From: John Allen <john.allen@amd.com>
To: <kvm@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <pbonzini@redhat.com>,
<weijiang.yang@intel.com>, <rick.p.edgecombe@intel.com>,
<seanjc@google.com>, <x86@kernel.org>, <thomas.lendacky@amd.com>,
John Allen <john.allen@amd.com>
Subject: [RFC PATCH 1/7] KVM: x86: Move shared CET routine to common x86 kvm code
Date: Wed, 12 Oct 2022 20:39:04 +0000 [thread overview]
Message-ID: <20221012203910.204793-2-john.allen@amd.com> (raw)
In-Reply-To: <20221012203910.204793-1-john.allen@amd.com>
cet_is_msr_accessible can also by used for shadow stack support in SVM.
Move this to common x86 kvm code.
Signed-off-by: John Allen <john.allen@amd.com>
---
arch/x86/kvm/vmx/vmx.c | 32 +++-----------------------------
arch/x86/kvm/x86.c | 26 ++++++++++++++++++++++++++
arch/x86/kvm/x86.h | 2 ++
3 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 4558b13d0610..8b79a727b29c 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1845,32 +1845,6 @@ static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
}
}
-static bool cet_is_msr_accessible(struct kvm_vcpu *vcpu,
- struct msr_data *msr)
-{
- if (!kvm_cet_user_supported() &&
- !cet_kernel_ibt_supported())
- return false;
-
- if (msr->host_initiated)
- return true;
-
- if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
- !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
- return false;
-
- if (msr->index == MSR_IA32_S_CET &&
- guest_cpuid_has(vcpu, X86_FEATURE_IBT))
- return true;
-
- if ((msr->index == MSR_IA32_PL3_SSP ||
- msr->index == MSR_KVM_GUEST_SSP) &&
- !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
- return false;
-
- return true;
-}
-
/*
* Reads an msr value (of 'msr_info->index') into 'msr_info->data'.
* Returns 0 on success, non-0 otherwise.
@@ -2014,7 +1988,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
case MSR_IA32_PL3_SSP:
case MSR_KVM_GUEST_SSP:
case MSR_IA32_S_CET:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if (msr_info->index == MSR_KVM_GUEST_SSP)
msr_info->data = vmcs_readl(GUEST_SSP);
@@ -2363,7 +2337,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
break;
case MSR_IA32_U_CET:
case MSR_IA32_S_CET:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if ((data & GENMASK(9, 6)) ||
is_noncanonical_address(data, vcpu))
@@ -2375,7 +2349,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
break;
case MSR_IA32_PL3_SSP:
case MSR_KVM_GUEST_SSP:
- if (!cet_is_msr_accessible(vcpu, msr_info))
+ if (!kvm_cet_is_msr_accessible(vcpu, msr_info))
return 1;
if ((data & GENMASK(2, 0)) ||
is_noncanonical_address(data, vcpu))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5786225c0dfa..486e91f4a538 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -13475,6 +13475,32 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
}
EXPORT_SYMBOL_GPL(kvm_sev_es_string_io);
+bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr)
+{
+ if (!kvm_cet_user_supported() &&
+ !cet_kernel_ibt_supported())
+ return false;
+
+ if (msr->host_initiated)
+ return true;
+
+ if (!guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+ return false;
+
+ if (msr->index == MSR_IA32_S_CET &&
+ guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+ return true;
+
+ if ((msr->index == MSR_IA32_PL3_SSP ||
+ msr->index == MSR_KVM_GUEST_SSP) &&
+ !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
+ return false;
+
+ return true;
+}
+EXPORT_SYMBOL_GPL(kvm_cet_is_msr_accessible);
+
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_entry);
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio);
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index a55f262d1e61..fb871be7131e 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -502,6 +502,8 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
unsigned int port, void *data, unsigned int count,
int in);
+bool kvm_cet_is_msr_accessible(struct kvm_vcpu *vcpu, struct msr_data *msr);
+
/*
* We've already loaded guest MSRs in __msr_io() when check the MSR index.
* In case vcpu has been preempted, we need to disable preemption, check
--
2.34.3
next prev parent reply other threads:[~2022-10-12 20:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 20:39 [RFC PATCH 0/7] SVM guest shadow stack support John Allen
2022-10-12 20:39 ` John Allen [this message]
2022-10-12 20:39 ` [RFC PATCH 2/7] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2022-10-12 20:39 ` [RFC PATCH 3/7] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2022-10-12 20:39 ` [RFC PATCH 4/7] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2022-10-12 20:39 ` [RFC PATCH 5/7] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2022-10-12 20:39 ` [RFC PATCH 6/7] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2022-10-12 20:39 ` [RFC PATCH 7/7] KVM: SVM: Add CET features to supported_xss John Allen
2023-01-25 0:51 ` Sean Christopherson
2023-01-25 0:55 ` [RFC PATCH 0/7] SVM guest shadow stack support Sean Christopherson
2023-01-25 1:11 ` Edgecombe, Rick P
2023-03-28 17:51 ` John Allen
2023-03-29 0:16 ` Yang, Weijiang
2023-03-30 5:37 ` Yang, Weijiang
2023-03-30 19:47 ` John Allen
2023-03-30 20:05 ` Sean Christopherson
2023-03-31 6:39 ` Yang, Weijiang
2023-01-25 17:07 ` John Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221012203910.204793-2-john.allen@amd.com \
--to=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox