From nobody Thu Nov 20 14:09:54 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1763436084; cv=none; d=zohomail.com; s=zohoarc; b=g2fYr8voinbXz1nGx9KBq4jX8x1CT/+QtiLgpDYGf1ST01AMZ6VnxGU9Ogq7Ptlh6PgMn1jEwiXz3Izsu5cg4d0kU88du4e+yp/mmXo72l81qmml2OLHYd0OHFo3leD0eBAs7Maijw0BxpVePuW1VyBmX1J17c1bXLH7NttbLBI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763436084; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=h2u+WSk22OUTSrQr42COL4cy4Qx9z5pUUBmI9wetwnI=; b=A5kJ544Q/QIwywocXzijfX3tWjYRcNlbx66AHk9Q4pSZhsn8u5hyhkE4y2aMQ3VB7f5vMBF2h4N5B+EB5nHQRcwoLkBQIMDJv8/VY8CgpbYFNJ0ZuKqEz0OioT8YwDLpthSA1LT2rqfwjRO/zBmyf+vxylBhlZ3jt9TGMJmwohk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1763436084759270.8519141167736; Mon, 17 Nov 2025 19:21:24 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vLCHB-0001P8-LC; Mon, 17 Nov 2025 22:21:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vLCH7-0001OM-5D for qemu-devel@nongnu.org; Mon, 17 Nov 2025 22:21:01 -0500 Received: from mgamail.intel.com ([192.198.163.13]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vLCH5-0004Cz-9X for qemu-devel@nongnu.org; Mon, 17 Nov 2025 22:21:00 -0500 Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Nov 2025 19:20:59 -0800 Received: from liuzhao-optiplex-7080.sh.intel.com ([10.239.160.39]) by fmviesa001.fm.intel.com with ESMTP; 17 Nov 2025 19:20:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1763436059; x=1794972059; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NHn+nG8NE3ybLMhwAmk/PNwzcXZNoyi5s9vO5Z2x3JQ=; b=JoUlpIcN5G/VwJsFQXBhlkrHca3ig7JL1Umb2s11ZJaMlMpt+OCCNPwA e+V8Fjdc/xNYn2CYDcH2wKflgN+DlobaTPnOogNpVQQR8B8SeA4Db6k9Q 8S/zOKFF+yDbBK2sFl9S6662wl7ZD46QKaVFXEH6YyjNLYfrScFj+TSfb +akdz9s7s89pP0ZFKTsuOSBr74j/OQWh/VYWZ2gVJFRXphW51UQF9u20v i5e0guVKQ5kmPkxAWx8erkYR+LhdlflHzmCtlfRhTVux+3VQ6bXpXBWEU wWKOjaLKn+QPPZHW1LLUFU/Isha0EkthRmdS1NMDBSbuGV4dFk37pXMi2 g==; X-CSE-ConnectionGUID: T8chlvusT+KYUOpbNjiE+w== X-CSE-MsgGUID: PN2oaqnmSP6iB1zJK9JCEA== X-IronPort-AV: E=McAfee;i="6800,10657,11616"; a="68053849" X-IronPort-AV: E=Sophos;i="6.19,313,1754982000"; d="scan'208";a="68053849" X-CSE-ConnectionGUID: h1k8TwFyQp6SD4kV0kCFIQ== X-CSE-MsgGUID: hiQMhN89QNyYVm2dziwisg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.19,313,1754982000"; d="scan'208";a="221537215" From: Zhao Liu To: Paolo Bonzini , Marcelo Tosatti Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Chao Gao , Xin Li , John Allen , Babu Moger , Mathias Krause , Dapeng Mi , Zide Chen , Xiaoyao Li , Chenyi Qiang , Farrah Chen , Zhao Liu , Yang Weijiang Subject: [PATCH v4 12/23] i386/cpu: Enable xsave support for CET states Date: Tue, 18 Nov 2025 11:42:20 +0800 Message-Id: <20251118034231.704240-13-zhao1.liu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20251118034231.704240-1-zhao1.liu@intel.com> References: <20251118034231.704240-1-zhao1.liu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.198.163.13; envelope-from=zhao1.liu@intel.com; helo=mgamail.intel.com X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1763436087724153000 Content-Type: text/plain; charset="utf-8" From: Yang Weijiang Add CET_U/S bits in xstate area and report support in xstate feature mask. MSR_XSS[bit 11] corresponds to CET user mode states. MSR_XSS[bit 12] corresponds to CET supervisor mode states. CET Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT) features are enumerated via CPUID.(EAX=3D07H,ECX=3D0H):ECX[7] and EDX[20] respectively, two features share the same state bits in XSS, so if either of the features is enabled, set CET_U and CET_S bits together. Tested-by: Farrah Chen Reviewed-by: Xiaoyao Li Signed-off-by: Yang Weijiang Co-developed-by: Chao Gao Signed-off-by: Chao Gao Co-developed-by: Zhao Liu Signed-off-by: Zhao Liu --- Changes Since v2: - Rename XSavesCETU/XSavesCETS to XSaveCETU/XSaveCETS. - Refine the comments. - Drop ".offset =3D 0" and its comment. - Re-describe xstate dependencies via features array. - Drop "cet-u" & "cet-s" enumeration from FEAT_XSAVE_XSS_LO's feat_name array sicne currently xsave doesn't use named features. --- target/i386/cpu.c | 14 ++++++++++++++ target/i386/cpu.h | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index d2a89c03caec..4d29e784061c 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -2078,6 +2078,20 @@ ExtSaveArea x86_ext_save_areas[XSAVE_STATE_AREA_COUN= T] =3D { { FEAT_7_0_ECX, CPUID_7_0_ECX_PKU }, }, }, + [XSTATE_CET_U_BIT] =3D { + .size =3D sizeof(XSaveCETU), + .features =3D { + { FEAT_7_0_ECX, CPUID_7_0_ECX_CET_SHSTK }, + { FEAT_7_0_EDX, CPUID_7_0_EDX_CET_IBT }, + }, + }, + [XSTATE_CET_S_BIT] =3D { + .size =3D sizeof(XSaveCETS), + .features =3D { + { FEAT_7_0_ECX, CPUID_7_0_ECX_CET_SHSTK }, + { FEAT_7_0_EDX, CPUID_7_0_EDX_CET_IBT }, + }, + }, [XSTATE_ARCH_LBR_BIT] =3D { .size =3D sizeof(XSaveArchLBR), .features =3D { diff --git a/target/i386/cpu.h b/target/i386/cpu.h index f065527757c4..bfc38830e29e 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -589,6 +589,8 @@ typedef enum X86Seg { #define XSTATE_Hi16_ZMM_BIT 7 #define XSTATE_PT_BIT 8 #define XSTATE_PKRU_BIT 9 +#define XSTATE_CET_U_BIT 11 +#define XSTATE_CET_S_BIT 12 #define XSTATE_ARCH_LBR_BIT 15 #define XSTATE_XTILE_CFG_BIT 17 #define XSTATE_XTILE_DATA_BIT 18 @@ -603,6 +605,8 @@ typedef enum X86Seg { #define XSTATE_Hi16_ZMM_MASK (1ULL << XSTATE_Hi16_ZMM_BIT) #define XSTATE_PT_MASK (1ULL << XSTATE_PT_BIT) #define XSTATE_PKRU_MASK (1ULL << XSTATE_PKRU_BIT) +#define XSTATE_CET_U_MASK (1ULL << XSTATE_CET_U_BIT) +#define XSTATE_CET_S_MASK (1ULL << XSTATE_CET_S_BIT) #define XSTATE_ARCH_LBR_MASK (1ULL << XSTATE_ARCH_LBR_BIT) #define XSTATE_XTILE_CFG_MASK (1ULL << XSTATE_XTILE_CFG_BIT) #define XSTATE_XTILE_DATA_MASK (1ULL << XSTATE_XTILE_DATA_BIT) @@ -628,7 +632,8 @@ typedef enum X86Seg { XSTATE_XTILE_CFG_MASK | XSTATE_XTILE_DATA= _MASK) =20 /* CPUID feature bits available in XSS */ -#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK) +#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK | XSTATE_CET_U_MASK = | \ + XSTATE_CET_S_MASK) =20 #define CPUID_XSTATE_MASK (CPUID_XSTATE_XCR0_MASK | CPUID_XSTATE_XSS= _MASK) =20 @@ -907,6 +912,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu= , FeatureWord w); #define CPUID_7_0_ECX_WAITPKG (1U << 5) /* Additional AVX-512 Vector Byte Manipulation Instruction */ #define CPUID_7_0_ECX_AVX512_VBMI2 (1U << 6) +/* Control-flow enforcement technology: shadow stack */ +#define CPUID_7_0_ECX_CET_SHSTK (1U << 7) /* Galois Field New Instructions */ #define CPUID_7_0_ECX_GFNI (1U << 8) /* Vector AES Instructions */ @@ -954,6 +961,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu= , FeatureWord w); #define CPUID_7_0_EDX_TSX_LDTRK (1U << 16) /* Architectural LBRs */ #define CPUID_7_0_EDX_ARCH_LBR (1U << 19) +/* Control-flow enforcement technology: indirect branch tracking */ +#define CPUID_7_0_EDX_CET_IBT (1U << 20) /* AMX_BF16 instruction */ #define CPUID_7_0_EDX_AMX_BF16 (1U << 22) /* AVX512_FP16 instruction */ @@ -1740,6 +1749,19 @@ typedef struct XSavePKRU { uint32_t padding; } XSavePKRU; =20 +/* Ext. save area 11: CET_U state */ +typedef struct XSaveCETU { + uint64_t u_cet; + uint64_t pl3_ssp; +} XSaveCETU; + +/* Ext. save area 12: CET_S state */ +typedef struct XSaveCETS { + uint64_t pl0_ssp; + uint64_t pl1_ssp; + uint64_t pl2_ssp; +} XSaveCETS; + /* Ext. save area 15: Arch LBR state */ typedef struct XSaveArchLBR { uint64_t lbr_ctl; @@ -1767,6 +1789,8 @@ QEMU_BUILD_BUG_ON(sizeof(XSaveOpmask) !=3D 0x40); QEMU_BUILD_BUG_ON(sizeof(XSaveZMM_Hi256) !=3D 0x200); QEMU_BUILD_BUG_ON(sizeof(XSaveHi16_ZMM) !=3D 0x400); QEMU_BUILD_BUG_ON(sizeof(XSavePKRU) !=3D 0x8); +QEMU_BUILD_BUG_ON(sizeof(XSaveCETU) !=3D 0x10); +QEMU_BUILD_BUG_ON(sizeof(XSaveCETS) !=3D 0x18); QEMU_BUILD_BUG_ON(sizeof(XSaveArchLBR) !=3D 0x328); QEMU_BUILD_BUG_ON(sizeof(XSaveXTILECFG) !=3D 0x40); QEMU_BUILD_BUG_ON(sizeof(XSaveXTILEDATA) !=3D 0x2000); --=20 2.34.1