From: John Allen <john.allen@amd.com>
To: <kvm@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <pbonzini@redhat.com>,
<weijiang.yang@intel.com>, <rick.p.edgecombe@intel.com>,
<seanjc@google.com>, <x86@kernel.org>, <thomas.lendacky@amd.com>,
John Allen <john.allen@amd.com>
Subject: [RFC PATCH 4/7] KVM: x86: SVM: Pass through shadow stack MSRs
Date: Wed, 12 Oct 2022 20:39:07 +0000 [thread overview]
Message-ID: <20221012203910.204793-5-john.allen@amd.com> (raw)
In-Reply-To: <20221012203910.204793-1-john.allen@amd.com>
If kvm supports shadow stack, pass through shadow stack MSRs to improve
guest performance.
Signed-off-by: John Allen <john.allen@amd.com>
---
arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++
arch/x86/kvm/svm/svm.h | 2 +-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 411c815d2d91..f40d3df2c1be 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -134,6 +134,13 @@ static const struct svm_direct_access_msrs {
{ .index = X2APIC_MSR(APIC_TMICT), .always = false },
{ .index = X2APIC_MSR(APIC_TMCCT), .always = false },
{ .index = X2APIC_MSR(APIC_TDCR), .always = false },
+ { .index = MSR_IA32_U_CET, .always = false },
+ { .index = MSR_IA32_S_CET, .always = false },
+ { .index = MSR_IA32_INT_SSP_TAB, .always = false },
+ { .index = MSR_IA32_PL0_SSP, .always = false },
+ { .index = MSR_IA32_PL1_SSP, .always = false },
+ { .index = MSR_IA32_PL2_SSP, .always = false },
+ { .index = MSR_IA32_PL3_SSP, .always = false },
{ .index = MSR_INVALID, .always = false },
};
@@ -1174,6 +1181,16 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
}
+
+ if (kvm_cet_user_supported() && guest_cpuid_has(vcpu, X86_FEATURE_SHSTK)) {
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_U_CET, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_S_CET, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_INT_SSP_TAB, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL0_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL1_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL2_SSP, 1, 1);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PL3_SSP, 1, 1);
+ }
}
static void init_vmcb(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 6a7686bf6900..c1c3e090ff9d 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -29,7 +29,7 @@
#define IOPM_SIZE PAGE_SIZE * 3
#define MSRPM_SIZE PAGE_SIZE * 2
-#define MAX_DIRECT_ACCESS_MSRS 46
+#define MAX_DIRECT_ACCESS_MSRS 53
#define MSRPM_OFFSETS 32
extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
extern bool npt_enabled;
--
2.34.3
next prev parent reply other threads:[~2022-10-12 20:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 20:39 [RFC PATCH 0/7] SVM guest shadow stack support John Allen
2022-10-12 20:39 ` [RFC PATCH 1/7] KVM: x86: Move shared CET routine to common x86 kvm code John Allen
2022-10-12 20:39 ` [RFC PATCH 2/7] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2022-10-12 20:39 ` [RFC PATCH 3/7] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2022-10-12 20:39 ` John Allen [this message]
2022-10-12 20:39 ` [RFC PATCH 5/7] KVM: SVM: Save shadow stack host state on VMRUN John Allen
2022-10-12 20:39 ` [RFC PATCH 6/7] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2022-10-12 20:39 ` [RFC PATCH 7/7] KVM: SVM: Add CET features to supported_xss John Allen
2023-01-25 0:51 ` Sean Christopherson
2023-01-25 0:55 ` [RFC PATCH 0/7] SVM guest shadow stack support Sean Christopherson
2023-01-25 1:11 ` Edgecombe, Rick P
2023-03-28 17:51 ` John Allen
2023-03-29 0:16 ` Yang, Weijiang
2023-03-30 5:37 ` Yang, Weijiang
2023-03-30 19:47 ` John Allen
2023-03-30 20:05 ` Sean Christopherson
2023-03-31 6:39 ` Yang, Weijiang
2023-01-25 17:07 ` John Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221012203910.204793-5-john.allen@amd.com \
--to=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox