From patchwork Mon Feb 26 21:32:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572925 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2046.outbound.protection.outlook.com [40.107.101.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0C87132C1D; Mon, 26 Feb 2024 21:33:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983195; cv=fail; b=gCcHCi7UCFSkez4bmhpw7Rvkr3I3xqvGFuZEQ1IwwC19LccyGiTQbk4FSdhH9IIB3XGWPDxkXaCWDrue22Yi2xhoS5X9h59UolebID/1INColBLYNXC1Rfrnfry/UmqD8pcD4BVRWw0p0CBW6HPq7HqtsJeRvC7Hkk0OsQPf9qs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983195; c=relaxed/simple; bh=rtnGlq6gRg1XcX3RYtBqfd2Z0nbKvriH2QWs29XCtKY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Tjzyz2gJgCmTFMBnTmIr2AAJa3Ow+bMPNYgSWPbA/DwOA4sncFZVhO3E2KYZeVk6s+r/poKHEcMvHEjF4BbBRWNUlLJ8FCAtbT4JcF6sOS8QTuFdeO0DmTuR5Q9gXQSoluFOZXuU5ljgjHutfmFfV4LVWlNPhxnYipPVDyvoBgw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=KpPw6VOf; arc=fail smtp.client-ip=40.107.101.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="KpPw6VOf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cNpB8A4WCQ9BiS5oYbFTrEy2gqY3D5GZV+Ft515pzHr546wsSVvJhFDMTRdQ3JlBl7ihH1/8qkRx+ymGNbRrFaxTiVyXRRlJcMTkUouWGO+CjlifsGJLSQlvx77Op7dCPW+nJ4yyS3Jg8FA8vpAyiuH2AzvSYpPI5H/0A5NlV+dIBAN2gdbfrL2ffx23hTW9yIZeChzTSUe1J2DGyZqX6iTwLLCZrwLuTPY0eUGwW41E57McF9OPbo9wiAeid1gGyvhj9ou7wfGLbFGpTOw+Q6GlsNLTx7824CWYu9VmaRglWuGeVH/HEYmyYExNb63kBRpoh39FQJjIt3TQxcgSjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PTY+shWmlpmyP7U4tVn/xNTUAY1T9x5k0xnVmDBdqug=; b=GMAxnwGwkwsGEpI8h1c7ekdp9P8+vDVNA9cO+3RzI3Mjm39ri6wxM2uAI05hLnWRZf22rKnHm1viYrfvznjY4Lq1pWaEW2BJuExH1TmyC0jUJiSijrnVVpVnt+Bzwz6lpGzwPZK5ylGX8w94AHi6/pY7DLwifY6ChzQmfGXoLMALci76BMNdsktWMM292XxuMCaQ4JGbqQ2VXW3x5MKZVVzoTPC7VCf9BWRaNQ+9Up/B1RCn9rTPEhXPDaHnJS+4yQfRmy1e+nEJYBM80kt+tlXFbiyHzvcNw8weI8GQUmWvZpAHbu5xUmp2Nqig8zzfQ1dB2bNbbnC/QNVC34nPkw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PTY+shWmlpmyP7U4tVn/xNTUAY1T9x5k0xnVmDBdqug=; b=KpPw6VOfmjr0zllNQ2IkFW6Qom+qdpll+yRrpbCu86s72yz57tLV2QSO1/NPIIll8XvHBFewDNUYRGwkhrHwKva9+F646Da+Jyc2VsJoAq7PgRwhCH5M/1v/kSHFh6cfZNvQs2WIzjiKepdYzTYw5Xpun++lR7ywB/gNT0/CVx8= Received: from CH5P223CA0017.NAMP223.PROD.OUTLOOK.COM (2603:10b6:610:1f3::13) by MW4PR12MB7382.namprd12.prod.outlook.com (2603:10b6:303:222::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:10 +0000 Received: from CH3PEPF0000000A.namprd04.prod.outlook.com (2603:10b6:610:1f3:cafe::9f) by CH5P223CA0017.outlook.office365.com (2603:10b6:610:1f3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000A.mail.protection.outlook.com (10.167.244.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:10 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:10 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 1/9] x86/boot: Move boot_*msr helpers to asm/shared/msr.h Date: Mon, 26 Feb 2024 21:32:36 +0000 Message-ID: <20240226213244.18441-2-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000A:EE_|MW4PR12MB7382:EE_ X-MS-Office365-Filtering-Correlation-Id: 4ee56327-547d-406b-8ab8-08dc371287c3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: O+LKNTD0rTvj29NC+JnmR5WGxz+uDDjfKQHf+x8Y4Cs9sinm1tTwRQon6DhRDWUeHUuJxrr9AnR+03bTm1uEzFjoplZ3xYTec0K4Z8z2F6+ylu4aV0N3pNC4neojgfP9tT4XNDd6kTDTCpc8uQw5nn+fpzEAuz0VorCdrADsTfffHORaQxv4/0urGaBCkZ4WLmJfP1XxWLTVeSI77kofE9eMm5REe2tfC46y9Vx/RCWji6zMHoQvskjWX3mOycUX6wLRlMfODrklAk0/RXgwVYEXtRVipg3yqF4HFXoYd9sFEi2cVur9Y+nBzJRCgNIkcsumiyC7aDXtwDR25NsBkgxZInvBVjs9FNoM0hYD//ZHE30K5MBz8w2ruaTq0pktIY0WFPuSqgzMaSe3oiuNCY1dJihXSp+hPGlZq9Gtzyt3OK8u+nQR8cMqYV73siXRukuQ+g47a55iu8ObHkuqxPR9ShI4uFmnol+C+EdPjNwaQFjpS0s+QRnSDrF3eVjc7U9BCihIE9u6MDhqgF7aYemn08xm2/046O7YjEI0hJfv42qZ2HDCjvYPtBh3Hn6CCL+XRFaYscwID6Ai7gamS7eqFKa9Lbjiw2WU3jQa70HzffMUm253GhCW48ybQGE20q0z6rwniJ6KPNe2LDaBbnXVVtfwRz7b9FOZIEbzFNIhq2h4PtsigttpLkGvC72ntvrXzMTyTIJgvVWb8giIfSI0yuvGtAbDZFUkFp6kMUqE5PscicwUu/wXZzvyMHUv X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:10.5819 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ee56327-547d-406b-8ab8-08dc371287c3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7382 The boot_rdmsr and boot_wrmsr helpers used to reduce the need for inline assembly in the boot kernel can also be useful in code shared by boot and run-time kernel code. Move these helpers to asm/shared/msr.h and rename to raw_rdmsr and raw_wrmsr to indicate that these may also be used outside of the boot kernel. Signed-off-by: John Allen Acked-by: Borislav Petkov (AMD) --- v2: - New in v2 --- arch/x86/boot/compressed/sev.c | 10 +++++----- arch/x86/boot/cpucheck.c | 16 ++++++++-------- arch/x86/boot/msr.h | 26 -------------------------- arch/x86/include/asm/shared/msr.h | 15 +++++++++++++++ 4 files changed, 28 insertions(+), 39 deletions(-) delete mode 100644 arch/x86/boot/msr.h diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 454acd7a2daf..743b9eb8b7c3 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -13,6 +13,7 @@ #include "misc.h" #include +#include #include #include #include @@ -23,7 +24,6 @@ #include #include "error.h" -#include "../msr.h" static struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); struct ghcb *boot_ghcb; @@ -60,7 +60,7 @@ static inline u64 sev_es_rd_ghcb_msr(void) { struct msr m; - boot_rdmsr(MSR_AMD64_SEV_ES_GHCB, &m); + raw_rdmsr(MSR_AMD64_SEV_ES_GHCB, &m); return m.q; } @@ -70,7 +70,7 @@ static inline void sev_es_wr_ghcb_msr(u64 val) struct msr m; m.q = val; - boot_wrmsr(MSR_AMD64_SEV_ES_GHCB, &m); + raw_wrmsr(MSR_AMD64_SEV_ES_GHCB, &m); } static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt) @@ -482,7 +482,7 @@ void sev_enable(struct boot_params *bp) } /* Set the SME mask if this is an SEV guest. */ - boot_rdmsr(MSR_AMD64_SEV, &m); + raw_rdmsr(MSR_AMD64_SEV, &m); sev_status = m.q; if (!(sev_status & MSR_AMD64_SEV_ENABLED)) return; @@ -523,7 +523,7 @@ u64 sev_get_status(void) if (sev_check_cpu_support() < 0) return 0; - boot_rdmsr(MSR_AMD64_SEV, &m); + raw_rdmsr(MSR_AMD64_SEV, &m); return m.q; } diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c index fed8d13ce252..bb5c28d0a1f1 100644 --- a/arch/x86/boot/cpucheck.c +++ b/arch/x86/boot/cpucheck.c @@ -25,9 +25,9 @@ #include #include #include +#include #include #include "string.h" -#include "msr.h" static u32 err_flags[NCAPINTS]; @@ -133,9 +133,9 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr) struct msr m; - boot_rdmsr(MSR_K7_HWCR, &m); + raw_rdmsr(MSR_K7_HWCR, &m); m.l &= ~(1 << 15); - boot_wrmsr(MSR_K7_HWCR, &m); + raw_wrmsr(MSR_K7_HWCR, &m); get_cpuflags(); /* Make sure it really did something */ err = check_cpuflags(); @@ -147,9 +147,9 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr) struct msr m; - boot_rdmsr(MSR_VIA_FCR, &m); + raw_rdmsr(MSR_VIA_FCR, &m); m.l |= (1 << 1) | (1 << 7); - boot_wrmsr(MSR_VIA_FCR, &m); + raw_wrmsr(MSR_VIA_FCR, &m); set_bit(X86_FEATURE_CX8, cpu.flags); err = check_cpuflags(); @@ -159,14 +159,14 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr) struct msr m, m_tmp; u32 level = 1; - boot_rdmsr(0x80860004, &m); + raw_rdmsr(0x80860004, &m); m_tmp = m; m_tmp.l = ~0; - boot_wrmsr(0x80860004, &m_tmp); + raw_wrmsr(0x80860004, &m_tmp); asm("cpuid" : "+a" (level), "=d" (cpu.flags[0]) : : "ecx", "ebx"); - boot_wrmsr(0x80860004, &m); + raw_wrmsr(0x80860004, &m); err = check_cpuflags(); } else if (err == 0x01 && diff --git a/arch/x86/boot/msr.h b/arch/x86/boot/msr.h deleted file mode 100644 index aed66f7ae199..000000000000 --- a/arch/x86/boot/msr.h +++ /dev/null @@ -1,26 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Helpers/definitions related to MSR access. - */ - -#ifndef BOOT_MSR_H -#define BOOT_MSR_H - -#include - -/* - * The kernel proper already defines rdmsr()/wrmsr(), but they are not for the - * boot kernel since they rely on tracepoint/exception handling infrastructure - * that's not available here. - */ -static inline void boot_rdmsr(unsigned int reg, struct msr *m) -{ - asm volatile("rdmsr" : "=a" (m->l), "=d" (m->h) : "c" (reg)); -} - -static inline void boot_wrmsr(unsigned int reg, const struct msr *m) -{ - asm volatile("wrmsr" : : "c" (reg), "a"(m->l), "d" (m->h) : "memory"); -} - -#endif /* BOOT_MSR_H */ diff --git a/arch/x86/include/asm/shared/msr.h b/arch/x86/include/asm/shared/msr.h index 1e6ec10b3a15..a20b1c08c99f 100644 --- a/arch/x86/include/asm/shared/msr.h +++ b/arch/x86/include/asm/shared/msr.h @@ -12,4 +12,19 @@ struct msr { }; }; +/* + * The kernel proper already defines rdmsr()/wrmsr(), but they are not for the + * boot kernel since they rely on tracepoint/exception handling infrastructure + * that's not available here. + */ +static inline void raw_rdmsr(unsigned int reg, struct msr *m) +{ + asm volatile("rdmsr" : "=a" (m->l), "=d" (m->h) : "c" (reg)); +} + +static inline void raw_wrmsr(unsigned int reg, const struct msr *m) +{ + asm volatile("wrmsr" : : "c" (reg), "a"(m->l), "d" (m->h) : "memory"); +} + #endif /* _ASM_X86_SHARED_MSR_H */ From patchwork Mon Feb 26 21:32:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572926 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2076.outbound.protection.outlook.com [40.107.94.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 542F6132C2A; Mon, 26 Feb 2024 21:33:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.76 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983198; cv=fail; b=f46ASMwzNLpUfCkOsnWnVmYg6IkeEJ3E78i6yhHCAzCG2kAhcPMdiKZAM7BjryvIHp8KrpHVS6Q+tJl/OgfDkbKMyN4OL6Eey4jXvlnw9tAB8kgL6a4upw3f+v3AweiFFZPlPlfRfKsWkLtJ7rmYOEFxKFczFZu0vuzGxGSzO4g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983198; c=relaxed/simple; bh=oGI4z1E+dcaInNs25HvjRZ14QNhk4dNjV+0SupNKLg8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X19bmV7pUs/YTLHyg1u+0zsQeGzLWq9oC1n+WwGEJzJe+vhFjv9YZdDWmqSukZorURIDLAU7Rogq87LqIN9+i3e5VjgchB/ovsPGx5DUfsj9Jy84MsZaNXDaAQMmlt6TpFjifJxiNm8hvffhvXHBV+dn5zOeDZjMWPp9d6UZ3Tg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jp10aC3O; arc=fail smtp.client-ip=40.107.94.76 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jp10aC3O" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TgOT3l7qU8vIxID7R+iSf56QmUPwczDVvH1q/wSZFPW24jgRmuZuyVboXJ6HPM5D6/t+zcb6nt38AdSJe0hp528IXCZJ2LP56SGbnE3wSS91fcuFB0qY4bNaj0ae/x05FyPkqpaQiu3bQjtBjTdZ+eTP8yRpRKRz4Bdn/XOQbFgBzp2jZq+hi1ZkPtyGlyky0p6boxRRNqUvOcJfInm9ZfwaEi02DS4SAoClt5bcD+EaMIgC5JeFEDB/EFZavO36LcQRj+gw4/yDaZAYr8kWtT1vts08TdbKlXE5xM1yGXFh+QxDZUErVoDZ+LQ41sjNbjtIsJwMiaRjoWqhyY+HSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9umBMiWClOer5d/riBrXbCzpKrxM/rqB1EX6hZ8JvO8=; b=AbANk3x7y7O8RADL9kjFCANi0CSjqgmQNGydsvkhY0uhPdz6CpUIeKdMymV2Zlu82S939uEKLJTr3phWATbOloqurV3hkf6Ezwo+3JbVNqB8kF6wUC1yPehzTH2gNfxzv4ccVyUJL/NxuiuBD7Qi7fgCyp4xjWj71EFx9iUOSSRzc8oabowgcuri640Dp3OfgDRVGZpmDOM5SpLlzp6foX/1MCjmC5hiNub65jVoziGul7AkBBA7Oi3nlqqkXO5uw8XKJ7msedidUD8ARLQinwuzINtToxIBNozbWfA7JJKCqAV9MH0UIp0OVB0j3zRoGx6QMjjfcxRxRK8IoqofOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9umBMiWClOer5d/riBrXbCzpKrxM/rqB1EX6hZ8JvO8=; b=jp10aC3O9dwP9QruT9cdxi+v31UI3aeusD60mAlyLl9q3IXYG3s1AZXjpQpZsNkbXn0YDvQO1nN78i4kIFV1ta0zREIVio2aAlS120cW540HQ8UXmKf0tBWsRSjaZPGSZq7LwdkmveDOusAIh4++8fEkYnubp1rwtpPvDkctXug= Received: from CH5PR04CA0018.namprd04.prod.outlook.com (2603:10b6:610:1f4::29) by SA0PR12MB7075.namprd12.prod.outlook.com (2603:10b6:806:2d5::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:14 +0000 Received: from CH3PEPF0000000E.namprd04.prod.outlook.com (2603:10b6:610:1f4:cafe::15) by CH5PR04CA0018.outlook.office365.com (2603:10b6:610:1f4::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000E.mail.protection.outlook.com (10.167.244.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:13 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:13 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 2/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Mon, 26 Feb 2024 21:32:37 +0000 Message-ID: <20240226213244.18441-3-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000E:EE_|SA0PR12MB7075:EE_ X-MS-Office365-Filtering-Correlation-Id: 2a972bfe-2d28-42c2-a29a-08dc371289c1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Lcer7778P7qA6n1qIFMHd3r/MLfLIK5F7bpBPqqAdNm8jg7NZRSWA/zRKBAzFbjr9cp/Upeo1tCQY8/t03Fh4gTN0ti+QPB96FDfsSdO3cXHkNUrH9Y4iWGEw1eCuZb12kC52oxHVkbo8YxfHnQE4FohYoG+cAKSsfxbh4Rt5pzreyN4XXRWsTVGy/bRYH0CenYtdG+TmlMZkdfAiK2133SUkAKToT7HgFIOzDAfP7bE55DJpje2aekkCCugFEs6s8f8k5qmrDUGT2PwgrW1q/BsKgGiT+hp5B8y+k5I705XCeglRi2VEVbIuHWNXXAVxopNgAgKKCEP/wZ9dDQHsbSziA0Y/46yLVgZ2wJA7oVNIrk8+Brz2xUNXYfH+HDRJ9NOWFatDpwyq5FzkHLekGziAMVnVu6tD9TotPs6B6vqGsrYiEF0avxUSo6nFtRjX01eBDsoaYO/BYGS7PFhDKmmz+SG5qw7zWQjNGs57dwUcR7qg5i/kLsjxusVZ5rGNLM9BdDDcs4UgWSNlA+af+rpsDux5qFEbZYPcTP8QnvIuiibLcGjk/XKPeaSWOEGARVWnQF/q6IqG6lh6MDN4CNG2TuGXuCzB3y1+qlYHL9F/sVDs8IlnvQgTcQ6uIZ7WQ5qXIwvbAzphR44m8Z4ldyVGfaZBQJ86DjSPi2a8g4pKOdR5GbvqeYGGbkVhNXNlAsFJfEuBIfjmvBQQQW2DD3GpHYcscoqBn0Ed+tBzNpoTrIB8rLWa2xfUo/ApshE X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:13.8937 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2a972bfe-2d28-42c2-a29a-08dc371289c1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB7075 Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e90b429c84f1..70f6fb1a166b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2864,6 +2864,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (guest_cpuid_is_intel(vcpu)) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data = svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data = svm->vmcb->save.isst_addr; + break; + case MSR_KVM_SSP: + msr_info->data = svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data = svm->tsc_aux; break; @@ -3090,6 +3099,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp = (u32)data; svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet = data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr = data; + break; + case MSR_KVM_SSP: + svm->vmcb->save.ssp = data; + break; case MSR_TSC_AUX: /* * TSC_AUX is always virtualized for SEV-ES guests when the From patchwork Mon Feb 26 21:32:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572927 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 267C513247C; Mon, 26 Feb 2024 21:33:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983203; cv=fail; b=HBnMakpTQpQDdhYtwpRrw3BBY1f325gT5AKPZZmRkBEVnsSWlwCbU1tHWwad1Y9Jsht0vXBksQRRiWTFXGwAXybgDr2Nfe+IFdjjuBvTJUAIQDkfvHeBBsdLg025VTuDrHY8FSkOZ7y5RdEOD5rXP9h+m9k1+aa6wZFH6m4XbjA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983203; c=relaxed/simple; bh=1TkrsaUUi9mF1kWRi7rFDTa6weQnnlwxMAsLrEwfR7c=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=clS0cYSoobnlRVoXE2fjgFodqT3phneP4rms9S2drnk2cWqCt3+5nuH7szYLosj6XkWhV+UT6PkfmpaJnR0lj+t8fUSEMZt/naLQgIpyNLgf8hE4d4rJ5p32k30vdGyC0UVBnNbSASj4xXET54PWXgVCfT99+i3eeWVXqJFTFC8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=vkjXY38N; arc=fail smtp.client-ip=40.107.237.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="vkjXY38N" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NemWL0OAcdxPKWE5VwhQqkSComZLoI0H+eCTBzGej6zn+W2JyWbd4SgUnVPuAzVjELJq0cTkVP9vyGVYp2IA955AUfYkdkUGJP3c94ZXrVBocCGJyttnUA68nW3N3Mg7awgGuk4+kDi1MuPYsqflWXoWbcoMfSdfVqJnFiiiedizXjPw7xM4jIIVfq28IVf9+FCpL4ZQXcnXQRw0KPVBcPGB/kVhyC35el+YUWtcXfvAmRGnzSL/nuHygqL3ud/IHq+sCt6vPfLROg4Jo9cK03eURzqgqRQTp/41qMN/ROUZuFKGqkt9hiq9Mxpw8SpIAGEdy+TtC47gWO4mSPwmew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dB9LwhudYW6UmKBiw2KUxpzIr+HrXSN6qNTvq/Iov7Q=; b=nxjwbQPi6tLwgzjJkCduRi6mq1Blzb4AhhzoggGgRTxIn4+PCGUzoCsglTqJ2NwDiwr4jB3qzf7BiWgl/kG0aytJJIWRSg0ufrXXbYpgIts/Yyp4bEwY2xwBp/P5wmUmBBU2MgRs5C5N+4/RZnFjYKyxTSYv4ISE4gZit5LGVT3b2PA7/xhOSPtk0wkXqcBDqfKAtzaCRw0z2d/wuhYVJIpwGg5hpmpfJumubq37CEmzJPteZbAKSjAVg6BcGDnM6OYwoPpixnj6m68+8NRnROEf67y3S09WL/W+7+0LQI5oYfk5yo32io+5RM4sGu92JK5rcva2LpgmnQmFWyvi2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dB9LwhudYW6UmKBiw2KUxpzIr+HrXSN6qNTvq/Iov7Q=; b=vkjXY38NF1yHMYP82Rdl/SKw5aJ9ueyLOJJ+ws9gR/hnzyGjCnA/HFsyArqIOkeLZJMF829h9R75wdSlzoKtk/bxiy5ZXPp7ex5oXpKu/E6MQY7ZE3f4qniSU0V23b+TVCs3y1CFRujHVjpkOxzp0VndZBQ6Txzstjv/Xxc4A2c= Received: from CH0PR03CA0030.namprd03.prod.outlook.com (2603:10b6:610:b0::35) by SA1PR12MB8143.namprd12.prod.outlook.com (2603:10b6:806:333::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:17 +0000 Received: from CH3PEPF0000000F.namprd04.prod.outlook.com (2603:10b6:610:b0:cafe::75) by CH0PR03CA0030.outlook.office365.com (2603:10b6:610:b0::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000F.mail.protection.outlook.com (10.167.244.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:17 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:16 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 3/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Mon, 26 Feb 2024 21:32:38 +0000 Message-ID: <20240226213244.18441-4-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000F:EE_|SA1PR12MB8143:EE_ X-MS-Office365-Filtering-Correlation-Id: a99b3da6-bbd1-4e6e-37f1-08dc37128b9e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wojdGW1MzIxP0ufPp7bwuYqgq84phnm6esfOrhB0Qy4TySHQ5q48DeD7YX2kH8dSLWVNWNk3kwA5xeiGfY8lOPBgWTlhau6o4T6ErR8V0vkdNgLGtZcvioKkZRIZUVLkLsqFJEnL4Sg/JunYkpfqAkYy+dRd3YOk8CLemSyGkdiHU+vk6H6S00ytY8LR3Lkt1NbejcO+pb+z/SqcP+2JvT+KS47MmhlnXBt/tqPbaURip+cYXsMJLnlq61zyXQb689VcLNiJKBzagN5PJ/koAnULSK9pAGtPpMoV+Dmo/KjpGHKRqOzhoqWXQtVWJTzPfguDF9Mc4OY0QlOde7RjTJXGvbgmCavBUHC3VpMKDAPhUfNHTTpDdyoizxkqOxumZsKnHHj5wF+AhsyXkASjIXWWihfvLyMPp3inFU/370YLSurl4zCHQsnsBY5eL/CTmCSlDiw4eyLh0kXvpcsW1n0TGu9FBwK/BFcIxbBTsFxF5JYkLNXd4PgmD+BkrOWXsTRnh6ZX4ZZkhj55TGIALgjqyS7hmnmM15SG6wiOxgL9wprACWTgPRvVL6cMA+TwbOOmH05Vh1S8ag5AdWNTu63XmJ4utWDe7CXtnl8fIaBXDkaJ2TL2zTtkl8XwHuqOh0uW+kuH/sEcAv0kkPbJlTad3XeRm0fyIK153EngTSbzV3QBK0ioLdXI3QLQUbrrlhODHgeXH8W0kB05G2ufB1Odk/qUYd4G0wwr5MB66Zz277RpY81mLUUv4LS+9Dlf X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:17.0483 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a99b3da6-bbd1-4e6e-37f1-08dc37128b9e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000F.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8143 Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 70f6fb1a166b..0b8b346a470a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3431,6 +3431,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", From patchwork Mon Feb 26 21:32:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572928 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2088.outbound.protection.outlook.com [40.107.243.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAFD1132479; Mon, 26 Feb 2024 21:33:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983204; cv=fail; b=bOkWZKrLXa5UPs/cqEduMdaoK86ZAYmyaMQdW+XPlI9RI+xrVzUsCfcy5vT9OHvJa3sqEGVtp2Y4YuE2S2jN8KNKqKm3BMXtndj8QfG2W5G7Gsg8ps7Ayt/F3004Xxq7U/8+GPtKnv+sak4vF1r2876Xp9OSoR55VmTc8kMY9eY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983204; c=relaxed/simple; bh=a7Kbeq917FP2okWrYaow0qB+Q/vr8rDFLGffwC3qleM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aF6pZ2QMKJHq0cn7dnn4bHLK4vIY7i8U4R/KlI07alh2STpKelSIBVM+VOnsn49+szWR8M1yhqh/LifCo5Ik8pwb+r4peHCKrkSrcyR7rJqIcotbQq8gr5IxG4zYbBu3w/1mufdslXHcxGeDzv06A0xISzbdyq6qVxd4+kIWeeo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=CFfkN3Nx; arc=fail smtp.client-ip=40.107.243.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="CFfkN3Nx" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PHfL3HFv9rVzlXUAdVe9J7tKv3cNFl3ayQFR7eEkGezS/zEgbXjpkIpt5Km/ZRWdkuO1lLyPlIAfjpUM5QSayLZ8JbnnvdjUKUtaH+4eR+My6QDxILAIET9nmnP0HeTyHdE9i/TkOFJP/DTR7mZBjwInSGwkuEAeJ1HMJXZ6eNiIvo5KKOvUZT31w6OxbPpVXX1iqIKW5x5zTeL7qg9KQSfCaTTX8EVDAcP07pK/lzgpWtXZ8iip9rakSvm8Ih+R2DrjjA4BhwH/5PwbNpN4tttGa4/NaLKBV4lNHa6lSGlBf2fJO/ODX3cHsQal0MelF2bbCYTuyg1lwlUiNkKVFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dq11PjNVqbSlbn1JHP40LqVBB2E8p6flh/dFIJHaq6A=; b=OMFyPGKDuYfx6vvKaOkkS3f/EMFbSnt7wxDmrFboplK6Ra3XJi+G9DAr4whreyMJTwLolXRx6+XSxhp4gIUB2475QMA9c9U/9yon/crDNIBBTNBbFy3uiEohvKKJmhDcZw3veSy9QAroyme1gG1DKlJ90QFms6rn/9ZrOC5W5V1xii7EbGquY4BNq5pKzCYapHLPm/Ip2k1IxU1sWG3DXxBxHv+/v3y5dBHV4eSpgIVcWk1MtlqLXAxFWz6Oa9Z/ns96u6ewBmiuy58GvXmN1QM+2PovLVCuFnfExiN9x3o+w4pjeZ+3Q/iYjw0Zc8DmMnQw3bKvyn5tB+b0SIYLPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dq11PjNVqbSlbn1JHP40LqVBB2E8p6flh/dFIJHaq6A=; b=CFfkN3NxOo7+eogRhSiL7AQcEJ9JsZvWC1Ru7u/8w4Oh+bFQdlSzbMjPNbGkL2hIrVtpUZiPE+gxhBFteJIbvciDpWfuXI4lIH9v5Lkoj6roth8hFrLTtaMFJkxiXc2JP7HCsd8pgNx8M5y/rDoN5oFwxzNxKclLJF6UHptZqTk= Received: from CH2PR14CA0050.namprd14.prod.outlook.com (2603:10b6:610:56::30) by MN2PR12MB4390.namprd12.prod.outlook.com (2603:10b6:208:26e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:20 +0000 Received: from CH3PEPF0000000B.namprd04.prod.outlook.com (2603:10b6:610:56:cafe::59) by CH2PR14CA0050.outlook.office365.com (2603:10b6:610:56::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000B.mail.protection.outlook.com (10.167.244.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:20 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:19 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 4/9] KVM: x86: SVM: Pass through shadow stack MSRs Date: Mon, 26 Feb 2024 21:32:39 +0000 Message-ID: <20240226213244.18441-5-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000B:EE_|MN2PR12MB4390:EE_ X-MS-Office365-Filtering-Correlation-Id: 783fdb48-ce6d-4481-4a60-08dc37128d99 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OtqxsUH5YjcjlHUDyH2TUpPH2AXizzedbTe19lmMzMAc2D3GRxJKdkAr0dV+9EfGhkxk60Q1KhWQURtBpo4xfutd1tdzBIm64bG9IluxjlXQfnTr3U/xc3KFSNtXp358xx385PLvhOHRiJ4+/4bITYXoYvbWgc77yizj4pC2Pb6TXr7BCcg7qnmjxwSCQaJvoE7Cib1YQCIugEzP3dSSN+KNFenjSIbiajjFCGffJxHFO6sPCEHZuJBguvb/Q7/Wjcnal2KhBKZOxEs4/woRJXCkn1azGJuWenpNRvUVvdmz0mPbm6NXDtOtf2zoF/0LKK0AAsqaga5BkRS60w3Ga89ZYD499w2ZRVAKVGdA4sGa9AfSy7odrixCqPkPiY+/HkK8bkrla7Umu5XfXAQWDGiF9cgIP0b+oGRf8PQuZ5JTVTL017TqxjmxR3sQ+qpN6kJyQ67RusVn4Gn3SQv1vqPAof0cg16tnCm9NvMjVsoxLpHrpvWe2LkEv4/NRreDGvu7czspP5GdFfFDA7eEyWpj5zrVzGDTuq99RE3cNMsd3LW77CUuWqcl9MPB+SAJKZyZ5n41P3gLi0IB+ICycwjrWXgJnrHqCAboeWvTCxC7q1jD43DjlBrhf6zEQPNnbgD/YZxWJBtQvvchHZDsQhuA6Jk0qcTDgRjgox1DxSo8AYUVmH8hM7BzlAaLBF77SLL4aAvrnUDnAhIcA+AY+zg4WcAVxejpTEzlA4VGdP1W4MZEIYGNlo7nMCNNqkl1 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:20.3715 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 783fdb48-ce6d-4481-4a60-08dc37128d99 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000B.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4390 If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0b8b346a470a..68da482713cf 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -140,6 +140,13 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_IA32_U_CET, .always = false }, + { .index = MSR_IA32_S_CET, .always = false }, + { .index = MSR_IA32_INT_SSP_TAB, .always = false }, + { .index = MSR_IA32_PL0_SSP, .always = false }, + { .index = MSR_IA32_PL1_SSP, .always = false }, + { .index = MSR_IA32_PL2_SSP, .always = false }, + { .index = MSR_IA32_PL3_SSP, .always = false }, { .index = MSR_INVALID, .always = false }, }; @@ -1222,6 +1229,25 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); } + + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled = guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); + + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, + shstk_enabled, shstk_enabled); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, + shstk_enabled, shstk_enabled); + } } static void init_vmcb(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8ef95139cd24..0741fa049fd7 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -30,7 +30,7 @@ #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 47 +#define MAX_DIRECT_ACCESS_MSRS 54 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Mon Feb 26 21:32:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572929 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2083.outbound.protection.outlook.com [40.107.223.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 150E31339AA; Mon, 26 Feb 2024 21:33:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983209; cv=fail; b=BgE0MR1qSlPIqKZBb88F0OfQxKC8WuMYOkuaKuKBco+C55fEV8FO0+rriqqHMWitBqI+Vx9QL+0IkQheDJJkciMRiK9yGEAnop7tgedP3mzCCZc2aWIO6qe3Rs2HrGrR8izOX8y40s4Wpe/THdKBr5HnhJieulYq2l6QKMoAxVI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983209; c=relaxed/simple; bh=adG/ABrWVrZE3MsUfOnn8zbLG0RC0aNV9+6dAwjY1X4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Agg2xUT9V9ITM4lr8srOcBdnTre9adBhCts781fg+u4pwdEPeyICIiTntPDRVcyJ93BFYEUS3QqHyKMX95K6RaaYHxBbR1UE6abSA14Ej0T7crVtrHgQY81kG/fzb7D1XHhZXPmB4W9ZgXMqe2snKgLl4eC6BReRTHXPYg4ykRY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Ft8cRW1U; arc=fail smtp.client-ip=40.107.223.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Ft8cRW1U" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=huUhrZGekS98don+sGRo1kGDmFA3+aVNc9L6+C8Upb2X8i0ph1JqXVJyMBS1vhfcvQfxvasMeDau+bxRcLbA4a692qLH+aNeOkEmUtQ22e2NkDq47aYqd97fpbqOj2gnRn+OIvX7oGhjW8ophdhEq70rCKseEAAMsnBYjfmAKrNS/PnnUMldd9v8ko2NrZCT71ifUeHhmqLGs04pz60pWoLUQDlReuvQ4CDaud6OKakRW9CbWT49PSUVxXwzeOkSPR1K0EZIQPeE3r+T3QYF5Oi1blEwPog0WDh17W6UQRwmyyHcl9Fb8s72mwwN4vv5/I80eBZ3NetMX9Nz9LnMpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s+ddYQ0Pdno3LKSDluChSeYK84B+ZLWxt5OvWSAnbXw=; b=DF5Lrmr4nvw8DiLM6eXuEKB7dZoYoXLPI7fkRJRdUTKGd4+6FjffjAI4U4zc++ry7geBzieIpFWKfUT7DvW9sDLHzTQcV4txg56SfQEbzCSev7GD6J+WFYX6l8gDxvCfV8I3f+tF3aYuMlqLQ3N4rcf0zB61+LNylU2JNSFwfVP76murUDNu5DvDijZm1zQtP+I4cCslp+ppoB8Cj6k6fZlVwVO4WoLXL7gQhAEUNLuDqgeSCVcjxk5jA/Q5W48Fdw9T+rIGQeurLg6r3w85IW5EhtlK1RcFUkQ/Afmvcjc9cbRxPXyb3AP9bTjmuCoVOTmJpa+oXF/HLrPKJWOu4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s+ddYQ0Pdno3LKSDluChSeYK84B+ZLWxt5OvWSAnbXw=; b=Ft8cRW1UHav82EJ5NN8TnskuAw+4yx1pZEghoVc2Aw7nvNtS1GgwgMmhn47/4n8x4YdCSiEpxZSPG5B4Eh1blRWIll1aZbaol9UzMQCbYmroDY1uYNKCv5ACqmE7FTQgqYEs2Tct4DnILfuRTu7rnzxTr8f+w7ckJtdLwrDamto= Received: from CH5P223CA0013.NAMP223.PROD.OUTLOOK.COM (2603:10b6:610:1f3::8) by LV2PR12MB5918.namprd12.prod.outlook.com (2603:10b6:408:174::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Mon, 26 Feb 2024 21:33:24 +0000 Received: from CH3PEPF0000000A.namprd04.prod.outlook.com (2603:10b6:610:1f3:cafe::62) by CH5P223CA0013.outlook.office365.com (2603:10b6:610:1f3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000A.mail.protection.outlook.com (10.167.244.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:24 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:23 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 5/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp Date: Mon, 26 Feb 2024 21:32:40 +0000 Message-ID: <20240226213244.18441-6-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000A:EE_|LV2PR12MB5918:EE_ X-MS-Office365-Filtering-Correlation-Id: df9f37ee-c7ba-428b-3c92-08dc37129012 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NDqGmE2K4GSwcgVY9ytcWKG8NupLCY9upjGHjxvWk1pSjPm9Wof3yonbsPa5uUR0Qo3OlvIAYRCMrDnkUuMXLHezAVaNXbjPlKlic1zke5GjVPV5mB1fETHgSgR//DjuuBEcPA4oX69V4iTvt/uZx29OQNvWZH9e+v8thFUNfygNr9CoGBsu3WJP5xqrXSIh/U2GaFTXPeOG2UcN+v4gcuqaKzojByyiWRbFA4nD6sFc1kK6CkYkWKzkhFNtFT7FIOAuiBOh4D2VJV18UOfcdxaxkTaSmQUsaSGuPhHR9bkVyyZPZNrA2bVnO7gKdnctDrsLHX18rbI13NNGUkAlmAk43NjxM0k5SQpom0zwKBWxzti5BdClkcelA+5lt/NT0s9Fha0PfDDdtQ4uCtxUVoh7w5CPYa5yaeQV/8+l2XNafhThFHRRFBn7h8NNLubLzfdh6yf09Dw6SSF9QZYs9pJ2+nK1LiLTh0piN0UaN4nZ132pq5gPJV9C0PT8elaSR/OoynPlnieypLsfGlD6XLd+j+ta78zwlEYcJ7wsIc5/UySGvBP3PIBB0sAwACg/7g64+vXezTrMRW9FpMw2qlTabyMCeIb7W/Q5jRTN+gBCtLlrsgRpSW4/EDE/1yle0DD07LE0EOCxdHM/Y0V9d2Sicm8IcdLH0fwj8PDyrYo6DK7KzBmISxZPtzHyuQ1v3mYq2vhEjOlu8Zh5/EHDhOy5hgeL4eBmDqA3a38thZWLjcL5zadWKTW4XfwzFbsN X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:24.5196 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df9f37ee-c7ba-428b-3c92-08dc37129012 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5918 Rename SEV-ES save area SSP fields to be consistent with the APM. Signed-off-by: John Allen --- arch/x86/include/asm/svm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 87a7b917d30e..728c98175b9c 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -358,10 +358,10 @@ struct sev_es_save_area { struct vmcb_seg ldtr; struct vmcb_seg idtr; struct vmcb_seg tr; - u64 vmpl0_ssp; - u64 vmpl1_ssp; - u64 vmpl2_ssp; - u64 vmpl3_ssp; + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; + u64 pl3_ssp; u64 u_cet; u8 reserved_0xc8[2]; u8 vmpl; From patchwork Mon Feb 26 21:32:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572930 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2042.outbound.protection.outlook.com [40.107.223.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED880134735; Mon, 26 Feb 2024 21:33:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983213; cv=fail; b=uGPiivmazHHAX1WPGjaEQ213fWAJyb5MFTPTY6Lrhgoy/c2ocAmQN3lMDi5R48d6LkjRJ0V63fLnvdlHiIG3mhYUbg8MTBLNi+rgXINIRAI4PIq5X8sIQ9ZBiWaiabD0lTwBgpqIpUoctgiYezEtCrQ5qEV6jbvkzGYjjrb8GAY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983213; c=relaxed/simple; bh=ZzMR9NL+iOlvGkVw29tC6MVRLuXxqgXEExLmpq42p54=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sFlKlv7Xp2tkLvAtXBf7CGybfHKDZrrFsSCpLpqlhSw8fVOKuLfa1QNZld+pqn2pYLZXGXr45JOmPo5PPxy/VrD0F+Tok5koyCiwcMEu6cx6jsK0pW4SfB25ow6JJEyQjIPUgQWN5S74pjzIJh7jocSgIqWuvjccnPzlKrSdHl0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XxymhIZp; arc=fail smtp.client-ip=40.107.223.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XxymhIZp" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O2Gob23UqdW5OMxmWTO19FRlBPg+ibCvl4i1zTn1Q91yoMe5Ij2hj/epn2J87hLdUJBJFdVb6UEerOGy/j3MR5sBhG7agtC5nDP2Y+V8x4lksK62xnp149hiz+AwrtW1I9ICkaxG7g4oVksxk6vGiSE+wVpkHIkBFY1dmrfdkfGN+IoS/29GsSuuYC4tUTuG802N2ZKPycMW9rNyLC9D1/imsUpKcm8uW9h72weRLrSlch74wxRHnJi32gw9eAf+QnlkT7ZnSXMJtoqgh8xFqz+H7er5pGDfwRpUQZcoU63f4vqKbtwfIzDuB9uY2jNkTV13ttArqH3Xkcwj/eKMnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R3Gy8dugqKHWN5FieegfFCw/GVM0x8C+XZCNJ+OXsa4=; b=Sl/0M28Enm2vID8b2G8Gd/Lnr3E6pGMavlHvP5sgeeyMrTdgpJjAUPJsQ/XT8kPYMPC1WBiB4Rnx6xdjs101DJoE7BTdPvsp0MJvCnJzBACnPmlHKVp4RMKJ+PfH1+f+zhm7HnJA7D5Jcwkh9IFZhRUEmzEQN89Myvtl/SR3X/k7Aq8yvvKIv+XtOtwL1LamL4KA3BUywvdvT9WIPgk+uMwRdts69ubtMezPH1aWtdePWrhPytreq+tcpKpqKph1v9jEdvbBHUQvLVhbDYYAjlDdfaEUqvnSgRF+62J7dg0OWXr8WIb724gup55aiOJcgJF2aNhRW56rFVI+yx1J9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R3Gy8dugqKHWN5FieegfFCw/GVM0x8C+XZCNJ+OXsa4=; b=XxymhIZphwHnaLDUSpmSJkfAWbZFs+4J9ZTh+eJZy2s50NlaK2flmd15h3VBZQMs37mUBBiDi63+cv8P8tzq05qMB2fZtp3UEp/G6HiElrdVlW5jo9cVAsJhfVxfQbKUdJCs0pyUCUd78JGvZhLKxFO75HYe8cYJNHYOrw7K5vc= Received: from CH5PR04CA0011.namprd04.prod.outlook.com (2603:10b6:610:1f4::27) by MW5PR12MB5622.namprd12.prod.outlook.com (2603:10b6:303:198::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Mon, 26 Feb 2024 21:33:28 +0000 Received: from CH3PEPF0000000E.namprd04.prod.outlook.com (2603:10b6:610:1f4:cafe::eb) by CH5PR04CA0011.outlook.office365.com (2603:10b6:610:1f4::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000E.mail.protection.outlook.com (10.167.244.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:28 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:27 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Mon, 26 Feb 2024 21:32:41 +0000 Message-ID: <20240226213244.18441-7-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000E:EE_|MW5PR12MB5622:EE_ X-MS-Office365-Filtering-Correlation-Id: 943d1a2d-3c1a-48f3-5590-08dc3712926d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: yQcnWAN4flEY0dzcmXPSELz3HRzrrCYD6QUEsgP2EzN4tgPT8Gp8+4Y6VcMQ46rHF0ucV+aN/HQarbQ317gxJD0Q07QyRp7h6Id6n3ihE48u995UYEJYTatfK4bD9zG14jz2DVAfsZ9GgLLhjW6CPgDkJg1/SGPKeIlRF30/1u/h+Bit3Pukonl2kSH9WqVuchekZJhcoN88Yv46ZDHydLamWvnSsMHrWi5CmTX106hdw9vypPna1mBNeLKgSP4CVXpuZj5WdR4qmGDjzQ7RFWpguyuSHUqdBLU7TrtdzRIDmeNWBGVJkcEyz+GDjNsjOANirJ+LPuac5ZK0fr5AeIZrq3hKnyz8YivX5RIGCBCt8KWxGPmeU6gwfBOEnkCAzptzse+Ng7kjpRZv5zPryqxL/T7cztU1a3DF7QgGqQNbYcENZvGlbFE0qh4Oc2v+XOTg6ZRSiagIhN52sbi8ewz+9KremV7K3qsG2FLMwu3xzvxtm7hHYsA6XM7HoCcjXixPtiizr36FVyv11K/+rUE+Gc4WIfV7Iq9styc2yeq7NbBMywCxK4Qny819ebO2mVJyKr3Xvk7KFg1MCRHZZcmTdU/76ppypCiz+FsyuQx8yIpkyYnKvw7kojAX/Ut2oTOErBq3AHMXfMUDWf5csTytY1HK4oj7JfNGm+r92GN8RPCcmo5c2fyghEe9cFZhgHGaYHzNX+6lgd2Nuc7iChEJyK0vnj02DDYsHYaMifpdltauEKeHssZRH0OhIdFv X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:28.4720 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 943d1a2d-3c1a-48f3-5590-08dc3712926d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR12MB5622 When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- v2: - Omit passing through XSS as this has already been properly implemented in a26b7cd22546 ("KVM: SEV: Do not intercept accesses to MSR_IA32_XSS for SEV-ES guests") --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 9 +++++++-- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 728c98175b9c..44cd41e2fb68 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -673,5 +673,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f06f9e51ad9d..c3060d2068eb 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2458,8 +2458,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb); - if (kvm_ghcb_xcr0_is_valid(svm)) { - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) { + if (kvm_ghcb_xcr0_is_valid(svm)) + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + + if (kvm_ghcb_xss_is_valid(svm)) + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb); + kvm_update_cpuid_runtime(vcpu); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0741fa049fd7..eb9c9e337c43 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -723,5 +723,6 @@ DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) DEFINE_KVM_GHCB_ACCESSORS(xcr0) +DEFINE_KVM_GHCB_ACCESSORS(xss) #endif From patchwork Mon Feb 26 21:32:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572932 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2055.outbound.protection.outlook.com [40.107.93.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 540BE132C0A; Mon, 26 Feb 2024 21:33:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983220; cv=fail; b=EkDT9oNBkdPCitdiujSzdRIlvcxzQjxkZURMIxvP3ly+10C9X03X3iDWWCiKavUlgLDuFREipn1TgMT7/SFoYaWwkHL+lDYxw/j1UukM/qtvRQ0yvG3mRb0Zr8doVPS5jEZ5YsWXtbEpgQggBXxSVJvoqMPUmcOgwCLABWP4HlQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983220; c=relaxed/simple; bh=7ob0I6tysZJ/J4Wduw57ZmYcN99yyGsSZbO5/ew3sTs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jaVYoOpnJAPKCdgHroqA339gaaNNxX4zH44sEz2sP2dylK+QCtwgkP/NhZUeeX+pc3BrN4OZJPzH9AAygLyjVi5/jMc2T6Zywxghg0LOsToM12wTJ+3mX44z3tRtBgewxGQTqHv8+WMB5caZDnfdWfb92fLhPKHz9j+OXqbriiA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=c/9yfnJY; arc=fail smtp.client-ip=40.107.93.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="c/9yfnJY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=juaT0lU89/hFRR4p01XJhXhmPxfPQfpDtzuPVBlggA3B0WpNmnuDVCVAo6ljtPrBvgQ9yqbsyh/Hwinf9JZHE4wNpTYacP0driP0TW4wlnHDdZtQuyRkGSQFi2FGaQ1qYJW53lH4VoVwTIOEHcRM6G7gGFlnmgc4lYd3hTQTCCxPoZPnsUwEKBzxjG9KHlmmSO+sX0WfTEqVjaLS1ZGWQMPTzfPnCbX+Wuro0S0Gd8+hjNxO1z0rGK85pq3QMjxYe0nhFBLYU4mQn5r7AP9UO2Vl50M42ev/DcxCQljEu98rgT5ZYMLs64HenBAn2QK6k0/O1GenkLoy+QHbGHmVSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mdKCaSdJgqE3ljWDqNuC2Vw9YeeoMmkN76MoNaolgSg=; b=gOQ1MZBNA61AJ3CoWmdp8imXG2i22UpeI1OQ4drbedOSDdGRNAPw9547fxGkUR5K4jlNuw9ZiPERN7FczriQHPf2KpzyXQmsmagpR2CqF4SAjKDjJLa+M6VsDso2fqSa93tq3Lb/6MhxewexkUoGwnq8LGpCWqeThNcsOQw9SMQigrbYELs3nXY9rrfTUIlow/krUycTpTMWQZiy3eGa/F9UpiztwUEf/6iDOY0s0+sTJKJKer/pOUNYmJU5FrLZRUdB2zyurmhzCDZn+xRFZPposA3ORerUFzhQR4BOQuWlaaDJAP3PmljK1mB3qDMY1vv4EPSkAlknp6t6fBZGUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mdKCaSdJgqE3ljWDqNuC2Vw9YeeoMmkN76MoNaolgSg=; b=c/9yfnJYoT61FdKIA3RZtkXDjQQOlNuRkJt0+wbsMJOnkpLcrV/o0GZRXLBmdQXGk4pkGt09Q+TcJzUARt/cs/DtlU9f0QSTbmSoLCKju8QIXyc1zPCVXbGCYcbx8Kk58sYx9zmO02cYDaczvboOwqkI2+7YUk7B9s68n60TtcM= Received: from CH0PR03CA0011.namprd03.prod.outlook.com (2603:10b6:610:b0::16) by SA1PR12MB7443.namprd12.prod.outlook.com (2603:10b6:806:2b7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:35 +0000 Received: from CH3PEPF0000000F.namprd04.prod.outlook.com (2603:10b6:610:b0:cafe::85) by CH0PR03CA0011.outlook.office365.com (2603:10b6:610:b0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF0000000F.mail.protection.outlook.com (10.167.244.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:32 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:31 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 7/9] x86/sev-es: Include XSS value in GHCB CPUID request Date: Mon, 26 Feb 2024 21:32:42 +0000 Message-ID: <20240226213244.18441-8-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF0000000F:EE_|SA1PR12MB7443:EE_ X-MS-Office365-Filtering-Correlation-Id: e4ff8780-f622-4ac9-40c0-08dc371294c8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0LRjpCn7+RMe0JhaWSXpVIsN0r37QE6MiPGFqhiXvXeA1hp4fXSeX90rSEjnVmNClvG/RnbWSibtd6HVkGcVKmwD7Fds2DQLdnkYuK/5QEy/WU4IJhx1tRmTwxjGjVrR2h5dwND7ortiy/5hyrI3ERiOUpgleCMkGez6Kt6k1VqEJgmbAL1v5QmeeZLAxRfghfgOxUyD2uQIBR3KXiRs/b4mTfIMtY4DtyCTFusdAWb5K3E6iNW3h1PUJqAguHFEa/aYTYUVW98+pxdLbxWsiukR2wGHrGkkZNMI0jvizs8jiEhlvhZ5qsawyQhAXMxiHvDx64ozUUmaRz2/9Cz/y9pv8whp/SaMmgTVBQNB/uukUNhwRdCQ7HxhIllLhrPQFBmbPGX0S+s+lI4+8NNOotaU4oLAOn/ai5FH3wsznhJh9pGnaJoLiRb33uva46QN/l1oKD4hSNCxccCXDRIJ//6wXXhkjmPWQKfyC7tF+daIalHgUrK+Q918L8SnnV4FECy4xqV4cn44T9BhoV+iy6ZBET8MbrPUk3eEB+HmbZjrB93bgNglDVNeDGDKezErwynZ6aaZzLiUmpXWk+jQ4IIbMsOi5MPLx5ubFyJ4dVD4msBCwL6aX2pwvXf2spl5O1mlQZDRw8M9hpfu5DPJQdi6mM+LoRdPXie6/RpDAGuye2Esl7GZGPt0sfj2jQgB1RoEfpilNmk2GtxWpn+msDiDq90ohJr59ish/qUsJOVPESt21tKlDW5pzEs0mnGg X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:32.4233 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4ff8780-f622-4ac9-40c0-08dc371294c8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF0000000F.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7443 When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), the hypervisor may intercept and access the guest XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. The rdmsr instruction needs to be called directly as the code may be used in early boot in which case the rdmsr wrappers should be avoided as they are incompatible with the decompression boot phase. Signed-off-by: John Allen Acked-by: Borislav Petkov (AMD) --- v2: - Use raw_rdmsr instead of calling rdmsr directly. --- arch/x86/kernel/sev-shared.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 1d24ec679915..10ac130cc953 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -966,6 +966,13 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, /* xgetbv will cause #GP - use reset value for xcr0 */ ghcb_set_xcr0(ghcb, 1); + if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) { + struct msr m; + + raw_rdmsr(MSR_IA32_XSS, &m); + ghcb_set_xss(ghcb, m.q); + } + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0); if (ret != ES_OK) return ret; From patchwork Mon Feb 26 21:32:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572931 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE73D132C09; Mon, 26 Feb 2024 21:33:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983220; cv=fail; b=GtLxy7pvkW+XSqiOeBcTR8WmaMwS77qdX/htsy+3k3fL72Y0nOWk460jrJbTGl8sts00nb4ti6jtGNRIwURfgYiIqW90MK7erD3biFbYWL6IKfv/pjMxsGjA+1VMNVv2loqypdckL1WKd4sllZx5Qt2dYCmoh7XMbv89vAR0k7o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983220; c=relaxed/simple; bh=TWe/GoX7unY7TDsBKAQIyKabGHNwuZLS0FcVR/q6KUw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=W6qqU1qpNjQPH8wmW7sVZxDn4UE5cm9i52SgeecoFwUx5BMZ7BxiryFHdLJWov9z7wX6ooCLcuVoopjQGndLTf8VNtk7+fsbLUp5ma399bRmDs//wdOoTZZ84zluGwPsY3SzJapLAxaIeqJEERXMfwP7WtDlvWItIKTSipgPmCI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=1hG2VuFH; arc=fail smtp.client-ip=40.107.236.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="1hG2VuFH" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aOVNnYipF1k8t+v4s2Ho3Fscilxu5L/L7l0q2DfBMZZ0LV30C7LlCHtlWZm7nr4RPwIilW3k3x7OCCL+QF1NRP5M3cdQFPdKgjXOt1qzNJ3DwWiqh56ozSb247+yEmIwU5iIiH8b59gbjrPp3IR57TyFqTezGVw/kX9cYNDr5bvV3nd0Ac41aQmzzww6JD8qsDU6tQyCAaKKAx57F97JeOvC9J06XfXO5Zjv5FiGqMg6zTEZ7rrbBOxRRf9DLnYzGDnHeOeJZCJETazrFoAp06+hh1jszT0EEyoBAcFVxNtma/wfcwulWslRYSI+pjFSpz20EUy5siY+j9AQY3ESkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/SkAmPau6YEGtzE5zoZz5RgHpEsEQxHwBgGGFR+//N8=; b=iR4gUzjirUZzI/9Rfl9tDO1+CzbSoPpJbN818wtUaYlAJbs629p3K83sr4cokpdUX3Ew8BojZX3PR9tDSPFV7qpnfwOQlvmOm9CZnUkXw79aX9n6Zt8NKxgHXmgQufR3fduN1HxFVLnOzAJwrFImhZjlulRizp+/OHm0tV+fRgsZI9MjaedY3IPcYBgc0WOfSmssiUAA5upiRXMGu+dJ6AZZjQXto6QIAS1/KSBaEsR6Qny0gB7ivPUjP1bHrIODjteJdmpYXZBIIC0tknTLpDKICFO8O1XHi7FaXc68/yhqvs9DzjR+SsfUoxbhkZT3nq6nt+PuXt9+LMtuo/AyuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/SkAmPau6YEGtzE5zoZz5RgHpEsEQxHwBgGGFR+//N8=; b=1hG2VuFHDUPDdaC6NNEZy0wNqJ/T4uJabgSylW5y7bAvJzmNNuuRmHFSy15UweNf3T1M7+gBv6RLCzfkpaxUQBtcYB2y8LNQSptal9JXIxjNAJfHINJcJFXirLyWe4n3P9owWpeFRCDLIrjdHMaa/PCuKPvWm3QnuOpd6w8KgGQ= Received: from CH2PR19CA0018.namprd19.prod.outlook.com (2603:10b6:610:4d::28) by SN7PR12MB6714.namprd12.prod.outlook.com (2603:10b6:806:272::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:36 +0000 Received: from CH3PEPF00000010.namprd04.prod.outlook.com (2603:10b6:610:4d:cafe::60) by CH2PR19CA0018.outlook.office365.com (2603:10b6:610:4d::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF00000010.mail.protection.outlook.com (10.167.244.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:36 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:35 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 8/9] KVM: SVM: Use KVM-governed features to track SHSTK Date: Mon, 26 Feb 2024 21:32:43 +0000 Message-ID: <20240226213244.18441-9-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF00000010:EE_|SN7PR12MB6714:EE_ X-MS-Office365-Filtering-Correlation-Id: 152bf045-2cc6-435a-3b4d-08dc37129717 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mzUAIw+fXhad49XxIp/cgjwW2G5Ug9XBQoedqGUIL7+0qKmSy0z1tenhPDScty6o6vbr3OkPGPlP33KaHHQns+kFf5c2pVVC8natPeBPKQaYDP55x5ca9tgyUPnsy9C/G9Pwx5rUx7uMTPoe4Zx5hMRJeDFz70AjbDIbCg8662Mf11GsAYWMpoxCZTW4Db1Slf9s2A8GmR46lkhjDnIccFj9KPGqcfq0R1P822jjwHXoSa7SMv+DjQC3GlWPzmBG55T/KJ9CNpU9Duo4/420n+pnl9VWxTVzEFzKQam5sE++4ZqzNiocnVlQWV6vGql+YkGalNkDn3B9b41hn6mQNHrW1MErt1OpXbKmXq76NIT+rd0D8krKkb+Gct3DM32AFKIJuQtK8+04AIBC320zT5mhItdjr5nsGW8zuEwlDj+aReG7L4JZ4HT+/0Zuv6or8uA41ip1SHXRL8lI7KUCxTeRocDr/q7NTdyxMgmZS1YNYtn1/UQj6t/sbdVlEUHrF8LL/twGr36RpF92VLftadsgxeUAP6gH1JRDOAoZ+d40eR7tOCyfVflaJoNt24F3oo356p26ThbaIwHc3d+TZCwLeO46cZf2kE0trtO0ftAwulkuUlx4Dg9KX6jDzXn4gv67EhJe/uzcv8FH4IkJuZ1ntLbAUy5i/mGJaVfPompDwWIXsygJLu1vZH0rXekge6O7tspLhfnozD8pSstGUzj2zAfYviJBfwG6s6p6v8M4FY98zMqRCOR0nhUldcQW X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:36.2963 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 152bf045-2cc6-435a-3b4d-08dc37129717 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF00000010.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6714 Use the KVM-governed features framework to track whether SHSTK can be by both userspace and guest for SVM. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 68da482713cf..1181f017c173 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4386,6 +4386,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); svm_recalc_instruction_intercepts(vcpu, svm); From patchwork Mon Feb 26 21:32:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Allen X-Patchwork-Id: 13572933 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2078.outbound.protection.outlook.com [40.107.237.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3D341353E9; Mon, 26 Feb 2024 21:33:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983225; cv=fail; b=e5tUSDzRndlijx73Ty7qhYOvtRJPn2ZmniD5Wg93TpR6e5Awgu7gy+tvI8n19X4PVaOh2gphzrIPV5O8bCV2X+XDgW699iJpb+FY4ogC/s7/UTbESfJN1pYiR1ti3dSITWTS/gXhggLSEFDq6sxUy7bgZC9J7VS2g2tc2J/7eCg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708983225; c=relaxed/simple; bh=H9YXNTWjqPnp1YfKoDowcyg6Zv1FbLoFTq1TUm6PiWI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fpVGVAL5KM7gOfbwjFRAKu07B4j0/QmBAffslJWLP265Es+npmg+MIevydbYQjqaZlOBU3hSYm8UVEXYzHd582ZMWe4sjQqJdw4BeTGIBHTz2CogiPzaFFBts8UkgUH+yvCDDo8eqaAM5+b0nv/altWAk1NWvHDVZDQ0SYk4mSQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VsC9rVbE; arc=fail smtp.client-ip=40.107.237.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VsC9rVbE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RntYAE0Q6/hZdDKniIXmToEhi8ZqOunArHSMGN1tZ/fs08hf5eize+ZGTxPk+cuWSQ7EfiJuju5/x5I2UgVJ4openngG0gxf2SCksJP9ukl+vMs942qITMs5653icPlh4LxWcxDTU/6qkmpsMxEQ7XZyvWNeHFrHiRVvh53HGHJXweaoXAVLGHPhFLK8sC/1X8+4vFfvWpj515lCIskOvwLb8+PR9db7sAMUym0nyPQZWfxPhEnXHYXk0g3z2il2OhqMFjpNBMaRHS1o4tfp+kauePOSFMK1BBjXG6NpBoINhvxGYXtyPlhSlQojqWgq8Xf3PQxmI649VMfrZey2xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kG+9PySf9s/IXt/ytfi0Dr0DGxifcANasQNJu38+Owo=; b=KFG3ifTHx9qvcMOf4xsh7pSjIX7WFp3Ngp+fHZNkI8NWMqnD7C4i9YihT6j3B7e9DtYD6kNNL7lpdCrbtmC+7E8Gyz7KFig0CKO9GlezSmASX49YTW0RZs2d0klB1aoW0fmMvl/tz09oSUvL6NDNeYDgox9lh0YR+xjJVElIC7vAc7E5XmG6bBozXh+oXkjkdGh25tJtpPHIngIMlCSqoYM9RjJ5vqQ1wmhp/1RKC2u67cJbApUb9ivvUwmeERrtQBtOwuaD3BF+Wf6bCtpLqeSug5JLmOWPfWHFv/taG9gY1gqfXQMLo2KVH/Ga1MF3ZAK/any0FpFJ5KN3jfgBGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kG+9PySf9s/IXt/ytfi0Dr0DGxifcANasQNJu38+Owo=; b=VsC9rVbEaov+uPTaF2p7p76dvvXJ3Uxy4BMZPqpSZoWdgmDY0lAk2QP7QcMMI2qqvy5P2WzKAjWU5ep5D0Kxydm1DDQwl/8K/dnU4mxesaxJIgnXa2XyWC2XQk+VBDL+YT2xcmZW4zPqKwZMjLg29G6B9nSOaCRd2HmvvMPqRJw= Received: from CH2PR19CA0018.namprd19.prod.outlook.com (2603:10b6:610:4d::28) by MW6PR12MB7087.namprd12.prod.outlook.com (2603:10b6:303:238::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 21:33:40 +0000 Received: from CH3PEPF00000010.namprd04.prod.outlook.com (2603:10b6:610:4d:cafe::35) by CH2PR19CA0018.outlook.office365.com (2603:10b6:610:4d::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend Transport; Mon, 26 Feb 2024 21:33:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH3PEPF00000010.mail.protection.outlook.com (10.167.244.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Mon, 26 Feb 2024 21:33:40 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 15:33:39 -0600 From: John Allen To: CC: , , , , , , , , , John Allen Subject: [PATCH v2 9/9] KVM: SVM: Add CET features to supported_xss Date: Mon, 26 Feb 2024 21:32:44 +0000 Message-ID: <20240226213244.18441-10-john.allen@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240226213244.18441-1-john.allen@amd.com> References: <20240226213244.18441-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PEPF00000010:EE_|MW6PR12MB7087:EE_ X-MS-Office365-Filtering-Correlation-Id: dab00498-e7f7-4965-a835-08dc3712996d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cdbiX+YVpO22KpS5cU0mJxmUlrrYjj2QTsxTXJMkZyLpyByUIn9JsLDhzyKop8t0InL1XnF2+/B9wA34QryfSR8AwrSuB2WgPu3u+Aoy84WYgHt83qnK7SJt2ryW1Deg1zbM6U+yHe/O18FyKNma/RqVxQf1M8bQYUIpuG1qlExKCJu9wwHBIFJxl7HOaAAsxk8irwm51rBbqHYdRmAYFEQ8pl8Hp1X/B0I3Hf3+WOK09148WicPuTnD+fXHDPZ3LJsXHw538eklnUUDkg1ljVaEgmLtw4lHmutOQ44NrlmRIpWKMbwQt1vOq96wym6KYkY+ZpMe1tkN6NqaCVIKJsrhJLYU0pQbfE3Gym8XA5hzoD3YlNSvW8xv/cZXx8NrOeJx3YbzRs5C7uH7G6Kp0d3pdTzpSS3KqxUFKn1Ykd2CGz8+fSV8TvaWEGaJzGwI5apqSmOFhD081qPMNcbBNyV2yUTx48gmlhxPDjxsHEJOeSxz31WM6DoeiGpWobxLg95uduJdG/+ftfa7E3R41NpByUTnftx46M00YTFr2L+YT671FikwpL548SSzi34seZUytlegGADUXlWbSnY14UeRKp2pe4rRxaotvS0+qX7nJ8ndFg07u50sOWkUtmJ1r6l58eQDyh09495w0H6qideRBwAJTSzWBfBa/c21AqnlMS5SRT2OOydIRF0hI39kUhSuG/oeWIQ3xVYaZunpIbUk2sJXvZFay7OM5/8XqKJa71YIfEsUff5MDh/htCZS X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2024 21:33:40.2182 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dab00498-e7f7-4965-a835-08dc3712996d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH3PEPF00000010.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB7087 If the CPU supports CET, add CET XSAVES feature bits to the supported_xss mask. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1181f017c173..d97d82ebec4a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5177,6 +5177,10 @@ static __init void svm_set_cpu_caps(void) boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER | + XFEATURE_MASK_CET_KERNEL; + if (enable_pmu) { /* * Enumerate support for PERFCTR_CORE if and only if KVM has