From: Tom Lendacky <thomas.lendacky@amd.com>
To: Dave Hansen <dave.hansen@intel.com>,
Jinank Jain <jinankjain@linux.microsoft.com>,
seanjc@google.com, pbonzini@redhat.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, jinankjain@microsoft.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: wei.liu@kernel.org, tiala@microsoft.com
Subject: Re: [PATCH] arch/x86: Set XSS while handling #VC intercept for CPUID
Date: Tue, 3 Oct 2023 13:27:22 -0500 [thread overview]
Message-ID: <a16814ee-28e8-d240-d672-8f9511b832cb@amd.com> (raw)
In-Reply-To: <e7ae2b89-f2c4-e95f-342b-fcf92a2e0ae3@intel.com>
On 10/3/23 11:07, Dave Hansen wrote:
> On 10/3/23 02:28, Jinank Jain wrote:
> ...
>> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
>> index 2eabccde94fb..92350a24848c 100644
>> --- a/arch/x86/kernel/sev-shared.c
>> +++ b/arch/x86/kernel/sev-shared.c
>> @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb,
>> if (snp_cpuid_ret != -EOPNOTSUPP)
>> return ES_VMM_ERROR;
>>
>> + if (regs->ax == 0xD && regs->cx == 0x1)
>> + ghcb_set_xss(ghcb, 0);
>
> The spec talks about leaf 0xD, but not the subleaf:
>
>> XSS is only required to besupplied when a request forCPUID 0000_000D
>> is made andthe guest supports the XSS MSR(0x0000_0DA0).
> Why restrict this to subleaf (regx->cx) 1?
Today, only subleaf 1 deals with XSS, but we could do just what you say
and set it for any 0xD subleaf to be safe.
>
> Second, XCR0 is being supplied regardless of the CPUID leaf. Why should
> XSS be restricted to 0xD while XCR0 is universally supplied?
XCR0 is really only required for 0xD, I'm not sure why it is being setting
all the time (unless similar to above, it becomes required for some other
CPUID leaf in the future?)
>
> Third, why is it OK to supply a garbage (0) value? If the GHCB field is
> required it's surely because the host *NEEDS* the value to do something.
> Won't a garbage value potentially confuse the host?
Ideally, the guest should be checking if XSAVES is enabled, which requires
checking CPUID leaf 0xD, subleaf 1. So a bit of a chicken and egg thing
going on the very first time. And then the guest should read MSR_IA32_XSS
to get the actual value. This MSR is virtualized, so the hypervisor needs
to not intercept access in order for the guest to actually set/get a
value. Today, KVM/SVM doesn't support that since XSS is used (mainly/only)
for shadow stack and KVM shadow stack support is only getting looked at now.
So the guest support for XSS and ES/SNP guests needs to be thought out a
bit more.
Thanks,
Tom
>
prev parent reply other threads:[~2023-10-03 18:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-03 9:28 [PATCH] arch/x86: Set XSS while handling #VC intercept for CPUID Jinank Jain
2023-10-03 9:40 ` Ingo Molnar
2023-10-03 16:07 ` Dave Hansen
2023-10-03 18:27 ` Tom Lendacky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a16814ee-28e8-d240-d672-8f9511b832cb@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jinankjain@linux.microsoft.com \
--cc=jinankjain@microsoft.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox