Re: [PATCH v2 2/2] x86/sev-es: Include XSS value in GHCB CPUID request

[Sean Christopherson <seanjc@google.com>]

On Tue, Sep 09, 2025, Tom Lendacky wrote:
> On 9/8/25 15:20, John Allen wrote:
> > When a guest issues a cpuid instruction for Fn0000000D_{x00,x01}, the
> > hypervisor will be intercepting the CPUID instruction and will need to access
> > the guest XSS value. For SEV-ES, the XSS value is encrypted and needs to be
> > included in the GHCB to be visible to the hypervisor.
> > 
> > Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> > Signed-off-by: John Allen <john.allen@amd.com>
> > ---
> >  arch/x86/coco/sev/vc-shared.c | 11 +++++++++++
> >  arch/x86/include/asm/svm.h    |  1 +
> >  2 files changed, 12 insertions(+)
> > 
> > diff --git a/arch/x86/coco/sev/vc-shared.c b/arch/x86/coco/sev/vc-shared.c
> > index 2c0ab0fdc060..079fffdb12c0 100644
> > --- a/arch/x86/coco/sev/vc-shared.c
> > +++ b/arch/x86/coco/sev/vc-shared.c
> > @@ -1,5 +1,9 @@
> >  // SPDX-License-Identifier: GPL-2.0
> >  
> > +#ifndef __BOOT_COMPRESSED
> > +#define has_cpuflag(f)                  boot_cpu_has(f)
> > +#endif
> > +
> >  static enum es_result vc_check_opcode_bytes(struct es_em_ctxt *ctxt,
> >  					    unsigned long exit_code)
> >  {
> > @@ -452,6 +456,13 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb,
> >  		/* xgetbv will cause #GP - use reset value for xcr0 */
> >  		ghcb_set_xcr0(ghcb, 1);
> >  
> > +	if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) {

Only CPUID.0xD.1 consumes XSS.  CPUID.0xD.0 only consumes XCR0.  I.e. this could
be "&& regs->cx == 1".

> Just a nit, but I wonder if we should be generic here and just do
> has_cpuflag(X86_FEATURE_XSAVES) since that should be set if shadow stack
> is enabled, right? And when X86_FEATURE_XSAVES is set, we don't
> intercept XSS access (see sev_es_recalc_msr_intercepts()).

On the other hand, by exposing XSS to the host only on CPUID #VCs, you've already
"optimized" this code based on presumed usage of XSS by the hypervisor.