CET xsaves component size is queried through CPUID.(EAX=0xD, ECX=11) and CPUID.(EAX=0xD, ECX=12).
Signed-off-by: Zhang Yi Z <[email protected]> Signed-off-by: Yang Weijiang <[email protected]> --- arch/x86/kvm/cpuid.c | 60 +++++++++++++++++++++++++++++++++----------- arch/x86/kvm/x86.c | 4 +++ arch/x86/kvm/x86.h | 4 +++ 3 files changed, 54 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index cb1aece25b17..dbeb4e7904eb 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -27,6 +27,8 @@ #include "trace.h" #include "pmu.h" +extern u64 host_xss; + static u32 xstate_required_size(u64 xstate_bv, bool compacted) { int feature_bit = 0; @@ -65,6 +67,19 @@ u64 kvm_supported_xcr0(void) return xcr0; } +u64 kvm_supported_xss(void) +{ + u64 xss = host_xss & KVM_SUPPORTED_XSS; + + /* + * Either SHSTK or IBT feature depends on the xsaves component. + */ + if (!boot_cpu_has(X86_FEATURE_SHSTK) && !boot_cpu_has(X86_FEATURE_IBT)) + xss &= ~(XFEATURE_MASK_SHSTK_USER | XFEATURE_MASK_SHSTK_KERNEL); + + return xss; +} + #define F(x) bit(X86_FEATURE_##x) /* For scattered features from cpufeatures.h; we currently expose none */ @@ -503,6 +518,16 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, * if the host doesn't support it. */ entry->edx |= F(ARCH_CAPABILITIES); + /* + * If host doesn't have CET capability, + * do not report CET related info. + */ + if (!boot_cpu_has(X86_FEATURE_SHSTK)) + entry->ecx &= ~F(SHSTK); + + if (!boot_cpu_has(X86_FEATURE_IBT)) + entry->edx &= ~F(IBT); + } else { entry->ebx = 0; entry->ecx = 0; @@ -564,14 +589,17 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, } case 0xd: { int idx, i; - u64 supported = kvm_supported_xcr0(); + u64 u_supported = kvm_supported_xcr0(); + u64 s_supported = kvm_supported_xss(); + u64 supported; + int compacted; - entry->eax &= supported; - entry->ebx = xstate_required_size(supported, false); + entry->eax &= u_supported; + entry->ebx = xstate_required_size(u_supported, false); entry->ecx = entry->ebx; - entry->edx &= supported >> 32; + entry->edx &= u_supported >> 32; entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; - if (!supported) + if (!u_supported) break; for (idx = 1, i = 1; idx < 64; ++idx) { @@ -583,19 +611,23 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, if (idx == 1) { entry[i].eax &= kvm_cpuid_D_1_eax_x86_features; cpuid_mask(&entry[i].eax, CPUID_D_1_EAX); - entry[i].ebx = 0; - if (entry[i].eax & (F(XSAVES)|F(XSAVEC))) - entry[i].ebx = - xstate_required_size(supported, - true); + supported = u_supported | s_supported; + compacted = entry[i].eax & + (F(XSAVES) | F(XSAVEC)); + entry[i].ebx = xstate_required_size(supported, + compacted); + entry[i].ecx &= s_supported; + entry[i].edx = 0; } else { + supported = (entry[i].ecx & 1) ? s_supported : + u_supported; if (entry[i].eax == 0 || !(supported & mask)) continue; - if (WARN_ON_ONCE(entry[i].ecx & 1)) - continue; + entry[i].ecx &= 1; + entry[i].edx = 0; + if (entry[i].ecx) + entry[i].ebx = 0; } - entry[i].ecx = 0; - entry[i].edx = 0; entry[i].flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; ++*nent; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a0f8b71b2132..b0ae24913423 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -212,6 +212,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = { }; u64 __read_mostly host_xcr0; +u64 __read_mostly host_xss; static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt); @@ -6838,6 +6839,9 @@ int kvm_arch_init(void *opaque) if (boot_cpu_has(X86_FEATURE_XSAVE)) host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); + if (boot_cpu_has(X86_FEATURE_XSAVES)) + rdmsrl(MSR_IA32_XSS, host_xss); + kvm_lapic_init(); #ifdef CONFIG_X86_64 pvclock_gtod_register_notifier(&pvclock_gtod_notifier); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 224cd0a47568..c61da41c3c5c 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -283,6 +283,10 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2, | XFEATURE_MASK_YMM | XFEATURE_MASK_BNDREGS \ | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \ | XFEATURE_MASK_PKRU) + +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_SHSTK_USER \ + | XFEATURE_MASK_SHSTK_KERNEL) + extern u64 host_xcr0; extern u64 kvm_supported_xcr0(void); -- 2.17.1
