From: Chao Gao <chao.gao@intel.com>
To: "Xin Li (Intel)" <xin@zytor.com>
Cc: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-doc@vger.kernel.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <corbet@lwn.net>, <tglx@linutronix.de>,
<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,
<x86@kernel.org>, <hpa@zytor.com>, <luto@kernel.org>,
<peterz@infradead.org>, <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v3 10/27] KVM: VMX: Set FRED MSR interception
Date: Wed, 13 Nov 2024 19:31:03 +0800 [thread overview]
Message-ID: <ZzSN90cBy2eIlu2u@intel.com> (raw)
In-Reply-To: <20241001050110.3643764-11-xin@zytor.com>
On Mon, Sep 30, 2024 at 10:00:53PM -0700, Xin Li (Intel) wrote:
>From: Xin Li <xin3.li@intel.com>
>
>Add FRED MSRs to the VMX passthrough MSR list and set FRED MSRs
>interception.
>
>8 FRED MSRs, i.e., MSR_IA32_FRED_RSP[123], MSR_IA32_FRED_STKLVLS,
>MSR_IA32_FRED_SSP[123] and MSR_IA32_FRED_CONFIG, are all safe to be
>passthrough, because they all have a pair of corresponding host and
>guest VMCS fields.
>
>Both MSR_IA32_FRED_RSP0 and MSR_IA32_FRED_SSP0 are dedicated for user
>level event delivery only, IOW they are NOT used in any kernel event
>delivery and the execution of ERETS. Thus KVM can run safely with
>guest values in the 2 MSRs. As a result, save and restore of their
>guest values are postponed until vCPU context switching and their host
>values are restored on returning to userspace.
>
>Save/restore of MSR_IA32_FRED_RSP0 is done in the next patch.
>
>Note, as MSR_IA32_FRED_SSP0 is an alias of MSR_IA32_PL0_SSP, its save
>and restore is done through the CET supervisor context management.
But CET may be not supported by either the host or the guest. How will
MSR_IA32_FRED_SSP0 be switched in this case? I think that's part of the reason
why Sean suggested [*] intercepting the MSR when CET isn't exposed to the
guest.
[*]: https://lore.kernel.org/kvm/ZvQaNRhrsSJTYji3@google.com/#t
>
>Signed-off-by: Xin Li <xin3.li@intel.com>
>Signed-off-by: Xin Li (Intel) <xin@zytor.com>
>Tested-by: Shan Kang <shan.kang@intel.com>
>---
> arch/x86/kvm/vmx/vmx.c | 34 ++++++++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
>diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
>index 28cf89c97bda..c10c955722a3 100644
>--- a/arch/x86/kvm/vmx/vmx.c
>+++ b/arch/x86/kvm/vmx/vmx.c
>@@ -176,6 +176,16 @@ static u32 vmx_possible_passthrough_msrs[] = {
> MSR_FS_BASE,
> MSR_GS_BASE,
> MSR_KERNEL_GS_BASE,
>+ MSR_IA32_FRED_RSP0,
>+ MSR_IA32_FRED_RSP1,
>+ MSR_IA32_FRED_RSP2,
>+ MSR_IA32_FRED_RSP3,
>+ MSR_IA32_FRED_STKLVLS,
>+ MSR_IA32_FRED_SSP1,
>+ MSR_IA32_FRED_SSP2,
>+ MSR_IA32_FRED_SSP3,
>+ MSR_IA32_FRED_CONFIG,
>+ MSR_IA32_FRED_SSP0, /* Should be added through CET */
> MSR_IA32_XFD,
> MSR_IA32_XFD_ERR,
> #endif
>@@ -7880,6 +7890,28 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
> vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4));
> }
>
>+static void vmx_set_intercept_for_fred_msr(struct kvm_vcpu *vcpu)
>+{
>+ bool flag = !guest_can_use(vcpu, X86_FEATURE_FRED);
>+
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP0, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP1, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP2, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP3, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_STKLVLS, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP1, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP2, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP3, MSR_TYPE_RW, flag);
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_CONFIG, MSR_TYPE_RW, flag);
>+
>+ /*
>+ * flag = !(CET.SUPERVISOR_SHADOW_STACK || FRED)
>+ *
>+ * A possible optimization is to intercept SSPs when FRED && !CET.SUPERVISOR_SHADOW_STACK.
>+ */
>+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP0, MSR_TYPE_RW, flag);
To implement the "optimization", you can simply remove this line. Then the CET
series will take care of the interception of this MSR. And please leave a
comment here to explain why this MSR is treated differently from other FRED
MSRs.
next prev parent reply other threads:[~2024-11-13 11:31 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-01 5:00 [PATCH v3 00/27] Enable FRED with KVM VMX Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 01/27] KVM: x86: Use a dedicated flow for queueing re-injected exceptions Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 02/27] KVM: VMX: Don't modify guest XFD_ERR if CR0.TS=1 Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 03/27] KVM: VMX: Add support for the secondary VM exit controls Xin Li (Intel)
2024-10-21 8:28 ` Chao Gao
2024-10-21 17:03 ` Xin Li
2024-10-22 2:47 ` Chao Gao
2024-10-22 16:30 ` Xin Li
2025-02-25 17:28 ` Sean Christopherson
2024-10-01 5:00 ` [PATCH v3 04/27] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 05/27] KVM: VMX: Disable FRED if FRED consistency checks fail Xin Li (Intel)
2024-10-22 8:48 ` Chao Gao
2024-10-22 16:21 ` Xin Li
2024-11-26 15:32 ` Borislav Petkov
2024-11-26 18:53 ` Xin Li
2024-11-26 19:04 ` Borislav Petkov
2024-10-01 5:00 ` [PATCH v3 06/27] x86/cea: Export per CPU variable cea_exception_stacks Xin Li (Intel)
2024-10-01 16:12 ` Dave Hansen
2024-10-01 17:51 ` Xin Li
2024-10-01 18:18 ` Dave Hansen
2024-10-01 5:00 ` [PATCH v3 07/27] KVM: VMX: Initialize VMCS FRED fields Xin Li (Intel)
2024-10-22 9:06 ` Chao Gao
2024-10-22 16:18 ` Xin Li
2024-10-01 5:00 ` [PATCH v3 08/27] KVM: x86: Use KVM-governed feature framework to track "FRED enabled" Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 09/27] KVM: VMX: Do not use MAX_POSSIBLE_PASSTHROUGH_MSRS in array definition Xin Li (Intel)
2024-11-26 18:02 ` Borislav Petkov
2024-11-26 19:22 ` Xin Li
2024-11-26 20:06 ` Borislav Petkov
2024-11-27 6:46 ` Xin Li
2024-11-27 6:55 ` Borislav Petkov
2024-11-27 7:02 ` Xin Li
2024-11-27 7:10 ` Borislav Petkov
2024-11-27 7:32 ` Xin Li
2024-11-27 7:58 ` Borislav Petkov
2024-10-01 5:00 ` [PATCH v3 10/27] KVM: VMX: Set FRED MSR interception Xin Li (Intel)
2024-11-13 11:31 ` Chao Gao [this message]
2024-10-01 5:00 ` [PATCH v3 11/27] KVM: VMX: Save/restore guest FRED RSP0 Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 12/27] KVM: VMX: Add support for FRED context save/restore Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 13/27] KVM: x86: Add a helper to detect if FRED is enabled for a vCPU Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 14/27] KVM: VMX: Pass XFD_ERR as pseudo-payload when injecting #NM Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 15/27] KVM: VMX: Virtualize FRED event_data Xin Li (Intel)
2024-10-01 5:00 ` [PATCH v3 16/27] KVM: VMX: Virtualize FRED nested exception tracking Xin Li (Intel)
2024-10-24 6:24 ` Chao Gao
2024-10-25 8:04 ` Xin Li
2024-10-28 6:33 ` Chao Gao
2024-12-05 7:16 ` Xin Li
2024-10-01 5:01 ` [PATCH v3 17/27] KVM: x86: Mark CR4.FRED as not reserved when guest can use FRED Xin Li (Intel)
2024-10-24 7:18 ` Chao Gao
2024-12-12 18:48 ` Xin Li
2024-12-12 19:05 ` Sean Christopherson
2024-12-13 18:43 ` Xin Li
2024-10-01 5:01 ` [PATCH v3 18/27] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li (Intel)
2024-10-24 7:23 ` Chao Gao
2024-10-24 16:50 ` Xin Li
2024-10-01 5:01 ` [PATCH v3 19/27] KVM: x86: Allow FRED/LKGS to be advertised to guests Xin Li (Intel)
2024-10-01 5:01 ` [PATCH v3 20/27] KVM: x86: Allow WRMSRNS " Xin Li (Intel)
2025-02-25 15:41 ` Sean Christopherson
2024-10-01 5:01 ` [PATCH v3 21/27] KVM: VMX: Invoke vmx_set_cpu_caps() before nested setup Xin Li (Intel)
2024-10-24 7:49 ` Chao Gao
2024-10-25 7:34 ` Xin Li
2025-02-25 16:01 ` Sean Christopherson
2024-10-01 5:01 ` [PATCH v3 22/27] KVM: nVMX: Add support for the secondary VM exit controls Xin Li (Intel)
2024-10-01 5:01 ` [PATCH v3 23/27] KVM: nVMX: Add a prerequisite to SHADOW_FIELD_R[OW] macros Xin Li (Intel)
2024-10-01 5:01 ` [PATCH v3 24/27] KVM: nVMX: Add a prerequisite to existence of VMCS fields Xin Li (Intel)
2025-02-25 16:22 ` Sean Christopherson
2025-02-25 16:37 ` Xin Li
2025-02-25 19:32 ` Sean Christopherson
2024-10-01 5:01 ` [PATCH v3 25/27] KVM: nVMX: Add FRED " Xin Li (Intel)
2024-10-24 7:42 ` Chao Gao
2024-10-25 7:25 ` Xin Li
2024-10-28 9:07 ` Chao Gao
2024-10-28 18:27 ` Sean Christopherson
2024-10-29 17:40 ` Xin Li
2024-10-01 5:01 ` [PATCH v3 26/27] KVM: nVMX: Add VMCS FRED states checking Xin Li (Intel)
2024-10-01 5:01 ` [PATCH v3 27/27] KVM: nVMX: Allow VMX FRED controls Xin Li (Intel)
2025-02-19 0:26 ` [PATCH v3 00/27] Enable FRED with KVM VMX Xin Li
2025-02-25 15:24 ` Sean Christopherson
2025-02-25 17:04 ` Xin Li
2025-02-25 17:35 ` Sean Christopherson
2025-02-25 18:48 ` Xin Li
2025-02-28 17:06 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzSN90cBy2eIlu2u@intel.com \
--to=chao.gao@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.