From nobody Mon Feb 9 00:54:41 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FA012E847; Mon, 19 Feb 2024 07:47:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708328874; cv=none; b=diZQJPQXTYSZueC2+xJde8vs6+hhpqDD4CTUEzqcZtUa+GSYUW/rppxtA/g+v7t8P0gwqgrH+ADvXVon9xtXZjRhz1LomSq/+OLad7rrYgJHTZVl3a8Vtvu1S0RJxsTduYo9LR8SOwETT+g8Z45H3Db0u5agvNYGVo85wLgGk/4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708328874; c=relaxed/simple; bh=Peu6irBRC3X95i8b8F09rCkxIvnUBqshGjJ19ps9d68=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Aj10AoUQnzy2kLPPux93mw5a5XcWp0uCTjlPE1LdQc5ZGTrpGAlR695gIxxX4scfVj8cnqWSZCeK3u3SyeSKsJjOHw9dCd9Oiv6o7Vdb8CtU9xztCGKKFpQ+Uu9ZzhOZ4jCMhxy4W8AgkRqOSrBkClQVZrOEB44XbBYk30Uwi+E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dy/7D8Uh; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dy/7D8Uh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708328872; x=1739864872; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Peu6irBRC3X95i8b8F09rCkxIvnUBqshGjJ19ps9d68=; b=dy/7D8Uh+STgQ9PC67WLeNO4e1RNquPNQTvkkCLUhIPlOZzjEIKvKNhC cb82MhQvT6Gy9mxxfWZ5/nqeg0shEIQiXIfb/cjgA8N9w2jR3ARTg3z/M ahGXp13HWaBrkgDxLyHZvHAtks4i3j6w0dPuvup3bLEotBLuHap/eHuRh STEFdRLluicfceU+oQSVBU3/d+KIWazYMXeJvHdbD5gQGkBFwaNYptlnX OtvEbAVSIiFjhaftRL8sfA6bmqdsb1gUMW9KiVq92wy7alFs94Jr9U53h yeaKOKPG1pjIBUOTUmsnVlt/WL9C7Ql+ZY29u0EBF+0Kvfi6l1vySpqtE Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10988"; a="2535089" X-IronPort-AV: E=Sophos;i="6.06,170,1705392000"; d="scan'208";a="2535089" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2024 23:47:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10988"; a="826966095" X-IronPort-AV: E=Sophos;i="6.06,170,1705392000"; d="scan'208";a="826966095" Received: from jf.jf.intel.com (HELO jf.intel.com) ([10.165.9.183]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2024 23:47:43 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com, Zhang Yi Z Subject: [PATCH v10 13/27] KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS Date: Sun, 18 Feb 2024 23:47:19 -0800 Message-ID: <20240219074733.122080-14-weijiang.yang@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240219074733.122080-1-weijiang.yang@intel.com> References: <20240219074733.122080-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Update CPUID.(EAX=3D0DH,ECX=3D1).EBX to reflect current required xstate size due to XSS MSR modification. CPUID(EAX=3D0DH,ECX=3D1).EBX reports the required storage size of all enabl= ed xstate features in (XCR0 | IA32_XSS). The CPUID value can be used by guest before allocate sufficient xsave buffer. Note, KVM does not yet support any XSS based features, i.e. supported_xss is guaranteed to be zero at this time. Opportunistically modify XSS write access logic as: If XSAVES is not enabled in the guest CPUID, forbid setting IA32_XSS msr to anything but 0, even if the write is host initiated. Suggested-by: Sean Christopherson Co-developed-by: Zhang Yi Z Signed-off-by: Zhang Yi Z Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky Reviewed-by: Chao Gao --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/cpuid.c | 15 ++++++++++++++- arch/x86/kvm/x86.c | 13 ++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index f95e93975242..79f7c18c487b 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -773,7 +773,6 @@ struct kvm_vcpu_arch { bool at_instruction_boundary; bool tpr_access_reporting; bool xfd_no_write_intercept; - u64 ia32_xss; u64 microcode_version; u64 arch_capabilities; u64 perf_capabilities; @@ -829,6 +828,8 @@ struct kvm_vcpu_arch { =20 u64 xcr0; u64 guest_supported_xcr0; + u64 guest_supported_xss; + u64 ia32_xss; =20 struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 39529e14ae59..2bb1931103ad 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -275,7 +275,8 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu = *vcpu, struct kvm_cpuid_e best =3D cpuid_entry2_find(entries, nent, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) - best->ebx =3D xstate_required_size(vcpu->arch.xcr0, true); + best->ebx =3D xstate_required_size(vcpu->arch.xcr0 | + vcpu->arch.ia32_xss, true); =20 best =3D __kvm_find_kvm_cpuid_features(vcpu, entries, nent); if (kvm_hlt_in_guest(vcpu->kvm) && best && @@ -312,6 +313,17 @@ static u64 vcpu_get_supported_xcr0(struct kvm_vcpu *vc= pu) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } =20 +static u64 vcpu_get_supported_xss(struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid_entry2 *best; + + best =3D kvm_find_cpuid_entry_index(vcpu, 0xd, 1); + if (!best) + return 0; + + return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss; +} + static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nen= t) { #ifdef CONFIG_KVM_HYPERV @@ -362,6 +374,7 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *v= cpu) } =20 vcpu->arch.guest_supported_xcr0 =3D vcpu_get_supported_xcr0(vcpu); + vcpu->arch.guest_supported_xss =3D vcpu_get_supported_xss(vcpu); =20 kvm_update_pv_runtime(vcpu); =20 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9eb5c8dbd4fb..b502d68a2576 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3926,16 +3926,23 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) } break; case MSR_IA32_XSS: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) + /* + * If KVM reported support of XSS MSR, even guest CPUID doesn't + * support XSAVES, still allow userspace to set default value(0) + * to this MSR. + */ + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES) && + !(msr_info->host_initiated && data =3D=3D 0)) return 1; /* * KVM supports exposing PT to the guest, but does not support * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than * XSAVES/XRSTORS to save/restore PT MSRs. */ - if (data & ~kvm_caps.supported_xss) + if (data & ~vcpu->arch.guest_supported_xss) return 1; + if (vcpu->arch.ia32_xss =3D=3D data) + break; vcpu->arch.ia32_xss =3D data; kvm_update_cpuid_runtime(vcpu); break; --=20 2.43.0