struct msr_data *msr)
> +{
> +	u64 mask;
> +
> +	if (!kvm_cet_supported())
> +		return false;
> +
> +	if (msr->host_initiated)
> +		return true;
> +
> +	if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
> +		return false;
> +
> +	if (msr->index == MSR_IA32_INT_SSP_TAB)
> +		return false;

Shouldn't this return true?

Paolo

> +	mask = (msr->index == MSR_IA32_PL3_SSP) ? XFEATURE_MASK_CET_USER :
> +						  XFEATURE_MASK_CET_KERNEL;
> +	return !!(vcpu->arch.guest_supported_xss & mask);
> +}

Yang, Weijiang Jan. 29, 2021, 8:07 a.m. UTC | #2

On Thu, Jan 28, 2021 at 06:45:08PM +0100, Paolo Bonzini wrote:
> On 06/11/20 02:16, Yang Weijiang wrote:
> > 
> > +static bool cet_is_ssp_msr_accessible(struct kvm_vcpu *vcpu,
> > +				      struct msr_data *msr)
> > +{
> > +	u64 mask;
> > +
> > +	if (!kvm_cet_supported())
> > +		return false;
> > +
> > +	if (msr->host_initiated)
> > +		return true;
> > +
> > +	if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
> > +		return false;
> > +
> > +	if (msr->index == MSR_IA32_INT_SSP_TAB)
> > +		return false;
> 
> Shouldn't this return true?
>
Hi, Paolo,
Thanks for the feedback!
Yes, it should be true, will fix it in next release.
> Paolo
> 
> > +	mask = (msr->index == MSR_IA32_PL3_SSP) ? XFEATURE_MASK_CET_USER :
> > +						  XFEATURE_MASK_CET_KERNEL;
> > +	return !!(vcpu->arch.guest_supported_xss & mask);
> > +}

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index aef73dd3de4f..dd78d3a79e79 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1788,6 +1788,66 @@  static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
 	}
 }
 
+static void vmx_get_xsave_msr(struct msr_data *msr_info)
+{
+	local_irq_disable();
+	if (test_thread_flag(TIF_NEED_FPU_LOAD))
+		switch_fpu_return();
+	rdmsrl(msr_info->index, msr_info->data);
+	local_irq_enable();
+}
+
+static void vmx_set_xsave_msr(struct msr_data *msr_info)
+{
+	local_irq_disable();
+	if (test_thread_flag(TIF_NEED_FPU_LOAD))
+		switch_fpu_return();
+	wrmsrl(msr_info->index, msr_info->data);
+	local_irq_enable();
+}
+
+static bool cet_is_ssp_msr_accessible(struct kvm_vcpu *vcpu,
+				      struct msr_data *msr)
+{
+	u64 mask;
+
+	if (!kvm_cet_supported())
+		return false;
+
+	if (msr->host_initiated)
+		return true;
+
+	if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
+		return false;
+
+	if (msr->index == MSR_IA32_INT_SSP_TAB)
+		return false;
+
+	mask = (msr->index == MSR_IA32_PL3_SSP) ? XFEATURE_MASK_CET_USER :
+						  XFEATURE_MASK_CET_KERNEL;
+	return !!(vcpu->arch.guest_supported_xss & mask);
+}
+
+static bool cet_is_control_msr_accessible(struct kvm_vcpu *vcpu,
+					  struct msr_data *msr)
+{
+	u64 mask;
+
+	if (!kvm_cet_supported())
+		return false;
+
+	if (msr->host_initiated)
+		return true;
+
+	if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
+	    !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+		return false;
+
+	mask = (msr->index == MSR_IA32_U_CET) ? XFEATURE_MASK_CET_USER :
+						XFEATURE_MASK_CET_KERNEL;
+	return !!(vcpu->arch.guest_supported_xss & mask);
+}
+
 /*
  * Reads an msr value (of 'msr_index') into 'pdata'.
  * Returns 0 on success, non-0 otherwise.
@@ -1920,6 +1980,26 @@  static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		else
 			msr_info->data = vmx->pt_desc.guest.addr_a[index / 2];
 		break;
+	case MSR_IA32_S_CET:
+		if (!cet_is_control_msr_accessible(vcpu, msr_info))
+			return 1;
+		msr_info->data = vmcs_readl(GUEST_S_CET);
+		break;
+	case MSR_IA32_U_CET:
+		if (!cet_is_control_msr_accessible(vcpu, msr_info))
+			return 1;
+		vmx_get_xsave_msr(msr_info);
+		break;
+	case MSR_IA32_INT_SSP_TAB:
+		if (!cet_is_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE);
+		break;
+	case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+		if (!cet_is_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		vmx_get_xsave_msr(msr_info);
+		break;
 	case MSR_TSC_AUX:
 		if (!msr_info->host_initiated &&
 		    !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
@@ -2189,6 +2269,31 @@  static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		else
 			vmx->pt_desc.guest.addr_a[index / 2] = data;
 		break;
+	case MSR_IA32_S_CET:
+	case MSR_IA32_U_CET:
+		if (!cet_is_control_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (data & GENMASK(9, 6))
+			return 1;
+		if (msr_index == MSR_IA32_S_CET)
+			vmcs_writel(GUEST_S_CET, data);
+		else
+			vmx_set_xsave_msr(msr_info);
+		break;
+	case MSR_IA32_INT_SSP_TAB:
+		if (!cet_is_control_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (is_noncanonical_address(data, vcpu))
+			return 1;
+		vmcs_writel(GUEST_INTR_SSP_TABLE, data);
+		break;
+	case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+		if (!cet_is_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		if ((data & GENMASK(2, 0)) || is_noncanonical_address(data, vcpu))
+			return 1;
+		vmx_set_xsave_msr(msr_info);
+		break;
 	case MSR_TSC_AUX:
 		if (!msr_info->host_initiated &&
 		    !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 50386318a382..d05c3d11161e 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -286,6 +286,11 @@  static inline bool kvm_mpx_supported(void)
 		== (XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR);
 }
 
+static inline bool kvm_cet_supported(void)
+{
+	return supported_xss & XFEATURE_MASK_CET_USER;
+}
+
 extern unsigned int min_timer_period_us;
 
 extern bool enable_vmware_backdoor;

[v14,07/13] KVM: VMX: Emulate reads and writes to CET MSRs

Commit Message

Comments

Patch