From nobody Sun Oct 5 07:23:47 2025 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2069.outbound.protection.outlook.com [40.107.223.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 130B921ABD5; Wed, 6 Aug 2025 20:46:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513169; cv=fail; b=GttRI4X4lYPgzVAgiJc2Adci6nCSgT13Nl24QgoBaDhLEscGlo3btscZA3vNbKkgdNdWrbTEE2VgicdxtDtK4YnAKW30bgdIM8auBPqhhhbbtEhhZDwke6i7KsH49VIbuvKIh6t/9mlj+tWXKftXROwaSOZePhlUvdeIyvNi7i4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513169; c=relaxed/simple; bh=EYClAOL4kI24UktTucOTF1782t2w7bayQbEbslm7nqs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XbZmM0WGj5QmuIFNDHgMlKvopMQ0hyAMCx7ktnyj/HEistoRekoGRZoOPEmRkihXhr7S6Xi0/EiFiMSoXsMpVeR8EuWvhQ5+g5CqlT3lvVNmTjAeOqhwNMZSpKztPd9HqNsgvUXI3Zff9ie4duEQhYMHkf1UMJEwA5FDlBecCcQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=TRnX/ow0; arc=fail smtp.client-ip=40.107.223.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="TRnX/ow0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Smqb++ZlRv5KhxV92i633c61v5S2U3F1y57EoyJCLmg34J2/wugDSZNiiSHuVhm0OOdtcuRsaKRaMqVNOiH+4mck8WvnQw2xZy4u/wjA1rB3b+7dks1tEmvdbPHRALQbeB99Hn3p4mXD06RPu0+XGd0r/QGAbSA4nn7rgVh3hErT8+NpH2gc49sim/0CczXE504S9hnxqF6F9WI2j4yjMqhK9OdTWzppNLJ0vP9x9PTElAXg32lxB0PhOYVGVCGFJjZG4z00hBjmE5xWlvqxRh73DSLbQ8JvnfyDMzwO/kbzwg8H64ulJ7i0CaUhxYZ5dsQaiFwTJU/ZipYL4SvZTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zk2130jr41F9qoY4RJJJLTvQ/G+SuFnWzrbGr6GK+uc=; b=t7S9UfygS0JdRPXGsPgNNcqUtzJgjsCWluja1ePB8mFiv0H1hUuszFxi0jjh3GDvwLeRSkpuZHTKYyttUi9V8FaDbuCtCwDlNscm3AG7iyL6HIEBaCPI0uwYZOMzHuEwZ7XZ/eGKbT/M5tOZeu9s/dUngmqe12M87rypkOMM8JApBPkh8fyUj2SUrpSDIv17AlIZf0Bp+ZXAeAWS+7CLxkFVnbI0qe15kQHqfNDr844cYuYGB8glTYaVscpbppr9dKjaIX8I4TUexTn0GRpp9cHIi77Zn+ow/9IEWLS1xKsKOSYdtn8UQpYe7vMooswLiDcSQf7yJVst37xWekLDzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zk2130jr41F9qoY4RJJJLTvQ/G+SuFnWzrbGr6GK+uc=; b=TRnX/ow0g//0RifBa9LkOlMdLp7BNzE31eviJOaCk+4+as0XY7XalnLjgFgqBmazT2xWaRbiHUohcL6QqfsE5jXoQpAjciRpnOa4GDKqA3DwBi3lAapj4JDsO0YP9MSVjITQs2yD40jTCIpzEicS2yzgqJMkLkXXH1pbVd4F0FI= Received: from MN0PR05CA0014.namprd05.prod.outlook.com (2603:10b6:208:52c::25) by DM4PR12MB6183.namprd12.prod.outlook.com (2603:10b6:8:a7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.14; Wed, 6 Aug 2025 20:46:01 +0000 Received: from MN1PEPF0000F0E1.namprd04.prod.outlook.com (2603:10b6:208:52c:cafe::8b) by MN0PR05CA0014.outlook.office365.com (2603:10b6:208:52c::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.6 via Frontend Transport; Wed, 6 Aug 2025 20:46:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MN1PEPF0000F0E1.mail.protection.outlook.com (10.167.242.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9009.8 via Frontend Transport; Wed, 6 Aug 2025 20:46:01 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 6 Aug 2025 15:46:00 -0500 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v3 1/5] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Wed, 6 Aug 2025 20:45:06 +0000 Message-ID: <20250806204510.59083-2-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250806204510.59083-1-john.allen@amd.com> References: <20250806204510.59083-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E1:EE_|DM4PR12MB6183:EE_ X-MS-Office365-Filtering-Correlation-Id: d87ed269-e8a6-46af-46d8-08ddd52a4119 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?2q6JXQGqQ83cn8ngqxbAJaGF5DX/gw0QiESEFiTUruf4O+4uUne0MrnSV9E5?= =?us-ascii?Q?Z+1/1NIsTg4YOqIKmIWfVXu7a7Mzh24dAjcTXyecRfIlz1MwtDIx4CFOr54i?= =?us-ascii?Q?2STn9NgpqoR/3wWZqI/3E1PGkhIiPoeVJWY19ZNfWL1wJr4vyYXCE0sa8bK8?= =?us-ascii?Q?x3ilcfDPajvcuCumncu0WmbpTWdBxo+HVZMxI1XU6eNQSG6IDgvL2vpJLAPJ?= =?us-ascii?Q?IOibXDylES67aezetdzdXR3jf6LoSk0htoQbTDU973Wgms6/LpBlEbGHB8I6?= =?us-ascii?Q?JrR6l0xIOK83J/YDQ6OEBgwOs09Vs5w7RzvGTHF0WsbDe88mz+t3E6dWE+4p?= =?us-ascii?Q?BM+FEWr88HQa1/7oazaHgXlbh8itomcmdIf+5GwO8E6Gx8gokkxg7haBO3Bh?= =?us-ascii?Q?D83prlhXQCuZGP34KrjltaT89dbyeq3jsVOSDpPmvkVL99Yc+qip4TtPtt4x?= =?us-ascii?Q?sv99DSz1busaaL1V0RsTUuftz3TNvJQRISWWQN1o9AGsIaJuJ3BveI3arIAa?= =?us-ascii?Q?aPpLIQgL6nWXq/8odo8OeXPKHoY8+vJlyCJSyuGQdCuZlWy7aH3q6Iz4qTcB?= =?us-ascii?Q?iY1ZJIPNk/YyB2F2ZxYY7E0Dy7PZAyjhZJIRTlj9lhVuemdS/VT3QC8TisPa?= =?us-ascii?Q?rw5MsfW6XZtJ3gKfokkZCarpfYzI9zaGi8bh+eKsC0Y5E9f+MZMots7BCGS1?= =?us-ascii?Q?sP44+tBiAH765F73sO3wJ09xQq+RLh9TG4lqTfAm1SgBacMmFm+Le5ZsFU9S?= =?us-ascii?Q?fdbRVChl3KMEcg3qPnkecM9ywZoWvKIn/0c3kkn0wtdR6oqpmV94jps3DTcz?= =?us-ascii?Q?SWvfkit2Y3qwYn9/HTzo42h/h4076PgRyNx0964dazRIMPVXS7KqpR8bddlG?= =?us-ascii?Q?n2UEcr1ad1R+/4IbACk3eoWMO94TdWhUg/T8P4Nl8w4eCOZboAEWnGU4o9wJ?= =?us-ascii?Q?/as5HdJBIG6sb1dKyFqLFsQGweoZnfjV3j2OQIB9vEnr8soCMFL7fiiOE5af?= =?us-ascii?Q?/OjcCnF55A6chSACQaF47gXqD3IwEscfRLiL+h9sLqsGh4Z0qaHn7nOT+Rtm?= =?us-ascii?Q?Ga6twbry9A8DMOh7z6FSy7jA50tY8uiNoxmYMigGNaMT5T9cro72aWrZhGIh?= =?us-ascii?Q?yjuC6/YuCufULtsqqNovqs09vNKkYqkjz0QWOLzyqgjsXBazwRE5YZFou5fi?= =?us-ascii?Q?8NtXkbBMzpUZNapZsWibL73GQ1iT2FfI0gepulVfS26T/lI5sABEgcAkmPZ0?= =?us-ascii?Q?41PSdKhMAC+XUrbnSc6tRp5Z4oyiFJmvAkS40uwGrnJOS/pdWMB5FYVDk7ou?= =?us-ascii?Q?HQtAH4Nrrzb/qKZQS6YGjQNNcd4f4O4W/7zdHxkrcF6g18RgBYZwyCidh+DH?= =?us-ascii?Q?lRql+fSnELfFE7FHip/I0msLKEXzKsIMjyam4LRu6Qj6S7lbvmGSpcczLp3Y?= =?us-ascii?Q?J/56Q0OJqj4dePVuZgMmiZlB3vHI/lsBnMfRd2dA4G8Jv+VMuzL5MQakBvhz?= =?us-ascii?Q?OTzvefO1vKHw3xg9ET2IEphBNaIjHjZYcD15?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2025 20:46:01.3550 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d87ed269-e8a6-46af-46d8-08ddd52a4119 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0E1.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6183 Content-Type: text/plain; charset="utf-8" Set up interception of shadow stack MSRs. In the event that shadow stack is unsupported on the host or the MSRs are otherwise inaccessible, the interception code will return an error. In certain circumstances such as host initiated MSR reads or writes, the interception code will get or set the requested MSR value. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6375695ce285..d4e27e70b926 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2776,6 +2776,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) if (guest_cpuid_is_intel_compatible(vcpu)) msr_info->data |=3D (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data =3D svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data =3D svm->vmcb->save.isst_addr; + break; + case MSR_KVM_INTERNAL_GUEST_SSP: + msr_info->data =3D svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data =3D svm->tsc_aux; break; @@ -3008,6 +3017,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp =3D (u32)data; svm->sysenter_esp_hi =3D guest_cpuid_is_intel_compatible(vcpu) ? (data >= > 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet =3D data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr =3D data; + break; + case MSR_KVM_INTERNAL_GUEST_SSP: + svm->vmcb->save.ssp =3D data; + break; case MSR_TSC_AUX: /* * TSC_AUX is always virtualized for SEV-ES guests when the --=20 2.34.1 From nobody Sun Oct 5 07:23:47 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2063.outbound.protection.outlook.com [40.107.96.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F3F91FDA7B; Wed, 6 Aug 2025 20:46:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513173; cv=fail; b=Zf0pNCw/ZweKSngMqIQ7gaUBW15eFGiKnxlBVk6dT63zB9wYSumstVtflnlOM+BddO9OmzLKO/GVFHf/m9Ux9P3xhWZ68EX6Z/0Y8b5sfGEJyHNVIsnzWcAzx5Rf/qr6h6pperTLuqNPWr1wV32azP4y8UCztUUL4Rln5GZ3Tgk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513173; c=relaxed/simple; bh=BK5znaHJEe0uRckoX4IwW+44IjiW2FlqfnX1sT4RHPU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aJrPitv+3sghkR4QcV3n5xPwLILyn/LDeQPUx3TU5ME1ijcDbe0KcJHmSM6Urx6PCw4fy9BpbbS1Z5R2kphwCDI0Usv/aJQq8rbh6BCL4p7Yu+LwfxwHTZ479zDA/TsPnm2P7SMxcfl/dyAXu3TDLssMsk8EU/JnnlpNDj5415k= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=oUw7BRl3; arc=fail smtp.client-ip=40.107.96.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="oUw7BRl3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=O05rtY/Q9HqUGaiZ45FRfWn1IglludIq4J3lb+6iKkSG6na/g0EB4fDRt4JAazdAMHpmnOUSKF3iXW/vH2Cu5hn5Hm6DFYp66NVgdmR/FHNYqGmIoHSZ+yFjx9Mb+8e0F9PxL19rs8+2W0r87RGZoaFbu05/jbcoKWNe+aWi05ojQTrevla+BbDOeu2l7XOfTwb9E8KSyw4BNp/WAG/Nx6Q9E9ZGwlqSecemJ+/aXjErQBQDHpsultNeiQG5e4kgFP4gNe8w7VY4K2qKSpsiFGby5EHYG5sD4ozV8eBgqx6GPbMDEM2WQJXV71JztumrgnybDIpE/0XME0zVlMSCrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8SM3zcavWSEJZ11kwd593RwLh0vIJmdTs6cct+a9G1c=; b=DtUtjyw6Z8pZCwZBGikQWV3OkFZWiJpBOYImvWIRP9XeJ1bu2LFVIcbTUVS/nwEk/C9h+8U0+TNYGac0QcyEiO9ptXsTetDaKlv5kF0qy6qKC5auJedRW8jwvZOzCVzNvmi4aCk8sTV5fd2e44GMFz6TpuzMtt/AwHN2LlZfa1gUQdWW3TETUMu6nZQClXQo2NUN7l/1rr6k48P88GzSoxE66xcD4TAEQAzmZc1K3P3hcClsKmdIcpiSFjsj70n2IZlw5H5cnaOx/xQrodSBz1V1BDWMmGXdrKKqUEPjGviMSC2l5tCPkQAEcxnpIuUvCedzpA04HJoGbuhg8AtxUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8SM3zcavWSEJZ11kwd593RwLh0vIJmdTs6cct+a9G1c=; b=oUw7BRl34a+sTEcG5dJuHI6bF+AXNIVZcfqhD0Lg1U1PFDslQfP3004MWUafsD5jt1rmn8YEOddWDstK1sHgs7yAkvGeCU5lgyh313aWlt4v8flEzRIfwdBsozxotKgBRP3pzFxy1R7tHvESEkPSeU/lmEpiW2L7Pm/99IAJtvg= Received: from MN0PR05CA0022.namprd05.prod.outlook.com (2603:10b6:208:52c::22) by CYYPR12MB8891.namprd12.prod.outlook.com (2603:10b6:930:c0::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8989.18; Wed, 6 Aug 2025 20:46:10 +0000 Received: from MN1PEPF0000F0E1.namprd04.prod.outlook.com (2603:10b6:208:52c:cafe::15) by MN0PR05CA0022.outlook.office365.com (2603:10b6:208:52c::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.5 via Frontend Transport; Wed, 6 Aug 2025 20:46:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MN1PEPF0000F0E1.mail.protection.outlook.com (10.167.242.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9009.8 via Frontend Transport; Wed, 6 Aug 2025 20:46:09 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 6 Aug 2025 15:46:07 -0500 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v3 2/5] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Wed, 6 Aug 2025 20:45:07 +0000 Message-ID: <20250806204510.59083-3-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250806204510.59083-1-john.allen@amd.com> References: <20250806204510.59083-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E1:EE_|CYYPR12MB8891:EE_ X-MS-Office365-Filtering-Correlation-Id: 34f23a2d-edd3-48d8-abcf-08ddd52a460c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Q25agQ6Xc7n99Jp/C0xMGOGmsZZ/XJmsJHmaMDQ6zpl/2S0KfjZLmtsN73RU?= =?us-ascii?Q?B1E1ag+21mwbYSk8UxjVuR+V83p8YPZMxJDjLrOFLIEqxrCJjHKCCO3CRaz+?= =?us-ascii?Q?CNGapRZKH08G+Nwbqei0of7ywvfZoI0SNAHcd3ENtExxdMZ+XqqsUHwnFK/G?= =?us-ascii?Q?bfdqssEcH5Pw3EWKmPM4Ld+u2AJp6BIzdFEhKn5Bb85dhcmB0r7W1xIPPHQv?= =?us-ascii?Q?Frshpr56xNWcf/GRfH33zq05XUH8NesACLNkrU6g2+weK2re03oZgNrgIMVt?= =?us-ascii?Q?DdbzM1OXf1RzPx/bna+jE+ZbsO/pOySsrDFEBQxkJeqgwO0BGHNp02uZpTbu?= =?us-ascii?Q?DW/XKwmqNk3v0jYC27fijqNjBEzBjp8OLeIqGQtAIt+L7GH0pRGmCIU0IVjx?= =?us-ascii?Q?ZljWt90JKURwUijCoTzez2+P5vkN2FwtStJQuTUI+R70ahE6aZd215MEvTqd?= =?us-ascii?Q?SqCsQhsmJ+BJ4w8eitmXIBwehm0DleNVhJ9lI9whaAO0c+AjS2tzgvoSk8b8?= =?us-ascii?Q?/qXt8nTzsasau12s39d3gbxmEM9f/0FhYMPA7qehfatbZVi0Hif0Qk4MktDm?= =?us-ascii?Q?pMALuoDKJt4yGOlfAQMVM3qWDprwO9wcfic5qW2qaAYqdI2tv860GuHXSSDA?= =?us-ascii?Q?4TnAFm0aR4Vn8pSbR3rviaFkFP8rk0Rgqzhd5JF1upTGtweuFSIT3UYf7eHy?= =?us-ascii?Q?E0clo2TCxAow8OBqhxBQ1XQT/f3yJpeeVp1YsWuJ6E3+v84ozfDm5Y3hmAvO?= =?us-ascii?Q?nCHnnBtDjZxWXnt92FEGBJGC6zsAYP8Qp/wVfLPZ8/LiCNCm4RV0btTaBzqt?= =?us-ascii?Q?LMUlUNRhGl8N0h4JQMBoec2qrkWAuqSff12K81bWcCTTh2DqnOY4xb8t6rvU?= =?us-ascii?Q?aR67M40X1L5Tl5g2ancRbiGFwk/DCFrlDEgwq3iInnlOOaMlNNYl9wPuvkXP?= =?us-ascii?Q?rkcOz710Cf/IlQe8+wk/VfIYFE4NKvpZFhsOvyAJGxJrq5pzFPBjzZDZVNPB?= =?us-ascii?Q?HRn2rNT7IN+mLNRzRKtrSMMs5DYWKfQTYvQskJ/3yimLPDEGzAf1XRIa3OED?= =?us-ascii?Q?o2iIslOvjebKSVLu87xfRHqMcovrHwHQrjuGW+yANFqLgQcugRA6lu/RcPr/?= =?us-ascii?Q?z9m/FKFRsrS7l28p1fnSI8N6MInb5H56v7mPPvVBKKEelNfP1E1tSn0+k+e0?= =?us-ascii?Q?W2LrRr6TYWGvqmuVynlwC/cNbohaqUFuSWtoEkEQs6xhSUlQwxH7zusLfayq?= =?us-ascii?Q?1oBRQ7WxC5LUC/6h0ziES3KAcNYMSD/KgPS9dWJyZsGrqrm2GRSWvDFyeVU1?= =?us-ascii?Q?Y9UsWkXlXTo8hWXfHN8ORJx56JRB3p4qBAdCBb1AfjfqnqTOMYqsEDoq+0G4?= =?us-ascii?Q?EymrXu8pdxPPHoIVUyzvizR1Zw0kjWxeXOQReyv2xuoPHhPM+btH5vSwSuoj?= =?us-ascii?Q?4VbTZMc9Il1VgrcbLwjOuAWf6KPZgh/Vx/GD8U1guK0vzYH8BA+ogGyskyqd?= =?us-ascii?Q?tCCC7opEqC/j0eN02QWlexN87FP1z6lOHDHc?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2025 20:46:09.6608 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 34f23a2d-edd3-48d8-abcf-08ddd52a460c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0E1.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8891 Content-Type: text/plain; charset="utf-8" Add shadow stack VMCB save area fields to dump_vmcb. Only include S_CET, SSP, and ISST_ADDR. Since there currently isn't support to decrypt and dump the SEV-ES save area, exclude PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET which are only inlcuded in the SEV-ES save area. Signed-off-by: John Allen Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d4e27e70b926..a027d3c37181 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3416,6 +3416,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", --=20 2.34.1 From nobody Sun Oct 5 07:23:47 2025 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2079.outbound.protection.outlook.com [40.107.212.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AB57226D1D; Wed, 6 Aug 2025 20:46:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513180; cv=fail; b=jAMrSU15BvOmOQZ7V8MpcFFDjU41VzVtNIJybaVoMxl8r5KLBGc8B/1MxCFAP1w29dTJoPhnQ52pC7Bkj5RgNeUpfFg1kZImuILqhUvSYsPbZUWJw4HIusRszBlMW3G1UHZBJcahbYbBn9kllcLZr0H11XDW1b2WC63mutctBSI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513180; c=relaxed/simple; bh=Wjj9M3gdvfZ1ICq+70+UKVEsVx2p3HGxca9z+OjVKUo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=f0Fm/g92TG4oZ+PKhiAs7mDh9nRZboakeRsVx2uurxk7jGdf9Qo2SZqjZuJE02EXQoBCBh89ieHrrLzrAEePi1RxURcS61SXKEW7DukwQN5+lZ42o2LDbkkRm3mQlIqoZEXoRHR6dTun4ct9eL0fw6XEuP5xyLb5OEU0Tdv0pCM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JROWewBd; arc=fail smtp.client-ip=40.107.212.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JROWewBd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fZhBv8EYPiJIP8CrpddZtS5D1nFRvNbc9wAfpONN2c97LjXmeoBuXvehTwBmlvRacynMJ3cWdZ9WGWmByIDlBikhlMlAfMqiBSrL98DO9ZjVeejHL02IdbszW/EZwlyqSUIsK6iKahThkvwzJCflSyuIHlLV+2WSWhOFA/1J/ExWJ2EX0rDVZ2HtlnIn9wNY8vrcVJCFF1y4M4iSIfVVjJAI4nf0RAfLE7gzYumx8zdomWAZkS9oyd8Es7DxRHeKJwcl7blc3JKgK+iS98u5JE+Hrd71htACXwv3I52+7smMaXGKS3wEtCE570/zWYnldS+PxLGcxyPVhj2x6sFCNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pF9+jmtpIr/42f9a/vRqC+Gzt0ICAYjGvnGn98mZ1SU=; b=ct61gZYKWqaOJ+HDyTBAMn3kAlU6ixLJy1YzzapK4aGtrnz9EP3jhu/0Fh/nYDRGHYoHPMaAJiN3mFoCgJp9QaVIGq664NsyPdR9lOBU4Sqx5MetAUmRGIbrN+EhKvJIZfjpusARxDNG+3A2Z0nwBrY5Ns2z6cXgrWV+QulYG/BuLht+Olm6eFCnRUOSC2HEoEQ3uNhpmZtlPaM8j689FdI+JVquoD03UY9/XrquyqJSRgmBZap3BqXakM8JZPek6QlaCLguiutB2Km+6eVJ61/C8DXboyDHZ9qlVXIDAgd8VD89/a2DeWY0TwGRgb/e8VGRNiG52uoqtQYwcAut2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pF9+jmtpIr/42f9a/vRqC+Gzt0ICAYjGvnGn98mZ1SU=; b=JROWewBdZLLTrV1eAUNiVS4sGGOSUrxSyKy7iJjhYXG9ywJudDtp69jRWv+iNr72TG9wpGnrfgR4nr1aA0zh81Rda0cUwPxexL2T6hgGyM0lZqK/C2roB2eLpjeO+61CcvMFgqc1O3bkoeI68AIQwyTrF7Pg5LJjtMyKKoJgLBk= Received: from BL0PR05CA0021.namprd05.prod.outlook.com (2603:10b6:208:91::31) by DM4PR12MB5962.namprd12.prod.outlook.com (2603:10b6:8:69::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.13; Wed, 6 Aug 2025 20:46:16 +0000 Received: from MN1PEPF0000F0E2.namprd04.prod.outlook.com (2603:10b6:208:91:cafe::27) by BL0PR05CA0021.outlook.office365.com (2603:10b6:208:91::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.5 via Frontend Transport; Wed, 6 Aug 2025 20:46:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MN1PEPF0000F0E2.mail.protection.outlook.com (10.167.242.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9009.8 via Frontend Transport; Wed, 6 Aug 2025 20:46:13 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 6 Aug 2025 15:46:12 -0500 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v3 3/5] KVM: x86: SVM: Pass through shadow stack MSRs Date: Wed, 6 Aug 2025 20:45:08 +0000 Message-ID: <20250806204510.59083-4-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250806204510.59083-1-john.allen@amd.com> References: <20250806204510.59083-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E2:EE_|DM4PR12MB5962:EE_ X-MS-Office365-Filtering-Correlation-Id: f37b34b2-1544-43d0-ca48-08ddd52a487e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|82310400026|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Hl4K4P4Y9FUD7HpYMnqD8pktkTW1uTm/FXAWTHLbcxXbGJNolxtRcxIxzNHa?= =?us-ascii?Q?9vbAb3PNKWPqEUl2ZZ0Te21VGjYMRBzKt3NcwNjutD9geASa8C+13PMbyYpf?= =?us-ascii?Q?+2NWSFqDMhbY7nkJIyxtlFb7MEmonNzZD4QpDon6k8WPGMesHena0jnJJX87?= =?us-ascii?Q?6ykkZt1HD1OkZ1nSkx6hFxGhH6IQv1QqIyXTesL/ZsURqJe3fM/YINSAIlIU?= =?us-ascii?Q?7Jy9t7hK8kK/F3WoaJJojRwmR56sm00o+Cx9a4Jn1DTzNHHS7qz9RrKgmN13?= =?us-ascii?Q?maQS5VpwCqsd1Vg+7X6OGdQWdcZVDdecqhCa5wcYzheG4CVtDN3qH+A9uMIk?= =?us-ascii?Q?rZlBWZxYIS/I/B7bIHF1iKeh5ioUuiP5cwiAtEDt8Ma9qTvqcxndoaBQSuAr?= =?us-ascii?Q?aRIT0XfHSzYGrfq4HJ2qYXfRUXBy1oqiNM9Njp2P44vh2UK5BHITPpjKsM/V?= =?us-ascii?Q?sAQj6VnW3gcEa3L2fIs78X2Dj1lnlQUa6uVlSXpy/3HtoNS1L1zO1uoKuOII?= =?us-ascii?Q?FeK6EbLB8DaeSTkHIF2nk8gUSgSIBqvvQCYiqI19f6Iywm6s/4iiNYsYryzd?= =?us-ascii?Q?/TeHztu1SLYVaAXXGjcR7kGm88bkiXF0JnNA0wQfe2RxP9VcMc9vknYIypjT?= =?us-ascii?Q?yVfMG07NZgmap0hRm9ight0sQBWjlHLJvaF4KVdIBi+s8QQ9tS7dGJdN6ZZt?= =?us-ascii?Q?gFO2PX7VhQqH+ur7C39hWcd2bJzo4p+9Ku5PfdtvbGrqjnsbSm1frhYvfnW4?= =?us-ascii?Q?8IAqjE8B0vuGOXQHz79AR5+JJTr7x722eJbUVWwYIsDQ1BDo4dXxerI6aBfi?= =?us-ascii?Q?dcWzgbbMODbC2N9FARax58qAdX80h9EJhcOGnNHeq9ShvEifbQmqbRY0Y2nE?= =?us-ascii?Q?buYdV/rv7Qq5UZwVu/57ubMU7SViqQcKR086InH3tI2Mr7HT6AuCZj72AxSO?= =?us-ascii?Q?WB2huGvf3aRNxfQoGG3oqlUtL/cOHw0QY2cnAAEbibZCtUmxYK0Q8FYA3GtD?= =?us-ascii?Q?Z0qtk01Z31rTa1b/rFKk9Mdle2RWQSYaa4e5HfIQAgtbFV1oitaMgnbmuWnA?= =?us-ascii?Q?EQ/zHTwLZrPWyKesCksm7XWLiBiPJiLwFF0+wod5ywPcgyK28OgClhbfIpxY?= =?us-ascii?Q?wamebGTAzFTDCpZFS+Df236yVCyxhL6+mj3kHgQiM0McGGbVnXVFVLYtdDkr?= =?us-ascii?Q?FmmD2jjkDHrTQcWhrobi5i8VyxfLM2hbXkzfwuMcAMgPCs5oRyvdlYEt61kR?= =?us-ascii?Q?gMW4OWlFEtIjFWjm4MYRAzvRjYMYsyYTnQG6yvq4UrcHyThMCJYGz1EOcbfP?= =?us-ascii?Q?nliYfr/0DIrmry5mlUt7v8YOnh3AY7Fxf0yaTaMBwT3jEgj+qCsXUGn9bMOR?= =?us-ascii?Q?fxg0oUd9KVx+UpMGbAbIPM0eHwRhG4WkVgYKGirU7PAyYoAwNhaSyolz+h1Z?= =?us-ascii?Q?/wYweFETKyhpth6ffyAZiB/ERkRuQtAnN2pty8zomtv2XOKlOPsNQZSIh6gF?= =?us-ascii?Q?fGcYeUktRc1LYiKbMQNqW0WkX1ZjQwdJhCj9?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(82310400026)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2025 20:46:13.7629 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f37b34b2-1544-43d0-ca48-08ddd52a487e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5962 Content-Type: text/plain; charset="utf-8" If kvm supports shadow stack, pass through shadow stack MSRs to improve guest performance. Signed-off-by: John Allen Reviewed-by: Chao Gao --- arch/x86/kvm/svm/svm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a027d3c37181..82cde3578c96 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -838,6 +838,18 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu = *vcpu) svm_set_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW, guest_cpuid_is_intel_compatible(vcpu)); =20 + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled =3D guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK); + + svm_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, MSR_TYPE_RW, !shstk_enab= led); + svm_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, MSR_TYPE_RW, !shstk_enab= led); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW, !shst= k_enabled); + } + if (sev_es_guest(vcpu->kvm)) sev_es_recalc_msr_intercepts(vcpu); =20 --=20 2.34.1 From nobody Sun Oct 5 07:23:47 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2050.outbound.protection.outlook.com [40.107.93.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67DDA226D1D; Wed, 6 Aug 2025 20:46:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513188; cv=fail; b=qNHUY9X/0EkHpnwWGKMYd2PyB9pvNJDmfZEKtknIspKotwZ9g1q0HO4BidVRlDErIRlfhoBbu8TM2s/aOejqcE1K97PDcL1otUsczxcdOEh0U4RHMoZqawEi2XU5k7Vi+P8AxbinYpfg5ITInUG2HPZnkS6ROi8EQlUwIUFvmoI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513188; c=relaxed/simple; bh=3miTNC75DdSAUyVzzbp1en1St7V0iHpKeCs+4GmD14Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RA5x4pL36l0pbP86uoWdiobEoQubzqeC+foH4zmHxPK3YFcjykcB7fgswyw8g1vf0GvBiMan1S8L4KPh0AJaSuo5C2p80diP2DBi4PphWZ+55qT8+1yG8ZiTJnpCePabB2jnENaVgRN/HCX9K69LKu51s1RQfZmEfORXJaDIERc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BnkOv3ns; arc=fail smtp.client-ip=40.107.93.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BnkOv3ns" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jkmwaCEkBonyKcXhg7rOp0mYnWvoPpal1NrNX7JPVScx07sjlNjfE1nKVgnK+qibzzTr+LBRCMuQsBcvzR5plDaVhXrt1spcwy8lUq0a5B8ks5djQDMbvwLJKtb5F3fdKXGtD6ugNm0Aqwfd7NvcccGOjtGE0T0Z7uA1yUA52DgNA4VSEFY+BuDrXp9csdtHBIngohDZhkg3y55ZhFHlHso0LNpqqCh8x0C7+rIbtDCTu69KZUNA1Jj1k9wdqXZTLzy9y+tBFEdFNnplRcoeJNKZSC5Pfw1IoJrU9K9K7EYPjJr3YgrY8rAAChUHW16VCXFznKHUvK9At8RzNastOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M/DqTRyscTHF4EhsOatDrMY2khVMIeVy75Da9niCr2c=; b=Fck4Ek48+/+UfQJFp/+rkoJGiFufLVZvglLo8GL/VuwxdHtgQlQ1t7u6I7Ip8fVsft+hHujEcwrPM/wbHlawqsjzNFZcb6TXPl9R09coIq/jEfdYdaGYAw4EoCRQmCl3JJTBVK6tVW7J2VRQNsqe0fzh7MfUnrPoqzR2KvghGR0WxDqhvjp1wJhRQVkBU+gUQMcRfTu+qe0run6L4Cp+idJO8kuipK2oe8CzpewRuReIizXy+Ts0VZ983iRryVhHE1hf3gSWZiGLYNVab3kvaBLJFWGV+KchAQU3w/tvPVLZ6SioBILkneXe+3TBzeGEds1lMOIQUr1AnXR5e69s2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M/DqTRyscTHF4EhsOatDrMY2khVMIeVy75Da9niCr2c=; b=BnkOv3nsPaSF9g4WUWs8K5S0qKWRp9DDqeIOci4bJxcIQDVYQAWoVqDyDk8yWFdMP602S9SZDAvca9IliB/4sMn8I2pofGq9/z2sz9FpefPuO8CKA38YrQLojTk/GCBaKFZMRkzEG7AD12rEjFPR9LmXBbIrLHTXucvihbvcv54= Received: from BL0PR05CA0010.namprd05.prod.outlook.com (2603:10b6:208:91::20) by DS2PR12MB9685.namprd12.prod.outlook.com (2603:10b6:8:27a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.14; Wed, 6 Aug 2025 20:46:24 +0000 Received: from MN1PEPF0000F0E2.namprd04.prod.outlook.com (2603:10b6:208:91:cafe::e7) by BL0PR05CA0010.outlook.office365.com (2603:10b6:208:91::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.6 via Frontend Transport; Wed, 6 Aug 2025 20:46:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MN1PEPF0000F0E2.mail.protection.outlook.com (10.167.242.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9009.8 via Frontend Transport; Wed, 6 Aug 2025 20:46:21 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 6 Aug 2025 15:46:18 -0500 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v3 4/5] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Wed, 6 Aug 2025 20:45:09 +0000 Message-ID: <20250806204510.59083-5-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250806204510.59083-1-john.allen@amd.com> References: <20250806204510.59083-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E2:EE_|DS2PR12MB9685:EE_ X-MS-Office365-Filtering-Correlation-Id: bd66b95f-e496-437a-6080-08ddd52a4d64 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ZOcOQTr7ZyUp409KZKTaw8Hir1+k1nX16olyExQDb0puifKlUw5WVjRB6Z51?= =?us-ascii?Q?unVi3dSKE2jh0mE9jZQ2Ol2t6XGbBrfxutKr/djGNtjreJc41Dk2vdyhlFQD?= =?us-ascii?Q?sBoUeX8wJJI5I8SrkMamA/Rz4EbNrAmM+UxNG0f+FoWxYsyxTRedElNFbnA1?= =?us-ascii?Q?VXQRHxz4w2Uw21wAeRzlrWUZg62pQr9CmvP74Y7gi6BDCk0kcfo2CUqzf+d9?= =?us-ascii?Q?JX3FKW3zIRF1ObEIYe5K2IQtiDUg69sEjd2H0JUqokDybRVAlYDWok3Kdl9C?= =?us-ascii?Q?ymh8rdxqAcxYe8HH9VeDlgOv209reccs4QENl51HQ+nJCVlRn5qi7s7itBYf?= =?us-ascii?Q?XI3QksktoWz814NDpGzfbbBU3tH2XifHqPG5XzV+8z9q4PKONpMJtqp2XfF9?= =?us-ascii?Q?ObksIF6qp/LowNSu4mMy1x5WJRxkg44TXk9eOrVBtOMNGtgodQyKnfPt635r?= =?us-ascii?Q?qRNpjA/rcwLGXauiqD64sW9wQGts8mhBNV+UotooXDDuV9nPJdpJI3iw8wpD?= =?us-ascii?Q?bf6rYbt8YY5BiLhkqGMTBX4nMviB0G2mtOMd3oE9DIoAImT5Gmeq9LCmRF+1?= =?us-ascii?Q?Y5q7CAQzr9gjdJSOxBJvgPZBDjRci120mhtWrD9x91AGM2gL9R9K9wcbDR/K?= =?us-ascii?Q?bqunnTL1j+shNmXGCVorW9IgEBfJjbeVzez9L08V1+O51a2tAkTaekWlR4ZE?= =?us-ascii?Q?cAJnFhuBbMbehU6Zd02GoHoM97T4KuLcF6mgy+45WXzdvMWcczISqmqrJ0qy?= =?us-ascii?Q?JLGzc17huUCr2O4bI8fgwgNgPaWaJes+woSM3n/7++iFRN2HxYLCo6kt6vIx?= =?us-ascii?Q?eSGD0Kyngzia3aPPg7pdBAiIjLdolTJcA83ZVW8CcutqUraubcM2LixJLqMq?= =?us-ascii?Q?VK00F1mdYT/ldqZwqwjTCkePmRrnJmfoEttP9EwTEEyMf1qfRXtPJnSx4kT8?= =?us-ascii?Q?z00YhaFA+WL3SMfvA+7u1aLz4mXHTwrDwuLjZskJBgzlzW9m/QYemZToCMub?= =?us-ascii?Q?66zRs48Oy8o7cx4PFmFNHK1U3mM9NlQVfJmTTqyOHyOQhApkoHjl06GiQoRB?= =?us-ascii?Q?FjHkYIAOL7e0dhcUy0ByqRcVdcEuKLv09+YRYMBQUTg82bNOiGCLEmVTio6+?= =?us-ascii?Q?e1vlhddMo7nfsltBSCAn2aGn3P61ZjnUxastnnDZeGB5QtlheJ+HKUl4bcUt?= =?us-ascii?Q?jFrbb1nlbjA3OmUMwswfFRs7Hy8bQOfhcuJFldltj0gAMDV7hzpju/J55zro?= =?us-ascii?Q?zgJzf8rzWv+aNPXq4bSN90Fc3JEzzhfUSNUGUB8imFJGIG+7AlByZIeDSGRd?= =?us-ascii?Q?znjAPiccFz7EUCA1iJTIEhOp1XPqsiWKMIei9SPWwfGjnFvqrcg99FGSnjVt?= =?us-ascii?Q?xU04knMFnfso4u6ew64vHqEKkhPQ14mOu/f1TvM/YAQdg3cKLHLOWsdAA44y?= =?us-ascii?Q?eUnDxxQeB6T4QXjWUUgrJUzOxUTzu7KpK6vIy+6UtuIHc18cd0ahGuatfzf1?= =?us-ascii?Q?ZYDCqC0PZIYUqstMffyPLQqHvPSV5J5eLK76?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2025 20:46:21.9803 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd66b95f-e496-437a-6080-08ddd52a4d64 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS2PR12MB9685 Content-Type: text/plain; charset="utf-8" When a guest issues a cpuid instruction for Fn0000000D_x0B (CetUserOffset), KVM will intercept and need to access the guest MSR_IA32_XSS value. For SEV-ES, this is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- v2: - Omit passing through XSS as this has already been properly implemented in a26b7cd22546 ("KVM: SEV: Do not intercept accesses to MSR_IA32_XSS for SEV-ES guests") v3: - Move guest kernel GHCB_ACCESSORS definition to new series. --- arch/x86/kvm/svm/sev.c | 9 +++++++-- arch/x86/kvm/svm/svm.h | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3f20f6eb1ef6..2905a62e7bf2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3239,8 +3239,13 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *s= vm) =20 svm->vmcb->save.cpl =3D kvm_ghcb_get_cpl_if_valid(svm, ghcb); =20 - if (kvm_ghcb_xcr0_is_valid(svm)) { - vcpu->arch.xcr0 =3D ghcb_get_xcr0(ghcb); + if (kvm_ghcb_xcr0_is_valid(svm) || kvm_ghcb_xss_is_valid(svm)) { + if (kvm_ghcb_xcr0_is_valid(svm)) + vcpu->arch.xcr0 =3D ghcb_get_xcr0(ghcb); + + if (kvm_ghcb_xss_is_valid(svm)) + vcpu->arch.ia32_xss =3D ghcb_get_xss(ghcb); + vcpu->arch.cpuid_dynamic_bits_dirty =3D true; } =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index dabd69d6fd15..b189647d8389 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -925,5 +925,6 @@ DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) DEFINE_KVM_GHCB_ACCESSORS(xcr0) +DEFINE_KVM_GHCB_ACCESSORS(xss) =20 #endif --=20 2.34.1 From nobody Sun Oct 5 07:23:47 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2089.outbound.protection.outlook.com [40.107.243.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92A0B22B8AB; Wed, 6 Aug 2025 20:46:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513189; cv=fail; b=GjzHC2nIAINsZrfFR/9Bz21zqktO3thIxseLWkacbPZb/iyWsUBqHFyNdntdpm5kPQeVE5WVHHabsLcxgc0Crw34StevWt+cNxIN1unF2K2YNEr2n6Pw8hJvA++kWezZR0OSbsDK+N0SXaLn2eALrwUlDnlRsRCawWJS0Q0iE3c= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754513189; c=relaxed/simple; bh=40ytrx1c9oHzGV61S8oOixnVt6siySHGhZw7WaKhWwk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gVJ6R3fc2m+HdYEKyeJvUEAZf/aNb3U2E9PLiK94St2paVTREtHYT8EmFDlRTRPMcrfNesUgUUFJgGzCgm+X4O9za8J0IHce/A27GiyNgelKW42+FuBknOKdgBxCQl3C9Qjbur3aBBw03OL2y+chyFduV43xP2AzgZwDT+ibdFg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UNO6mcXo; arc=fail smtp.client-ip=40.107.243.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UNO6mcXo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EcA4XhzUNhpHRtWgtaHbXTtZ7ZYmZ3XRjfRBh7veZGa/XcjA7zicIw+3MdckSThtssdalvkVHy7tgoMJTWaX4rarSk7diATeT3r1UyB4MPszaMhjS5QgRKatJ4SYtZ/mgOaIhl1RqieZ2ZhoGmWDXv7r+lcbneyGEPL13OHqq6yHO9nnF/kGH/pjNuRcjTS54v5HT8+Y5EWcOsIiAaUVjUGIJ27eIh4QG+Pe5MAdHz3eIkwb8SliN1vqQPt/88SxmSHosdj1aRtdVhZIcW048S2/sEBCxot8vHUcavE8vatMUR3aYT0hESD1b2F1FLAUEx8gv66WE0gewqNjCN8pqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IHQo39paOYRDFG3GuN1N8z/3wYEC+7CL1343XH9g3C4=; b=U4mg1cbXo2NHSb+zDXCK6DGDRgxD/wZPFH4n+dafHSnwl7lnDgVa9OQK0W2eE0T7Hoa2bvjNAZyIYdrsTQEMeHQ/BjeDXNIAaPbsW9/1dUhRVY1wWBK6I7zYpZRgCoZxywkCWEgdp8bc3XHQidF6TCOhIY2YwofYraBEld6nRWZes1W1JeLn3EMoJQDx9JDuaY+rr+jkN85ZguWvD7bXubuka94lVPP0DJUDaekUVqqT1QPyVPZYdfouhnGEKbym2FvbxhCdFCsLhZbI99otZ8aaXe9e4f8Ex7UqVUTbYS1lo2PtljNcenNK8PxHxSCc/r/TZlsPe/cnmyhYy4AwsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IHQo39paOYRDFG3GuN1N8z/3wYEC+7CL1343XH9g3C4=; b=UNO6mcXo+lsdofuzRM1L7RE2lT4KD23tReCT5tNe23KqkBjkEpBtaTxlr95iTl+CwijJG630Via1MbQ/qz9GXg8kpPrgA560k/J2cFf9khQj/Vb6wisLzzVwPTVtx0/e1MU9uvMF3hseOFSkRunq5RKZpEpMayrBP2m/FhbVxVc= Received: from BL0PR05CA0012.namprd05.prod.outlook.com (2603:10b6:208:91::22) by PH7PR12MB5805.namprd12.prod.outlook.com (2603:10b6:510:1d1::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.15; Wed, 6 Aug 2025 20:46:26 +0000 Received: from MN1PEPF0000F0E2.namprd04.prod.outlook.com (2603:10b6:208:91:cafe::6b) by BL0PR05CA0012.outlook.office365.com (2603:10b6:208:91::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.6 via Frontend Transport; Wed, 6 Aug 2025 20:46:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MN1PEPF0000F0E2.mail.protection.outlook.com (10.167.242.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9009.8 via Frontend Transport; Wed, 6 Aug 2025 20:46:25 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 6 Aug 2025 15:46:25 -0500 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v3 5/5] KVM: SVM: Enable shadow stack virtualization for SVM Date: Wed, 6 Aug 2025 20:45:10 +0000 Message-ID: <20250806204510.59083-6-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250806204510.59083-1-john.allen@amd.com> References: <20250806204510.59083-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E2:EE_|PH7PR12MB5805:EE_ X-MS-Office365-Filtering-Correlation-Id: e4f8e22a-ba17-4ac4-bfe2-08ddd52a4fbb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?D17LX+wWSnfzNHA1wlgAAiBOgT1BiStPQOKlVTw3KFaMDwDmeoYkKLkjVg3J?= =?us-ascii?Q?Eg9I3iJiWjohY/XEgDZE797T3IGeR7c5FgHM4L7jTYycWf8UgtTnTHsDe6+h?= =?us-ascii?Q?PJTTyLjOWIjAU6Qr0FUMOSyiHjSO2dySohPzygs7s8uHtcX+Qadbn8Vy+dYQ?= =?us-ascii?Q?xF73VBzr0GLsXUovPdbCoAC4mgx1OOcp/AIpQsuhk5RQH76TBBm3B1q/fmHp?= =?us-ascii?Q?l44aFVczO0M3+b8rFzlV7+M4JWiUCzBE/jT2m/Ef9xxcT5aTP7SeMRiI18mN?= =?us-ascii?Q?JjbAd9yayDwltskD5o/HhET+rqlicitjmO5RS0W7TR/efuID37ObYK1uRjTI?= =?us-ascii?Q?y4rxs95IFG/0Y5BqXBxBGdVSi059AR8aZrTCIB/p8oEGF5obn+uthHZvlejg?= =?us-ascii?Q?8v3v+FA74YB0hlcwd05FwqdY/6r1AHZJ4YpeCAmn+m1bAVcpO7PQIqdwbOiU?= =?us-ascii?Q?nnMGlpMPvdbXOhTNbpIo9YcHuHFjJjn/wexE9gQqLi0i//ojRt1Y5z1lzPHj?= =?us-ascii?Q?RtQ3hAjFSezii1gGzmYGwFWrJMVLaPaatgcOXHtxoe9ZNsbToptYbPpp7QoE?= =?us-ascii?Q?wGsGC/yNreJdl2YbximvI/RIrF2asN4ghB3e0OfbIKHA1u+IBIPXy4FmuQWX?= =?us-ascii?Q?fcP0O0XMWQqq28V2qvand1GHisd52a8LGvYPTPQ9VbZPNjsMwacMt3b51RnJ?= =?us-ascii?Q?Xz1PcTffkLa/G9zK8TVbVda448WGb6c2UAiU/UDR9tQtirwU3pJBlhPBJ9ga?= =?us-ascii?Q?3YBFOCCra0zxn25/ycYCrZCr4w1D9+epUPPEyIKojT5exLpRDsN58SdK6fUD?= =?us-ascii?Q?4YVm183F317cWK5uoJorLjIMSUsAkZPNyFaxlkxMaGOvB74KUsMcIZVRpdX2?= =?us-ascii?Q?WQByAKHryBqqiQongTB51rz8bL7QaFV72AUZFalUL9WqqJE6XZAkcPwQN7dc?= =?us-ascii?Q?7Aqsu+Y0m1u6vuH/R6T/DQisX11oFuZ1wFec6LEy2OL1orgQLnjolp/RLG9d?= =?us-ascii?Q?G3ua/yF6JGTKICry9OU1a1uiHPl/wzz7PRXCLwMgXzyI7cZYoCxnc8+XeEE3?= =?us-ascii?Q?/2/2J255CQLzudpN2IpGOhH3EcmAtGtIeAt1++lNFdynxMvSVB7PMQ8JK60i?= =?us-ascii?Q?0gUSAQaQoLDf7VDC+PJwLTbr2Rg+YnpcwASyfdhVUQ0awDRXlFCKrDLA9pJv?= =?us-ascii?Q?Y4fbA7mHvBo9/ALOT6FNK4PMGShF7zaUao4YCmrd787ppjYTUQSAdxiDWdPA?= =?us-ascii?Q?FmJ/DVvxYEzQb66TgC4qCrUrd41Qy3BkQYUPceo7a+8+0CZSkXcp/OLlpcXr?= =?us-ascii?Q?qqb1OVQnUmme+DYtUrjlPCvib3ufaAIaG+jMpLLTsPC1wVhwc4BeFXiTmOih?= =?us-ascii?Q?0rdD9Gqc4D3O8JPK6REc+k6ZcfumE5a6GHFUbAuGXBuytO6HSLtb69VWR0vV?= =?us-ascii?Q?DcZREwBglY24KqBJH/nGhnLudz4zRGvtFuagVdo4Aoz2xHKPnMz7frDU3cOn?= =?us-ascii?Q?0kjW2IwtWxrTNKmh9zdo0d9pD3VvwfznCy0i?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2025 20:46:25.9078 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4f8e22a-ba17-4ac4-bfe2-08ddd52a4fbb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5805 Content-Type: text/plain; charset="utf-8" Remove the explicit clearing of shadow stack CPU capabilities. Signed-off-by: John Allen Reviewed-by: Chao Gao --- v3: - New in v3. --- arch/x86/kvm/svm/svm.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 82cde3578c96..b67aa546d8f4 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5255,11 +5255,6 @@ static __init void svm_set_cpu_caps(void) kvm_set_cpu_caps(); =20 kvm_caps.supported_perf_cap =3D 0; - kvm_caps.supported_xss =3D 0; - - /* KVM doesn't yet support CET virtualization for SVM. */ - kvm_cpu_cap_clear(X86_FEATURE_SHSTK); - kvm_cpu_cap_clear(X86_FEATURE_IBT); =20 /* CPUID 0x80000001 and 0x8000000A (SVM features) */ if (nested) { --=20 2.34.1