[PATCH v5 3/3] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list

-by: Vitaly Kuznetsov Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/evmcs.c | 4 ++-- arch/x86/kvm/vmx/evmcs.h | 6 -- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 41f24661af04..9f81db51fd8b 100644 --- a/arch/x86/kvm

[PATCH v5 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c | 1 - arch/x86/kvm/vmx/nested.c | 30 ++ arch/x86/kvm/vmx/vmx.h| 3 +++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index d191de769093

[PATCH v5 2/3] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled

CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET bit in cr4_fixed1_bits if either of them is enabled so that nested guest can enjoy the feature. Reviewed-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion

[PATCH v5 0/3] CET fix patches for nested guest

. Yang Weijiang (3): KVM: nVMX: Sync L2 guest CET states between L1/L2 KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list arch/x86/kvm/cpuid.c | 1 - arch/x86/kvm/vmx/evmcs.c | 4 ++-- arch/x86/kvm

Re: [PATCH v4 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Tue, Mar 23, 2021 at 03:56:30PM +, Sean Christopherson wrote: > On Tue, Mar 23, 2021, Yang Weijiang wrote: > > On Tue, Mar 16, 2021 at 05:03:47PM +0800, Yang Weijiang wrote: > > > > Hi, Sean, > > Could you respond my below rely? I'm not sure how to proceed, tha

Re: [PATCH v4 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Tue, Mar 16, 2021 at 05:03:47PM +0800, Yang Weijiang wrote: Hi, Sean, Could you respond my below rely? I'm not sure how to proceed, thanks! > On Mon, Mar 15, 2021 at 09:45:11AM -0700, Sean Christopherson wrote: > > On Mon, Mar 15, 2021, Yang Weijiang wrote: > > > These

Re: [PATCH v4 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Mon, Mar 15, 2021 at 09:45:11AM -0700, Sean Christopherson wrote: > On Mon, Mar 15, 2021, Yang Weijiang wrote: > > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying > > to > > read/write them and after they're changed. If CET guest entry-load bi

[PATCH v4 3/3] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list

-by: Vitaly Kuznetsov Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/evmcs.c | 4 ++-- arch/x86/kvm/vmx/evmcs.h | 6 -- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 41f24661af04..9f81db51fd8b 100644 --- a/arch/x86/kvm

[PATCH v4 2/3] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled

CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET bit in cr4_fixed1_bits if either of them is enabled so that nested guest can enjoy the feature. Reviewed-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion

[PATCH v4 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c | 1 - arch/x86/kvm/vmx/nested.c | 35 +-- arch/x86/kvm/vmx/vmx.h| 3 +++ 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index

[PATCH v4 0/3] CET fix patches for nested guest

fix for MPX. Yang Weijiang (3): KVM: nVMX: Sync L2 guest CET states between L1/L2 KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list arch/x86/kvm/cpuid.c | 1 - arch/x86/kvm/vmx/evmcs.c | 4 ++-- arch

Re: [PATCH v3 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Fri, Mar 12, 2021 at 03:28:32PM -0800, Sean Christopherson wrote: > On Mon, Mar 08, 2021, Yang Weijiang wrote: > > On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote: > > > On Thu, Mar 04, 2021, Yang Weijiang wrote: > > > > @@ -3375,6 +3391,

Re: [PATCH v3 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Mon, Mar 08, 2021 at 04:01:09PM +0800, Yang Weijiang wrote: Hi, Sean, Any comments for below change? > On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote: > > On Thu, Mar 04, 2021, Yang Weijiang wrote: > > > @@ -3375,6 +3391,12 @@ enum n

Re: [PATCH v3 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Thu, Mar 04, 2021 at 08:46:45AM -0800, Sean Christopherson wrote: > On Thu, Mar 04, 2021, Yang Weijiang wrote: > > @@ -3375,6 +3391,12 @@ enum nvmx_vmentry_status > > nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu, > > if (kvm_mpx_supported() &&

Re: [PATCH v3 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Thu, Mar 04, 2021 at 10:50:10AM +0100, Vitaly Kuznetsov wrote: > Yang Weijiang writes: > > > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying > > to > > read/write them and after they're changed. If CET guest entry-load bit is > > no

Re: [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Wed, Mar 03, 2021 at 01:24:07PM +0100, Paolo Bonzini wrote: > On 03/03/21 07:04, Yang Weijiang wrote: > > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying > > to > > read/write them and after they're changed. If CET guest entry-load bit is

Re: [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list

On Wed, Mar 03, 2021 at 10:36:40AM +0100, Vitaly Kuznetsov wrote: > Yang Weijiang writes: > > > CET in nested guest over Hyper-V is not supported for now. Relevant > > enabling patches will be posted as a separate patch series. > > > > Suggested-by: Paolo Bo

[PATCH v3 1/3] KVM: nVMX: Sync L2 guest CET states between L1/L2

These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to read/write them and after they're changed. If CET guest entry-load bit is not set by L1 guest, migrate them to L2 manaully. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c

[PATCH v3 2/3] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled

CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET bit in cr4_fixed1_bits if either of them is enabled so that nested guest can enjoy the feature. Reviewed-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion

[PATCH v3 3/3] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list

-by: Yang Weijiang --- arch/x86/kvm/vmx/evmcs.c | 4 ++-- arch/x86/kvm/vmx/evmcs.h | 6 -- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 41f24661af04..9f81db51fd8b 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm

[PATCH v3 0/3] CET fix patches for nested guest

This patch series is to fix a few issues found during nested guest testing on Linux, also including a patch to explictly disable CET support in nested guest over Hyper-V(s). Yang Weijiang (3): KVM: nVMX: Sync L2 guest CET states between L1/L2 KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits

Re: [PATCH v2] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Tue, Mar 02, 2021 at 11:35:41AM +0100, Vitaly Kuznetsov wrote: > Sean Christopherson writes: > > > +Vitaly > > > > On Thu, Feb 25, 2021, Yang Weijiang wrote: > >> These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is > >> trying

[PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2

These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to read/write them and after they're changed. If CET guest entry-load bit is not set by L1 guest, migrate them to L2 manaully. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/cpuid.c

[PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list

CET in nested guest over Hyper-V is not supported for now. Relevant enabling patches will be posted as a separate patch series. Suggested-by: Paolo Bonzini Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/evmcs.h | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch

Re: [PATCH v2] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Mon, Mar 01, 2021 at 09:46:19AM -0800, Sean Christopherson wrote: > +Vitaly > > On Thu, Feb 25, 2021, Yang Weijiang wrote: > > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying > > to > > read/write them and after they're changed.

[PATCH] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled

CET SHSTK and IBT are independently controlled by kernel, set X86_CR4_CET bit in cr4_fixed1_bits if either of them is enabled so that nested guest can enjoy the feature. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/vmx

[PATCH v2] KVM: nVMX: Sync L2 guest CET states between L1/L2

These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to read/write them and after they're changed. If CET guest entry-load bit is not set by L1 guest, migrate them to L2 manaully. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang change in v2: - Per Sean's

Re: [PATCH] KVM: nVMX: Sync L2 guest CET states between L1/L2

On Thu, Feb 11, 2021 at 09:18:03AM -0800, Sean Christopherson wrote: > On Tue, Feb 09, 2021, Yang Weijiang wrote: > > When L2 guest status has been changed by L1 QEMU/KVM, sync the change back > > to L2 guest before the later's next vm-entry. On the other hand, if it's > > ch

[PATCH] KVM: nVMX: Sync L2 guest CET states between L1/L2

When L2 guest status has been changed by L1 QEMU/KVM, sync the change back to L2 guest before the later's next vm-entry. On the other hand, if it's changed due to L2 guest, sync it back so as to let L1 guest see the change. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 12

Re: [PATCH v15 04/14] KVM: x86: Add #CP support in guest exception dispatch

On Wed, Feb 03, 2021 at 01:46:42PM -0800, Sean Christopherson wrote: > On Wed, Feb 03, 2021, Yang Weijiang wrote: > > Add handling for Control Protection (#CP) exceptions, vector 21, used > > and introduced by Intel's Control-Flow Enforcement Technology (CET). > > relevant CET

Re: [PATCH v15 14/14] KVM: x86: Save/Restore GUEST_SSP to/from SMRAM

On Wed, Feb 03, 2021 at 01:07:53PM +0100, Paolo Bonzini wrote: > On 03/02/21 12:34, Yang Weijiang wrote: > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index 22eb6b8626a8..f63b713cd71f 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > &

Re: [PATCH v15 07/14] KVM: VMX: Emulate reads and writes to CET MSRs

On Wed, Feb 03, 2021 at 12:57:41PM +0100, Paolo Bonzini wrote: > On 03/02/21 12:34, Yang Weijiang wrote: > > MSRs that are switched through XSAVES are especially annoying due to the > > possibility of the kernel's FPU being used in IRQ context. Disable IRQs > > and ensure

[PATCH v15 14/14] KVM: x86: Save/Restore GUEST_SSP to/from SMRAM

Save GUEST_SSP to SMRAM when guest exits to SMM due to SMI and restore it when guest exits SMM to interrupted normal non-root mode. Signed-off-by: Yang Weijiang --- arch/x86/kvm/emulate.c | 11 +++ arch/x86/kvm/x86.c | 10 ++ 2 files changed, 21 insertions(+) diff --git

[PATCH v15 11/14] KVM: VMX: Pass through CET MSRs to the guest when supported

Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 33 + 1 file changed, 33 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c2242fc1f71a..b6657117191b 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b

[PATCH v15 12/14] KVM: nVMX: Add helper to check the vmcs01 MSR bitmap for MSR pass-through

Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index f2b9bfb58206..3b405ebabb6e 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm

[PATCH v15 13/14] KVM: nVMX: Enable CET support for nested VMX

Add vmcs12 fields for all CET fields, pass-through CET MSRs to L2 when possible, and enumerate the VMCS controls and CR4 bit as supported. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 30

[PATCH v15 05/14] KVM: VMX: Introduce CET VMCS fields and flags

the following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/vmx.h | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86

[PATCH v15 08/14] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP

-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 14 -- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b

[PATCH v15 09/14] KVM: x86: Report CET MSRs as to-be-saved if CET is supported

Report all CET MSRs, including the synthetic GUEST_SSP MSR, as to-be-saved, e.g. for migration, if CET is supported by KVM. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 10 ++ 1 file changed, 10

[PATCH v15 10/14] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace

prematurely expose CET on SVM. The alternative is to put all the logic in VMX, but that means rereading host_xss in VMX and duplicating the XSAVES check across VMX and SVM. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include

[PATCH v15 06/14] KVM: x86: Add fault checks for CR4.CET

Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 6 ++ arch/x86/kvm/x86.h | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d9d3bae40a8c..6af240d87a33 100644 --- a/arch/x86/kvm/x86.c +++ b

[PATCH v15 07/14] KVM: VMX: Emulate reads and writes to CET MSRs

e switched through XSAVES are especially annoying due to the possibility of the kernel's FPU being used in IRQ context. Disable IRQs and ensure the guest's FPU state is loaded when accessing such MSRs. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yan

[PATCH v15 03/14] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES

MSRS prior to KVM_SET_CPUID2. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 30a07caf077c..99

[PATCH v15 04/14] KVM: x86: Add #CP support in guest exception dispatch

Add handling for Control Protection (#CP) exceptions, vector 21, used and introduced by Intel's Control-Flow Enforcement Technology (CET). relevant CET violation case. See Intel's SDM for details. Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/x86.c

[PATCH v15 02/14] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS

-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c| 21 ++--- arch/x86/kvm/x86.c | 7 +-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v15 01/14] KVM: x86: Report XSS as an MSR to be saved if there are supported features

From: Sean Christopherson Add MSR_IA32_XSS to the list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c

[PATCH v15 00/14] Introduce support for guest CET feature

due to CET MSR interception. - Removed unnecessary guest CET state cleanup in VMCS. - Rebased patches to 5.11-rc6. Sean Christopherson (2): KVM: x86: Report XSS as an MSR to be saved if there are supported features KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang

Re: [PATCH v14 10/13] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace

On Fri, Jan 29, 2021 at 03:38:52PM +0100, Paolo Bonzini wrote: > On 29/01/21 13:17, Yang Weijiang wrote: > > > > It's specific to VM case, during VM reboot, memory mode reset but > > > > VM_ENTRY_LOAD_CET_STATE > > > > is still set, and VMCS conta

Re: [PATCH v14 10/13] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace

On Fri, Jan 29, 2021 at 03:38:52PM +0100, Paolo Bonzini wrote: > On 29/01/21 13:17, Yang Weijiang wrote: > > > > It's specific to VM case, during VM reboot, memory mode reset but > > > > VM_ENTRY_LOAD_CET_STATE > > > > is still set, and VMCS conta

Re: [PATCH v14 09/13] KVM: x86: Report CET MSRs as to-be-saved if CET is supported

On Thu, Jan 28, 2021 at 06:46:37PM +0100, Paolo Bonzini wrote: > On 06/11/20 02:16, Yang Weijiang wrote: > > Report all CET MSRs, including the synthetic GUEST_SSP MSR, as > > to-be-saved, e.g. for migration, if CET is supported by KVM. > > > > Co-developed-by: Sean Chr

Re: [PATCH v14 07/13] KVM: VMX: Emulate reads and writes to CET MSRs

On Thu, Jan 28, 2021 at 06:45:08PM +0100, Paolo Bonzini wrote: > On 06/11/20 02:16, Yang Weijiang wrote: > > > > +static bool cet_is_ssp_msr_accessible(struct kvm_vcpu *vcpu, > > + struct msr_data *msr) > > +{ > > + u64 mask; >

[RFC PATCH 3/3] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES

as host userspace is allowed to access MSRs that have not been exposed to the guest, e.g. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 22

[RFC PATCH 1/3] KVM: x86: Add helpers for {set|clear} bits in supported_xss

XSS based feature. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 20 1 file changed, 20 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 397f599b20e5..528eba526c9c 100644

[RFC PATCH 0/3] Get supported_xss ready for XSS dependent

): KVM: x86: Add helpers for {set|clear} bits in supported_xss KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang (1): KVM: x86: Refresh CPUID when guest modifies MSR_IA32_XSS arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c| 21

[RFC PATCH 2/3] KVM: x86: Refresh CPUID when guest modifies MSR_IA32_XSS

-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c| 21 ++--- arch/x86/kvm/x86.c | 7 +-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v14 12/13] KVM: nVMX: Add helper to check the vmcs01 MSR bitmap for MSR pass-through

Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 89af692deb7e..8abc7bdd94f7 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm

[PATCH v14 08/13] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP

-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kvm/vmx/vmx.c | 14 -- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/uapi/asm/kvm_para.h b

[PATCH v14 13/13] KVM: nVMX: Enable CET support for nested VMX

Add vmcs12 fields for all CET fields, pass-through CET MSRs to L2 when possible, and enumerate the VMCS controls and CR4 bit as supported. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 30

[PATCH v14 07/13] KVM: VMX: Emulate reads and writes to CET MSRs

e switched through XSAVES are especially annoying due to the possibility of the kernel's FPU being used in IRQ context. Disable IRQs and ensure the guest's FPU state is loaded when accessing such MSRs. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yan

[PATCH v14 05/13] KVM: x86: Add fault checks for CR4.CET

Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 6 ++ arch/x86/kvm/x86.h | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0433015ee443..8c9d631d7842 100644 --- a/arch/x86/kvm/x86.c +++ b

[PATCH v14 04/13] KVM: VMX: Introduce CET VMCS fields and flags

the following VMCS fields at VM-Entry: GUEST_S_CET GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/vmx.h | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86

[PATCH v14 06/13] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES

2. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8c9d631d7842..751b62e871e5 100644 --- a/ar

[PATCH v14 03/13] KVM: x86: Add #CP support in guest exception dispatch

Add handling for Control Protection (#CP) exceptions, vector 21, used and introduced by Intel's Control-Flow Enforcement Technology (CET). relevant CET violation case. See Intel's SDM for details. Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/x86.c

[PATCH v14 09/13] KVM: x86: Report CET MSRs as to-be-saved if CET is supported

Report all CET MSRs, including the synthetic GUEST_SSP MSR, as to-be-saved, e.g. for migration, if CET is supported by KVM. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 9 + 1 file changed, 9 insertions

[PATCH v14 11/13] KVM: VMX: Pass through CET MSRs to the guest when supported

Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 29 + 1 file changed, 29 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c88a6e1721b1..6ba2027a3d44 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch

[PATCH v14 10/13] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace

-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/kvm/cpuid.c| 5 +-- arch/x86/kvm/vmx/capabilities.h | 5 +++ arch/x86/kvm/vmx/vmx.c | 64

[PATCH v14 02/13] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS

-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c| 21 ++--- arch/x86/kvm/x86.c | 7 +-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v14 01/13] KVM: x86: Report XSS as an MSR to be saved if there are supported features

From: Sean Christopherson Add MSR_IA32_XSS to the list of MSRs reported to userspace if supported_xss is non-zero, i.e. KVM supports at least one XSS based feature. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 6 ++ 1 file changed, 6 insertions(+) diff --git

[PATCH v14 00/13] Introduce support for guest CET feature

ted features KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang (11): KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS KVM: x86: Add #CP support in guest exception dispatch KVM: VMX: Introduce CET VMCS fields and flags KVM: x86: Add fault checks for CR4.CE

[PATCH] selftests: kvm: Fix assert failure in single-step test

"SINGLE_STEP[%d]: exit %d exception %d rip 0x%llx " "(should be 0x%llx) dr6 0x%llx (should be 0x%llx)", i, run->exit_reason, run->debug.arch.exception, run->debug.arch.pc, target_rip, run->debug.arch.dr6,

Re: [PATCH] selftests: kvm: Use a shorter encoding to clear RAX

On Mon, Aug 17, 2020 at 01:20:34PM -0400, Paolo Bonzini wrote: > From: Yang Weijiang > > If debug_regs.c is built with newer binutils, the resulting binary is > "optimized" > by the assembler: > > asm volatile("ss_start: " > &qu

Re: [RESEND PATCH v13 00/11] Introduce support for guest CET feature

On Wed, Jul 22, 2020 at 12:48:05PM -0700, Sean Christopherson wrote: > On Thu, Jul 16, 2020 at 11:16:16AM +0800, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET &

[RESEND v13 03/11] KVM: VMX: Set guest CET MSRs per KVM and host configuration

. See SDM for detailed info. The difference between CET VMCS fields and CET MSRs is that,the former are used during VMEnter/VMExit, whereas the latter are used for CET state storage between task/thread scheduling. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang

[RESEND v13 08/11] KVM: VMX: Enable CET support for nested VM

. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 34 + arch/x86/kvm/vmx/vmcs12.c | 267 +++--- arch/x86/kvm/vmx/vmcs12.h | 14 +- arch/x86/kvm/vmx/vmx.c| 10 ++ 4 files changed, 216 insertions(+), 109 deletions(-) diff --git a/arch/x86/kvm

[RESEND PATCH v13 00/11] Introduce support for guest CET feature

- Added Host and Guest XSS mask check while setting bits for Guest XSS. Sean Christopherson (1): KVM: x86: Load guest fpu state when access MSRs managed by XSAVES Yang Weijiang (10): KVM: x86: Include CET definitions for KVM test purpose KVM: VMX: Introduce CET VMCS fields and flags KVM: VM

[RESEND v13 07/11] KVM: x86: Add userspace access interface for CET MSRs

necessary to check whether the kernel FPU context switch happened and reload guest FPU context if needed. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 7 +- arch/x86/kvm/vmx/vmx.c | 148 +++ arch/x86

[RESEND v13 11/11] KVM: x86: Enable CET virtualization and advertise CET to userspace

in this case. Don't expose CET feature if dependent CET bits are cleared in host XSS. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c| 5 +++-- arch/x86/kvm/vmx/vmx.c | 5 + arch/x86/kvm/x86.c | 11 +++ 4

[RESEND v13 06/11] KVM: x86: Load guest fpu state when access MSRs managed by XSAVES

. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x

[RESEND v13 05/11] KVM: x86: Refresh CPUID once guest changes XSS bits

_XSS to indicate current MSR_IA32_XSS bits supported in KVM, but actual XSS bits seen in guest depends on the setting of CPUID(0xd,1).{ECX, EDX} for guest. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86

[RESEND v13 09/11] KVM: VMX: Add VMCS dump and sanity check for CET states

Dump CET VMCS states for debug purpose. Since CET kernel protection is not enabled, if related MSRs in host are filled by mistake, warn once on detecting it. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/arch

[RESEND v13 01/11] KVM: x86: Include CET definitions for KVM test purpose

These definitions are added by CET kernel patch and referenced by KVM, if the CET KVM patches are tested without CET kernel patches, this patch should be included. Signed-off-by: Yang Weijiang --- include/linux/kvm_host.h | 32 1 file changed, 32 insertions

[RESEND v13 04/11] KVM: VMX: Configure CET settings upon guest CR0/4 changing

discussed in community, it's agreed to allow guest control two features independently as it won't introduce security hole. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/capabilities.h | 5 + arch/x86/kvm/vmx/vmx.c | 30 -- arch/x86/kvm/x86.c

[RESEND v13 02/11] KVM: VMX: Introduce CET VMCS fields and flags

GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/vmx.h | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index cd7de4b401fe..879c57ff2dc5

[RESEND v13 10/11] KVM: x86: Add #CP support in guest exception dispatch

CPU defined #CP(21) to handle CET induced exception, it's accompanied with several error codes corresponding to different CET violation cases, see SDM for detailed description. The exception is classified as a contibutory exception w.r.t #DF. Signed-off-by: Yang Weijiang --- arch/x86/include

Re: [PATCH v13 00/11] Introduce support for guest CET feature

On Mon, Jul 13, 2020 at 11:13:26AM -0700, Sean Christopherson wrote: > On Wed, Jul 01, 2020 at 04:04:00PM +0800, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET &

Re: [PATCH v13 03/11] KVM: VMX: Set guest CET MSRs per KVM and host configuration

On Thu, Jul 02, 2020 at 11:13:35PM +0800, Xiaoyao Li wrote: > On 7/1/2020 4:04 PM, Yang Weijiang wrote: > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index c5835f9cb9ad..6390b62c12ed 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c >

[PATCH v13 01/11] KVM: x86: Include CET definitions for KVM test purpose

These definitions are added by CET kernel patch and referenced by KVM, if the CET KVM patches are tested without CET kernel patches, this patch should be included. Signed-off-by: Yang Weijiang --- include/linux/kvm_host.h | 32 1 file changed, 32 insertions

[PATCH v13 08/11] KVM: VMX: Enable CET support for nested VM

. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/nested.c | 34 + arch/x86/kvm/vmx/vmcs12.c | 275 ++ arch/x86/kvm/vmx/vmcs12.h | 14 +- arch/x86/kvm/vmx/vmx.c| 10 ++ 4 files changed, 220 insertions(+), 113 deletions(-) diff --git a/arch/x86/kvm

[PATCH v13 02/11] KVM: VMX: Introduce CET VMCS fields and flags

GUEST_SSP GUEST_INTR_SSP_TABLE Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/vmx.h | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 5e090d1f03f8..f301def9125a

[PATCH v13 05/11] KVM: x86: Refresh CPUID once guest changes XSS bits

_XSS to indicate current MSR_IA32_XSS bits supported in KVM, but actual XSS bits seen in guest depends on the setting of CPUID(0xd,1).{ECX, EDX} for guest. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86

[PATCH v13 03/11] KVM: VMX: Set guest CET MSRs per KVM and host configuration

. See SDM for detailed info. The difference between CET VMCS fields and CET MSRs is that,the former are used during VMEnter/VMExit, whereas the latter are used for CET state storage between task/thread scheduling. Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang

[PATCH v13 11/11] KVM: x86: Enable CET virtualization and advertise CET to userspace

in this case. Signed-off-by: Yang Weijiang --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c| 5 +++-- arch/x86/kvm/vmx/vmx.c | 5 + arch/x86/kvm/x86.c | 5 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm

[PATCH v13 10/11] KVM: x86: Add #CP support in guest exception dispatch

CPU defined #CP(21) to handle CET induced exception, it's accompanied with several error codes corresponding to different CET violation cases, see SDM for detailed description. The exception is classified as a contibutory exception w.r.t #DF. Signed-off-by: Yang Weijiang --- arch/x86/include

[PATCH v13 04/11] KVM: VMX: Configure CET settings upon guest CR0/4 changing

discussed in community, it's agreed to allow guest control two features independently as it won't introduce security hole. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/capabilities.h | 5 + arch/x86/kvm/vmx/vmx.c | 30 -- arch/x86/kvm/x86.c

[PATCH v13 06/11] KVM: x86: Load guest fpu state when access MSRs managed by XSAVES

. it might do KVM_SET_MSRS prior to KVM_SET_CPUID2. Signed-off-by: Sean Christopherson Co-developed-by: Yang Weijiang Signed-off-by: Yang Weijiang --- arch/x86/kvm/x86.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x

[PATCH v13 07/11] KVM: x86: Add userspace access interface for CET MSRs

necessary to check whether the kernel FPU context switch happened and reload guest FPU context if needed. Suggested-by: Sean Christopherson Signed-off-by: Yang Weijiang --- arch/x86/include/uapi/asm/kvm_para.h | 7 +- arch/x86/kvm/vmx/vmx.c | 148 +++ arch/x86

[PATCH v13 00/11] Introduce support for guest CET feature

when access MSRs managed by XSAVES Yang Weijiang (10): KVM: x86: Include CET definitions for KVM test purpose KVM: VMX: Introduce CET VMCS fields and flags KVM: VMX: Set guest CET MSRs per KVM and host configuration KVM: VMX: Configure CET settings upon guest CR0/4 changing KVM: x86: R

[PATCH v13 09/11] KVM: VMX: Add VMCS dump and sanity check for CET states

Dump CET VMCS states for debug purpose. Since CET kernel protection is not enabled, if related MSRs in host are filled by mistake, warn once on detecting it. Signed-off-by: Yang Weijiang --- arch/x86/kvm/vmx/vmx.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/arch

Re: [PATCH v12 00/10] Introduce support for guest CET feature

On Tue, Jun 23, 2020 at 11:39:19AM -0700, Sean Christopherson wrote: > On Thu, Jun 11, 2020 at 09:29:13AM +0800, Yang Weijiang wrote: > > On Wed, Jun 10, 2020 at 09:56:36AM -0700, Sean Christopherson wrote: > > > On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote: >

Re: [PATCH v12 00/10] Introduce support for guest CET feature

On Wed, Jun 10, 2020 at 09:56:36AM -0700, Sean Christopherson wrote: > On Wed, May 06, 2020 at 04:20:59PM +0800, Yang Weijiang wrote: > > Several parts in KVM have been updated to provide VM CET support, including: > > CPUID/XSAVES config, MSR pass-through, user space MSR a

  1   2   3   4   >