ed-by: Vitaly Kuznetsov
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/evmcs.c | 4 ++--
arch/x86/kvm/vmx/evmcs.h | 6 --
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 41f24661af04..9f81db51fd8b 100644
--- a/arch/x8
erson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/cpuid.c | 1 -
arch/x86/kvm/vmx/nested.c | 30 ++
arch/x86/kvm/vmx/vmx.h| 3 +++
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index d191de7
CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET
bit in cr4_fixed1_bits if either of them is enabled so that nested guest
can enjoy the feature.
Reviewed-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 1 +
1 file changed, 1 insertion
r MPX.
Yang Weijiang (3):
KVM: nVMX: Sync L2 guest CET states between L1/L2
KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled
KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
arch/x86/kvm/cpuid.c | 1 -
arch/x86/kvm/vmx/evmcs.c | 4 ++--
arch/x8
On Tue, Mar 23, 2021 at 03:56:30PM +, Sean Christopherson wrote:
> On Tue, Mar 23, 2021, Yang Weijiang wrote:
> > On Tue, Mar 16, 2021 at 05:03:47PM +0800, Yang Weijiang wrote:
> >
> > Hi, Sean,
> > Could you respond my below rely? I'm not sure how to proceed
On Tue, Mar 16, 2021 at 05:03:47PM +0800, Yang Weijiang wrote:
Hi, Sean,
Could you respond my below rely? I'm not sure how to proceed, thanks!
> On Mon, Mar 15, 2021 at 09:45:11AM -0700, Sean Christopherson wrote:
> > On Mon, Mar 15, 2021, Yang Weijiang wrote:
> > >
On Mon, Mar 15, 2021 at 09:45:11AM -0700, Sean Christopherson wrote:
> On Mon, Mar 15, 2021, Yang Weijiang wrote:
> > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying
> > to
> > read/write them and after they're changed. If CET guest entry-lo
ed-by: Vitaly Kuznetsov
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/evmcs.c | 4 ++--
arch/x86/kvm/vmx/evmcs.h | 6 --
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 41f24661af04..9f81db51fd8b 100644
--- a/arch/x8
CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET
bit in cr4_fixed1_bits if either of them is enabled so that nested guest
can enjoy the feature.
Reviewed-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 1 +
1 file changed, 1 insertion
Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/cpuid.c | 1 -
arch/x86/kvm/vmx/nested.c | 35 +--
arch/x86/kvm/vmx/vmx.h| 3 +++
3 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
fix for MPX.
Yang Weijiang (3):
KVM: nVMX: Sync L2 guest CET states between L1/L2
KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled
KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
arch/x86/kvm/cpuid.c | 1 -
arch/x86/kvm/vmx/evmcs.c | 4 ++--
arch
On Fri, Mar 12, 2021 at 03:28:32PM -0800, Sean Christopherson wrote:
> On Mon, Mar 08, 2021, Yang Weijiang wrote:
> > On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote:
> > > On Thu, Mar 04, 2021, Yang Weijiang wrote:
> > > > @@ -3375,6 +3391,
On Mon, Mar 08, 2021 at 04:01:09PM +0800, Yang Weijiang wrote:
Hi, Sean,
Any comments for below change?
> On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote:
> > On Thu, Mar 04, 2021, Yang Weijiang wrote:
> > > @@ -3375,6 +3391,12 @@ enum n
On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote:
> On Thu, Mar 04, 2021, Yang Weijiang wrote:
> > @@ -3375,6 +3391,12 @@ enum nvmx_vmentry_status
> > nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
> > if (kvm_mpx_supported() &&
On Thu, Mar 04, 2021 at 10:50:10AM +0100, Vitaly Kuznetsov wrote:
> Yang Weijiang writes:
>
> > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying
> > to
> > read/write them and after they're changed. If CET guest entry-load bit is
> &g
On Wed, Mar 03, 2021 at 01:24:07PM +0100, Paolo Bonzini wrote:
> On 03/03/21 07:04, Yang Weijiang wrote:
> > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying
> > to
> > read/write them and after they're changed. If CET guest entry-load bit
On Wed, Mar 03, 2021 at 10:36:40AM +0100, Vitaly Kuznetsov wrote:
> Yang Weijiang writes:
>
> > CET in nested guest over Hyper-V is not supported for now. Relevant
> > enabling patches will be posted as a separate patch series.
> >
> > Suggested-by: Paolo Bo
These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
read/write them and after they're changed. If CET guest entry-load bit is not
set by L1 guest, migrate them to L2 manaully.
Suggested-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/cp
CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET
bit in cr4_fixed1_bits if either of them is enabled so that nested guest
can enjoy the feature.
Reviewed-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 1 +
1 file changed, 1 insertion
ff-by: Yang Weijiang
---
arch/x86/kvm/vmx/evmcs.c | 4 ++--
arch/x86/kvm/vmx/evmcs.h | 6 --
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 41f24661af04..9f81db51fd8b 100644
--- a/arch/x86/kvm/vmx/evmcs.c
+++ b/arch/x8
This patch series is to fix a few issues found during nested guest
testing on Linux, also including a patch to explictly disable CET
support in nested guest over Hyper-V(s).
Yang Weijiang (3):
KVM: nVMX: Sync L2 guest CET states between L1/L2
KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if
On Tue, Mar 02, 2021 at 11:35:41AM +0100, Vitaly Kuznetsov wrote:
> Sean Christopherson writes:
>
> > +Vitaly
> >
> > On Thu, Feb 25, 2021, Yang Weijiang wrote:
> >> These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is
> >> trying
These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
read/write them and after they're changed. If CET guest entry-load bit is not
set by L1 guest, migrate them to L2 manaully.
Suggested-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/cp
CET in nested guest over Hyper-V is not supported for now. Relevant
enabling patches will be posted as a separate patch series.
Suggested-by: Paolo Bonzini
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/evmcs.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch
On Mon, Mar 01, 2021 at 09:46:19AM -0800, Sean Christopherson wrote:
> +Vitaly
>
> On Thu, Feb 25, 2021, Yang Weijiang wrote:
> > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying
> > to
> > read/write them and after they're changed
CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET
bit in cr4_fixed1_bits if either of them is enabled so that nested guest
can enjoy the feature.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/vmx
These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
read/write them and after they're changed. If CET guest entry-load bit is not
set by L1 guest, migrate them to L2 manaully.
Suggested-by: Sean Christopherson
Signed-off-by: Yang Weijiang
change in v2:
- Per S
On Thu, Feb 11, 2021 at 09:18:03AM -0800, Sean Christopherson wrote:
> On Tue, Feb 09, 2021, Yang Weijiang wrote:
> > When L2 guest status has been changed by L1 QEMU/KVM, sync the change back
> > to L2 guest before the later's next vm-entry. On the other hand, if it's
&g
When L2 guest status has been changed by L1 QEMU/KVM, sync the change back
to L2 guest before the later's next vm-entry. On the other hand, if it's
changed due to L2 guest, sync it back so as to let L1 guest see the change.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nes
On Wed, Feb 03, 2021 at 01:46:42PM -0800, Sean Christopherson wrote:
> On Wed, Feb 03, 2021, Yang Weijiang wrote:
> > Add handling for Control Protection (#CP) exceptions, vector 21, used
> > and introduced by Intel's Control-Flow Enforcement Technology (CET).
> > relevan
On Wed, Feb 03, 2021 at 01:07:53PM +0100, Paolo Bonzini wrote:
> On 03/02/21 12:34, Yang Weijiang wrote:
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 22eb6b8626a8..f63b713cd71f 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> &
On Wed, Feb 03, 2021 at 12:57:41PM +0100, Paolo Bonzini wrote:
> On 03/02/21 12:34, Yang Weijiang wrote:
> > MSRs that are switched through XSAVES are especially annoying due to the
> > possibility of the kernel's FPU being used in IRQ context. Disable IRQs
> > and ensur
Save GUEST_SSP to SMRAM when guest exits to SMM due to SMI and restore it
when guest exits SMM to interrupted normal non-root mode.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/emulate.c | 11 +++
arch/x86/kvm/x86.c | 10 ++
2 files changed, 21 insertions(+)
diff --git a
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index c2242fc1f71a..b6657117191b 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index f2b9bfb58206..3b405ebabb6e 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm
Add vmcs12 fields for all CET fields, pass-through CET MSRs to L2 when
possible, and enumerate the VMCS controls and CR4 bit as supported.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 30
following VMCS fields at VM-Entry:
GUEST_S_CET
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/vmx.h | 8
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86
ed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm_para.h | 1 +
arch/x86/kvm/vmx/vmx.c | 14 --
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/uapi/asm/kvm_para
Report all CET MSRs, including the synthetic GUEST_SSP MSR, as
to-be-saved, e.g. for migration, if CET is supported by KVM.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 10 ++
1 file changed, 10
x86 would prematurely expose CET on SVM. The alternative is to
put all the logic in VMX, but that means rereading host_xss in VMX and
duplicating the XSAVES check across VMX and SVM.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x
Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 6 ++
arch/x86/kvm/x86.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d9d3bae40a8c..6af240d87a33 100644
--- a/arch/x86/kvm/x86.c
+++ b
e switched through XSAVES are especially annoying due to the
possibility of the kernel's FPU being used in IRQ context. Disable IRQs
and ensure the guest's FPU state is loaded when accessing such MSRs.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-o
might do
KVM_SET_MSRS prior to KVM_SET_CPUID2.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
in
Add handling for Control Protection (#CP) exceptions, vector 21, used
and introduced by Intel's Control-Flow Enforcement Technology (CET).
relevant CET violation case. See Intel's SDM for details.
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86
igned-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/cpuid.c| 21 ++---
arch/x86/kvm/x86.c | 7 +--
3 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/kvm_hos
From: Sean Christopherson
Add MSR_IA32_XSS to the list of MSRs reported to userspace if
supported_xss is non-zero, i.e. KVM supports at least one XSS based
feature.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c
race issue due to CET MSR interception.
- Removed unnecessary guest CET state cleanup in VMCS.
- Rebased patches to 5.11-rc6.
Sean Christopherson (2):
KVM: x86: Report XSS as an MSR to be saved if there are supported
features
KVM: x86: Load guest fpu state when accessing MSRs managed by XS
On Fri, Jan 29, 2021 at 03:38:52PM +0100, Paolo Bonzini wrote:
> On 29/01/21 13:17, Yang Weijiang wrote:
> > > > It's specific to VM case, during VM reboot, memory mode reset but
> > > > VM_ENTRY_LOAD_CET_STATE
> > > > is still set, and VMCS
On Fri, Jan 29, 2021 at 03:38:52PM +0100, Paolo Bonzini wrote:
> On 29/01/21 13:17, Yang Weijiang wrote:
> > > > It's specific to VM case, during VM reboot, memory mode reset but
> > > > VM_ENTRY_LOAD_CET_STATE
> > > > is still set, and VMCS
On Thu, Jan 28, 2021 at 06:46:37PM +0100, Paolo Bonzini wrote:
> On 06/11/20 02:16, Yang Weijiang wrote:
> > Report all CET MSRs, including the synthetic GUEST_SSP MSR, as
> > to-be-saved, e.g. for migration, if CET is supported by KVM.
> >
> > Co-developed-by: Sean Chr
On Thu, Jan 28, 2021 at 06:45:08PM +0100, Paolo Bonzini wrote:
> On 06/11/20 02:16, Yang Weijiang wrote:
> >
> > +static bool cet_is_ssp_msr_accessible(struct kvm_vcpu *vcpu,
> > + struct msr_data *msr)
> > +{
> > + u64 mask;
>
est_cpuid_has() is not queried as host userspace is allowed
to access MSRs that have not been exposed to the guest, e.g. it might do
KVM_SET_MSRS prior to KVM_SET_CPUID2.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
--
XSS based
feature.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 20
1 file changed, 20 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 397f599b20e5..528eba526c9c 100644
ristopherson (2):
KVM: x86: Add helpers for {set|clear} bits in supported_xss
KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES
Yang Weijiang (1):
KVM: x86: Refresh CPUID when guest modifies MSR_IA32_XSS
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/cpuid.c
igned-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/cpuid.c| 21 ++---
arch/x86/kvm/x86.c | 7 +--
3 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/kvm_hos
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 89af692deb7e..8abc7bdd94f7 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm
ed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm_para.h | 1 +
arch/x86/kvm/vmx/vmx.c | 14 --
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/uapi/asm/kvm_para
Add vmcs12 fields for all CET fields, pass-through CET MSRs to L2 when
possible, and enumerate the VMCS controls and CR4 bit as supported.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 30
e switched through XSAVES are especially annoying due to the
possibility of the kernel's FPU being used in IRQ context. Disable IRQs
and ensure the guest's FPU state is loaded when accessing such MSRs.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-o
Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 6 ++
arch/x86/kvm/x86.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0433015ee443..8c9d631d7842 100644
--- a/arch/x86/kvm/x86.c
+++ b
following VMCS fields at VM-Entry:
GUEST_S_CET
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/vmx.h | 8
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86
ior to KVM_SET_CPUID2.
Signed-off-by: Sean Christopherson
Co-developed-by: Yang Weijiang
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 8c9d631d7842..751b62e8
Add handling for Control Protection (#CP) exceptions, vector 21, used
and introduced by Intel's Control-Flow Enforcement Technology (CET).
relevant CET violation case. See Intel's SDM for details.
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86
Report all CET MSRs, including the synthetic GUEST_SSP MSR, as
to-be-saved, e.g. for migration, if CET is supported by KVM.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 9 +
1 file changed, 9 insertions
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index c88a6e1721b1..6ba2027a3d44 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch
d SVM.
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/kvm/cpuid.c| 5 +--
arch/x86/kvm/vmx/capabilities.h | 5 +++
arch/x86/kvm/vmx/vmx.c
igned-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/cpuid.c| 21 ++---
arch/x86/kvm/x86.c | 7 +--
3 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/kvm_hos
From: Sean Christopherson
Add MSR_IA32_XSS to the list of MSRs reported to userspace if
supported_xss is non-zero, i.e. KVM supports at least one XSS based
feature.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/x86.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/arch/x86/kvm/
KVM: x86: Report XSS as an MSR to be saved if there are supported features
KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES
Yang Weijiang (11):
KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS
KVM: x86: Add #CP support in guest exception dispatch
KVM: VMX: Introduce
"SINGLE_STEP[%d]: exit %d exception %d rip 0x%llx "
"(should be 0x%llx) dr6 0x%llx (should be 0x%llx)",
i, run->exit_reason, run->debug.arch.exception,
run->debug.arch.pc, target_rip, run->debug.arch.dr6,
On Mon, Aug 17, 2020 at 01:20:34PM -0400, Paolo Bonzini wrote:
> From: Yang Weijiang
>
> If debug_regs.c is built with newer binutils, the resulting binary is
> "optimized"
> by the assembler:
>
> asm volatile("ss_start: "
> &qu
On Wed, Jul 22, 2020 at 12:48:05PM -0700, Sean Christopherson wrote:
> On Thu, Jul 16, 2020 at 11:16:16AM +0800, Yang Weijiang wrote:
> > Control-flow Enforcement Technology (CET) provides protection against
> > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two
. See SDM for
detailed
info.
The difference between CET VMCS fields and CET MSRs is that,the former are used
during VMEnter/VMExit, whereas the latter are used for CET state storage between
task/thread scheduling.
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 34 +
arch/x86/kvm/vmx/vmcs12.c | 267 +++---
arch/x86/kvm/vmx/vmcs12.h | 14 +-
arch/x86/kvm/vmx/vmx.c| 10 ++
4 files changed, 216 insertions(+), 109 deletions(-)
diff --git a/arch/x86/kvm
ified code in reporting Guest CPUID(EAX=D,ECX>=1), make it clearer.
- Added Host and Guest XSS mask check while setting bits for Guest XSS.
Sean Christopherson (1):
KVM: x86: Load guest fpu state when access MSRs managed by XSAVES
Yang Weijiang (10):
KVM: x86: Include CET definitions for
MSRs, it's necessary to check whether the
kernel FPU context switch happened and reload guest FPU context if needed.
Suggested-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm_para.h | 7 +-
arch/x86/kvm/vmx/vmx.c | 148 ++
case.
Don't expose CET feature if dependent CET bits are cleared in host XSS.
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 3 ++-
arch/x86/kvm/cpuid.c| 5 +++--
arch/x86/kvm/vmx/vmx.c | 5 +
arch/x86/kvm/x86.c | 11 +
the guest, e.g. it might do
KVM_SET_MSRS prior to KVM_SET_CPUID2.
Signed-off-by: Sean Christopherson
Co-developed-by: Yang Weijiang
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b
ORTED_XSS to indicate current
MSR_IA32_XSS bits supported in KVM, but actual XSS bits seen in guest depends
on the setting of CPUID(0xd,1).{ECX, EDX} for guest.
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 1 +
arc
Dump CET VMCS states for debug purpose. Since CET kernel protection is
not enabled, if related MSRs in host are filled by mistake, warn once on
detecting it.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch
These definitions are added by CET kernel patch and referenced by KVM,
if the CET KVM patches are tested without CET kernel patches, this patch
should be included.
Signed-off-by: Yang Weijiang
---
include/linux/kvm_host.h | 32
1 file changed, 32 insertions
IBT,
after discussed in community, it's agreed to allow guest control two features
independently as it won't introduce security hole.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/capabilities.h | 5 +
arch/x86/kvm/vmx/vmx.c | 30 --
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/vmx.h | 8
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index cd7de4b401fe..879c57ff2dc5
CPU defined #CP(21) to handle CET induced exception, it's accompanied
with several error codes corresponding to different CET violation cases,
see SDM for detailed description. The exception is classified as a
contibutory exception w.r.t #DF.
Signed-off-by: Yang Weijiang
---
arch/x86/in
On Mon, Jul 13, 2020 at 11:13:26AM -0700, Sean Christopherson wrote:
> On Wed, Jul 01, 2020 at 04:04:00PM +0800, Yang Weijiang wrote:
> > Control-flow Enforcement Technology (CET) provides protection against
> > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two
On Thu, Jul 02, 2020 at 11:13:35PM +0800, Xiaoyao Li wrote:
> On 7/1/2020 4:04 PM, Yang Weijiang wrote:
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index c5835f9cb9ad..6390b62c12ed 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
>
These definitions are added by CET kernel patch and referenced by KVM,
if the CET KVM patches are tested without CET kernel patches, this patch
should be included.
Signed-off-by: Yang Weijiang
---
include/linux/kvm_host.h | 32
1 file changed, 32 insertions
.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/nested.c | 34 +
arch/x86/kvm/vmx/vmcs12.c | 275 ++
arch/x86/kvm/vmx/vmcs12.h | 14 +-
arch/x86/kvm/vmx/vmx.c| 10 ++
4 files changed, 220 insertions(+), 113 deletions(-)
diff --git a/arch/x86/kvm
GUEST_SSP
GUEST_INTR_SSP_TABLE
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/vmx.h | 8
1 file changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 5e090d1f03f8..f301def9125a
ORTED_XSS to indicate current
MSR_IA32_XSS bits supported in KVM, but actual XSS bits seen in guest depends
on the setting of CPUID(0xd,1).{ECX, EDX} for guest.
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 1 +
arc
. See SDM for
detailed
info.
The difference between CET VMCS fields and CET MSRs is that,the former are used
during VMEnter/VMExit, whereas the latter are used for CET state storage between
task/thread scheduling.
Co-developed-by: Zhang Yi Z
Signed-off-by: Zhang Yi Z
Signed-off-by: Yang Weijiang
case.
Signed-off-by: Yang Weijiang
---
arch/x86/include/asm/kvm_host.h | 3 ++-
arch/x86/kvm/cpuid.c| 5 +++--
arch/x86/kvm/vmx/vmx.c | 5 +
arch/x86/kvm/x86.c | 5 +
4 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm
CPU defined #CP(21) to handle CET induced exception, it's accompanied
with several error codes corresponding to different CET violation cases,
see SDM for detailed description. The exception is classified as a
contibutory exception w.r.t #DF.
Signed-off-by: Yang Weijiang
---
arch/x86/in
IBT,
after discussed in community, it's agreed to allow guest control two features
independently as it won't introduce security hole.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/capabilities.h | 5 +
arch/x86/kvm/vmx/vmx.c | 30 --
the guest, e.g. it might do
KVM_SET_MSRS prior to KVM_SET_CPUID2.
Signed-off-by: Sean Christopherson
Co-developed-by: Yang Weijiang
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/x86.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b
MSRs, it's necessary to check whether the
kernel FPU context switch happened and reload guest FPU context if needed.
Suggested-by: Sean Christopherson
Signed-off-by: Yang Weijiang
---
arch/x86/include/uapi/asm/kvm_para.h | 7 +-
arch/x86/kvm/vmx/vmx.c | 148 ++
t XSS.
Sean Christopherson (1):
KVM: x86: Load guest fpu state when access MSRs managed by XSAVES
Yang Weijiang (10):
KVM: x86: Include CET definitions for KVM test purpose
KVM: VMX: Introduce CET VMCS fields and flags
KVM: VMX: Set guest CET MSRs per KVM and host configuration
KVM: VM
Dump CET VMCS states for debug purpose. Since CET kernel protection is
not enabled, if related MSRs in host are filled by mistake, warn once on
detecting it.
Signed-off-by: Yang Weijiang
---
arch/x86/kvm/vmx/vmx.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch
On Tue, Jun 23, 2020 at 11:39:19AM -0700, Sean Christopherson wrote:
> On Thu, Jun 11, 2020 at 09:29:13AM +0800, Yang Weijiang wrote:
> > On Wed, Jun 10, 2020 at 09:56:36AM -0700, Sean Christopherson wrote:
> > > On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote:
>
On Wed, Jun 10, 2020 at 09:56:36AM -0700, Sean Christopherson wrote:
> On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote:
> > Several parts in KVM have been updated to provide VM CET support, including:
> > CPUID/XSAVES config, MSR pass-through, user space MSR a
1 - 100 of 312 matches
Mail list logo