From patchwork Mon Apr 26 17:54:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12224823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D513C43460 for ; Mon, 26 Apr 2021 17:54:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C57AE6101C for ; Mon, 26 Apr 2021 17:54:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C57AE6101C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.117861.223789 (Exim 4.92) (envelope-from ) id 1lb5RW-0005gs-20; Mon, 26 Apr 2021 17:54:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 117861.223789; Mon, 26 Apr 2021 17:54:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5RV-0005ga-QL; Mon, 26 Apr 2021 17:54:45 +0000 Received: by outflank-mailman (input) for mailman id 117861; Mon, 26 Apr 2021 17:54:44 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5RU-0005es-MX for xen-devel@lists.xenproject.org; Mon, 26 Apr 2021 17:54:44 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id a46a4116-aa03-4c51-b5b0-ef4f7482ef01; Mon, 26 Apr 2021 17:54:43 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a46a4116-aa03-4c51-b5b0-ef4f7482ef01 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1619459683; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yqRxPvsEyspJLb30NiO614S66+MdC18nJNcU+EsvAWo=; b=TRQ4df8BOE7T37aYoz0KoJHXfTARwYWs5tfx4S97Nr2/mjthmwmZgb3O jGLzZD28ms+lRBch0KcLH7oPhG/Wl++5w9TvCwRxDE32B4xgpgyRT0pkS FnChvVfN/LdMZ0R+7+mXLL/dPZBmPzUNkmS5fWGUJs3+ZIrIs3Hi0hCph I=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: VsSjowmybIBQmp1G3dUWjFn+rApumEg143mCIcQqeFbYYJlzc4dmRCY1ssfZNWKo2xOcEKMBXy sI3oAVuZ/2j+p9GAZFId8epyOBPznTKkAzXQHVG2wDJRu9QFr347HoltphRavfvBdzCRT0s4K9 N6r9hQiUw5cSv+O+oBOj3Fu2XkYfewQUEgajxs8DAGZmfofyvUbAm7NNtHRT9GTEhrAIK0R0xk FIDwmbDP1HExEZCAJ21CLZr5RpS93ETupiD8mghCcLhHOzqkqL1ZUdvSvS/z0DiGq6Yuyw3bNh rDI= X-SBRS: 4.0 X-MesageID: 42818490 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED IronPort-HdrOrdr: A9a23:xC3EUaqOJWPVvhJEc0n+/igaV5qseYIsi2QD101hICF9WObwra GTtd4c0gL5jytUZWopnsqONLLFbXTX85N05od5B8bbYCDNvmy0IIZ+qbbz2jGIIVyGysdx3b ptGpIOa+HYIkN9ia/BjzWQM9Fl+9Wf9bDtuOG29QYIcShPS4VNqzh0ERyaFEoefnghObMcGI CH7sRK4xqMEE5nDPiTPXUOU+jdq9CjrvuPCnRqayIP0wWAgSil77T3CXGjr3AjeghC3Ks49i z9mxH5j5/TyM2T8APW1GPY8v1t+OfJ990rPqKxo/lQDj3tjwqyDb4RPoG/gA== X-IronPort-AV: E=Sophos;i="5.82,252,1613451600"; d="scan'208";a="42818490" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 1/3] x86/hvm: Introduce experimental guest CET support Date: Mon, 26 Apr 2021 18:54:19 +0100 Message-ID: <20210426175421.30497-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210426175421.30497-1-andrew.cooper3@citrix.com> References: <20210426175421.30497-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 For now, let VMs opt into using CET by setting cet_ss/ibt in the CPUID policy. Also extend cr4 handling to permit CR4.CET being set, along with logic to interlock CR4.CET and CR0.WP. Everything else will malfunction for now, but this will help adding support incrementally - there is a lot to do before CET will work properly. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hvm/hvm.c | 18 ++++++++++++++++-- xen/include/public/arch-x86/cpufeatureset.h | 4 ++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index ae37bc434a..28beacc45b 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -976,11 +976,12 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64_t value, unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) { const struct cpuid_policy *p = d->arch.cpuid; - bool mce, vmxe; + bool mce, vmxe, cet; /* Logic broken out simply to aid readability below. */ mce = p->basic.mce || p->basic.mca; vmxe = p->basic.vmx && nestedhvm_enabled(d); + cet = p->feat.cet_ss || p->feat.cet_ibt; return ((p->basic.vme ? X86_CR4_VME | X86_CR4_PVI : 0) | (p->basic.tsc ? X86_CR4_TSD : 0) | @@ -999,7 +1000,8 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (p->basic.xsave ? X86_CR4_OSXSAVE : 0) | (p->feat.smep ? X86_CR4_SMEP : 0) | (p->feat.smap ? X86_CR4_SMAP : 0) | - (p->feat.pku ? X86_CR4_PKE : 0)); + (p->feat.pku ? X86_CR4_PKE : 0) | + (cet ? X86_CR4_CET : 0)); } static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) @@ -2289,6 +2291,12 @@ int hvm_set_cr0(unsigned long value, bool may_defer) } } + if ( !(value & X86_CR0_WP) && (v->arch.hvm.guest_cr[4] & X86_CR4_CET) ) + { + gprintk(XENLOG_DEBUG, "Trying to clear WP with CET set\n"); + return X86EMUL_EXCEPTION; + } + if ( (value & X86_CR0_PG) && !(old_value & X86_CR0_PG) ) { if ( v->arch.hvm.guest_efer & EFER_LME ) @@ -2444,6 +2452,12 @@ int hvm_set_cr4(unsigned long value, bool may_defer) } } + if ( (value & X86_CR4_CET) && !(v->arch.hvm.guest_cr[0] & X86_CR0_WP) ) + { + gprintk(XENLOG_DEBUG, "Trying to set CET without WP\n"); + return X86EMUL_EXCEPTION; + } + old_cr = v->arch.hvm.guest_cr[4]; if ( (value & X86_CR4_PCIDE) && !(old_cr & X86_CR4_PCIDE) && diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c42f56bdd4..6f94a73408 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -232,7 +232,7 @@ XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode Instruction Prevention */ XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */ XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */ XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector Byte Manipulation Instrs */ -XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */ +XEN_CPUFEATURE(CET_SS, 6*32+ 7) /*h CET - Shadow Stacks */ XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */ XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */ XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less Multiplication Instrs */ @@ -267,7 +267,7 @@ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ -XEN_CPUFEATURE(CET_IBT, 9*32+20) /* CET - Indirect Branch Tracking */ +XEN_CPUFEATURE(CET_IBT, 9*32+20) /*h CET - Indirect Branch Tracking */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */ From patchwork Mon Apr 26 17:54:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12224825 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49A2BC433B4 for ; Mon, 26 Apr 2021 17:54:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BCB4D61007 for ; Mon, 26 Apr 2021 17:54:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BCB4D61007 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.117860.223782 (Exim 4.92) (envelope-from ) id 1lb5RV-0005gJ-Ku; Mon, 26 Apr 2021 17:54:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 117860.223782; Mon, 26 Apr 2021 17:54:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5RV-0005gC-HD; Mon, 26 Apr 2021 17:54:45 +0000 Received: by outflank-mailman (input) for mailman id 117860; Mon, 26 Apr 2021 17:54:44 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5RU-0005en-Ax for xen-devel@lists.xenproject.org; Mon, 26 Apr 2021 17:54:44 +0000 Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 5bb7c0a9-7076-49e0-b2e9-00c1037efc58; Mon, 26 Apr 2021 17:54:43 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5bb7c0a9-7076-49e0-b2e9-00c1037efc58 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1619459683; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yf7x/q/ho2Rnc9G0Aw34AN0uVo0SC6wFmv3rxC78ogg=; b=SKw3C0ThoAMi9E8AA8CQd4AaQAaW+A4nAQByuTZ4Nr25xMl+vAGKChav 8pihSe+6tItA3dm/KlJH7oHjA/zjCuG6swpZRha9EmM3yUaJWXSP8uqwq EfWxyu+IDZCGPhRN1wCw7E+1k+NecXW2Vcco9mr59tefgBUROH6kpShQG E=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: BdEPhuNVyXveWMoxan8Skh0bqQw1Rt4PsN/rSsVCQ6DOUhN8B5uyPSfzLfTIXszlKZFdgsQDvv RfA1i3iOmsdktmqMzS2lxoIePpik6Nf1334p1A+99kiJfG4ssFE87xePkhUi2uD6yGBfv/ko42 uzQuHGs5flLddc9HQbgeHZ4BMnUYOFOWqrcQ65VYQLjf0EP3Ngv1I0B3yeWOMHv8bnivfai1GV u+10UzVj5CoQzmO4nEsFcMyEd6oEGxLsolGiy/djARAoY+yxQE6PO62PkvK8h9oRRTqYBLVNHv uHo= X-SBRS: 4.0 X-MesageID: 42553819 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED IronPort-HdrOrdr: A9a23:WyJkzqsYvVnDBVBRHET57gNV7skD89V00zAX/kB9WHVpW+az/v rBoN0w0xjohDENHEw6kdebN6WaBV/a/5h54Y4eVI3SJTXOkm2uMY1k8M/e0yTtcheOkNJ1+K 98f8FFaOHYIkN9ia/BjDWQM9Fl+9Wf9bDtuOG29QYJcShPS4VNqzh0ERyaFEoefnggObMcGI CH7sRK4xqMEE5nDfiTPXUOU+jdq9CjrvuPCnRqOzcd5AaDlj+u4rLheiLouis2aD9T3awktV HMjg2R3NTaj9iA1hTe22XPhq42pPLdzLJ4a/Cku4wwIjXohh3AXvUCZ4G/ X-IronPort-AV: E=Sophos;i="5.82,252,1613451600"; d="scan'208";a="42553819" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/3] x86/svm: Enumeration for CET Date: Mon, 26 Apr 2021 18:54:20 +0100 Message-ID: <20210426175421.30497-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210426175421.30497-1-andrew.cooper3@citrix.com> References: <20210426175421.30497-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 On CET-capable hardware, VMRUN/EXIT unconditionally swaps S_SET, SSP and ISST (subject to cleanbits) without further settings. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hvm/svm/svm.c | 1 + xen/arch/x86/hvm/svm/svmdebug.c | 2 ++ xen/include/asm-x86/hvm/svm/svm.h | 2 ++ xen/include/asm-x86/hvm/svm/vmcb.h | 10 ++++++++-- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 4585efe1f8..642a64b747 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1658,6 +1658,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_pause_filter, "Pause-Intercept Filter"); P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); + P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack"); #undef P if ( !printed ) diff --git a/xen/arch/x86/hvm/svm/svmdebug.c b/xen/arch/x86/hvm/svm/svmdebug.c index f450391df4..bce86f0ef7 100644 --- a/xen/arch/x86/hvm/svm/svmdebug.c +++ b/xen/arch/x86/hvm/svm/svmdebug.c @@ -82,6 +82,8 @@ void svm_vmcb_dump(const char *from, const struct vmcb_struct *vmcb) vmcb->cstar, vmcb->sfmask); printk("KernGSBase = 0x%016"PRIx64" PAT = 0x%016"PRIx64"\n", vmcb->kerngsbase, vmcb_get_g_pat(vmcb)); + printk("SSP = 0x%016"PRIx64" S_CET = 0x%016"PRIx64" ISST = 0x%016"PRIx64"\n", + vmcb->_ssp, vmcb->_msr_s_cet, vmcb->_msr_isst); printk("H_CR3 = 0x%016"PRIx64" CleanBits = %#x\n", vmcb_get_h_cr3(vmcb), vmcb->cleanbits.raw); diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index faeca40174..bee939156f 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -75,6 +75,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_PAUSETHRESH 12 /* Pause intercept filter support */ #define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */ #define SVM_FEATURE_VGIF 16 /* Virtual GIF */ +#define SVM_FEATURE_SSS 19 /* NPT Supervisor Shadow Stacks */ #define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f))) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -89,6 +90,7 @@ extern u32 svm_feature_flags; #define cpu_has_pause_thresh cpu_has_svm_feature(SVM_FEATURE_PAUSETHRESH) #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE) +#define cpu_has_svm_sss cpu_has_svm_feature(SVM_FEATURE_SSS) #define SVM_PAUSEFILTER_INIT 4000 #define SVM_PAUSETHRESH_INIT 1000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 0b03a8f076..fbedea209e 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -248,6 +248,8 @@ enum VMEXIT_EXITCODE VMEXIT_EXCEPTION_AC = 81, /* 0x51, alignment-check */ VMEXIT_EXCEPTION_MC = 82, /* 0x52, machine-check */ VMEXIT_EXCEPTION_XF = 83, /* 0x53, simd floating-point */ +/* VMEXIT_EXCEPTION_20 = 84, 0x54, #VE (Intel specific) */ + VMEXIT_EXCEPTION_CP = 85, /* 0x55, controlflow protection */ /* exceptions 20-31 (exitcodes 84-95) are reserved */ @@ -397,6 +399,8 @@ typedef union bool seg:1; /* 8: cs, ds, es, ss, cpl */ bool cr2:1; /* 9: cr2 */ bool lbr:1; /* 10: debugctlmsr, last{branch,int}{to,from}ip */ + bool :1; + bool cet:1; /* 12: msr_s_set, ssp, msr_isst */ }; uint32_t raw; } vmcbcleanbits_t; @@ -451,7 +455,7 @@ struct vmcb_struct { bool _sev_enable :1; bool _sev_es_enable :1; bool _gmet :1; - bool :1; + bool _np_sss :1; bool _vte :1; }; uint64_t _np_ctrl; @@ -497,7 +501,9 @@ struct vmcb_struct { u64 rip; u64 res14[11]; u64 rsp; - u64 res15[3]; + u64 _msr_s_cet; /* offset 0x400 + 0x1E0 - cleanbit 12 */ + u64 _ssp; /* offset 0x400 + 0x1E8 | */ + u64 _msr_isst; /* offset 0x400 + 0x1F0 v */ u64 rax; u64 star; u64 lstar; From patchwork Mon Apr 26 17:54:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12224829 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3847C43460 for ; Mon, 26 Apr 2021 17:55:02 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3931F60240 for ; Mon, 26 Apr 2021 17:55:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3931F60240 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.117862.223806 (Exim 4.92) (envelope-from ) id 1lb5Rb-0005nI-Cx; Mon, 26 Apr 2021 17:54:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 117862.223806; Mon, 26 Apr 2021 17:54:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5Rb-0005nA-9T; Mon, 26 Apr 2021 17:54:51 +0000 Received: by outflank-mailman (input) for mailman id 117862; Mon, 26 Apr 2021 17:54:49 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lb5RZ-0005en-7o for xen-devel@lists.xenproject.org; Mon, 26 Apr 2021 17:54:49 +0000 Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 2c1a38a8-caa3-4c52-bbec-486e8f184571; Mon, 26 Apr 2021 17:54:44 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2c1a38a8-caa3-4c52-bbec-486e8f184571 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1619459683; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=TIlizZZ6/SV8wIV+HJj7CybmCt2XEZ70Xa/B8F5BtQ8=; b=c1Io0r+QDzNqq7Z1AHCVGEMx6Bn24e0gAmLJfnr3TPYfjyS1KlCaRhXg FiFPLSPF/Z7yenpTN86E5wNeFhid+asGFUW4snETIfAJQz6zjP9GpmeXN YqEmzmP/oBlW9QutP+YZXbclYpiOSox9x5Ewr2n5CwaIFrJqpp7AkVc4r 4=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: aehgQZ+/NmRodpZ9D16q1mc5pNcQKyV/aE9VAYyl0d7leW+spjFIzsvC3kb/vyQkFm+w6lPH3E XR80BXh33vorbvjduxuVyHtUEJdef8z0ikvPL2tqSkq6+zK114MAd0jB6kaNZfWW75fy6hORYq 4uD1Nsop3m3ij1oCysI2aQ9gvpfaSs70AFjRp8VqCYCUhPQwHTVstoc4OpJMG9b8hMzD5nV7iz fcVrVTIxENXWLnkGpjlIvs+pO9Vc7eWV6gil0yN/niRhg00MzjzdZ/tvupiYEl00iQy54S0stF hJc= X-SBRS: 4.0 X-MesageID: 42553821 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED IronPort-HdrOrdr: A9a23:W7a0F6mWTV+u3jZQXfV+chzzwjPpDfKr3DAbvn1ZSRFFG/Gwve rGppUm/DXzjyscX2xlpMuJP7OOTWiZ2Zl+54QQOrnKZnifhEKDKoZ+4Yz+hwDxAiGWzJ8l6Y 5Me7VzYeeAbmRSot395GCDfOoI4N7Cy6ywgPeb8nEFd3APV4hFzyNUTjmWCVd3Qg4uP+teKL O56tBcrzStPVQ7B/7LZEUtZOTIq93VmJ+OW3dvbHRLhDWmtj+m5KX3FBKVxH4lIlRy6Iwv7H TflEjB7rij2svLsSP07XPZ7JhdhbLaqudrOcrksKYoAwSprg6pYYh7Mofy2QwInA== X-IronPort-AV: E=Sophos;i="5.82,252,1613451600"; d="scan'208";a="42553821" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Jun Nakajima , Kevin Tian Subject: [PATCH 3/3] x86/VT-x: Enumeration for CET Date: Mon, 26 Apr 2021 18:54:21 +0100 Message-ID: <20210426175421.30497-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210426175421.30497-1-andrew.cooper3@citrix.com> References: <20210426175421.30497-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 VT-x has separate entry/exit control for loading guest/host state. Saving guest state on vmexit is performed unconditionally. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu CC: Jun Nakajima CC: Kevin Tian --- xen/arch/x86/hvm/vmx/vmcs.c | 6 ++++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f9f9bc18cd..5849817630 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2014,6 +2014,9 @@ void vmcs_dump_vcpu(struct vcpu *v) printk("RFLAGS=0x%08lx (0x%08lx) DR7 = 0x%016lx\n", vmr(GUEST_RFLAGS), regs->rflags, vmr(GUEST_DR7)); + if ( vmentry_ctl & VM_ENTRY_LOAD_GUEST_CET ) + printk("SSP = 0x%016lx S_CET = 0x%016lx ISST = 0x%016lx\n", + vmr(GUEST_SSP), vmr(GUEST_S_CET), vmr(GUEST_ISST)); printk("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", vmr(GUEST_SYSENTER_ESP), vmr32(GUEST_SYSENTER_CS), vmr(GUEST_SYSENTER_EIP)); @@ -2057,6 +2060,9 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_GDTR_BASE), vmr(HOST_IDTR_BASE)); printk("CR0=%016lx CR3=%016lx CR4=%016lx\n", vmr(HOST_CR0), vmr(HOST_CR3), vmr(HOST_CR4)); + if ( vmexit_ctl & VM_EXIT_LOAD_HOST_CET ) + printk("SSP = 0x%016lx S_CET = 0x%016lx ISST = 0x%016lx\n", + vmr(HOST_SSP), vmr(HOST_S_CET), vmr(HOST_ISST)); printk("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n", vmr(HOST_SYSENTER_ESP), vmr32(HOST_SYSENTER_CS), vmr(HOST_SYSENTER_EIP)); diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 8073af323b..4c4246f190 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -46,7 +46,8 @@ struct ept_data { uint64_t mt:3, /* Memory Type. */ wl:3, /* Walk length -1. */ ad:1, /* Enable EPT A/D bits. */ - :5, /* rsvd. */ + sss:1, /* Supervisor Shadow Stack. */ + :4, /* rsvd. */ mfn:52; }; u64 eptp; @@ -238,6 +239,7 @@ extern u32 vmx_pin_based_exec_control; #define VM_EXIT_LOAD_HOST_EFER 0x00200000 #define VM_EXIT_SAVE_PREEMPT_TIMER 0x00400000 #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 +#define VM_EXIT_LOAD_HOST_CET 0x10000000 extern u32 vmx_vmexit_control; #define VM_ENTRY_IA32E_MODE 0x00000200 @@ -247,6 +249,7 @@ extern u32 vmx_vmexit_control; #define VM_ENTRY_LOAD_GUEST_PAT 0x00004000 #define VM_ENTRY_LOAD_GUEST_EFER 0x00008000 #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 +#define VM_ENTRY_LOAD_GUEST_CET 0x00100000 extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 @@ -516,6 +519,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_ISST = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -528,6 +534,9 @@ enum vmcs_field { HOST_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_ISST = 0x00006c1c, }; #define VMCS_VPID_WIDTH 16