From: Sean Christopherson <seanjc@google.com>
To: John Allen <john.allen@amd.com>
Cc: kvm@vger.kernel.org, weijiang.yang@intel.com,
rick.p.edgecombe@intel.com, thomas.lendacky@amd.com,
bp@alien8.de, pbonzini@redhat.com, mlevitsk@redhat.com,
linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v2 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel
Date: Wed, 1 May 2024 16:43:43 -0700 [thread overview]
Message-ID: <ZjLTr0n0nwBrZW36@google.com> (raw)
In-Reply-To: <20240226213244.18441-7-john.allen@amd.com>
On Mon, Feb 26, 2024, John Allen wrote:
> When a guest issues a cpuid instruction for Fn0000000D_x0B
> (CetUserOffset), KVM will intercept and need to access the guest
> MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be
> included in the GHCB to be visible to the hypervisor.
Heh, too many pronouns and implicit subjects. I read this, several times, as:
When a guest issues a cpuid instruction for Fn0000000D_x0B
(CetUserOffset), KVM will intercept MSR_IA32_XSS and need to access the
guest MSR_IA32_XSS value.
I think you mean this?
When a vCPU executes CPUID.0xD.0xB (CetUserOffset), KVM will intercept
and emulate CPUID. To emulate CPUID, KVM needs access to the vCPU's
MSR_IA32_XSS value. For SEV-ES guests, XSS is encrypted, and so the guest
must include its XSS value in the GHCB as part of the CPUID request.
Hmm, I suspect that last sentence is wrong though. Question on that below.
> Signed-off-by: John Allen <john.allen@amd.com>
> ---
> v2:
> - Omit passing through XSS as this has already been properly
> implemented in a26b7cd22546 ("KVM: SEV: Do not intercept
> accesses to MSR_IA32_XSS for SEV-ES guests")
> ---
> arch/x86/include/asm/svm.h | 1 +
> arch/x86/kvm/svm/sev.c | 9 +++++++--
> arch/x86/kvm/svm/svm.h | 1 +
> 3 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index 728c98175b9c..44cd41e2fb68 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -673,5 +673,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1)
> DEFINE_GHCB_ACCESSORS(sw_exit_info_2)
> DEFINE_GHCB_ACCESSORS(sw_scratch)
> DEFINE_GHCB_ACCESSORS(xcr0)
> +DEFINE_GHCB_ACCESSORS(xss)
>
> #endif
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index f06f9e51ad9d..c3060d2068eb 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2458,8 +2458,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm)
>
> svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb);
>
> - if (kvm_ghcb_xcr0_is_valid(svm)) {
> - vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
> + if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) {
> + if (kvm_ghcb_xcr0_is_valid(svm))
> + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
> +
> + if (kvm_ghcb_xss_is_valid(svm))
> + vcpu->arch.ia32_xss = ghcb_get_xss(ghcb);
> +
> kvm_update_cpuid_runtime(vcpu);
Pre-existing code, but isn't updating CPUID runtime on every VMGEXIT super wasteful?
Or is the guest behavior to mark XCR0 and XSS as valid only when changing XCR0/XSS?
If so, the last sentence of the changelog should be something like:
MSR_IA32_XSS value. For SEV-ES guests, XSS is encrypted, and so the guest
must notify the host of XSS changes by performing a ??? VMGEXIT and
providing its XSS value in the GHCB.
next prev parent reply other threads:[~2024-05-01 23:43 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-26 21:32 [PATCH v2 0/9] SVM guest shadow stack support John Allen
2024-02-26 21:32 ` [PATCH v2 1/9] x86/boot: Move boot_*msr helpers to asm/shared/msr.h John Allen
2024-02-27 19:45 ` Borislav Petkov
2024-02-26 21:32 ` [PATCH v2 2/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2024-02-26 21:32 ` [PATCH v2 3/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2024-02-26 21:32 ` [PATCH v2 4/9] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2024-02-26 21:32 ` [PATCH v2 5/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp John Allen
2024-02-27 18:14 ` Sean Christopherson
2024-02-27 19:15 ` Tom Lendacky
2024-02-27 19:19 ` John Allen
2024-02-27 19:23 ` Sean Christopherson
2024-02-27 19:25 ` John Allen
2024-02-26 21:32 ` [PATCH v2 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2024-05-01 23:43 ` Sean Christopherson [this message]
2024-05-02 17:46 ` Tom Lendacky
2024-05-02 18:34 ` Sean Christopherson
2024-02-26 21:32 ` [PATCH v2 7/9] x86/sev-es: Include XSS value in GHCB CPUID request John Allen
2024-02-27 19:47 ` Borislav Petkov
2024-02-26 21:32 ` [PATCH v2 8/9] KVM: SVM: Use KVM-governed features to track SHSTK John Allen
2024-02-26 21:32 ` [PATCH v2 9/9] KVM: SVM: Add CET features to supported_xss John Allen
2024-05-01 23:47 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZjLTr0n0nwBrZW36@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.