From: Yang Weijiang <weijiang.yang@intel.com>
To: pbonzini@redhat.com, seanjc@google.com, x86@kernel.org,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
rick.p.edgecombe@intel.com
Cc: weijiang.yang@intel.com,
Sean Christopherson <sean.j.christopherson@intel.com>
Subject: [PATCH 12/19] KVM: VMX: Emulate reads and writes to CET MSRs
Date: Thu, 16 Jun 2022 04:46:36 -0400 [thread overview]
Message-ID: <20220616084643.19564-13-weijiang.yang@intel.com> (raw)
In-Reply-To: <20220616084643.19564-1-weijiang.yang@intel.com>
Add support for emulating read and write accesses to CET MSRs.
CET MSRs are universally "special" as they are either context
switched via dedicated VMCS fields or via XSAVES, i.e. no
additional in-memory tracking is needed, but emulated reads/writes
are more expensive.
Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
arch/x86/kvm/vmx/vmx.c | 42 ++++++++++++++++++++++++++++++++++++++++++
arch/x86/kvm/x86.h | 31 +++++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 5e14e4c40007..d1f2ffa07576 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1767,6 +1767,26 @@ static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
}
}
+static bool cet_is_msr_accessible(struct kvm_vcpu *vcpu,
+ struct msr_data *msr)
+{
+ if (!kvm_cet_user_supported())
+ return false;
+
+ if (msr->host_initiated)
+ return true;
+
+ if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+ return false;
+
+ if (msr->index == MSR_IA32_PL3_SSP &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
+ return false;
+
+ return true;
+}
+
/*
* Reads an msr value (of 'msr_info->index') into 'msr_info->data'.
* Returns 0 on success, non-0 otherwise.
@@ -1906,6 +1926,12 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
else
msr_info->data = vmx->pt_desc.guest.addr_a[index / 2];
break;
+ case MSR_IA32_U_CET:
+ case MSR_IA32_PL3_SSP:
+ if (!cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ kvm_get_xsave_msr(msr_info);
+ break;
case MSR_IA32_DEBUGCTLMSR:
msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL);
break;
@@ -2238,6 +2264,22 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
else
vmx->pt_desc.guest.addr_a[index / 2] = data;
break;
+ case MSR_IA32_U_CET:
+ if (!cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ if ((data & GENMASK(9, 6)) ||
+ is_noncanonical_address(data, vcpu))
+ return 1;
+ kvm_set_xsave_msr(msr_info);
+ break;
+ case MSR_IA32_PL3_SSP:
+ if (!cet_is_msr_accessible(vcpu, msr_info))
+ return 1;
+ if ((data & GENMASK(2, 0)) ||
+ is_noncanonical_address(data, vcpu))
+ return 1;
+ kvm_set_xsave_msr(msr_info);
+ break;
case MSR_IA32_PERF_CAPABILITIES:
if (data && !vcpu_to_pmu(vcpu)->version)
return 1;
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 01493b7ae150..f6000e3fb195 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -2,6 +2,7 @@
#ifndef ARCH_X86_KVM_X86_H
#define ARCH_X86_KVM_X86_H
+#include <asm/fpu/api.h>
#include <linux/kvm_host.h>
#include <asm/mce.h>
#include <asm/pvclock.h>
@@ -323,6 +324,16 @@ static inline bool kvm_mpx_supported(void)
== (XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR);
}
+/*
+ * Guest CET user mode states depend on host XSAVES/XRSTORS to save/restore
+ * when vCPU enter/exit user space. If host doesn't support CET user bit in
+ * XSS msr, then treat this case as KVM doesn't support CET user mode.
+ */
+static inline bool kvm_cet_user_supported(void)
+{
+ return !!(kvm_caps.supported_xss & XFEATURE_MASK_CET_USER);
+}
+
extern unsigned int min_timer_period_us;
extern bool enable_vmware_backdoor;
@@ -491,4 +502,24 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
unsigned int port, void *data, unsigned int count,
int in);
+/*
+ * We've already loaded guest MSRs in __msr_io() when check the MSR index.
+ * In case vcpu has been preempted, we need to disable preemption, check
+ * and reload the guest fpu states before issue MSR read/write,
+ * fpu_lock_and_load() serves the purpose well.
+ */
+static inline void kvm_get_xsave_msr(struct msr_data *msr_info)
+{
+ fpu_lock_and_load();
+ rdmsrl(msr_info->index, msr_info->data);
+ fpregs_unlock();
+}
+
+static inline void kvm_set_xsave_msr(struct msr_data *msr_info)
+{
+ fpu_lock_and_load();
+ wrmsrl(msr_info->index, msr_info->data);
+ fpregs_unlock();
+}
+
#endif
--
2.27.0
next prev parent reply other threads:[~2022-06-16 8:49 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-16 8:46 [PATCH 00/19] Refresh queued CET virtualization series Yang Weijiang
2022-06-16 8:46 ` [PATCH 01/19] x86/cet/shstk: Add Kconfig option for Shadow Stack Yang Weijiang
2022-06-16 8:46 ` [PATCH 02/19] x86/cpufeatures: Add CPU feature flags for shadow stacks Yang Weijiang
2022-06-16 8:46 ` [PATCH 03/19] x86/cpufeatures: Enable CET CR4 bit for shadow stack Yang Weijiang
2022-06-16 10:24 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-17 11:38 ` Peter Zijlstra
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-16 10:25 ` Peter Zijlstra
2022-06-16 17:36 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 04/19] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yang Weijiang
2022-06-16 10:27 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 05/19] x86/fpu: Add helper for modifying xstate Yang Weijiang
2022-06-16 8:46 ` [PATCH 06/19] KVM: x86: Report XSS as an MSR to be saved if there are supported features Yang Weijiang
2022-06-16 8:46 ` [PATCH 07/19] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS Yang Weijiang
2022-06-16 8:46 ` [PATCH 08/19] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang
2022-06-16 8:46 ` [PATCH 09/19] KVM: x86: Add #CP support in guest exception classification Yang Weijiang
2022-06-16 8:46 ` [PATCH 10/19] KVM: VMX: Introduce CET VMCS fields and flags Yang Weijiang
2022-06-16 8:46 ` [PATCH 11/19] KVM: x86: Add fault checks for CR4.CET Yang Weijiang
2022-06-16 8:46 ` Yang Weijiang [this message]
2022-06-16 8:46 ` [PATCH 13/19] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP Yang Weijiang
2022-06-16 8:46 ` [PATCH 14/19] KVM: x86: Report CET MSRs as to-be-saved if CET is supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 15/19] KVM: x86: Save/Restore GUEST_SSP to/from SMM state save area Yang Weijiang
2022-06-16 8:46 ` [PATCH 16/19] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace Yang Weijiang
2022-06-16 10:59 ` Peter Zijlstra
2022-06-16 15:27 ` Yang, Weijiang
2022-06-25 6:55 ` Yang, Weijiang
2022-06-16 8:46 ` [PATCH 17/19] KVM: VMX: Pass through CET MSRs to the guest when supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 18/19] KVM: nVMX: Enable CET support for nested VMX Yang Weijiang
2022-06-16 8:46 ` [PATCH 19/19] KVM: x86: Enable supervisor IBT support for guest Yang Weijiang
2022-06-16 11:05 ` Peter Zijlstra
2022-06-16 11:19 ` Peter Zijlstra
2022-06-16 15:56 ` Yang, Weijiang
2022-06-16 9:10 ` [PATCH 00/19] Refresh queued CET virtualization series Christoph Hellwig
2022-06-16 11:25 ` Peter Zijlstra
2022-06-16 10:12 ` Peter Zijlstra
2022-06-16 10:21 ` Paolo Bonzini
2022-06-16 14:18 ` Peter Zijlstra
2022-06-16 15:06 ` Yang, Weijiang
2022-06-16 15:28 ` Paolo Bonzini
2022-06-18 6:43 ` Yang, Weijiang
2022-07-14 19:36 ` Sean Christopherson
2022-07-15 15:04 ` Yang, Weijiang
2022-07-15 15:58 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220616084643.19564-13-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sean.j.christopherson@intel.com \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.