From: Sean Christopherson <seanjc@google.com>
To: John Allen <john.allen@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Mathias Krause <minipli@grsecurity.net>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Chao Gao <chao.gao@intel.com>,
Maxim Levitsky <mlevitsk@redhat.com>,
Xiaoyao Li <xiaoyao.li@intel.com>
Subject: Re: [PATCH v15 29/41] KVM: SEV: Synchronize MSR_IA32_XSS from the GHCB when it's valid
Date: Tue, 16 Sep 2025 14:38:52 -0700 [thread overview]
Message-ID: <aMnY7NqhhnMYqu7m@google.com> (raw)
In-Reply-To: <aMnJYWKf63Ay+pIA@AUSJOHALLEN.amd.com>
On Tue, Sep 16, 2025, John Allen wrote:
> On Tue, Sep 16, 2025 at 12:53:58PM -0700, Sean Christopherson wrote:
> > On Tue, Sep 16, 2025, John Allen wrote:
> > > On Fri, Sep 12, 2025 at 04:23:07PM -0700, Sean Christopherson wrote:
> > > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > > index 0cd77a87dd84..0cd32df7b9b6 100644
> > > > --- a/arch/x86/kvm/svm/sev.c
> > > > +++ b/arch/x86/kvm/svm/sev.c
> > > > @@ -3306,6 +3306,9 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm)
> > > > if (kvm_ghcb_xcr0_is_valid(svm))
> > > > __kvm_set_xcr(vcpu, 0, kvm_ghcb_get_xcr0(ghcb));
> > > >
> > > > + if (kvm_ghcb_xss_is_valid(svm))
> > > > + __kvm_emulate_msr_write(vcpu, MSR_IA32_XSS, kvm_ghcb_get_xss(ghcb));
> > > > +
> > >
> > > It looks like this is the change that caused the selftest regression
> > > with sev-es. It's not yet clear to me what the problem is though.
> >
> > Do you see any WARNs in the guest kernel log?
> >
> > The most obvious potential bug is that KVM is missing a CPUID update, e.g. due
> > to dropping an XSS write, consuming stale data, not setting cpuid_dynamic_bits_dirty,
> > etc. But AFAICT, CPUID.0xD.1.EBX (only thing that consumes the current XSS) is
> > only used by init_xstate_size(), and I would expect the guest kernel's sanity
> > checks in paranoid_xstate_size_valid() to yell if KVM botches CPUID emulation.
>
> Yes, actually that looks to be the case:
>
> [ 0.463504] ------------[ cut here ]------------
> [ 0.464443] XSAVE consistency problem: size 880 != kernel_size 840
> [ 0.465445] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/fpu/xstate.c:638 paranoid_xstate_size_valid+0x101/0x140
Can you run with the below printk tracing in the host (and optionally tracing in
the guest for its updates)? Compile tested only.
There should be very few XSS updates, so this _shouldn't_ spam/crash your host :-)
---
arch/x86/kvm/svm/sev.c | 6 ++++--
arch/x86/kvm/x86.c | 15 ++++++++++++---
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 0cd32df7b9b6..8ac87d623767 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3306,8 +3306,10 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm)
if (kvm_ghcb_xcr0_is_valid(svm))
__kvm_set_xcr(vcpu, 0, kvm_ghcb_get_xcr0(ghcb));
- if (kvm_ghcb_xss_is_valid(svm))
- __kvm_emulate_msr_write(vcpu, MSR_IA32_XSS, kvm_ghcb_get_xss(ghcb));
+ if (kvm_ghcb_xss_is_valid(svm)) {
+ if (__kvm_emulate_msr_write(vcpu, MSR_IA32_XSS, kvm_ghcb_get_xss(ghcb));
+ pr_warn("Dropped XSS update, val = %llx\n", data);
+ }
/* Copy the GHCB exit information into the VMCB fields */
exit_code = kvm_ghcb_get_sw_exit_code(ghcb);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c78acab2ff3f..a846ed69ce2c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4118,13 +4118,22 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
}
break;
case MSR_IA32_XSS:
- if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
+ if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) {
+ pr_warn("Guest CPUID doesn't have XSAVES\n");
return KVM_MSR_RET_UNSUPPORTED;
+ }
- if (data & ~vcpu->arch.guest_supported_xss)
+ if (data & ~vcpu->arch.guest_supported_xss) {
+ pr_warn("Invalid XSS: supported = %llx, val = %llx\n",
+ vcpu->arch.guest_supported_xss, data);
return 1;
- if (vcpu->arch.ia32_xss == data)
+ }
+ if (vcpu->arch.ia32_xss == data) {
+ pr_warn("XSS already set to val = %llx, eliding updates\n", data);
break;
+ }
+
+ pr_warn("XSS updated to val = %llx, marking CPUID dirty\n", data);
vcpu->arch.ia32_xss = data;
vcpu->arch.cpuid_dynamic_bits_dirty = true;
break;
base-commit: 14298d819d5a6b7180a4089e7d2121ca3551dc6c
--
next prev parent reply other threads:[~2025-09-16 21:38 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-12 23:22 [PATCH v15 00/41] KVM: x86: Mega-CET Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 01/41] KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() Sean Christopherson
2025-09-15 16:15 ` Tom Lendacky
2025-09-15 16:30 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 02/41] KVM: SEV: Read save fields from GHCB exactly once Sean Christopherson
2025-09-15 17:32 ` Tom Lendacky
2025-09-15 21:08 ` Sean Christopherson
2025-09-17 21:47 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 03/41] KVM: SEV: Validate XCR0 provided by guest in GHCB Sean Christopherson
2025-09-15 18:41 ` Tom Lendacky
2025-09-15 21:22 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 04/41] KVM: x86: Introduce KVM_{G,S}ET_ONE_REG uAPIs support Sean Christopherson
2025-09-15 6:29 ` Xiaoyao Li
2025-09-16 7:10 ` Binbin Wu
2025-09-17 13:14 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 05/41] KVM: x86: Report XSS as to-be-saved if there are supported features Sean Christopherson
2025-09-16 7:12 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 06/41] KVM: x86: Check XSS validity against guest CPUIDs Sean Christopherson
2025-09-16 7:20 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 07/41] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Sean Christopherson
2025-09-16 7:23 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 08/41] KVM: x86: Initialize kvm_caps.supported_xss Sean Christopherson
2025-09-16 7:29 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 09/41] KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Sean Christopherson
2025-09-15 17:04 ` Xin Li
2025-09-16 6:51 ` Xiaoyao Li
2025-09-16 8:28 ` Binbin Wu
2025-09-17 2:51 ` Binbin Wu
2025-09-17 12:47 ` Sean Christopherson
2025-09-17 21:56 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 10/41] KVM: x86: Add fault checks for guest CR4.CET setting Sean Christopherson
2025-09-16 8:33 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 11/41] KVM: x86: Report KVM supported CET MSRs as to-be-saved Sean Christopherson
2025-09-15 6:30 ` Xiaoyao Li
2025-09-16 8:46 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 12/41] KVM: VMX: Introduce CET VMCS fields and control bits Sean Christopherson
2025-09-15 6:31 ` Xiaoyao Li
2025-09-16 9:00 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 13/41] KVM: x86: Enable guest SSP read/write interface with new uAPIs Sean Christopherson
2025-09-15 6:55 ` Xiaoyao Li
2025-09-15 22:12 ` Sean Christopherson
2025-09-16 5:52 ` Xiaoyao Li
2025-09-19 17:47 ` Sean Christopherson
2025-09-19 17:58 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 14/41] KVM: VMX: Emulate read and write to CET MSRs Sean Christopherson
2025-09-16 7:07 ` Xiaoyao Li
2025-09-16 7:48 ` Chao Gao
2025-09-16 8:10 ` Xiaoyao Li
2025-09-19 22:11 ` Sean Christopherson
2025-09-17 7:52 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 15/41] KVM: x86: Save and reload SSP to/from SMRAM Sean Christopherson
2025-09-16 7:37 ` Xiaoyao Li
2025-09-17 7:53 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 16/41] KVM: VMX: Set up interception for CET MSRs Sean Christopherson
2025-09-15 17:21 ` Xin Li
2025-09-16 7:40 ` Xiaoyao Li
2025-09-17 8:32 ` Binbin Wu
2025-09-17 13:44 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 17/41] KVM: VMX: Set host constant supervisor states to VMCS fields Sean Christopherson
2025-09-16 7:44 ` Xiaoyao Li
2025-09-17 8:48 ` Xiaoyao Li
2025-09-17 21:25 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 18/41] KVM: x86: Don't emulate instructions affected by CET features Sean Christopherson
2025-09-17 8:16 ` Chao Gao
2025-09-17 21:15 ` Sean Christopherson
2025-09-18 14:54 ` Chao Gao
2025-09-18 18:02 ` Sean Christopherson
2025-09-17 8:19 ` Xiaoyao Li
2025-09-18 14:15 ` Chao Gao
2025-09-19 1:25 ` Sean Christopherson
2025-09-17 8:45 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 19/41] KVM: x86: Enable CET virtualization for VMX and advertise to userspace Sean Christopherson
2025-09-18 1:57 ` Binbin Wu
2025-09-19 22:57 ` Sean Christopherson
2025-09-18 2:18 ` Binbin Wu
2025-09-18 18:05 ` Sean Christopherson
2025-09-19 7:10 ` Xiaoyao Li
2025-09-19 14:25 ` Sean Christopherson
2025-09-12 23:22 ` [PATCH v15 20/41] KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2 Sean Christopherson
2025-09-18 2:27 ` Binbin Wu
2025-09-12 23:22 ` [PATCH v15 21/41] KVM: nVMX: Prepare for enabling CET support for nested guest Sean Christopherson
2025-09-15 17:45 ` Xin Li
2025-09-18 4:48 ` Xin Li
2025-09-18 18:05 ` Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 22/41] KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 23/41] KVM: nVMX: Add consistency checks for CET states Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 24/41] KVM: nVMX: Advertise new VM-Entry/Exit control bits for CET state Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 25/41] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Sean Christopherson
2025-09-15 17:56 ` Xin Li
2025-09-15 20:43 ` Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 26/41] KVM: nSVM: Save/load CET Shadow Stack state to/from vmcb12/vmcb02 Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 27/41] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 28/41] KVM: x86: SVM: Pass through shadow stack MSRs as appropriate Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 29/41] KVM: SEV: Synchronize MSR_IA32_XSS from the GHCB when it's valid Sean Christopherson
2025-09-16 18:55 ` John Allen
2025-09-16 19:53 ` Sean Christopherson
2025-09-16 20:33 ` John Allen
2025-09-16 21:38 ` Sean Christopherson [this message]
2025-09-16 22:55 ` John Allen
2025-09-18 19:48 ` John Allen
2025-09-18 20:34 ` Sean Christopherson
2025-09-18 20:44 ` Sean Christopherson
2025-09-18 21:23 ` John Allen
2025-09-18 21:42 ` Edgecombe, Rick P
2025-09-18 22:18 ` John Allen
2025-09-19 13:40 ` Tom Lendacky
2025-09-19 16:13 ` John Allen
2025-09-19 17:29 ` Edgecombe, Rick P
2025-09-19 20:58 ` Edgecombe, Rick P
2025-09-22 9:19 ` Kiryl Shutsemau
2025-09-22 9:33 ` Upadhyay, Neeraj
2025-09-22 9:54 ` Kiryl Shutsemau
2025-09-12 23:23 ` [PATCH v15 30/41] KVM: SVM: Enable shadow stack virtualization for SVM Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 31/41] KVM: x86: Add human friendly formatting for #XM, and #VE Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 32/41] KVM: x86: Define Control Protection Exception (#CP) vector Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 33/41] KVM: x86: Define AMD's #HV, #VC, and #SX exception vectors Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 34/41] KVM: selftests: Add ex_str() to print human friendly name of " Sean Christopherson
2025-09-15 9:07 ` Chao Gao
2025-09-12 23:23 ` [PATCH v15 35/41] KVM: selftests: Add an MSR test to exercise guest/host and read/write Sean Christopherson
2025-09-15 8:22 ` Chao Gao
2025-09-15 17:00 ` Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 36/41] KVM: selftests: Add support for MSR_IA32_{S,U}_CET to MSRs test Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 37/41] KVM: selftests: Extend MSRs test to validate vCPUs without supported features Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 38/41] KVM: selftests: Add KVM_{G,S}ET_ONE_REG coverage to MSRs test Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 39/41] KVM: selftests: Add coverate for KVM-defined registers in " Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 40/41] KVM: selftests: Verify MSRs are (not) in save/restore list when (un)supported Sean Christopherson
2025-09-12 23:23 ` [PATCH v15 41/41] KVM: VMX: Make CR4.CET a guest owned bit Sean Christopherson
2025-09-15 13:18 ` [PATCH v15 00/41] KVM: x86: Mega-CET Mathias Krause
2025-09-15 21:20 ` John Allen
2025-09-16 13:53 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMnY7NqhhnMYqu7m@google.com \
--to=seanjc@google.com \
--cc=chao.gao@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox