From patchwork Tue Oct 10 20:02:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415954 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D673CD8CB7 for ; Tue, 10 Oct 2023 20:03:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233571AbjJJUDD (ORCPT ); Tue, 10 Oct 2023 16:03:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229809AbjJJUDC (ORCPT ); Tue, 10 Oct 2023 16:03:02 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2054.outbound.protection.outlook.com [40.107.243.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79B4A93; Tue, 10 Oct 2023 13:03:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=awK26XF2I0eIup0OdBSIaqUE+r/Yv/WTzOes7p3EurFBJn3f9SQFsHlklsdMcdt+Un0EXf06fP0TRrRtZPrO0cTMDilVU1YSwky3tVRh3Ra6oqaQJkg9ioNOnqrk7YdBRN9/X/EYsvfyb4z17PRM3S4wRUnWAItLI9hbPzBeuchXMOB3/bdUEh2ddTa4VHF7CeHSErfDS3Y1W8OvGu5e0rqqaBgwODnsH+yFlK39IuEFrNsTTUHLml6I0xvRbpjl++AdMCFHLeu566UsrerJwxKSZpecNVjbdWjsHFK3zmYQkw6Jz7/m4pk7HnU2KA5gUj69Ct0Znw4vG3UPC3cQyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QhMVG40k16QnEOd5TZV+P9T38+kg056v8RcfN3Ut5eU=; b=T7XByjHVlmSfRpcgFzH3LCrsMIfK0BlQPry71W27o9f2e/zIYwpiExDQn2LEQcsqMn4QGFEqm55N/HNImdZzNKmu7vASLBvIHIf4K9E97BWGzruTsh5IRU7HXPqfI7+jfndxXlU8A9poh1weW/ACd1ieEuesqaahDwWnC3pYpzV7LVjW9BXkMacJJ/7vPzQEPCpEwrrLj5oNXPAgkDMTuqXAW0w0sJCI53W2mjJJj+dZrsF0+uZOWRcG4cPA6df52H+4yYUztgmfmhkuvynuOSbKPaVcoPZAIEpuVbfhg1lC3EPCtYUEHXxHjZLcBLB4qBWACwhr6WY2v6O1b6oWVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QhMVG40k16QnEOd5TZV+P9T38+kg056v8RcfN3Ut5eU=; b=AjKv1jxcHYl/ko0bLwMMiYe0TmkkaPCavdybeh8tNaTuosZCbkoJaPZlDnhkqC5pggeg6Ej6rFq5U+eq4fMdj7slorI1QrcXp9nPOSp/4mhlN7XiUsEyRv4xDHPXvEZeBpZbYqIEOzG7Nv5ezq9+KMxuvUH9K/YP01ANbn8G2Z4= Received: from DM6PR07CA0084.namprd07.prod.outlook.com (2603:10b6:5:337::17) by DM4PR12MB6397.namprd12.prod.outlook.com (2603:10b6:8:b4::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:02:57 +0000 Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:337:cafe::ce) by DM6PR07CA0084.outlook.office365.com (2603:10b6:5:337::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:02:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:02:57 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:02:54 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 1/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Tue, 10 Oct 2023 20:02:12 +0000 Message-ID: <20231010200220.897953-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|DM4PR12MB6397:EE_ X-MS-Office365-Filtering-Correlation-Id: f71ba29a-0737-43ba-b501-08dbc9cbe5f3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CismyJklKxIOBoF4AW3SxZLHGggE+w5V9qPuusxoJKagNB/KiqKWAUVzzOqV/F4yJw+kJEmPtXdSd7VF0HI+KYjgbjE17mfuV5GEogOjnKLq7UIhpCtWzSktyawejkfnITGDWmNf3Ogk90/FpDCKEsepHRGIBGPJk03vL/SF62PEGKc2bJUZiECfi9EK6JiThxEYJkNseQ2hra2NohKRdW0xfHC2ITVEPXz8WX00MkDu83tUUjSh3lyKEiAZO2lhZ5JWLAYEiedQfwXJGwbQ8GzRyyo7WeZKSV/gpb21FRSP+bfmMF+2Jkj7bPv9c74DVC3HNeQwQrdrkU/SFwDlguyLGQA4/IfWD0xnIhecgHbCCqGkV8ue4ngCLFzg7he8lIqNR7jBHFidM5QWArycIHAquepn4GErKDrhfYDp8VWNmEnojNrRbJxD0ODfjVaKQSzeHsZdE2Ac1v0XIYMI9cx2RCF+R0deV7YWuS+wYwSPqBUEhVC5ZlIpySVU171o1YQFJ8pTTnFfmnPgiFzdydBNx/T4nd++ETxkSJH12OCPyP1bh64T7z/x8PDTkYsEWpT0TmDMNGqk/O+k01Mm2Q/W2i1N/HBiN5MJz/aUazXLe5xkpZYGx1vAsZvPEAMaVnT9niiMN7Pcsf15GJQ+MsknrCrHOV5vJWLzMtdlkaEIieUqyJzCNK5qAIHLKA5cClbIMyVUNirmSX+hdPRbkMygH7Yy7oUmyL+jvefawsQqvwsPVYhUCxL3rgzNhvRZQAB49QpVtPDXnPgJXbKGcA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(346002)(136003)(396003)(376002)(230922051799003)(64100799003)(451199024)(1800799009)(82310400011)(186009)(36840700001)(40470700004)(46966006)(83380400001)(16526019)(426003)(26005)(2616005)(81166007)(1076003)(336012)(40460700003)(86362001)(36756003)(82740400003)(40480700001)(356005)(8936002)(6666004)(4326008)(478600001)(44832011)(2906002)(8676002)(5660300002)(47076005)(7696005)(36860700001)(6916009)(41300700001)(70206006)(316002)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:02:57.5774 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f71ba29a-0737-43ba-b501-08dbc9cbe5f3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6397 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f283eb47f6ac..6a0d225311bc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2859,6 +2859,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_SSP: + msr_info->data = svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3085,6 +3094,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_SSP: + svm->vmcb->save.ssp = data; + break; case MSR_TSC_AUX: /* * TSC_AUX is usually changed only during boot and never read From patchwork Tue Oct 10 20:02:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415955 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3547ACD8CB4 for ; Tue, 10 Oct 2023 20:03:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231175AbjJJUDL (ORCPT ); Tue, 10 Oct 2023 16:03:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234412AbjJJUDJ (ORCPT ); Tue, 10 Oct 2023 16:03:09 -0400 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2073.outbound.protection.outlook.com [40.107.93.73]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 386CDAF; Tue, 10 Oct 2023 13:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=auKuW2x0kjWWVj44538CM/C/5hvU9GUt8TCUwDCz/UYmHCITPn9WPmBE9t/bsI1BEsVrdYTKx+KDao1gFg14xY1PLyeKFdqHvZW/dyZko0AEfuyhPktmzRu4TJ9b8nglAEQTKt1Kt6vxD/n+ZudXE6NXjrBT4sWmXJgBM97MdHFE+Bd6bsczxLKifxDWJDRDmpvGmVisuxH9BxA01aKJRpEOp+yBSjtMhx8CKVm+DTX2QYs+8DOON1OIfI/+XO/B/MRj9QpnzOI7+fUVTD5Au9R2V+G0F3zgBvoj92DHAXjKAvfOPtTzG6TKjKTbj8vPUxYe/V0Hc/qqAIUjOH+hbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LCDAeu+oFRntxZX3V+OPEPdSGNwKWbI5/06oJfaJqhs=; b=aKWNJebbDK9iAIR7iKe26aLXv1l260TNc42Ig8jy1ppoBQ9pNBB95qQxju3bq3MCBQM/UjpDeDRNPvEtCLqC/32UAoQ3P8gy2mM2pl2IHw7w5hp3Bth3csWi4WWa0/HxbeVas27EutOCrGsy9KN1vO7aXYU7+BKYXImDc9iy7+8PWZQivZGyg+31+xcBh1Hsty2YY+OkLt3EvSaqfRYC5RwDUIz8X/2qVUo+HqfH45GL8mwOa8R+HvmcmjVhDo5wjbRdxH45sSkFGZAzxBI2gaHwLt4egNMTV92vCu+QSW0FqurEHdfLW2DovuilR2OzTas4FvLhgLUG8VMO3OH4Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LCDAeu+oFRntxZX3V+OPEPdSGNwKWbI5/06oJfaJqhs=; b=bIMHhtFEBN3/fHTgksvEzs+OanIRntpaNeRg+pbdJ4MDJGllo/I1Hodat8WrIKJIQBVl9+ckhOOPRqvCcR3ULQbvV6yjvVkiRmzjITOhlS04xBcaeOUoJpQLPNtdqoKL++0uMeKhp3Hch5twuKu1w8MVuKN3wXWNNB5kbRsioso= Received: from CH2PR19CA0005.namprd19.prod.outlook.com (2603:10b6:610:4d::15) by SA1PR12MB8888.namprd12.prod.outlook.com (2603:10b6:806:38a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:02 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:610:4d:cafe::16) by CH2PR19CA0005.outlook.office365.com (2603:10b6:610:4d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.14 via Frontend Transport; Tue, 10 Oct 2023 20:03:01 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:00 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 2/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Tue, 10 Oct 2023 20:02:13 +0000 Message-ID: <20231010200220.897953-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|SA1PR12MB8888:EE_ X-MS-Office365-Filtering-Correlation-Id: d1159e21-e12e-42e8-bba3-08dbc9cbe860 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /Rr5kbKDaMhrf1CmIR3M05b3YFBHg6kU7oOgyxSKCa4jdnw40vqzo0f/Wvt7S+Oy5BwUCVY1RBogPfCVIoCQRd3/uyGyqTO9IiqpoUlOAa014h8mD4xkhZV+9csbwl+/DSEIrsJpi6uqM6vFbhgsKDyMs34zMWtL52AXArbdKWSXEFNl3mVPhH8VUOlFMdkp7gV1Tv6mjtQN0cFnX4Y1w0Y+sLJI+iERMn9AWH5uzzBAN527q8CGbZco03qkV2w3zjpeARKHPXwlkxmtMyccZln6Qbr+LmYfmPcBh1K/mFIK/XlQlgBSjkgcLnfWhI4vsfy4ELRVIFKNzUDV7VnNqPQNsXV0qcuKb9doPgjNKkDeK0AwqgrkgJ9Pyy0ltoWekfdK4nW2jTVN1vG5Sv5E6BuPnBtDCfhQfuLWf70pNgSVRiaaZipddlv2i4CKIBPvRJjZvj2Cpe+UNkq1x6zKdfkYaXvnTT422Wd1AcW8SzxBJaJNRTRrc68+YJ0Leuuk7UXo4AWhYfrLlGBVX6K7RzTl3U03z7mLokoHn0u8V9S5UVRbhFK5zTJ15dukWHqeGfWZPwCVaBq1sFW0zLO2JDiijFp6LNPMYknT+VFvDzTDMpOPa8nrMvHan7dhw9krB0cDX9PG9YTnzRZkRpwbXhQKW0IO0lA8KVGakhPpBkAfYPM/18tD+ya0KNDDF0WgoB6S8DqA0smAinXJVvK5bo/jF6NIIUsyJHGvG6ApN2OM4VM9rq36XkXGI0NMaPJXbhvmZoMllSJzzDQEEwKETw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(39860400002)(396003)(346002)(230922051799003)(64100799003)(186009)(451199024)(1800799009)(82310400011)(40470700004)(36840700001)(46966006)(16526019)(426003)(26005)(1076003)(81166007)(336012)(2616005)(40460700003)(86362001)(36860700001)(40480700001)(36756003)(82740400003)(356005)(6666004)(8936002)(4326008)(478600001)(44832011)(2906002)(7696005)(47076005)(8676002)(5660300002)(6916009)(316002)(41300700001)(70206006)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:01.6317 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d1159e21-e12e-42e8-bba3-08dbc9cbe860 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8888 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6a0d225311bc..e435e4fbadda 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3416,6 +3416,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Tue Oct 10 20:02:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415956 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CA0ACD8CB6 for ; Tue, 10 Oct 2023 20:03:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234417AbjJJUDQ (ORCPT ); Tue, 10 Oct 2023 16:03:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234365AbjJJUDO (ORCPT ); Tue, 10 Oct 2023 16:03:14 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6EAECC; Tue, 10 Oct 2023 13:03:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BYKqq6+qAy7EkIqaYsqHr4rtO2WgbO9FvVxjSzar3TuSM11GLrBuYciEQOnD+bFr6F7Bj47mzVrPGUXVq37FnPjHV/oVUw3SiBapntz4+3mcEPMOUnv213thNyh5ykVyAESAhxBrkTGSEFnDAPP0W7A5jXNRG86YL5ngXY8lRlK88BXESTml+s0nCsxojWpIeoNVh/P+UV8HVfVufWKAsl4Yu5JGeNO53tgyaAVnDMQ8+tMmSG3KAG5JP7sKiLxUPOdDR171YDeKSFqwqIXE9yWKYp7dJ+is+wbNXf70VQgliu+0qHXGzVf4cVwGh2CYFQB/LxYa75VxU8de8MqKHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dV0595VjvOmV1IaYkOEutOQmELGCffnog47vHBHmL4Y=; b=B6VZBtNj9+lRF4Xo22OaMrvyGaYVokpebcLRhEc1XetsuJYcs04WL9oa18LXI/4fk71KdSQBu79aeOk8FuMaZs1oiPl25iQID1jJoAvxVuqtT9+o0J0T/VfkJzwA3+cRErlqqwHSMqLCBFT/MGaT6nvsCuIJpA6vmZFcmpgJ+m9rCANc5cfmPLVa2pjfzXuArEaCjojcD/t3/r6ual0Orj/OE2FaA2RXFFna0Ckrqu0pY/LRYWc2kxZz73lUQEA0UUr8yzI2WqfRfUGBwYUlJvfYpj8+Jg97G8a9jZF/x2APhKLAntEFwt0pXKpmlHD8b4s82NEhxiI7UCMMmVyyXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dV0595VjvOmV1IaYkOEutOQmELGCffnog47vHBHmL4Y=; b=CdmcoG7sNTagcrbYtNwUB4MLuWYvXNeA+YVQaulwtfEFUwxc/uUHTcthIoIF+F9bjFHTtpQkLVOVkKRofjS3KrIxWwZwWFJGe/TSTWwIThduwPFVO7DFefepDfqTDIFgwG66vUwv128kRbK45lTkwJZuRb/A9dQGLTbrsv06Xwk= Received: from CH0P220CA0018.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:ef::30) by CY8PR12MB7242.namprd12.prod.outlook.com (2603:10b6:930:59::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:09 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:ef:cafe::e1) by CH0P220CA0018.outlook.office365.com (2603:10b6:610:ef::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:08 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:08 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 3/9] KVM: x86: SVM: Pass through shadow stack MSRs Date: Tue, 10 Oct 2023 20:02:14 +0000 Message-ID: <20231010200220.897953-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|CY8PR12MB7242:EE_ X-MS-Office365-Filtering-Correlation-Id: 7e616259-a969-48ba-6716-08dbc9cbecbf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dwhSFk1V+y1oT/0xDrqkFI5ZkoUjDVmV2F5EYmDLTl7/d/c35AW+yN/WisXGCq7g0qxEyp8bHKx/j0SvfL5sYQnekSg050h09FCD/Bl84y8o7oSsKOjdaVGgxDOj7Mgyn/OnvGFjwMqtDnuQCbNcAgw0qk8BZE+nTEMPtN3+gxw5b0nUjUhvb9jcw85Egwn/h6JFTME3OO/ReA/wQyFEJiZ3jbkPkV7tqpcvFbg2ACkfK51UqZD3oC/rDSg8uGzwzZayc53kMfNFIU5R/UXJaEcFcAmEsfUe2m8X2g9LV9F0l1J20iyFECoBt5s0xC2oOA1ufaWYKZEsfR6pvyM0m4Janqg+jw2xeqQxDuqpOiWA26dnCdQDHWq/VuiXTD1lUuOOpcWrgtzS4KB8bIyipDz9k3ZTdEj+AlhDSr82n6Ryxj5r930ybnyILSriAWwrz0lIYZmJ5erS1Wrl3+PPG9XXObfbTP9mnNKPgjeJIsvKSVOJYoL0DD3TuBqUx1WEWlyH2GOItXpiegXe7CCzuHt1+JRQgFVGCNZ5+WSuIMMOFKFostqPzeKiYEqJYkCPXom8PANrvxald9Y+v0u/6hAkLaO2isQ8IFobPfV9n0nBsRDTisAAM+9+gaaLcL4YmGYA3OpP/gX8LorqWNbsuOdTR8uIQEuxyrYoAkGGan1HnaH6mFeOxrl44lBqyvCD6L091AYqjJpZkai/8QCmedfIQbhbbFdq5Eo9xQsFs75E4wwyWS7EdccvrP0tbAjKvxENkfx4YGGZVq1nNRVKtg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(186009)(451199024)(64100799003)(1800799009)(82310400011)(36840700001)(40470700004)(46966006)(6666004)(83380400001)(16526019)(426003)(26005)(336012)(2616005)(1076003)(5660300002)(81166007)(82740400003)(86362001)(40460700003)(40480700001)(36756003)(356005)(4326008)(478600001)(44832011)(2906002)(8676002)(7696005)(36860700001)(47076005)(8936002)(41300700001)(316002)(6916009)(70206006)(70586007)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:08.9630 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7e616259-a969-48ba-6716-08dbc9cbecbf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7242 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e435e4fbadda..984e89d7a734 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -139,6 +139,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1225,6 +1232,25 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled = guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, + shstk_enabled, shstk_enabled); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f41253958357..bdc39003b955 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -30,7 +30,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 46 +#define MAX_DIRECT_ACCESS_MSRS 53 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Tue Oct 10 20:02:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AA77CD8CB6 for ; Tue, 10 Oct 2023 20:03:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343602AbjJJUDc (ORCPT ); Tue, 10 Oct 2023 16:03:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343574AbjJJUD1 (ORCPT ); Tue, 10 Oct 2023 16:03:27 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2062.outbound.protection.outlook.com [40.107.96.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E23AFEA; Tue, 10 Oct 2023 13:03:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZRC3ikJzuYtfHews5lSHSrKUFzz9UcBcuwudTd586hNvWJxica/YEr2tS0XnG0aHRuqC6LilaUiu8Zpa9oHukkSUJs8MPim4iNBph3XkUAQf38+OXKneUdYQbEXvzegbkstqUxaz1z5UpeXS3YsogHWacy4I8BN52AFcV1UIQn+cdm+6f/GtjLaYcEjnIxi5WixmgkRlS0jvxoJeVcugK0Gg/pDfLLIxDSVCVgxV/Ewv3evHU/yKxHPo1iLRzO2ilypX72RBTS9MsOYtrtWH7PCnkc+1X8l00mOiHNpOwyP9ZO8RLQVrRAI5gk/0zG/qwsKPFgHzdXJFc6Tsp18jmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jm/5N+PjkLaWgeUtJx/+Qz8BnEFaa5kYMsLajDPIox0=; b=aBthhHnuQsvcIe/TtBL44oHWrGpFZpqVNXvufuiwp1YTDMwZ/jhghu3Q5epnkiLlVovy4mWntfA9uGzRd5JZMnTyTaAtNCRlnsLh/YwTjGoxESWFwYG8IiUhhmShckTjY1CC8R6TP0ugQhasCefLvZo/HJU9AxAFfA9Ny07P5tlTVV8bLMiMq2RKfH0c62K84huFc7EVVP+vROwjGp837Q999R0oOmroSbpNXAjvSETezekJi9uAlXpRbWPDCzJK8WrL+r3rjXxqbqKWH2Tu4o4x8wuyNV86kMVGRVumT/6QMn/QM4tPyvLb8MCNtpaLPEDWbqIMJMlPYK+Kz4bBUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jm/5N+PjkLaWgeUtJx/+Qz8BnEFaa5kYMsLajDPIox0=; b=tlJOHzoYpD/5BZ3bFzgw+ZieqUC8bXcfG6NQ4+/bZHDEbL5m2EAp9BQ9QHKAUj3d4WmUqpAb/BXkNwvaMmXmFpopdguTwl4m6v0LUZn+j2FJ+2vw0rwFqPuHm7W6K3IGwFLzplYT3kxGjBiLrh8XzgZM63wG4MJFfj5c82FPa6A= Received: from DM6PR05CA0052.namprd05.prod.outlook.com (2603:10b6:5:335::21) by DM4PR12MB7527.namprd12.prod.outlook.com (2603:10b6:8:111::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 20:03:15 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::b2) by DM6PR05CA0052.outlook.office365.com (2603:10b6:5:335::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.20 via Frontend Transport; Tue, 10 Oct 2023 20:03:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:15 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:14 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 4/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp Date: Tue, 10 Oct 2023 20:02:15 +0000 Message-ID: <20231010200220.897953-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|DM4PR12MB7527:EE_ X-MS-Office365-Filtering-Correlation-Id: 2e29df9c-3b88-4327-b44f-08dbc9cbf058 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FEYsxGbe/y+puNGPycwv5hZL7bxSisBjUEKwWYegpJ+63+a0FCkeaJCTNEPWAmwr2cNAjcjqYXiRDrq6QgWITQp4bI7iSnxCe7byunMP0jXXf8JQN7jlqn183QAefhgOZuFszVvZjvtJATBCZKkgj15guJxfyIKmnztaTzV12EolMer54nfqRkadqJQnbcuBwoIhfMELgRwGzgqqMZtcxFjNfN0YlOJdmv3iLPRkCA4jgBzX9AQvNykrpatRtf2QcWwHv8xxlzAEbjAB8JYkAH1PtlLEVvSjnr2K9JI+TnSmnN4qoz0vJJUd554fYX+grh9rmJZ7VbXvEto7eho2OtAnOM7H/khHfVpGoQJGf/fk1QWblQdHy+A9i+vJKk8KSZmFxBe6fw4AEYoMTzzP2kFGJfwvk/XjuzZ3jmnAgttCnJfCk/4n64sQC2l0NU/AjPNjeYikpNBj7bo0w/A4f1J83fPqjU+k+CcElatk68C9yJRL9X/2N1GZGU8bhR5vlKF2av0NHEt7lkCDSyCf6PJVVMbQlCdISMiRFGT74bhyLcXgrI4dFZ4s6NiIpLbZrhrJj+6yzTjfjIPQ4wI1fKTuKFPdEVUT8aPKzrQkwJAtq0Sp80jrjf4LZRVv2mXWGK24AB6nF/BYtWrD6Ocn8fh9vVtcH8wmuQJ5IWsIto6jWGgJiQy1F0qnNrZXD5Edq5Ok5qDus59PHjyLRStqbkDxHlIp6NVMRbyNbHPY7pM0K0D9rsqY79IYSA9qK6JTCnWzAlq7McS3K4LngrLuqQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(376002)(136003)(396003)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(82310400011)(451199024)(36840700001)(46966006)(40470700004)(7696005)(2616005)(1076003)(82740400003)(36756003)(40460700003)(86362001)(81166007)(356005)(36860700001)(83380400001)(40480700001)(4744005)(336012)(2906002)(47076005)(44832011)(426003)(41300700001)(316002)(478600001)(8676002)(70206006)(6916009)(4326008)(8936002)(16526019)(26005)(5660300002)(54906003)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:15.0165 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2e29df9c-3b88-4327-b44f-08dbc9cbf058 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7527 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Rename SEV-ES save area SSP fields to be consistent with the APM. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/svm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0..568d97084e44 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -361,10 +361,10 @@ struct sev_es_save_area { struct vmcb_seg ldtr; struct vmcb_seg idtr; struct vmcb_seg tr; - u64 vmpl0_ssp; - u64 vmpl1_ssp; - u64 vmpl2_ssp; - u64 vmpl3_ssp; + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; + u64 pl3_ssp; u64 u_cet; u8 reserved_0xc8[2]; u8 vmpl; From patchwork Tue Oct 10 20:02:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415958 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65081CD8CB6 for ; Tue, 10 Oct 2023 20:03:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234539AbjJJUDo (ORCPT ); Tue, 10 Oct 2023 16:03:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234534AbjJJUDg (ORCPT ); Tue, 10 Oct 2023 16:03:36 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A51C8ED; Tue, 10 Oct 2023 13:03:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mwd/PvTVXWI6+NIxK4bO8Ix3CdE/w3ZgbMakKbZjtufwdkFr8G4solQ37/lw8QcVqlm3h5OQwrIXohDLXqIoW5l0vPTg2jfRlacZCM8nJkEX0DY5Zx/5tFc1haCoTVo2QMBX8ujMrEp0FvRePVu2PWudlkZdrF97+kAq2clSvOj+Zni6c3ymGpawx+miS2cHygW6dn5Z4Ln9YLInvXSVchdmFH++usUHiNccSdwxhKOMEwhBfU96oeLJzx1LREpe8O2YiwMMr0GonSMk3SjwL0hRUGCxfnUKylI1koMEj2njT2mwYDYKt92rNFVaQ2UFa+JHXM3+gHHyRlYU9lXgGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AebH29OH5xeknYQdHx8m0v5SBb8y6zsXqPcWlCxf44U=; b=U/VHO1dg5tCxDGZOnprVwrm4BDYMFNMCntzU75c7ZocyDv4gyyKrJQedxP4y6b6EI3RHGnuv+YaHeDIom1G2HKfESYCYVMkJ6gm2k/Qt0wC/8/oRnWPLqIRKtQdIOA7EoCsPv8W0vZuNk/Sd0og5h8iLhRkClFFngVPom7/ruucGevF7FcpD3jpmFUbtezRHC+FjaUJqD7IjkCyRYXCZnu3iJH6N5nn62UtqxFHGPXvolunHXWMe/LQPqhCtcbf5xn+foJ6iftBTGJ/TY6BpaZGQJEu/GWi6nSY7Svig063DII4qAiPJ51hd1Lu7y09wk9h+rCnczHUXm4Yfv0rfUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AebH29OH5xeknYQdHx8m0v5SBb8y6zsXqPcWlCxf44U=; b=PYbvPluCWRNw6iFm9b5Phq+ZSn6hKUegTeOrCSwgigal6E1HV0QYI3r6yzqCudoQa0fm+p7VRkuoNyj2aCGEv2WJolgTSW2WX3bsboEwihI+JZdhlDw11o8Fa/Mxpb81ZBuCUHXGpGYLv3U1h6gAcumWFR4FLWW+LvoSu5tPlWk= Received: from DM6PR03CA0086.namprd03.prod.outlook.com (2603:10b6:5:333::19) by BY1PR12MB8447.namprd12.prod.outlook.com (2603:10b6:a03:525::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 20:03:26 +0000 Received: from DS2PEPF0000343A.namprd02.prod.outlook.com (2603:10b6:5:333:cafe::70) by DM6PR03CA0086.outlook.office365.com (2603:10b6:5:333::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38 via Frontend Transport; Tue, 10 Oct 2023 20:03:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343A.mail.protection.outlook.com (10.167.18.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:26 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:25 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 5/9] KVM: SVM: Save shadow stack host state on VMRUN Date: Tue, 10 Oct 2023 20:02:16 +0000 Message-ID: <20231010200220.897953-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343A:EE_|BY1PR12MB8447:EE_ X-MS-Office365-Filtering-Correlation-Id: 4a24d432-8c11-4c1a-194b-08dbc9cbf6fe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZuspEkZLMHUbe4nhaK1wtMuiT88z9+HdFdlEK32RIHUvxGZZ5tAWgjJRYehEaNfcfotkGL656mfcv7GIuS18zbGhh8A8PbQ+eartDDv5z8G+x0NVliFZiA5Y7MZs3CB5XsGWvsSVjZ19CQcqPSzmS86XSgtJxkQC96w6nNV+N2RBen9WsPyesGF4wjHInRRHJ+T4CGekuCKcStA/g4YVvrenG3jcREdpKKR7SpSubxwi23wSq7pmJg/5LK08wz62wsiXtAdaAhYCBXhBZeuOYvFUwmyMm5sYxU7cLZ+ZB/rSHRif54vk2806eQ9D3sxul9pXBXszulqmqGuPaR3Xjyhh73kvEI2L7SO46pcuv2dHZ6a66qy0pqYCIwmq2/6s28evkKhohKFZsw3A/jqVtgiFpcXMW8wD8cJy0rG2ST5fcOYl1TCOf68A36RSve8zv4uohQXA1e+Xc4zNOqU7OxhwhjV0fnXCP8a/RK6HYfuFaLmnHYlbW1p0EL0WQToPA3biVpteGbnO5Mdn/I0fGWS/sHPUVZFY+tgU9AjFQ89jFDsM4VTI9BoSMyIJ8GCoSsh/m8ykWj12B85nXbj37quCCUvX4gKQ637UD/+ad4c1Nt/vX42QpVUYkzfhr/mBuGoswbuV3HboxISRHHmuCQFvBt+76GKS9ElSOb/lXpkRQaX5I52uCPd6qV653CgkW6y+3jJ9+l5oURZTVYsK2G+kF4zJkO/PoPzw05Zy8+PEIcVB2bGkAU/VReyaJJmK6oRf9pq0GoM/2im1bKGKwg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(136003)(346002)(39860400002)(376002)(230922051799003)(82310400011)(451199024)(1800799009)(64100799003)(186009)(46966006)(40470700004)(36840700001)(81166007)(86362001)(356005)(36756003)(7696005)(40480700001)(6916009)(2906002)(82740400003)(478600001)(8936002)(41300700001)(4326008)(44832011)(5660300002)(8676002)(6666004)(1076003)(336012)(2616005)(83380400001)(426003)(40460700003)(70206006)(54906003)(70586007)(16526019)(36860700001)(26005)(47076005)(316002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:26.1667 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a24d432-8c11-4c1a-194b-08dbc9cbf6fe X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR12MB8447 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When running as an SEV-ES guest, the PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET fields in the VMCB save area are type B, meaning the host state is automatically loaded on a VMEXIT, but is not saved on a VMRUN. The other shadow stack MSRs, S_CET, SSP, and ISST_ADDR are type A, meaning they are loaded on VMEXIT and saved on VMRUN. PL0_SSP, PL1_SSP, and PL2_SSP are currently unused. Manually save the other type B host MSR values before VMRUN. Signed-off-by: John Allen --- arch/x86/kvm/svm/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b9a0a939d59f..bb4b18baa6f7 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3098,6 +3098,15 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) hostsa->dr2_addr_mask = amd_get_dr_addr_mask(2); hostsa->dr3_addr_mask = amd_get_dr_addr_mask(3); } + + if (boot_cpu_has(X86_FEATURE_SHSTK)) { + /* + * MSR_IA32_U_CET and MSR_IA32_PL3_SSP are restored on VMEXIT, + * save the current host values. + */ + rdmsrl(MSR_IA32_U_CET, hostsa->u_cet); + rdmsrl(MSR_IA32_PL3_SSP, hostsa->pl3_ssp); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Tue Oct 10 20:02:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE8BACD8CB6 for ; Tue, 10 Oct 2023 20:04:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234614AbjJJUDx (ORCPT ); Tue, 10 Oct 2023 16:03:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234365AbjJJUDq (ORCPT ); Tue, 10 Oct 2023 16:03:46 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2081.outbound.protection.outlook.com [40.107.244.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25878120; Tue, 10 Oct 2023 13:03:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LkLjsDL5iQDB+BUmeqp7teo7nNJ4wajZM2NDIPTttLfPsKk9MhpV5ePgJKImnHCCP/JnVvGJzq1exYjyLg6hoJ5wBBEuqPIedBi26rp776snjWKqwpeswFM/6WB+EgmnoQQgd80V4eeFzjx3gV3OwgnyPs5EOs3m+0SGuhUarstKZFDxjnYkMzwGnsn18I3Ou07d+cuk2Zl3ld7+c9zZZACU/BtmhbIydSsyjW3QAgAhaWPbEcF01Zl+rjkeSMpCoePKwEkBstsKegVw34nJYIlDXL+WL91KJzaybN0ECunbIRLFU6pEckEa/23W5gISJpQj8No2R3FDm66iuUCVzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k0IGP/v8NTLSUIQJeufZmxOBYYK/50JjUKYrrJPZTTo=; b=GMARLooMlMntdYmjgJb0U79CzWOvMWHLOAuWBfOPa6ubDJQO2Oudsqk5Qfwzu5ebsfhRZOtPLS7gQZs8q0OtxZk+06s+f2BaEIgMMHmHIP7fzokaKpIhD2s0JUJNC+dQxfCPk98Ju7kucb61h5spDZtFGRCiaONYAJFzk+fQ7aPJRywNcwJhbMbo63KjSP/t5lD0pua4D+0mxGelT3Xg8QVjY+hSj0wjrJCCUDIjcP1xOn6acqeOYUMr33raWcuInyRmr3fe5GV0+zr2pBbyixfJN7NC36+kfoy6Mc6y2gLELv4shKIteyMo803bTrp8tU7j5/+nYt7UCRkDl1/90Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k0IGP/v8NTLSUIQJeufZmxOBYYK/50JjUKYrrJPZTTo=; b=hOu+AQc8QvCsRisPRVWOd+m1Jjarp/eRbFNJDf1TTZwb+QtYlda4Rm3xlh/mbXvIk83AkOHPlpvbI3sIEEjNDNtdYWXPKdp0hKmlqiokB44Ip9Plqgf1Di9qVoseQBkla8iz3mp9/615N6Nk3mtcvgCYBlpzX8SNEN3MUQO2RYc= Received: from DM6PR13CA0044.namprd13.prod.outlook.com (2603:10b6:5:134::21) by PH8PR12MB6819.namprd12.prod.outlook.com (2603:10b6:510:1ca::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Tue, 10 Oct 2023 20:03:33 +0000 Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:5:134:cafe::5b) by DM6PR13CA0044.outlook.office365.com (2603:10b6:5:134::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.20 via Frontend Transport; Tue, 10 Oct 2023 20:03:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:32 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:30 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Tue, 10 Oct 2023 20:02:17 +0000 Message-ID: <20231010200220.897953-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|PH8PR12MB6819:EE_ X-MS-Office365-Filtering-Correlation-Id: c905bd20-c5a5-47b1-0415-08dbc9cbfaae X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GhfpPJBK8gOjDjVDG+qEqAltBHH1uOhuZ7qVVRBpdnKWYI7n9bZyo4nQJvMBzc4X5VdD+/PT67dG2LWsCJ2Bu7D3tjszkrRtJkpGBF7icisCIE3Tf7D0amVakz4+9lGnZn3tR6yFTCWs39DhGf2lNaR00a/HCNy6Qr/tjqDKz9OcaoF4AfpX1BP+i8yjGAExnUHcUTu2p+OGn5oSprp9aIZE6XguYUM5rjVhWh4XX2YiguxSnbjEKAd23Gq2V7BWuOIc1qNMmptdNzFxvT6s/dNimkJ0np97WLl2EgYgYJkcGdHtGz7rxGlPMOBGZpsYjJn9EeFsM/7Idw14fwwtvYTMofY/Ai+ZW1iXxXOgwOZbVUCAY4mnVWqiS6Eo+shfavW6pYj8Tk7yum0EuU2anT/Lz0hbbh1V8BymUTEodXKzrbjzH87ndY2PbFY8PVL+ivnfJDLYx0YZhNWyyi1e4b8FJn/yvcajFipC8eN899t+VQv0j72NBgPCqqeCFoIeLLUBpFAf1yPWLtka04juHuHYKDazctOf2EIA+/XfrmiM9TroL1YtH5f/pyzBTQ5qL7FT6GZIDW5bG4yBZXy1MFw7bc4oQprxFYdvDQ8AYlnylmfwrW9kMAqul14ridjkejNNafCG6mrGp9dGIT7oADpA/VjawHS0AslVoOP83f5bj2385wUKPpUFhYyDQtB8XK5ilzBQNOJSTow4wfqPZaiy3aYHdSbsbinPw9Cg1UGvwsl1QliwJmPSt/Xo8qECHwKQXGKSfKsOvcMlGPGK0A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(396003)(346002)(136003)(39860400002)(230922051799003)(64100799003)(1800799009)(186009)(82310400011)(451199024)(46966006)(40470700004)(36840700001)(1076003)(40460700003)(82740400003)(36756003)(40480700001)(86362001)(81166007)(36860700001)(16526019)(44832011)(426003)(47076005)(2906002)(26005)(83380400001)(356005)(6666004)(2616005)(7696005)(478600001)(8936002)(336012)(8676002)(4326008)(6916009)(316002)(41300700001)(54906003)(5660300002)(70206006)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:32.3372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c905bd20-c5a5-47b1-0415-08dbc9cbfaae X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6819 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 3 ++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 568d97084e44..5afc9e03379d 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -678,5 +678,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bb4b18baa6f7..94ab7203525f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2445,8 +2445,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb); - if (kvm_ghcb_xcr0_is_valid(svm)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) { + if (kvm_ghcb_xcr0_is_valid(svm)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (kvm_ghcb_xss_is_valid(svm)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } @@ -3032,6 +3037,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); } + + if (kvm_caps.supported_xss) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 984e89d7a734..ee7c7d0a09ab 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -146,6 +146,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_PL1_SSP, .always = false }, { .index = MSR_IA32_PL2_SSP, .always = false }, { .index = MSR_IA32_PL3_SSP, .always = false }, + { .index = MSR_IA32_XSS, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index bdc39003b955..2011456d2e9f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -30,7 +30,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 53 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; @@ -720,5 +720,6 @@ DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) DEFINE_KVM_GHCB_ACCESSORS(xcr0) +DEFINE_KVM_GHCB_ACCESSORS(xss) #endif From patchwork Tue Oct 10 20:02:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13416058 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71A25CD6119 for ; Tue, 10 Oct 2023 20:41:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234435AbjJJUlz (ORCPT ); Tue, 10 Oct 2023 16:41:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343698AbjJJUDy (ORCPT ); Tue, 10 Oct 2023 16:03:54 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2057.outbound.protection.outlook.com [40.107.237.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 607E911F; Tue, 10 Oct 2023 13:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XtcLyxtqk6a9U1RNObnPWaocqCRIFnOkOLLXAC/AzCWHuEGtBId0EiThnU+VJzesSDvYgk4UEw/z5dcY1H8mUDAgFkb0xbLroTjRZYQqO9J22qad/T0P1W5vmpHvLorATDqATCDXfqnc2BmzRvmUmq7qMd3f5GG9N7qTLdGtJYTKyhQYKN7a6FgZB9Tjmnxjb6qQyeYj8wL0B5aVRDLU/I3Z4yoUgORss/SA/5xSLv7WTDIFJTLLvm7wQLycv4590lMOUaD5oCGhCkgQKQhANKteb4zwpQ/kXkUYKNE9GX2xhqJddgJzE8qsycGeHoULlb/TGtOUz+XGy64LIE4BXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7MMo2qNGd1TSpoYke/QjPNh9TxFsE4MZ1BqsHzUXqOA=; b=DyoVdAhPKmtDtE1HEMo0atjlWdswmLW0su8P3q/tCH4uos7nxCT8EbQZC7aCGUk7hPrS1XncGrlOrbAhLbl4EL5tCGaauXmb7i+KJ+wfJQPI9iIgBY3gCClSqxaXcBo2IPWovZMGn9cIrwnDhz3oA2zQv4Ji65zIAQc6sDD19kQ7fuiujAqc0XUUR2UkWmgoxu/Kk9J5pfV0y3iiB37PzjjX1D2qYXL6faQaChrsnRb+kBniAFCWMJHrxuX9TSF7Cc7VjjkfF5zr94gheffhvYvM6hvBext80/AH28tqmk9TPCsjzp2tvYVhJNAr7O1PChz+gCs67yoxYhYzqsB4FA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7MMo2qNGd1TSpoYke/QjPNh9TxFsE4MZ1BqsHzUXqOA=; b=SfA6A6PqOulTKIKJj3K9IsVnUPgHgpML4n5ckQYE72cthwJ+BZ/BsD8KQtTHa55cbMRqZ7+2LpJlMzZUcoBoLZbWf3ZxG5+b6FuRcbU2EtFSsmWlOLDGkOOJm0ndY0fL7xxsF5GCnsrYLOdojyW5PuNmx5G+ZqAdLwOnJlmDiE4= Received: from DS7PR05CA0005.namprd05.prod.outlook.com (2603:10b6:5:3b9::10) by CH3PR12MB9252.namprd12.prod.outlook.com (2603:10b6:610:1ba::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.41; Tue, 10 Oct 2023 20:03:38 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:5:3b9:cafe::f7) by DS7PR05CA0005.outlook.office365.com (2603:10b6:5:3b9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.23 via Frontend Transport; Tue, 10 Oct 2023 20:03:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:37 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:36 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request Date: Tue, 10 Oct 2023 20:02:18 +0000 Message-ID: <20231010200220.897953-8-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|CH3PR12MB9252:EE_ X-MS-Office365-Filtering-Correlation-Id: 678a93af-2740-44c5-23de-08dbc9cbfe00 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CVRxH+Le6wKjekmAA0nXDYfFja1PF8YXFsxeN/KlInGFFFPF/vCcujWrAWCzh9re2KW16rNkY2xRit5TLxjRF7wBBBujA6lMBVE8zc2LVXYC2q12+Mdup5QnzWJQwRw4pNZv1RzRvRuBjKtGyshtCJHuIUJJgxi7tn8gQM6RYZIsCKaTmcJbm+CNSiuQOG5sSqoh81fjYYLp2TnRki7OYg7QfgRWPY6ZB14LMN2A5lPuauo3LC+cw2qgqhfiwHj8UeF2GwYqcxyL4Ie8LBXWaKrKA1LBnc7Gm1uzRen5lmn4tkQsseTGddtgt7ZsmT4G6ksh1w0ZAj7LqWHnaLePn19A5kal0ZuWyNzK93pRjxvQSkV1A/hRtEXrkaTKdIMeYkPxtOPf4f2ZFrmKZvRLKe7F+1Qs9yHDHRMbitv49KYHuUGf/JNdkoRtxoOLEahxtOmf9Kt/dZ4TDxiLqbxVTlQ+wr5OQehlmbJuJij4gBJ+sX3dPLNwOQhXDX0aZkNLQ5fT9cmlxhgpzJ95cB6lJHXLBc3qGLrSHJnIDd/gYB4WUykfwz3hEHwWQHNbf5cYF66Ql9xfHwQ3zukHFbiZxkydX9xMeG/nK8Wi2LdwpJPg8nJuZIZ2dyDxaB+qX9zfKfXSj4xKcHhNrJrjx7Z1fUYPAvgc6nzVBc2GfG2lTu/XJB1INm/i6bt9n2MpKOhTusBOM1e6vkRhFMwBeoNfyNy22J9F4anVfUi/Bm5yae3Y1i29x2tNSetrI52OfVMIW8GmGfAukyLG1oG/XvbCAA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(230922051799003)(82310400011)(1800799009)(451199024)(186009)(64100799003)(40470700004)(36840700001)(46966006)(40460700003)(16526019)(356005)(86362001)(1076003)(2616005)(26005)(426003)(7696005)(36860700001)(478600001)(6666004)(36756003)(336012)(82740400003)(2906002)(47076005)(81166007)(83380400001)(40480700001)(316002)(6916009)(54906003)(70206006)(8676002)(4326008)(8936002)(41300700001)(5660300002)(70586007)(44832011)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:37.9242 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 678a93af-2740-44c5-23de-08dbc9cbfe00 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9252 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), the hypervisor may intercept and access the guest XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. The rdmsr instruction needs to be called directly as the code may be used in early boot in which case the rdmsr wrappers should be avoided as they are incompatible with the decompression boot phase. Signed-off-by: John Allen --- arch/x86/kernel/sev-shared.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 2eabccde94fb..e38a1d049bc1 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -890,6 +890,21 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, /* xgetbv will cause #GP - use reset value for xcr0 */ ghcb_set_xcr0(ghcb, 1); + if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) { + unsigned long lo, hi; + u64 xss; + + /* + * Since vc_handle_cpuid may be used during early boot, the + * rdmsr wrappers are incompatible and should not be used. + * Invoke the instruction directly. + */ + asm volatile("rdmsr" : "=a" (lo), "=d" (hi) + : "c" (MSR_IA32_XSS)); + xss = (hi << 32) | lo; + ghcb_set_xss(ghcb, xss); + } + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); if (ret != ES_OK) return ret; From patchwork Tue Oct 10 20:02:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415960 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F6C7CD8CB6 for ; Tue, 10 Oct 2023 20:04:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229601AbjJJUED (ORCPT ); Tue, 10 Oct 2023 16:04:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343861AbjJJUD7 (ORCPT ); Tue, 10 Oct 2023 16:03:59 -0400 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2078.outbound.protection.outlook.com [40.107.101.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AFAC181; Tue, 10 Oct 2023 13:03:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O8J0F3V7CxQUp5SXQfPbTGcwu4M0xjEtTS2y6clCua1WCoiReIpdTR1Dr7yWnbZ9OQ5699gqmNGoRreqwLaqJJxwvNxo97VRHh/XXhFno9CDfOa1va+5EZS43anxv50dFqE+2LFw/a6XhkOP857DqUPML5lkG9iss6/rzrHSBwqkX4BCCbkBBS8EWBlGz5lwETLfJhgE4DeKTsj2CCZvyupRfSLviu5qp5hazvm5pSTzznmh/yCWZ9WhdTMcHd/6MBm8lImXb+UkWAcyBFs+appw51oD/fnjhXMQ017/nwy6kTBHL2gS2eK0tfVsgfrPKy4bLB2XtXtqcWiKc+FeIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zak2dgjUMS5qUipDaDvV8QVbeVAnVRyna3C8IIn4zyU=; b=mktNG3A2jeXqPKFFcT0M2MC2PiDJQJs3shJ4vOQBMviaHmCNSf4aVPhyP/S5Y0+2ekiGcRFiC+5Fsw4+2ndwWTUHKy0PZUcUWDOfc+Mrb+wmpRtB00PdxWVyFNxmAGtVuhchxCVJigyiOSuFG/PpXK3k5gStsnJtwA33D6nrgu4+Xd0VT5f5xDXMhgrlJfJjRbZVZNeXn17Kzl4Tpz8oEgkd4cBMQhojjwGOdvGbEoSiDs+g+2qlNbDb9yq+7b5tRRpLgWhH1hFmvYL7gO1Fw8KgHsMMZA7Cj+0C1i/GrZQq+vXy5FZVJvygYkAbkMQTFIX7pGbzjX1IIIMVbbS7Ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zak2dgjUMS5qUipDaDvV8QVbeVAnVRyna3C8IIn4zyU=; b=mus+ZOh0Ivn36R22PMipDfswunF2adyNAY9ngnJZm3Uw2PWVhVZ+Snj30w0c6OtMd2jRCInSo2hvlLVP8De4jsCxncuHufQw0UCIWDR568N8Fljcn6bCZIxfMZZytN5/P2YpDfohjzCijpBlJksvIC4zOCO8JJ8W7dG1Mt2ZU+g= Received: from DM6PR05CA0047.namprd05.prod.outlook.com (2603:10b6:5:335::16) by DM6PR12MB4170.namprd12.prod.outlook.com (2603:10b6:5:219::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 20:03:45 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::cb) by DM6PR05CA0047.outlook.office365.com (2603:10b6:5:335::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.21 via Frontend Transport; Tue, 10 Oct 2023 20:03:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:45 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:43 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 8/9] KVM: SVM: Use KVM-governed features to track SHSTK Date: Tue, 10 Oct 2023 20:02:19 +0000 Message-ID: <20231010200220.897953-9-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|DM6PR12MB4170:EE_ X-MS-Office365-Filtering-Correlation-Id: 833f4a0c-3326-4d60-1199-08dbc9cc02a8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KCcvyWojtGGezGkYqfZTrnoB4KWLLInYTpyYc4sDe48dVMEIbMCGf2aVklSE35Osc3TQyFrVmNgrxc/2J0nz6dV575BSoQyvLm5zAHCcmNJqXab9dc6bjkZNihLQLeVo5ck84md1n1XR3i9dM6AksmkBqQ5uvvyIbubQP9YIR6mYBhLSNJdlFTaSMw/hQxhZYRD9IglkHzR0yOxUKt5q2HKzMO7zCkGhQi4j15C++NPmpEalxLw82SiPUsDotrXVNMspXIYmBPeivf17opk6zQIr/p2UkaBIUOJ2R2TXmJhqtGRkIzfDNtEs1XNYa6maRLi72dZBHNYflnTKZgSmedIydh09mMIr4Ss3ppZmMY2jeTZsSTLSVh8/h0lll6dl0jidzJhV1At1OpmKdl7eC6d9q6h040evOdE7BdqqHuJ1sJ/nhOk6PTOdIP6dSvt3tsnUgBoxV/BxOHL7CCyP4uIiud9ProeAA3KB0D8TbZd/dnMTfLEpwEhPxgV0qbvTHdgZAUTIQFj2A7g4wLaI18DfhiGmzLr1qzyzsP06Z4RRFiP7eJy31b1Xhr5gWHvqi/litUWESVAOz5wLYRsXmsGZAq3f90Cu79f3U/JQ1BE2YIKa8wM+rtL2S6w4ic7am2FTkSABFiB60XJlrMQ6PbZLMqmIdNY35IYxP1gHlW7nSaRbyGFO7NBqMEgoqHaQe+scxPr0MmcRwiJDjW+7d+d2sKL9mUW2quS1ohhotCKIKYnT6nytgVGe2jeu0lOEDx6QyMmrYTxmWjQWcd07tg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(346002)(39860400002)(136003)(376002)(230922051799003)(1800799009)(64100799003)(451199024)(186009)(82310400011)(46966006)(40470700004)(36840700001)(40480700001)(40460700003)(5660300002)(16526019)(26005)(1076003)(82740400003)(2616005)(356005)(81166007)(36756003)(426003)(336012)(41300700001)(316002)(6916009)(8676002)(54906003)(70206006)(8936002)(4326008)(70586007)(86362001)(7696005)(6666004)(478600001)(2906002)(4744005)(44832011)(36860700001)(47076005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:45.7356 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 833f4a0c-3326-4d60-1199-08dbc9cc02a8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4170 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Use the KVM-governed features framework to track whether SHSTK can be by both userspace and guest for SVM. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ee7c7d0a09ab..00a8cef3cbb8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4366,6 +4366,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); svm_recalc_instruction_intercepts(vcpu, svm); From patchwork Tue Oct 10 20:02:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13415961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5338CD8CB4 for ; Tue, 10 Oct 2023 20:04:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234563AbjJJUEW (ORCPT ); Tue, 10 Oct 2023 16:04:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231764AbjJJUEH (ORCPT ); Tue, 10 Oct 2023 16:04:07 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2044.outbound.protection.outlook.com [40.107.223.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F426E3; Tue, 10 Oct 2023 13:03:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hf6EC+t+HMmP1YYO6BlnCqQ7y2cv99febT6/pJqZ+R9qFhcOAQLvXevrUSsfideOQfYpd/1o/Gjg/LV/oEl0ECK7EVMivTD24C0UweH2I50AEKxbMKMitUlUEq3cYprDguhnt8peBs7FpcqG1qC0MWgr8YxXQE7nPrpnSLbAbe5Sx2LdibjJI152B6cGtp404uiLFkuICCs2aIirRsvL3y0ak7aGWq3dy8O02MZN//ixPgXE3BMzQLG04L+PmE+1H/ysCEZ9NuP+ddX47zV3skQ9sO0CHD4bdr2io4W6c9sEXr7V3eD6dtjiqztlIeDtiiuUav7nz1Fg4jVgrYqUYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WkoCrVKmGDI9hJ00SrCItoojV1MeeJLDkvk0tWwF/lk=; b=FPUv3kwbSeUE//5Uk8XbEes3j3KK8IlgwxlwioRiYAba9JBM2+njIdPzzDzPBUDoK0VDd+NxqEOI7Y0Jvik7ADGt0l22iMCNjmeK/tsEhQ0FrG5iNS8foIj8n8tpllK8H4uxdOo+FLDMOMTjzCXVN66KbN+RXXVylxngeUZmb/zxkbvdrlDTeHs3v6qePOqI7apbr6/yW+J+131WrIXqb3B0c4fUhLoJ6lHjA2hIiaGaIwObOgdrVXrQCF4vExp1MXAqFDkSixlb8Xq/P0JxTwTcsGuBSComLQvbfmMEyPd099h2l8D66ug9Jy51dA/1FDTH+IMlrEUIk5+n2zdvXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WkoCrVKmGDI9hJ00SrCItoojV1MeeJLDkvk0tWwF/lk=; b=M6CgHlt2Ni6yddWzxxEfbxIZAHqIyJJwAT+tkxTrHmqHgIzEtAifAHVLjFQJLIWCn1S9W20onhgfBJBsRRqjKjjErVdUZE3AbAuxGXxi4xiWr8nIayEyulNXHlYA/SSlFMkOn5FnBbBV0mblPMVSmGz3d0jGnRZqjT3tICCcaQs= Received: from DM6PR05CA0046.namprd05.prod.outlook.com (2603:10b6:5:335::15) by SJ1PR12MB6122.namprd12.prod.outlook.com (2603:10b6:a03:45b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Tue, 10 Oct 2023 20:03:51 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:335:cafe::9b) by DM6PR05CA0046.outlook.office365.com (2603:10b6:5:335::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.21 via Frontend Transport; Tue, 10 Oct 2023 20:03:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6838.22 via Frontend Transport; Tue, 10 Oct 2023 20:03:51 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 10 Oct 2023 15:03:50 -0500 From: John Allen To: CC: , , , , , , , , John Allen Subject: [PATCH 9/9] KVM: SVM: Add CET features to supported_xss Date: Tue, 10 Oct 2023 20:02:20 +0000 Message-ID: <20231010200220.897953-10-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231010200220.897953-1-john.allen@amd.com> References: <20231010200220.897953-1-john.allen@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|SJ1PR12MB6122:EE_ X-MS-Office365-Filtering-Correlation-Id: 0df1a071-ed1f-4a8e-4ff8-08dbc9cc05ef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AbLkg8i3y5A1XduNTcHfRYwk9gZ8hC3y1SJU6d94eEbKPHwxxc4mLeymm7gHG2vBX9tr0+W/3P96cVL6LmxAiOVIQe1HcEhhBXRhs+aGCIjeiDhr43dvVyCZJzP82CKSPHWxxUU+rT1xqyYYmjYLHQZyvB8gr/ug+D62Dqj0X2amRfwExq26uGhklUJOhc/rY0wO1FEiafmlHaBs259f3Q3zpBhVYXXJplbowZz1FTHgMIuDqGTb9YS0bTDhW8O5VBK3DQFh9J/1D68bwZgQ8byxcGYYVZKQEEEjjsAfa9NyUrgiBinASnEyMi+goQqGVQu3XMHAPXfbzwvFUlMjzHJZKSgqQlyLVJIAEW0KfdtS8YJdn0kkE22bq7vOyyzLQkZHTxHcta0orx0Modh8pN7PlPWTRwqb0Gi+QI8zj0y/mqVAcGR1RMVcc4n9v217VLIDM8oCUZtw2NcS4Cp3BuEGcRKMakBf4NzGq0LoQUXdyEFSOpEvcuDbUXSqzXf5kCNortY8SjR6PZhZWZU1yxcitmU5Mmw1htJPOY+8YI9A3l6btwMhosmjCPvE+sx3Om4nhr5gk5DytZ5vJqaG+yIHU1WW1CtPogggjxFNNBUgz1wU4gALtkyJ7I6CsXGw1jQuFrkFH7JyM+qaZ6ySx5jqynzlR81xLhh9jvRY9N9PG9nFEISgVN3nfbSwl14gqJKFstuSTfHGSrDQZPTo2pf65Ee/QXFje+vSrOxcUVZd9tRMzuh+LM1+EV8f7TyJBJKDyIggVvIunrd8AhCK7Q== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(136003)(346002)(376002)(396003)(230922051799003)(186009)(1800799009)(64100799003)(451199024)(82310400011)(36840700001)(46966006)(40470700004)(40460700003)(1076003)(7696005)(2616005)(478600001)(6666004)(426003)(47076005)(70586007)(336012)(16526019)(26005)(44832011)(4744005)(2906002)(5660300002)(54906003)(70206006)(4326008)(8676002)(6916009)(8936002)(41300700001)(316002)(82740400003)(356005)(81166007)(36860700001)(36756003)(86362001)(40480700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2023 20:03:51.1419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0df1a071-ed1f-4a8e-4ff8-08dbc9cc05ef X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6122 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 00a8cef3cbb8..f63b2bbac542 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5151,6 +5151,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + if (enable_pmu) { /* * Enumerate support for PERFCTR_CORE if and only if KVM has