From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Mathias Krause <minipli@grsecurity.net>,
John Allen <john.allen@amd.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Chao Gao <chao.gao@intel.com>,
Binbin Wu <binbin.wu@linux.intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Maxim Levitsky <mlevitsk@redhat.com>,
Zhang Yi Z <yi.z.zhang@linux.intel.com>, Xin Li <xin@zytor.com>
Subject: [PATCH v16 07/51] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS
Date: Fri, 19 Sep 2025 15:32:14 -0700 [thread overview]
Message-ID: <20250919223258.1604852-8-seanjc@google.com> (raw)
In-Reply-To: <20250919223258.1604852-1-seanjc@google.com>
From: Yang Weijiang <weijiang.yang@intel.com>
Update CPUID.(EAX=0DH,ECX=1).EBX to reflect current required xstate size
due to XSS MSR modification.
CPUID(EAX=0DH,ECX=1).EBX reports the required storage size of all enabled
xstate features in (XCR0 | IA32_XSS). The CPUID value can be used by guest
before allocate sufficient xsave buffer.
Note, KVM does not yet support any XSS based features, i.e. supported_xss
is guaranteed to be zero at this time.
Opportunistically skip CPUID updates if XSS value doesn't change.
Suggested-by: Sean Christopherson <seanjc@google.com>
Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Tested-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/kvm/cpuid.c | 3 ++-
arch/x86/kvm/x86.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 6b8b5d8b13cc..32fde9e80c28 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -316,7 +316,8 @@ static void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
best = kvm_find_cpuid_entry_index(vcpu, 0xD, 1);
if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) ||
cpuid_entry_has(best, X86_FEATURE_XSAVEC)))
- best->ebx = xstate_required_size(vcpu->arch.xcr0, true);
+ best->ebx = xstate_required_size(vcpu->arch.xcr0 |
+ vcpu->arch.ia32_xss, true);
}
static bool kvm_cpuid_has_hyperv(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d4c192f4c06f..c87ed216f72a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3993,6 +3993,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
*/
if (data & ~vcpu->arch.guest_supported_xss)
return 1;
+ if (vcpu->arch.ia32_xss == data)
+ break;
vcpu->arch.ia32_xss = data;
vcpu->arch.cpuid_dynamic_bits_dirty = true;
break;
--
2.51.0.470.ga7dc726c21-goog
next prev parent reply other threads:[~2025-09-19 22:33 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-19 22:32 [PATCH v16 00/51] KVM: x86: Super Mega CET Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 01/51] KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 02/51] KVM: SEV: Read save fields from GHCB exactly once Sean Christopherson
2025-09-22 21:39 ` Tom Lendacky
2025-09-19 22:32 ` [PATCH v16 03/51] KVM: SEV: Validate XCR0 provided by guest in GHCB Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 04/51] KVM: x86: Introduce KVM_{G,S}ET_ONE_REG uAPIs support Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 05/51] KVM: x86: Report XSS as to-be-saved if there are supported features Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 06/51] KVM: x86: Check XSS validity against guest CPUIDs Sean Christopherson
2025-09-19 22:32 ` Sean Christopherson [this message]
2025-09-19 22:32 ` [PATCH v16 08/51] KVM: x86: Initialize kvm_caps.supported_xss Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 09/51] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Sean Christopherson
2025-09-22 2:10 ` Binbin Wu
2025-09-22 16:41 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 10/51] KVM: x86: Add fault checks for guest CR4.CET setting Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 11/51] KVM: x86: Report KVM supported CET MSRs as to-be-saved Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 12/51] KVM: VMX: Introduce CET VMCS fields and control bits Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 13/51] KVM: x86: Enable guest SSP read/write interface with new uAPIs Sean Christopherson
2025-09-22 2:58 ` Binbin Wu
2025-09-23 9:06 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 14/51] KVM: VMX: Emulate read and write to CET MSRs Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 15/51] KVM: x86: Save and reload SSP to/from SMRAM Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 16/51] KVM: VMX: Set up interception for CET MSRs Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 17/51] KVM: VMX: Set host constant supervisor states to VMCS fields Sean Christopherson
2025-09-22 3:03 ` Binbin Wu
2025-09-19 22:32 ` [PATCH v16 18/51] KVM: x86: Don't emulate instructions affected by CET features Sean Christopherson
2025-09-22 5:39 ` Binbin Wu
2025-09-22 16:47 ` Sean Christopherson
2025-09-22 10:27 ` Chao Gao
2025-09-22 20:04 ` Sean Christopherson
2025-09-23 14:12 ` Xiaoyao Li
2025-09-23 16:15 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 19/51] KVM: x86: Don't emulate task switches when IBT or SHSTK is enabled Sean Christopherson
2025-09-22 6:41 ` Binbin Wu
2025-09-22 17:23 ` Sean Christopherson
2025-09-23 14:16 ` Xiaoyao Li
2025-09-22 11:27 ` Chao Gao
2025-09-19 22:32 ` [PATCH v16 20/51] KVM: x86: Emulate SSP[63:32]!=0 #GP(0) for FAR JMP to 32-bit mode Sean Christopherson
2025-09-22 7:15 ` Binbin Wu
2025-09-23 14:29 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 21/51] KVM: x86/mmu: WARN on attempt to check permissions for Shadow Stack #PF Sean Christopherson
2025-09-22 7:17 ` Binbin Wu
2025-09-22 7:46 ` Binbin Wu
2025-09-23 14:33 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 22/51] KVM: x86/mmu: Pretty print PK, SS, and SGX flags in MMU tracepoints Sean Christopherson
2025-09-22 7:18 ` Binbin Wu
2025-09-22 16:18 ` Sean Christopherson
2025-09-23 14:46 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 23/51] KVM: x86: Allow setting CR4.CET if IBT or SHSTK is supported Sean Christopherson
2025-09-22 7:25 ` Binbin Wu
2025-09-23 14:46 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 24/51] KVM: nVMX: Always forward XSAVES/XRSTORS exits from L2 to L1 Sean Christopherson
2025-09-23 8:15 ` Chao Gao
2025-09-23 14:49 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 25/51] KVM: x86: Add XSS support for CET_KERNEL and CET_USER Sean Christopherson
2025-09-22 7:31 ` Binbin Wu
2025-09-23 14:55 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 26/51] KVM: x86: Disable support for Shadow Stacks if TDP is disabled Sean Christopherson
2025-09-22 7:45 ` Binbin Wu
2025-09-23 14:56 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 27/51] KVM: x86: Disable support for IBT and SHSTK if allow_smaller_maxphyaddr is true Sean Christopherson
2025-09-22 8:00 ` Binbin Wu
2025-09-22 18:40 ` Sean Christopherson
2025-09-23 14:44 ` Xiaoyao Li
2025-09-23 15:04 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 28/51] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Sean Christopherson
2025-09-22 8:06 ` Binbin Wu
2025-09-23 14:57 ` Xiaoyao Li
2025-09-19 22:32 ` [PATCH v16 29/51] KVM: VMX: Configure nested capabilities after CPU capabilities Sean Christopherson
2025-09-23 2:37 ` Chao Gao
2025-09-23 16:24 ` Sean Christopherson
2025-09-23 16:49 ` Xin Li
2025-09-19 22:32 ` [PATCH v16 30/51] KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2 Sean Christopherson
2025-09-22 8:37 ` Binbin Wu
2025-09-19 22:32 ` [PATCH v16 31/51] KVM: nVMX: Prepare for enabling CET support for nested guest Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 32/51] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET Sean Christopherson
2025-09-22 8:47 ` Binbin Wu
2025-09-19 22:32 ` [PATCH v16 33/51] KVM: nVMX: Add consistency checks for CET states Sean Christopherson
2025-09-22 9:23 ` Binbin Wu
2025-09-22 16:35 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 34/51] KVM: nVMX: Advertise new VM-Entry/Exit control bits for CET state Sean Christopherson
2025-09-23 2:43 ` Chao Gao
2025-09-23 16:28 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 35/51] KVM: SVM: Emulate reads and writes to shadow stack MSRs Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 36/51] KVM: nSVM: Save/load CET Shadow Stack state to/from vmcb12/vmcb02 Sean Christopherson
2025-10-28 22:23 ` Yosry Ahmed
2025-12-09 0:48 ` Yosry Ahmed
2025-09-19 22:32 ` [PATCH v16 37/51] KVM: SVM: Update dump_vmcb with shadow stack save area additions Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 38/51] KVM: SVM: Pass through shadow stack MSRs as appropriate Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 39/51] KVM: SEV: Synchronize MSR_IA32_XSS from the GHCB when it's valid Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 40/51] KVM: SVM: Enable shadow stack virtualization for SVM Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 41/51] KVM: x86: Add human friendly formatting for #XM, and #VE Sean Christopherson
2025-09-22 8:29 ` Binbin Wu
2025-09-19 22:32 ` [PATCH v16 42/51] KVM: x86: Define Control Protection Exception (#CP) vector Sean Christopherson
2025-09-22 8:29 ` Binbin Wu
2025-09-19 22:32 ` [PATCH v16 43/51] KVM: x86: Define AMD's #HV, #VC, and #SX exception vectors Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 44/51] KVM: selftests: Add ex_str() to print human friendly name of " Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 45/51] KVM: selftests: Add an MSR test to exercise guest/host and read/write Sean Christopherson
2025-09-23 8:03 ` Chao Gao
2025-09-23 16:51 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 46/51] KVM: selftests: Add support for MSR_IA32_{S,U}_CET to MSRs test Sean Christopherson
2025-09-23 7:12 ` Chao Gao
2025-09-19 22:32 ` [PATCH v16 47/51] KVM: selftests: Extend MSRs test to validate vCPUs without supported features Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 48/51] KVM: selftests: Add KVM_{G,S}ET_ONE_REG coverage to MSRs test Sean Christopherson
2025-09-23 6:52 ` Chao Gao
2025-09-19 22:32 ` [PATCH v16 49/51] KVM: selftests: Add coverate for KVM-defined registers in " Sean Christopherson
2025-09-23 6:31 ` Chao Gao
2025-09-23 16:59 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 50/51] KVM: selftests: Verify MSRs are (not) in save/restore list when (un)supported Sean Christopherson
2025-09-23 6:46 ` Chao Gao
2025-09-23 17:02 ` Sean Christopherson
2025-09-19 22:32 ` [PATCH v16 51/51] KVM: VMX: Make CR4.CET a guest owned bit Sean Christopherson
2025-09-22 8:34 ` Binbin Wu
2025-09-24 14:32 ` [PATCH v16 00/51] KVM: x86: Super Mega CET Chao Gao
2025-09-24 18:07 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250919223258.1604852-8-seanjc@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
--cc=xin@zytor.com \
--cc=yi.z.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox