From: Chao Gao <chao.gao@intel.com>
To: Yang Weijiang <weijiang.yang@intel.com>
Cc: <seanjc@google.com>, <pbonzini@redhat.com>,
<dave.hansen@intel.com>, <kvm@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <x86@kernel.org>,
<yuan.yao@linux.intel.com>, <peterz@infradead.org>,
<rick.p.edgecombe@intel.com>, <mlevitsk@redhat.com>,
<john.allen@amd.com>
Subject: Re: [PATCH v9 26/27] KVM: nVMX: Enable CET support for nested guest
Date: Mon, 29 Jan 2024 15:04:39 +0800 [thread overview]
Message-ID: <ZbdOB5YWX8CGsEHC@chao-email> (raw)
In-Reply-To: <20240124024200.102792-27-weijiang.yang@intel.com>
On Tue, Jan 23, 2024 at 06:41:59PM -0800, Yang Weijiang wrote:
>Set up CET MSRs, related VM_ENTRY/EXIT control bits and fixed CR4 setting
>to enable CET for nested VM.
>
>vmcs12 and vmcs02 needs to be synced when L2 exits to L1 or when L1 wants
>to resume L2, that way correct CET states can be observed by one another.
>
>Suggested-by: Chao Gao <chao.gao@intel.com>
>Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
>Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
>---
> arch/x86/kvm/vmx/nested.c | 57 +++++++++++++++++++++++++++++++++++++--
> arch/x86/kvm/vmx/vmcs12.c | 6 +++++
> arch/x86/kvm/vmx/vmcs12.h | 14 +++++++++-
> arch/x86/kvm/vmx/vmx.c | 2 ++
> 4 files changed, 76 insertions(+), 3 deletions(-)
>
>diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
>index 468a7cf75035..e330897a7e5e 100644
>--- a/arch/x86/kvm/vmx/nested.c
>+++ b/arch/x86/kvm/vmx/nested.c
>@@ -691,6 +691,28 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu,
> nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
> MSR_IA32_FLUSH_CMD, MSR_TYPE_W);
>
>+ /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_U_CET, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_S_CET, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_PL0_SSP, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_PL1_SSP, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_PL2_SSP, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_PL3_SSP, MSR_TYPE_RW);
>+
>+ nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
>+ MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW);
>+
> kvm_vcpu_unmap(vcpu, &vmx->nested.msr_bitmap_map, false);
>
> vmx->nested.force_msr_bitmap_recalc = false;
>@@ -2506,6 +2528,17 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
> if (kvm_mpx_supported() && vmx->nested.nested_run_pending &&
> (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
> vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
>+
>+ if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE) {
>+ if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) {
>+ vmcs_writel(GUEST_SSP, vmcs12->guest_ssp);
>+ vmcs_writel(GUEST_INTR_SSP_TABLE,
>+ vmcs12->guest_ssp_tbl);
>+ }
>+ if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) ||
>+ guest_can_use(&vmx->vcpu, X86_FEATURE_IBT))
>+ vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet);
>+ }
I think you need to move this hunk outside the outmost if-statement, i.e.,
if (!hv_evmcs || !(hv_evmcs->hv_clean_fields &
HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP1)) {
otherwise, the whole block may be skipped (e.g., when evmcs is enabled and
GUEST_GRP1 is clean), leaving CET state not context-switched.
And if VM_ENTRY_LOAD_CET_STATE of vmcs12 is cleared, L1's values should be
propagated to vmcs02 on nested VMenter; see pre_vmenter_debugctl in struct
nested_vmx. I believe we need similar handling for the three CET fields.
> }
>
> if (nested_cpu_has_xsaves(vmcs12))
>@@ -4344,6 +4377,15 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
> vmcs12->guest_pending_dbg_exceptions =
> vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
>
>+ if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK)) {
>+ vmcs12->guest_ssp = vmcs_readl(GUEST_SSP);
>+ vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
>+ }
>+ if (guest_can_use(&vmx->vcpu, X86_FEATURE_SHSTK) ||
>+ guest_can_use(&vmx->vcpu, X86_FEATURE_IBT)) {
>+ vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET);
>+ }
unnecessary braces.
next prev parent reply other threads:[~2024-01-29 7:04 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-24 2:41 [PATCH v9 00/27] Enable CET Virtualization Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 01/27] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Yang Weijiang
2024-01-30 1:29 ` Edgecombe, Rick P
2024-01-24 2:41 ` [PATCH v9 02/27] x86/fpu/xstate: Refine CET user xstate bit enabling Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 03/27] x86/fpu/xstate: Add CET supervisor mode state support Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 04/27] x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 05/27] x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration Yang Weijiang
2024-01-30 1:29 ` Edgecombe, Rick P
2024-01-30 15:00 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 06/27] x86/fpu/xstate: Create guest fpstate with guest specific config Yang Weijiang
2024-01-30 1:38 ` Edgecombe, Rick P
2024-01-30 14:54 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 07/27] x86/fpu/xstate: Warn if kernel dynamic xfeatures detected in normal fpstate Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 08/27] KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 09/27] KVM: x86: Rename kvm_{g,s}et_msr() to menifest emulation operations Yang Weijiang
2024-01-25 3:43 ` Chao Gao
2024-01-24 2:41 ` [PATCH v9 10/27] KVM: x86: Refine xsave-managed guest register/MSR reset handling Yang Weijiang
2024-01-25 10:17 ` Chao Gao
2024-01-26 9:13 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 11/27] KVM: x86: Add kvm_msr_{read,write}() helpers Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 12/27] KVM: x86: Report XSS as to-be-saved if there are supported features Yang Weijiang
2024-01-25 10:37 ` Chao Gao
2024-01-24 2:41 ` [PATCH v9 13/27] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Yang Weijiang
2024-01-25 10:57 ` Chao Gao
2024-01-26 9:30 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 14/27] KVM: x86: Initialize kvm_caps.supported_xss Yang Weijiang
2024-01-26 1:35 ` Chao Gao
2024-01-24 2:41 ` [PATCH v9 15/27] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 16/27] KVM: x86: Add fault checks for guest CR4.CET setting Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 17/27] KVM: x86: Report KVM supported CET MSRs as to-be-saved Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 18/27] KVM: VMX: Introduce CET VMCS fields and control bits Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 19/27] KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT enabled" Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 20/27] KVM: VMX: Emulate read and write to CET MSRs Yang Weijiang
2024-01-24 2:41 ` [PATCH v9 21/27] KVM: x86: Save and reload SSP to/from SMRAM Yang Weijiang
2024-01-26 3:17 ` Chao Gao
2024-01-26 6:51 ` Chao Gao
2024-01-24 2:41 ` [PATCH v9 22/27] KVM: VMX: Set up interception for CET MSRs Yang Weijiang
2024-01-26 3:54 ` Chao Gao
2024-01-26 9:36 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 23/27] KVM: VMX: Set host constant supervisor states to VMCS fields Yang Weijiang
2024-01-26 6:31 ` Chao Gao
2024-01-26 9:37 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Yang Weijiang
2024-01-26 7:50 ` Chao Gao
2024-01-26 12:54 ` Yang, Weijiang
2024-01-24 2:41 ` [PATCH v9 25/27] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Yang Weijiang
2024-01-26 7:54 ` Chao Gao
2024-01-24 2:41 ` [PATCH v9 26/27] KVM: nVMX: Enable CET support for nested guest Yang Weijiang
2024-01-29 7:04 ` Chao Gao [this message]
2024-01-30 7:38 ` Yang, Weijiang
2024-01-24 2:42 ` [PATCH v9 27/27] KVM: x86: Stop emulating for CET protected branch instructions Yang Weijiang
2024-01-26 8:53 ` Chao Gao
2024-01-26 12:56 ` Yang, Weijiang
2024-01-30 1:40 ` [PATCH v9 00/27] Enable CET Virtualization Edgecombe, Rick P
2024-01-30 15:05 ` Yang, Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZbdOB5YWX8CGsEHC@chao-email \
--to=chao.gao@intel.com \
--cc=dave.hansen@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
--cc=yuan.yao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.