From nobody Mon Oct 27 14:05:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1761287814; cv=none; d=zohomail.com; s=zohoarc; b=BdwpEEc08W31YYsPgeKvpYcr7uV76HUUD9gWJ9lUZt02l6CxAqIWJTkyPCp6s6Bnd3hGpibrvWaAHARk996waQdN1GFZTt7zojOtsVuenrlot/8sAtH/XazhbEXMMb9UVWp01XaUUWVUbVtV1MI83e57qRD6DcsdUVGxFNTZpgE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1761287814; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=HQysPd83vx/PFVU/z3ELJgdLl5gtI2I3gR2ICv+WvfM=; b=PIw3u8LqdAUP8WuRSPxHzKFD46ms9nezgZm/UPg9fb9bylV5bAlkbm0bguX+XifVBzRzy4nCd90+mO3WC1QytAsMZlHzvPAAfR+fL7L2yWCm2/PbX8zgvY82ryoHWtlIx7WcaI2+FSu5eDCo7am3H0DvQd9qT3dFGgftUhvauyk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1761287814623949.1243000024699; Thu, 23 Oct 2025 23:36:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vCBOa-0003aZ-Oz; Fri, 24 Oct 2025 02:35:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vCBOV-0003Yo-O8 for qemu-devel@nongnu.org; Fri, 24 Oct 2025 02:35:24 -0400 Received: from mgamail.intel.com ([192.198.163.9]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vCBOT-0003kG-Jq for qemu-devel@nongnu.org; Fri, 24 Oct 2025 02:35:23 -0400 Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2025 23:35:21 -0700 Received: from liuzhao-optiplex-7080.sh.intel.com ([10.239.160.39]) by fmviesa006.fm.intel.com with ESMTP; 23 Oct 2025 23:35:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1761287722; x=1792823722; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qU5Tj18SBAmRCCj3RrNgLtsm8wwe6XuagVR52Qb/xRo=; b=kfckt/+BW7fsh/NpgZzvtHzvY3W/LN1l/hiyg1IxGMx9vDEq5rWWALwx 60WZCLG5VD9AUlLEY9sFcugZy3OSRM505ysHlGRtiMrBuVb6GSFUOIPLp guIK3EXGZlfMYIjcEPQT7GrtdAp6AaPUJ2oAe8A1q30J7D4P4XbMYz6zY RRyM8UipYCHpz4I2E4hImc8/UlD2En/uzznoF47KJUhS942PSqKcsFQFs UQ3wNXom2GR2UJzGbY4ey+bLdj4jVhapv2eqsAAhh8wBZd/IIUvcjQy1a fnvS66SKnRROE0VuXUO7b4C3z3liWTWPhKYPVdbaBiOJfNWF3nF3MlXCb w==; X-CSE-ConnectionGUID: ZhUV/myJRM2xjz2sVI2ABQ== X-CSE-MsgGUID: 1VOqb7g3Rw2Gi7qpoKpfow== X-IronPort-AV: E=McAfee;i="6800,10657,11586"; a="74137893" X-IronPort-AV: E=Sophos;i="6.19,251,1754982000"; d="scan'208";a="74137893" X-CSE-ConnectionGUID: XxIr8PBlTo+gR5ef38s0JQ== X-CSE-MsgGUID: kTyIiDalRs+xYRGXLFAcxw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.19,251,1754982000"; d="scan'208";a="184276083" From: Zhao Liu To: Paolo Bonzini , Marcelo Tosatti Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Chao Gao , John Allen , Babu Moger , Mathias Krause , Dapeng Mi , Zide Chen , Chenyi Qiang , Xiaoyao Li , Farrah Chen , Zhao Liu , Yang Weijiang Subject: [PATCH v3 11/20] i386/cpu: Enable xsave support for CET states Date: Fri, 24 Oct 2025 14:56:23 +0800 Message-Id: <20251024065632.1448606-12-zhao1.liu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20251024065632.1448606-1-zhao1.liu@intel.com> References: <20251024065632.1448606-1-zhao1.liu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.198.163.9; envelope-from=zhao1.liu@intel.com; helo=mgamail.intel.com X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1761287817124158500 Content-Type: text/plain; charset="utf-8" From: Yang Weijiang Add CET_U/S bits in xstate area and report support in xstate feature mask. MSR_XSS[bit 11] corresponds to CET user mode states. MSR_XSS[bit 12] corresponds to CET supervisor mode states. CET Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT) features are enumerated via CPUID.(EAX=3D07H,ECX=3D0H):ECX[7] and EDX[20] respectively, two features share the same state bits in XSS, so if either of the features is enabled, set CET_U and CET_S bits together. Tested-by: Farrah Chen Signed-off-by: Yang Weijiang Co-developed-by: Chao Gao Signed-off-by: Chao Gao Co-developed-by: Zhao Liu Signed-off-by: Zhao Liu --- Changes Since v2: - Rename XSavesCETU/XSavesCETS to XSaveCETU/XSaveCETS. - Refine the comments. - Drop ".offset =3D 0" and its comment. - Re-describe xstate dependencies via features array. - Drop "cet-u" & "cet-s" enumeration from FEAT_XSAVE_XSS_LO's feat_name array sicne currently xsave doesn't use named features. --- target/i386/cpu.c | 14 ++++++++++++++ target/i386/cpu.h | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index b01729ad36d2..0bb65e8c5321 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -2078,6 +2078,20 @@ ExtSaveArea x86_ext_save_areas[XSAVE_STATE_AREA_COUN= T] =3D { { FEAT_7_0_ECX, CPUID_7_0_ECX_PKU }, }, }, + [XSTATE_CET_U_BIT] =3D { + .size =3D sizeof(XSaveCETU), + .features =3D { + { FEAT_7_0_ECX, CPUID_7_0_ECX_CET_SHSTK }, + { FEAT_7_0_EDX, CPUID_7_0_EDX_CET_IBT }, + }, + }, + [XSTATE_CET_S_BIT] =3D { + .size =3D sizeof(XSaveCETS), + .features =3D { + { FEAT_7_0_ECX, CPUID_7_0_ECX_CET_SHSTK }, + { FEAT_7_0_EDX, CPUID_7_0_EDX_CET_IBT }, + }, + }, [XSTATE_ARCH_LBR_BIT] =3D { .size =3D sizeof(XSaveArchLBR), .features =3D { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 6537affcf067..7584cddb5917 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -589,6 +589,8 @@ typedef enum X86Seg { #define XSTATE_Hi16_ZMM_BIT 7 #define XSTATE_PT_BIT 8 #define XSTATE_PKRU_BIT 9 +#define XSTATE_CET_U_BIT 11 +#define XSTATE_CET_S_BIT 12 #define XSTATE_ARCH_LBR_BIT 15 #define XSTATE_XTILE_CFG_BIT 17 #define XSTATE_XTILE_DATA_BIT 18 @@ -603,6 +605,8 @@ typedef enum X86Seg { #define XSTATE_Hi16_ZMM_MASK (1ULL << XSTATE_Hi16_ZMM_BIT) #define XSTATE_PT_MASK (1ULL << XSTATE_PT_BIT) #define XSTATE_PKRU_MASK (1ULL << XSTATE_PKRU_BIT) +#define XSTATE_CET_U_MASK (1ULL << XSTATE_CET_U_BIT) +#define XSTATE_CET_S_MASK (1ULL << XSTATE_CET_S_BIT) #define XSTATE_ARCH_LBR_MASK (1ULL << XSTATE_ARCH_LBR_BIT) #define XSTATE_XTILE_CFG_MASK (1ULL << XSTATE_XTILE_CFG_BIT) #define XSTATE_XTILE_DATA_MASK (1ULL << XSTATE_XTILE_DATA_BIT) @@ -625,7 +629,8 @@ typedef enum X86Seg { XSTATE_XTILE_CFG_MASK | XSTATE_XTILE_DATA= _MASK) =20 /* CPUID feature bits available in XSS */ -#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK) +#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK | XSTATE_CET_U_MASK = | \ + XSTATE_CET_S_MASK) =20 #define CPUID_XSTATE_MASK (CPUID_XSTATE_XCR0_MASK | CPUID_XSTATE_XSS= _MASK) =20 @@ -904,6 +909,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu= , FeatureWord w); #define CPUID_7_0_ECX_WAITPKG (1U << 5) /* Additional AVX-512 Vector Byte Manipulation Instruction */ #define CPUID_7_0_ECX_AVX512_VBMI2 (1U << 6) +/* Control-flow enforcement technology: shadow stack */ +#define CPUID_7_0_ECX_CET_SHSTK (1U << 7) /* Galois Field New Instructions */ #define CPUID_7_0_ECX_GFNI (1U << 8) /* Vector AES Instructions */ @@ -951,6 +958,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu= , FeatureWord w); #define CPUID_7_0_EDX_TSX_LDTRK (1U << 16) /* Architectural LBRs */ #define CPUID_7_0_EDX_ARCH_LBR (1U << 19) +/* Control-flow enforcement technology: indirect branch tracking */ +#define CPUID_7_0_EDX_CET_IBT (1U << 20) /* AMX_BF16 instruction */ #define CPUID_7_0_EDX_AMX_BF16 (1U << 22) /* AVX512_FP16 instruction */ @@ -1737,6 +1746,19 @@ typedef struct XSavePKRU { uint32_t padding; } XSavePKRU; =20 +/* Ext. save area 11: CET_U state */ +typedef struct XSaveCETU { + uint64_t u_cet; + uint64_t pl3_ssp; +} XSaveCETU; + +/* Ext. save area 12: CET_S state */ +typedef struct XSaveCETS { + uint64_t pl0_ssp; + uint64_t pl1_ssp; + uint64_t pl2_ssp; +} XSaveCETS; + /* Ext. save area 15: Arch LBR state */ typedef struct XSaveArchLBR { uint64_t lbr_ctl; @@ -1764,6 +1786,8 @@ QEMU_BUILD_BUG_ON(sizeof(XSaveOpmask) !=3D 0x40); QEMU_BUILD_BUG_ON(sizeof(XSaveZMM_Hi256) !=3D 0x200); QEMU_BUILD_BUG_ON(sizeof(XSaveHi16_ZMM) !=3D 0x400); QEMU_BUILD_BUG_ON(sizeof(XSavePKRU) !=3D 0x8); +QEMU_BUILD_BUG_ON(sizeof(XSaveCETU) !=3D 0x10); +QEMU_BUILD_BUG_ON(sizeof(XSaveCETS) !=3D 0x18); QEMU_BUILD_BUG_ON(sizeof(XSaveArchLBR) !=3D 0x328); QEMU_BUILD_BUG_ON(sizeof(XSaveXTILECFG) !=3D 0x40); QEMU_BUILD_BUG_ON(sizeof(XSaveXTILEDATA) !=3D 0x2000); --=20 2.34.1