From nobody Wed Feb 11 06:54:09 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F365C77B7F for ; Wed, 3 May 2023 16:08:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230256AbjECQIu (ORCPT ); Wed, 3 May 2023 12:08:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230349AbjECQIp (ORCPT ); Wed, 3 May 2023 12:08:45 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20D2D5BAE for ; Wed, 3 May 2023 09:08:44 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-559c416b024so57322837b3.1 for ; Wed, 03 May 2023 09:08:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683130123; x=1685722123; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=D/GzhD/DCduvp6JChcNXJ0v97/LpisAJTKI+lJVJGfk=; b=YfaFbAD8Vw1BXUf9Sq2ANnubH3wUeOjR3KQ69e/KJCC9TsYugMwRz2CQvYgUdfMyZj k2zD1k567dS6+uXkgAhDZW2sfbq4uCAsN2LaIKNadVZveDufFFximiEmFVRC4/M0vsEI VZnSCU4xI5Uc4Xg22qwugM912YezY1N424qRMInuF1UcykT9FRFkMvGsQkT/cqGTV39o 1nUl6JWRXBknktDgVErj5H42941mdgLGoa86Gp5JNKqSnjWcDcV6oRvuI6gC4Exh8m28 3Hlb+b6iuFL+hY4s/6WaIwNRsPMLKqgWCtJPKB2yMOaJqsShmk+pxBL87yjphAFJh1bh 43og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683130123; x=1685722123; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D/GzhD/DCduvp6JChcNXJ0v97/LpisAJTKI+lJVJGfk=; b=gOTPa8loyROhSFTm7tKYYjAexmXWazK4yEPZZLy2oX+KiLpHpv4G5QnWgol9C6a5yi QY8Hj0c8v2VjixsPulhRFpAyzIvAntgldJq65ZWnsvfLvn63ykqOnHkGPHaEVPJk7NQD gKFHVE1v9ylLE/D9q3R7kHL35STVKHQl89yqHrARwJDEm3T5D4hlfCjCXF4L86orwIoR KkzSo3Rmr2Da6BP8DtmhRCKJKclDdjrWYCzhTIMqzig7fc4PjgTQQ3dg3VdPEtBMhWcB wxcQA+GIwjuGP3M3NBgejn9qqNlzi9p3rjcMpAGDeCwLlmq3BDCuZZekLQRknb+ewsym whHw== X-Gm-Message-State: AC+VfDwpCwbaHxwOYcnaneO71B6pxogayH4lmu3nDo8IWyC7rFd2N7/J AWHKp4GImm/ZfQzzhZDdb9wzyS0CzF8= X-Google-Smtp-Source: ACHHUZ6MnRQ4VM70VGzJKrPmrNjHR+wgpUgK/FCrPhEo502lzVIcBmymGkZiX3c1etNk8K8GocuLAXWtNI0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:690c:72c:b0:52e:e095:d840 with SMTP id bt12-20020a05690c072c00b0052ee095d840mr13426066ywb.0.1683130123340; Wed, 03 May 2023 09:08:43 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 3 May 2023 09:08:36 -0700 In-Reply-To: <20230503160838.3412617-1-seanjc@google.com> Mime-Version: 1.0 References: <20230503160838.3412617-1-seanjc@google.com> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog Message-ID: <20230503160838.3412617-2-seanjc@google.com> Subject: [PATCH v2 1/3] KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Kai Huang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly check the vCPU's supported XCR0 when determining whether or not the XFRM for ECREATE is valid. Checking CPUID works because KVM updates guest CPUID.0x12.1 to restrict the leaf to a subset of the guest's allowed XCR0, but that is rather subtle and KVM should not modify guest CPUID except for modeling true runtime behavior (allowed XFRM is most definitely not "runtime" behavior). Reviewed-by: Kai Huang Tested-by: Kai Huang Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/sgx.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c index 0574030b071f..2261b684a7d4 100644 --- a/arch/x86/kvm/vmx/sgx.c +++ b/arch/x86/kvm/vmx/sgx.c @@ -170,12 +170,19 @@ static int __handle_encls_ecreate(struct kvm_vcpu *vc= pu, return 1; } =20 - /* Enforce CPUID restrictions on MISCSELECT, ATTRIBUTES and XFRM. */ + /* + * Enforce CPUID restrictions on MISCSELECT, ATTRIBUTES and XFRM. Note + * that the allowed XFRM (XFeature Request Mask) isn't strictly bound + * by the supported XCR0. FP+SSE *must* be set in XFRM, even if XSAVE + * is unsupported, i.e. even if XCR0 itself is completely unsupported. + */ if ((u32)miscselect & ~sgx_12_0->ebx || (u32)attributes & ~sgx_12_1->eax || (u32)(attributes >> 32) & ~sgx_12_1->ebx || (u32)xfrm & ~sgx_12_1->ecx || - (u32)(xfrm >> 32) & ~sgx_12_1->edx) { + (u32)(xfrm >> 32) & ~sgx_12_1->edx || + xfrm & ~(vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FPSSE) || + (xfrm & XFEATURE_MASK_FPSSE) !=3D XFEATURE_MASK_FPSSE) { kvm_inject_gp(vcpu, 0); return 1; } --=20 2.40.1.495.gc816e09b53d-goog From nobody Wed Feb 11 06:54:09 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C5DAC77B78 for ; Wed, 3 May 2023 16:08:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230431AbjECQIy (ORCPT ); Wed, 3 May 2023 12:08:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230332AbjECQIr (ORCPT ); Wed, 3 May 2023 12:08:47 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8A995FD9 for ; Wed, 3 May 2023 09:08:45 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-24e1e19f63fso1586562a91.0 for ; Wed, 03 May 2023 09:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683130125; x=1685722125; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=F144eoCeyA3mGp/9QFbuPwEidkOEdjSbu5w6lAyh6tg=; b=bzRemaUOhe4C2ko7GCOlJLuq4pAEvX1VHd29wjyOtd4yYZaBvIwoy/d+o1waEdMyJj BCgAibDdiUHQbECs2na1CLXIDKB8pKhbMPaifjHkxl7PwyoJCRUPb+XXAXe1VpCyvZzF 7IACK9zyJZOsu5REQr/z65uvP+RIC6+GaVIzmT33T0r6LS6sCDP1yzEacksdwPT0L582 KR3RWa86mAFLWYWQeAI8NOF/HxqdxLv82FA5TYSmGjd3xBpRz6FZPe4oVDKGDUeRjbfj YXPEkHv31IlyuPYpResgGE3Yqrn4AenSHyAqfRwZVDh+C/2NM49WlnJ0lIhaxEhlK6ap lcvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683130125; x=1685722125; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=F144eoCeyA3mGp/9QFbuPwEidkOEdjSbu5w6lAyh6tg=; b=h5eSpl1yVKaCuaMWK9jndyu7d1CNiUtxBYvncQUnSHxWDKB2MfU8Ig5YeWr1zqja3Z ydydqlY+czEaYQb5hlbeyPqUSnj82eNYgUGB/vMwU50WQqhAmPoEM6a3nTt+Rga4a87P LK2/k7Qj56YFKDWeYio5WLFXAMEzoOK2PjHt+FaOvOleWmLwcTQ8HC4M3jITfq0E+FG1 SZjqXKfec1gqSWaQhQ83Qgt/wxdly3lLoGR1b0VXQAPRmlqbYqdpxKeRePl95g1SIAS0 rF0maaSAy4bsjP7fSNkHFFdAWMtFxjZnOx6yvLoSBQrAa7vFl+0+1B7u5JtQhV2qUb29 bLrg== X-Gm-Message-State: AC+VfDx25G+LZtMbibi64orZfrsomtfxIhBhN95lKMSKHKKVXR8x+eBz 323GLySqWfb6mKeAJui4dTOwSqdSfis= X-Google-Smtp-Source: ACHHUZ6MHMBXR1R7NPeyJnsAeK9YlOAQkFyod6bpbvy1HtIkhwmS+KE19Sd2GwwHAaNjKX7GnvENM5ocE3c= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:b616:b0:1a9:baa9:e573 with SMTP id b22-20020a170902b61600b001a9baa9e573mr178574pls.5.1683130125382; Wed, 03 May 2023 09:08:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 3 May 2023 09:08:37 -0700 In-Reply-To: <20230503160838.3412617-1-seanjc@google.com> Mime-Version: 1.0 References: <20230503160838.3412617-1-seanjc@google.com> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog Message-ID: <20230503160838.3412617-3-seanjc@google.com> Subject: [PATCH v2 2/3] KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM) From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Kai Huang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop KVM's manipulation of guest's CPUID.0x12.1 ECX and EDX, i.e. the allowed XFRM of SGX enclaves, now that KVM explicitly checks the guest's allowed XCR0 when emulating ECREATE. Note, this could theoretically break a setup where userspace advertises a "bad" XFRM and relies on KVM to provide a sane CPUID model, but QEMU is the only known user of KVM SGX, and QEMU explicitly sets the SGX CPUID XFRM subleaf based on the guest's XCR0. Reviewed-by: Kai Huang Tested-by: Kai Huang Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 123bf8b97a4b..0c9660a07b23 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -253,7 +253,6 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu = *vcpu, struct kvm_cpuid_e int nent) { struct kvm_cpuid_entry2 *best; - u64 guest_supported_xcr0 =3D cpuid_get_supported_xcr0(entries, nent); =20 best =3D cpuid_entry2_find(entries, nent, 1, KVM_CPUID_INDEX_NOT_SIGNIFIC= ANT); if (best) { @@ -292,21 +291,6 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu= *vcpu, struct kvm_cpuid_e vcpu->arch.ia32_misc_enable_msr & MSR_IA32_MISC_ENABLE_MWAIT); } - - /* - * Bits 127:0 of the allowed SECS.ATTRIBUTES (CPUID.0x12.0x1) enumerate - * the supported XSAVE Feature Request Mask (XFRM), i.e. the enclave's - * requested XCR0 value. The enclave's XFRM must be a subset of XCRO - * at the time of EENTER, thus adjust the allowed XFRM by the guest's - * supported XCR0. Similar to XCR0 handling, FP and SSE are forced to - * '1' even on CPUs that don't support XSAVE. - */ - best =3D cpuid_entry2_find(entries, nent, 0x12, 0x1); - if (best) { - best->ecx &=3D guest_supported_xcr0 & 0xffffffff; - best->edx &=3D guest_supported_xcr0 >> 32; - best->ecx |=3D XFEATURE_MASK_FPSSE; - } } =20 void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) --=20 2.40.1.495.gc816e09b53d-goog From nobody Wed Feb 11 06:54:09 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F4F0C77B7F for ; Wed, 3 May 2023 16:09:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230472AbjECQI6 (ORCPT ); Wed, 3 May 2023 12:08:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230425AbjECQIu (ORCPT ); Wed, 3 May 2023 12:08:50 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31A497282 for ; Wed, 3 May 2023 09:08:48 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-b9a7553f95dso10691475276.2 for ; Wed, 03 May 2023 09:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683130127; x=1685722127; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=UpESMHY3dXiGunARd4Ma9HdMNvInCBKyCNCSaFRW6Ms=; b=wWTeQSe9JCCJ9pUvrrbudQKOTYO/i38kVcvsNhjPCCSRQyOR13ZqBKkCsMKvJO8ipA AUAokED4NY2vc/H9pYe41Pg+X5hIPEcIQpIJWr5NnqmigGPerJ3MtUKWbPYztN+VUJrr mnJUA/qxNDAR0r0LekD481sPNikHnSVY+cqmYJvxgd6hKMwNbcrUoOTlCKNA6uNMWSbE Q0BCvmEIiP24OXh3p2PhMIKcMV4Y4BqTZdm9ZSzMqEMhkrrlKNqVwXQ+sHqtsetsvlRc TZQdxlteiV2+NmkMidg9DbvStomj13XW9N1RgcA+4728Emo1iRtpcSbPxqfI6jxMZRnW JSqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683130127; x=1685722127; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UpESMHY3dXiGunARd4Ma9HdMNvInCBKyCNCSaFRW6Ms=; b=cqcjSbELncpiC1u/ZV33xDwzZRqeNWRe2/14+O23Dw0G1Rg3/fQ1jm9qrMTjpnD3O4 LogGdVLztOEOu6g4jCeEwJlmEAZE3FXsWt52otlzcMMwBDs86VotjgwtHc04mjZbqIgy oUCfN+T+ITQqm6S2Qy3RtaV5Rj2KLz46K1y4p1LS3o4IwyHXBJtYhuJEsp4wRQXPyVRg vDzBr2EyTOLBLuXqEAoHx0TFgqjKw3K0xi1QPqZ5fM+zh8IgBCWeM6/t4HsEkRPkgxgb h1QqLQgSL4Iwr2rPunwkILhQN0wZxQ2D59nuQHf6Cx9E6j7vHrr7baKWosk0ulcl3BpR pPIQ== X-Gm-Message-State: AC+VfDwqigYrvHnAcqF4h514RWrSK2t8y+2grprWAaFnCgW/GTil1Esi WMRRVaBQp2O2oyWZZjAb1NKmd5lxRJk= X-Google-Smtp-Source: ACHHUZ7j5zBqK9ftbtMARRCXZsD6o77fHe+mRNhKP0knX56m2HlOhQ0cuPXd09xE5zp2sQBZS4Mv7o9IH9U= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:5e03:0:b0:b9e:91e0:ea0a with SMTP id s3-20020a255e03000000b00b9e91e0ea0amr2705234ybb.13.1683130127369; Wed, 03 May 2023 09:08:47 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 3 May 2023 09:08:38 -0700 In-Reply-To: <20230503160838.3412617-1-seanjc@google.com> Mime-Version: 1.0 References: <20230503160838.3412617-1-seanjc@google.com> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog Message-ID: <20230503160838.3412617-4-seanjc@google.com> Subject: [PATCH v2 3/3] KVM: x86: Open code supported XCR0 calculation in kvm_vcpu_after_set_cpuid() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Kai Huang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop cpuid_get_supported_xcr0() now that its bastardized usage in __kvm_update_cpuid_runtime() is gone, and open code the logic in its sole caller, kvm_vcpu_after_set_cpuid(). No functional change intended. Reviewed-by: Kai Huang Tested-by: Kai Huang Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0c9660a07b23..491c88e196c1 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -234,21 +234,6 @@ void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) vcpu->arch.pv_cpuid.features =3D best->eax; } =20 -/* - * Calculate guest's supported XCR0 taking into account guest CPUID data a= nd - * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). - */ -static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int = nent) -{ - struct kvm_cpuid_entry2 *best; - - best =3D cpuid_entry2_find(entries, nent, 0xd, 0); - if (!best) - return 0; - - return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; -} - static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_c= puid_entry2 *entries, int nent) { @@ -323,8 +308,16 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *= vcpu) kvm_apic_set_version(vcpu); } =20 - vcpu->arch.guest_supported_xcr0 =3D - cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent= ); + /* + * Calculate guest's supported XCR0 taking into account guest CPUID data = and + * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). + */ + best =3D kvm_find_cpuid_entry_index(vcpu, 0xd, 0); + if (!best) + vcpu->arch.guest_supported_xcr0 =3D 0; + else + vcpu->arch.guest_supported_xcr0 =3D (best->eax | ((u64)best->edx << 32))= & + kvm_caps.supported_xcr0; =20 /* * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if --=20 2.40.1.495.gc816e09b53d-goog