From nobody Wed Sep 10 01:59:52 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2061.outbound.protection.outlook.com [40.107.92.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49CC526CE07; Mon, 8 Sep 2025 20:18:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362715; cv=fail; b=Yw1F7Yl2iwtannIyBkAo3I+v+3E/u9Ndnl41L/nX/+iegz9CFQOv53T4cXJU60WtLRiVX/m3u398sHm9u7I0ygfdi8PvR0cPXl8D8NxsfUpPOnMGQXsxOrqs2AGJ3RKiDKfrKSmJNrjtRKOj3BWvr3d+57m1W5q2InLElDLb58s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362715; c=relaxed/simple; bh=eZDGU0mOy74QJK2L/sO41YZ2RArNFBV2rQ812qn2vMs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UtH5gZN6VJ5hEtUFtnVEf1nHUFORDU+j7ZUQrbj4xzYUw6Lgm+upk7ldHkYatfLS2SrxgvnrKXUN1Wh++r053cJOl/ups3a1+Ec2isimiF392ZIBoNxkJeeLDgQGfJnOZyDBZCdrcGlA7aSLNpwKydwRyz2g93btFp+h/3Cg5qA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hBqTlD61; arc=fail smtp.client-ip=40.107.92.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hBqTlD61" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tE0TilkOo5y5J1nAwbzdT9wMHOwBMMSge3aGPTee7zf0/+d1jCHhFM6175P7glCV49tESawV7IBjnsA6KICE3Yb5GHCKBEIC9XbGbinKKlFgrPt3advQH7QrMdRixfHkJZj6tgzkm52hKFerY8N0YVrBnU4Y2UxEn9VPAg/TSk0sjDWFZu1OOath3+1ZXwwwtpcWw9FKP5NxfZw5oqJpfjZwOMzqJbnSTlD4opAqzSuFcUqEKNSF2bB17Vh/x3KNSwdEIzQ/mxh1/NR+vwpJIVj6azMSyxtcaMAETRCX1YmnWQlen2C81nj9fBhL0DfReVpKQr4RabDBXeBgvUvILg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NWQaZZ0ju9oOKTc5WJF6pNREFplEwEuJwLH8qRpTetY=; b=jKuoo3fuSJPfG/mC2wdots+yy6472xIAKW4qJWtaasNorENiqqAfqnKC0ik9NTt1E1BfyjiLmpJ5oKsuk5uBEg63TpkZFRWy4q8XH/eTpooN949E6U1TyrEA/PLZNQNoARhtL3Smz0079Y6uFy+WGKt0rvx+KjywmCGsLDS1O9GYrMREu604p9BfW8DbevaeHWCfgtipnpv9CH3tw/WnVbhmJrC8UzDArOJfUPJEWMTv3dYNRWJtBMTfnOf8qB23SJ7BjiDWYSDl0wpJQS8seI9ycLEhS+qqfgO66dVCsIJ7ueN0KRT/2D7nPW1wwtr9VpI9E92ddR+Aj9+kCxiiAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NWQaZZ0ju9oOKTc5WJF6pNREFplEwEuJwLH8qRpTetY=; b=hBqTlD61JkhSEGPfMhORofijPx9WEfvJy8bm8a/hTD6JrLR92EWQrhPP7pIS7sy1Mo/9J2oCfpcq39ENLhWPHLdaiibOSgXkQhJd6Ub33/0KK2/hqDcE//wA6pqGEwQW4DcqgA+bN4TfR3+kd77TptdKdhqfzd979JinvTvuk1c= Received: from SN4PR0501CA0038.namprd05.prod.outlook.com (2603:10b6:803:41::15) by SA1PR12MB6996.namprd12.prod.outlook.com (2603:10b6:806:24f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 8 Sep 2025 20:18:28 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:803:41:cafe::fb) by SN4PR0501CA0038.outlook.office365.com (2603:10b6:803:41::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:28 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 8 Sep 2025 13:18:17 -0700 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v4 1/5] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs Date: Mon, 8 Sep 2025 20:17:46 +0000 Message-ID: <20250908201750.98824-2-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250908201750.98824-1-john.allen@amd.com> References: <20250908201750.98824-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|SA1PR12MB6996:EE_ X-MS-Office365-Filtering-Correlation-Id: 3cdf661f-6ba0-4ad9-def9-08ddef14df4c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|7416014|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ZRKZ9XMqAhO9pZEdFbaM6jjx3KlyzXFHHK/qkDI+pBYFCXkruULwjQhGg14F?= =?us-ascii?Q?ZAJYgKaN6+I7xa5Ghu3Bmm9KW4hmQ5rA5WdITnHfPzi89Tnqdt5gdYxyDhG0?= =?us-ascii?Q?RJd+KoKXveB4L8cWLhuwqCgqkLw/43JZ0qEL51vvtFpHlGkhq2s8wKl3W73v?= =?us-ascii?Q?w2kgUmXqXg8XodE21S6xBtLgiWb7guaLO/spZNvIzsBZmaAI3JxOriSkXPhG?= =?us-ascii?Q?O9WoJ/i9K3WLk1M5H+uFdJ2K+2tuQ10zC4lFePSEEaYfyCS1obUNcDIMOjPo?= =?us-ascii?Q?eiImWhQPNMJTutijpwZzYW79edi025+NYKzUGP9A+ZHGllBFoHBs9eBh3Inr?= =?us-ascii?Q?xtSftlM8earyI8fy2J9E+JDqnfmvK82T05w/0Uyx5hlk0kQj6YeSvBDFzWZ/?= =?us-ascii?Q?QqafHlpr7yEt31kWA/jPBNkoVfFIQYx6Byr3w3Aqk6HeebsOVb1IVqKMSL7i?= =?us-ascii?Q?z/a+Ch6lqPWBIkddmIEeckWMLWKn6n2l85wuz5J9hOVsn6BI6m4VjZU+Ad9u?= =?us-ascii?Q?qDeDuKFi7Q9LQEORDZ+zfOrcQt9eYqrDMtBZS2OH26Wf0VAmADl41jCappnL?= =?us-ascii?Q?w/oamCwZpsaHyw/kqvKTUpSRKyipqngaDLIe+rmtPRpxJoxklcK125mpjJI+?= =?us-ascii?Q?3hOVXKvJpgD87EDPlQKheVfmpYpSEyKE5Uot+pJPtzIyM32GVqSE5RoWj7RX?= =?us-ascii?Q?n70u/NZmtBlh1oCbVVBAvBU2C3hfMrdLEe6wsPiDjugApOPcubNLwFEHhrON?= =?us-ascii?Q?hLx83o7FXBwdR40pKknrHMFC9nVH73Ym/qhZck6CkoZjCQnW2H+ZAbFvbJdL?= =?us-ascii?Q?EbhqVIsrAit8BhMnemTgov6ETkA98M4ep42bPyX5mKDvzYpP//ESguXct9HQ?= =?us-ascii?Q?1UBo0t8XshMuBytkBbc8x0EXNTTTuOYEzRgs0sM9xfzpO/Rb7qFyV4G8dDWw?= =?us-ascii?Q?BigjfJ8ur9Iw3foCGp5324tYgRAAmQERGuh23OPUgui4GCgGFLdYk21qV5pp?= =?us-ascii?Q?rpuMoTuso1mcw5qe1BttXTep12ichH1uHv65tN0Pgeo32v7WtHQg4IbSdGNv?= =?us-ascii?Q?3qt5PRP/g1hEnQKfKWPZ/o8tkIghZv762F1/Pj9RtiTOu+8i2YoVBYBIyGW1?= =?us-ascii?Q?k5NWilJgV8BRYdqD9FJpG3w++cXbSX9B0JZilsMzSzsJfj4jgBKshuUJeiJi?= =?us-ascii?Q?q6vcxG15JGOpdtm4F2+lj1bNIWKIWNIDhCb76NTql/nhNKkDMr/SqxDrdAVv?= =?us-ascii?Q?RNPO55nKW5b/aOGqIQHSGe3ShmcyDN7umbzcPp5PzmSnjOGSl9tuuuVogZaO?= =?us-ascii?Q?fyrFVqc3qvZx8q8kiPKM0rQbbUrr/JMsU4/ApE6qS7bz1dccZJPeXTcRpY1c?= =?us-ascii?Q?1eui26Bk4+I5+J1ilbtMRU2jwFWRz2aoaTe+mUfPsQ8z0Q8w7fKUUoqybYlG?= =?us-ascii?Q?gwuKNEznHVCWWBkYqDlBJmY9bzD6o4k5fgZ3Wyx9yiIXIPzguK6E3GeN2h8L?= =?us-ascii?Q?EjoZJKsuepyNaNXq6yBi+p7y+Ar8jQkCGe6/?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(7416014)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2025 20:18:28.0501 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3cdf661f-6ba0-4ad9-def9-08ddef14df4c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6996 Content-Type: text/plain; charset="utf-8" Emulate shadow stack MSR access by reading and writing to the corresponding fields in the VMCB. Signed-off-by: John Allen --- arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e4af4907c7d8..fee60f3378e1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2767,6 +2767,15 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) if (guest_cpuid_is_intel_compatible(vcpu)) msr_info->data |=3D (u64)svm->sysenter_esp_hi << 32; break; + case MSR_IA32_S_CET: + msr_info->data =3D svm->vmcb->save.s_cet; + break; + case MSR_IA32_INT_SSP_TAB: + msr_info->data =3D svm->vmcb->save.isst_addr; + break; + case MSR_KVM_INTERNAL_GUEST_SSP: + msr_info->data =3D svm->vmcb->save.ssp; + break; case MSR_TSC_AUX: msr_info->data =3D svm->tsc_aux; break; @@ -2999,6 +3008,15 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr) svm->vmcb01.ptr->save.sysenter_esp =3D (u32)data; svm->sysenter_esp_hi =3D guest_cpuid_is_intel_compatible(vcpu) ? (data >= > 32) : 0; break; + case MSR_IA32_S_CET: + svm->vmcb->save.s_cet =3D data; + break; + case MSR_IA32_INT_SSP_TAB: + svm->vmcb->save.isst_addr =3D data; + break; + case MSR_KVM_INTERNAL_GUEST_SSP: + svm->vmcb->save.ssp =3D data; + break; case MSR_TSC_AUX: /* * TSC_AUX is always virtualized for SEV-ES guests when the --=20 2.47.3 From nobody Wed Sep 10 01:59:52 2025 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2058.outbound.protection.outlook.com [40.107.223.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1AC626CE07; Mon, 8 Sep 2025 20:18:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362724; cv=fail; b=ixbHacG+G/vycSCPj6Tq84HKyNMtjgmEQ1CKdFZD3sHIdbT6TeKwPqQtZi1XZZ7tT+P2IOeDS7tWxnPZ0eVeKwhfJhSfDq+1g9W7GFr+l86i+g0gykkrecr9xCf6UR5Sk1NKQmqfb9UMdBpPovmvsb1IwoD6QdJl4Kq71EYteNg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362724; c=relaxed/simple; bh=VQR2UwXrlNXqi7ANs3p4xxrziQsT7uCfWKWsThpCU70=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RIF0vCqtpKLPXZlz0pkOnNUlebCZmPApTMLg8CP/A2Hb62LBl0PZGEugB4AWNIbBATONz5z6aM4bbO5mEAGCZGC72ldib206/XbV9D69nCGszOj+4H4kYc1WZVHPUWFGqQfPeVWDpjM/G3R9iWxEAo9AhWNSkrBwFqNNZV3yHqI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=NLn9yA1j; arc=fail smtp.client-ip=40.107.223.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="NLn9yA1j" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pSOVBE7fx7IPIpGl6wtEb4luSA+H+belAyv2ehezmhImkPE/5AC5Uod/mputyF/rUkonJCs4GsFq9Hg9vfY7CNIn1RFbBGT+OzCGbbZs/cpK5OYIY0wjm9U7ffzyzcFJEJyyKSSedf4nS0139cpydBmusZYu9QAjHOxTu92RjmiqWIA0mDtQ/kblqyF/E8g05ZliN9PBFYvzSVkTWIJzMyThR+NAjp80Z0gd4y4namvuNlMTdsOGc/wqrxOZOTiudd98+z2dthqu67+nGjotLGyGBT6HGtQr0g5ukYysnmwUhp77k/d4PMDIZQphNrBqGIfzbDdofLRWNVJ/PAdnFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/zxrtNF68c0BSWwO/aM5DYS9TgQ/UKMMu3vg6JhnTRk=; b=Z1CzdyM3SqEFSZ+cjy0T/frhqUMUT+MKlmSEOkFY47t4PtiML6vBryz8axyFDNhBJH4zVxdY9M4Jjv/wjoHi3rA5jWzQyfGL2ukhq1wYvQy695tiUFWWI7ewzzMfzyVjg6EpOGUg3zrLTuRtQ2o8U4xf1AtE0WBwslg9mITzxixkaNwEe0ZYZt4EEmAsucsa6wk4TSA3S7v5121buk1V6hRkLQPMn4KM2XC1JRR0OEBvj0QtUYvACIdAesZDZNbt3c+lj39JZly2zELbdg/gC+h1U+yA1nsQLUH41mCzxgQ0k+9joClWIk3dj2lybLOoTN9N+ou+QlM367AML9VZnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/zxrtNF68c0BSWwO/aM5DYS9TgQ/UKMMu3vg6JhnTRk=; b=NLn9yA1jUaWWRgJxNZIm5ceWsXT4yvgWHcltOnecUco/as11kDrxlez1TWceu2lFiJQ0cMTEfRT0p5ZcgTcAMBLGIGyXOFDMv5Sd0lWh0yMxQor86asvBMxB7yNZEGmRjnZv+ibJkQNjQ8JJD7VOQYpEkkNC+Kia2HbPEEngcbE= Received: from SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) by CH2PR12MB4214.namprd12.prod.outlook.com (2603:10b6:610:aa::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 8 Sep 2025 20:18:38 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:803:41:cafe::d5) by SN4PR0501CA0062.outlook.office365.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:37 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 8 Sep 2025 13:18:22 -0700 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v4 2/5] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions Date: Mon, 8 Sep 2025 20:17:47 +0000 Message-ID: <20250908201750.98824-3-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250908201750.98824-1-john.allen@amd.com> References: <20250908201750.98824-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|CH2PR12MB4214:EE_ X-MS-Office365-Filtering-Correlation-Id: 3fa81feb-59fc-4ba0-eb7a-08ddef14e4f1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?lJRYlWhMir6/oXlJPMe6cATJygf132Kj2gQRBxMphAKNq7gEyVETLru0WnoI?= =?us-ascii?Q?Avm77PYDiBdERiZBv18S2WNmll+LXnFLUzoZ5CHYEITTd668X3EzjFBfOn3i?= =?us-ascii?Q?Qn8t6LIBC3o0BXi79AnlWwMc5mRWdsqtMivQLhoAQNHI6w98zFTFpjOQ1Mit?= =?us-ascii?Q?vViCxLp2IlVMIL7yRLu1fAavyOGxUobCg+nvcdDNdgRt5K7fJyYMH3pCpDMq?= =?us-ascii?Q?GqkWYH8OhIiB5UWgk0TDeW8FUCQPOpKueLlRVoUDjp6WlN6Kk+XKJ3pqQAj7?= =?us-ascii?Q?MkNbVeSHyBoRveTNy8yWPFOanMX52l/T59np9l7NMo9TyumvgnO/UIaj1vLG?= =?us-ascii?Q?rVaJ4XKIiAmtWPAHOnV3cHGzdbhB2vqD3rTlGmK2mONIwIp/dVHx7rq7MbEs?= =?us-ascii?Q?L2CuSnkPd+e84siocRbQhzyeh+KfbPuRskvkD7ExHITvfq8OcuAUEbSKefdO?= =?us-ascii?Q?FcJNcN8HMdCjSgAjGFY6pzeUP9K55aQOPHJGYKXIribLExzpNsNyYWrHepSf?= =?us-ascii?Q?4CP7ByClk9iYvwS2N0soUl4iI66UsHsOtXtqDSgbk9/1WURGwQ7h/Gnz5W36?= =?us-ascii?Q?/CpMz3iaI1TZ50fg3y5ZuAs9swOGic7bCsc+imdunkznWXf8HITTUS2ezdmz?= =?us-ascii?Q?HeVvxhbtbcOJPQFcZFV3mpoKHlkaYWg0sVxNhKneaRW1DdZUILKCD5OnHEo1?= =?us-ascii?Q?xkBOI8xmb1QP1l0UBGfvrkPFNJvBu+IoAuzIG6+Vx3ae1YQT2d8oX/uQFTUT?= =?us-ascii?Q?6aH9dvW7K0pJeFEK9OcpfnswCo4Y3n4TSqWXqVwSJfW2xB6O3UFXlNOuse3v?= =?us-ascii?Q?MlnSppKC516fdOOcePtp3jPY+8CIMZuSP7NlhnNFQ14gCMw0yKGdm2q6zcJE?= =?us-ascii?Q?FICgJz1S1oDZTsu2Uwhu1RDEWFZzIISwDA7QHbe5E38GtybzBm/01Emh0q5n?= =?us-ascii?Q?N0KgmFK4BfNkZZxBN15Io2sLpix1f26c8sVcTIBF0nISU0BbS1VwtT3h9WPb?= =?us-ascii?Q?kpC9XhgUNpfVzSfqy/Zm5d6ZIjYclOl/nh1GmgzvRN4k59UDNMQHkc7c4EV6?= =?us-ascii?Q?toTgnU+q1d+pRmfbqXc3jGJAp2PPiYEqsfrddArjnkC1/EUaL3KyO89aj9Dg?= =?us-ascii?Q?GCJeYYrLIAHE2i87bbluzihKxouU+CVCmI07EBziXP3f1Zs0Hr2HUieTd6ZD?= =?us-ascii?Q?0rhQcwdIKpa2vrvBITHD1g4TIxLHhlVMHiwxnsLf93XKJfH0/sFu2F7FrD7w?= =?us-ascii?Q?6JBJ8mm08MyuJTlkrTBEPAz4qhM7rFAp9jAfSJpYAR8aUsLKz2bObxiDOhSF?= =?us-ascii?Q?x3eU+aOgpYOFHPHHjfzm6SMCoQQgwoLuZYrVJFill5P9LMitdCtBfhHaFf7i?= =?us-ascii?Q?5h6J3X6bcYLiFmGuY1MjAkQ4LruiwtUxBVWgynjSSEV5CFJ+Wpk01L8Fk2LM?= =?us-ascii?Q?+GoZaTfjZkhLmO9nFASNJneDiNjnZt9xQbdoRohX9tA9S9hnm9zwSSGCfxtx?= =?us-ascii?Q?3sJjM+qGF/8aAuTA6vlqK6Sfc2qVYL+arhdY?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2025 20:18:37.5198 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3fa81feb-59fc-4ba0-eb7a-08ddef14e4f1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4214 Content-Type: text/plain; charset="utf-8" Add shadow stack VMCB fields to dump_vmcb. PL0_SSP, PL1_SSP, PL2_SSP, PL3_SSP, and U_CET are part of the SEV-ES save area and are encrypted, but can be decrypted and dumped if the guest policy allows debugging. Reviewed-by: Maxim Levitsky Signed-off-by: John Allen --- v4: - Dump shstk fields in sev-es save area. --- arch/x86/kvm/svm/svm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index fee60f3378e1..aee1bb8c01d0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3407,6 +3407,10 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "rip:", save->rip, "rflags:", save->rflags); pr_err("%-15s %016llx %-13s %016llx\n", "rsp:", save->rsp, "rax:", save->rax); + pr_err("%-15s %016llx %-13s %016llx\n", + "s_cet:", save->s_cet, "ssp:", save->ssp); + pr_err("%-15s %016llx\n", + "isst_addr:", save->isst_addr); pr_err("%-15s %016llx %-13s %016llx\n", "star:", save01->star, "lstar:", save01->lstar); pr_err("%-15s %016llx %-13s %016llx\n", @@ -3431,6 +3435,13 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-15s %016llx\n", "sev_features", vmsa->sev_features); =20 + pr_err("%-15s %016llx %-13s %016llx\n", + "pl0_ssp:", vmsa->pl0_ssp, "pl1_ssp:", vmsa->pl1_ssp); + pr_err("%-15s %016llx %-13s %016llx\n", + "pl2_ssp:", vmsa->pl2_ssp, "pl3_ssp:", vmsa->pl3_ssp); + pr_err("%-15s %016llx\n", + "u_cet:", vmsa->u_cet); + pr_err("%-15s %016llx %-13s %016llx\n", "rax:", vmsa->rax, "rbx:", vmsa->rbx); pr_err("%-15s %016llx %-13s %016llx\n", --=20 2.47.3 From nobody Wed Sep 10 01:59:52 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2077.outbound.protection.outlook.com [40.107.243.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACE6E2DE200; Mon, 8 Sep 2025 20:18:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362734; cv=fail; b=bosWIABsmdXZTHbFRKLI8ClC/TtihDja7cYn2feHfwYwgQrrIRr06PpyXa01uqHzW7iOD9pLp4OZbRkcmf5lVmFm+TSJEQTckLfzh5IvRabCH4NUKuzFXIgkXTF+Z4ZXDjEgFmlWQvTDfw1PEOuAuUtq7QRFHsUqXcFH0QS6kHU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362734; c=relaxed/simple; bh=vQG4FRmz+THi+QhN09J2WIjTl7TN1E6MPXT4P13B3l4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BdHAYr8xxn7PZLkLB/kxVfwGN7lQsWd2TmaSwe4ARfeLhwn2mKqcBXESu4caKx17WpTB1bDiRSUU9sxThWLL5kPq8rTY/EI4KaZfmIZYk8zOcC+b/dE2QWWIUcJ+E3dgDvWUu/P/FOldQDu0qc7GdTL/8a2Ko0X0Be/nNSkk+LY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rS1fEwgd; arc=fail smtp.client-ip=40.107.243.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rS1fEwgd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JrsO2qTVLUzWzktxQs+5LpvgUlbwTmuzKF1RJ/s5VhxV9VlR9M9CmNegjvDKKTE86qgnh645W8JKFkExZC2LGtr7+G21HCy/E72dQPuSUgeuumRrTNYsRw3qbvzK/uevPdCZfLDxyKxluqITutbaQk0NS+LOh83CKwSpyapNyxHw5XdOk8FsQlk82iLcVM3mkalisqktpkrAhLqb6Y/RDdjGAwoXS9wWef7zmq9SlJaIffdhu7rdBjnL3n8asDOI6LydWi+ALwqOYbQr0F1U7RE+F2Seg/YtXO3QPQp7BYezIYq4KV+2crCoIDYtkGsg6DUI5HA+m2obR9cvJ16WBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Kxo2tq1T9luCaYRDPYPF2nmSg1dRTmAFVINo+QzRU5o=; b=OFDJuIwgyiOmJQOQCa5GIrD0t5XZC/YyonNjy528qZ8owkfsRjw0tyHrFurGVbePzU1wsBNjuk+tAYolOoanKDwPaePdwo0ELGJh2VoJ14RylBNFdtdwzKDVsfq3P6rbMA050XrboRK63Kr3G/ovrdnT2zwbfVwWk8mLMNQIShIb3JyAilRTz6P/FrZmQZrWComU5vDEjcU+T8+/Z3oH8HWz7a4GjS96DTNlK3xn8EwP6AN+YJBfK5uHOsfE9kU5Js+wQZ7WRNvGiL+yw57kYvYHZbvpuPFYqUTzARt+bmcmxkPmDRj8QHyZJ+InJ8D5AjowgZhK/ZumPDFdG0WTig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kxo2tq1T9luCaYRDPYPF2nmSg1dRTmAFVINo+QzRU5o=; b=rS1fEwgdDEMR56Pj+KCKrOlLajZLd900g5Uwpb76hlK3SdRIr7DE7+ZIxAH0hCqu2VRGmXbzhGE0sHsCPu/whrAwMIBdDZJUdNwOxFVFR3i7zZNELIlPP6XpuSm+ERYnoKrNxqzdYrH/DvUSjcXxctoz+nHPL9UmHXp2+4QRlSA= Received: from SN4PR0501CA0066.namprd05.prod.outlook.com (2603:10b6:803:41::43) by MW4PR12MB7031.namprd12.prod.outlook.com (2603:10b6:303:1ef::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 8 Sep 2025 20:18:42 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:803:41:cafe::99) by SN4PR0501CA0066.outlook.office365.com (2603:10b6:803:41::43) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:42 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 8 Sep 2025 13:18:27 -0700 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v4 3/5] KVM: x86: SVM: Pass through shadow stack MSRs Date: Mon, 8 Sep 2025 20:17:48 +0000 Message-ID: <20250908201750.98824-4-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250908201750.98824-1-john.allen@amd.com> References: <20250908201750.98824-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|MW4PR12MB7031:EE_ X-MS-Office365-Filtering-Correlation-Id: bc6db6a2-abd7-4658-9ae4-08ddef14e7c9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?/BRb3NQK9G/qyRGD8BGAKFJwULIrS2fr+wIK/ftjSV0Pa9qJ4/P3lufPFCwf?= =?us-ascii?Q?R3AKw1reDFWJVZMM2Lv+G5ZR4Qxk7soqyQF0mGf9gN4UdbCzVvYnqgIwRhz6?= =?us-ascii?Q?B12efTT7ZbUniOiV4JgSGYpK2i3uTx44bVB1YizZk49zTAw5ZQyQodC9iiAk?= =?us-ascii?Q?6d7azyYgOnAWlhCSUML3VM+ynoC5tCiWp1obSiUeOZieZiF4W8/M60LO0DHu?= =?us-ascii?Q?ESzYwfgpAfyYecvKHB8PvDBhNpmKoU+pF1TLWOfblqTFqTClXT25IN/1mBOT?= =?us-ascii?Q?2IwNclCFX2B9Vf6pHuOVluFzros5rXCHnAnmqc/0LNdGKs/LUFc6M1jIWLyt?= =?us-ascii?Q?Cr5DpSMHKNxj3scvB9eFW0oZCB2LcvL9bLoRXZ9OrutvCsoZDNzGDBsBJRZl?= =?us-ascii?Q?hfZ2RpEiGztJa5Cr+H536Q3DhQdxAOIQFtOjgiUSWpNWgHE+ovmFeM3gZzW/?= =?us-ascii?Q?LG/UM09g5E7JH0PxrdRGmtVAhqDd8A0HAIrUolTxCipgS71e/8g99dJKrp4v?= =?us-ascii?Q?ecisI+Qavqtoe9UiQiTEamQ0w58+afVkEV4MJd2XusMV5T8bDik3f30drfxi?= =?us-ascii?Q?0bxP7BqHXCn01/7QexB2hvyXxFYMRwZbbqj8oXxKI8NjPUdzb/h6BPXMlwPe?= =?us-ascii?Q?pkzqDDr8+bKwGtLxNLmf+62oiX3BsVy8rql9zAFfWrgHNAk5Aq148z9dAC1A?= =?us-ascii?Q?y4pblCloEngKPHmzyRpAtmn38ipCFk85v0VnVP2KyxNU1VH83yKK04XU6hvT?= =?us-ascii?Q?tgUsKWyDa2pRBYlpqyXD+cYhyZ4ZNyiOwW6NPq6UGsDha1GWam43eLBEvRHZ?= =?us-ascii?Q?GmNqzLrhCeNLL+w9lDCzKtG79qbhuDYj0/zhb7UuqS6sYgaW88cZiFazkrhl?= =?us-ascii?Q?I6xg9SJdRBdPz+1YHhYV+QciSRf3SmqKHvqwxyOdHaY27eeW+2G/0k3dsAnH?= =?us-ascii?Q?cMPfMp53Zp6qVkuWxS20bPUrp7FzVCGBADUAKSfEYo5GLqhzDwBkXYAcu7l1?= =?us-ascii?Q?6fnsEzHPZoR67dYnXHE7zGe9Ox+4fuZWlu7hWwDevG7oJA5xc/9Cyp7W9l09?= =?us-ascii?Q?gP0eAWq81mVPK1plde9xF03V/19sT3aoVDcgHb+IzQm2UAHLrBJx/uqTzzJA?= =?us-ascii?Q?Fkug6tLK27lGrycDOzKSpJWV0BXV/fQsFy7g+JR6lpmpXlcqHmVgU+2Q6nCg?= =?us-ascii?Q?h8bw6YV/Xc8rbEdu99Dx6mR2XlIMAqzm5s6kKUzs4QtLbGbPKSUTaffW4+To?= =?us-ascii?Q?L3M/i8Qrk2MPNvRjY5v61gZM3BpvrKIoXTa6ZruTKAwNgtO4S6ceODlig+sv?= =?us-ascii?Q?TamaDSlxCb61Av57tdb2OXI0Ir5ukoJjP7D67xxdsm+PkiH6hpLDY9ICLNtT?= =?us-ascii?Q?1fViY8fX/e+tU4kTrGhr1LZncI1dN80q6ZDPElXvDtDwXe0LUBkoAUAlk+dt?= =?us-ascii?Q?03Znc5L1zWSptRtNLFpVo+5Vh+sCwddDj/3DW2YE90UbY/behDIm3ybmgWAF?= =?us-ascii?Q?ha+JFP4jSr90NhcqYjSyW1lH+peEOlou3rU6?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2025 20:18:42.2882 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc6db6a2-abd7-4658-9ae4-08ddef14e7c9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7031 Content-Type: text/plain; charset="utf-8" Pass through XSAVE managed CET MSRs on SVM when KVM supports shadow stack. These cannot be intercepted without also intercepting XSAVE which would likely cause unacceptable performance overhead. MSR_IA32_INT_SSP_TAB is not managed by XSAVE, so it is intercepted. Reviewed-by: Chao Gao Signed-off-by: John Allen --- v4: - Don't pass through MSR_IA32_INT_SSP_TAB --- arch/x86/kvm/svm/svm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index aee1bb8c01d0..b18573b530aa 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -844,6 +844,17 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu = *vcpu) svm_disable_intercept_for_msr(vcpu, MSR_IA32_MPERF, MSR_TYPE_R); } =20 + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { + bool shstk_enabled =3D guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK); + + svm_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, MSR_TYPE_RW, !shstk_enab= led); + svm_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, MSR_TYPE_RW, !shstk_enab= led); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, MSR_TYPE_RW, !shstk_en= abled); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, !shstk_en= abled); + } + if (sev_es_guest(vcpu->kvm)) sev_es_recalc_msr_intercepts(vcpu); =20 --=20 2.47.3 From nobody Wed Sep 10 01:59:52 2025 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2047.outbound.protection.outlook.com [40.107.237.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FFC82DA76D; Mon, 8 Sep 2025 20:18:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362730; cv=fail; b=pshmMc1Rfsmm1RMFsJNYtuH1MNm8rUR6nTO0z43gaVXmR2qGeadVBxNtBOuMzjTcTcuNWTEbV5mtuVkkRJrEkxW5rnZxjcyTFUn4qoHmjnbr4HQe7y+M+6MDjC27l4tuEZF6OfgdO6KJLZsdyTRy3kSVJByZ8WKqFpBt6DEQ8eM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362730; c=relaxed/simple; bh=L/eA96Nb/Ry34p0aMdmGrFZbNDjnocY069O9xA+awF4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Jec1iV1LtDCzK/z034jPQZRhCoAglc2AIccrneRTkOqBlMr6XwURRQrnF7/9mMTeme3wNFI9sFSBs4L4rW/0XFleEP+XJtTSy/X+Xmtm8WhSXICrxN0v3Jo5VeeWlzkhgp3rWL117kGAtLAzm9eeg+U1MyRbwCJnRI7KmZXe4ME= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lkYOEuHL; arc=fail smtp.client-ip=40.107.237.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lkYOEuHL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SXfhM023UBlQ4/AdGTCcWwfI6o0u/DycCDnSWEyREAlgRh1zbYZtGiEV1FIGIZfyRiApbYsIs51BMSyuKEuHYuLGoWB90n636xxbJ4B3QPqqCEnMliziY6ak/3WN/rI6eZARVyJdk/XlMFqV5BJ7su7Txz/vtnbZwBuLETAZu+SGRGQPOEy629MW1SBisrGv5F0JlWPXBglVgb93T5GJui5nCY+l8/t4U72FF10C73sThUDfSmtW6ICTbf9ef+4NJaHYwYVnS9oIZCiHmRxiGCxuRUr4IgygZ9Ony1b0GXV9n7p4jujL0RZc4S69T4eET6WLZ6Doooh/CaufBJGARA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FwFb606ULAiqaezqrpdukoHyBqGS2WOQyoOPVLJw4zk=; b=E7NomZ7WqPtUj57Qer0BKKcI3SfefMrpb/Q7TvW1Df3rljovi3Rl1VIvAO4cltc4owdhVLaK2hbNO2xAYpBrn5GzZvaRH7YrbwzDzJboI9Wn5M0aSTFqOIBDfuB472Lopun9kfLz8WqUFfYUVR43aDa5kIzZZsu79eHURDeMflFw38O18WQ7IofSsgvIJUjhzTOcm9UUdTs4TYaVyEvEh0jUkdpj/DNiFpWmYo7MFvc4+BUWLwYOFUEArUqZxlLqqSnuPkx28kLjfdCM+Tyh53+ZrTwbUqDSgXfXuFjxuhEDpeVS+t+43b5uwxIKMnEHgdZ8gF/ZkYpUgc0Le7zEOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FwFb606ULAiqaezqrpdukoHyBqGS2WOQyoOPVLJw4zk=; b=lkYOEuHLiWc6bEHaGKxQ+WJQe7I+T+ihL/bZ+sbUTd4zDIeMemGNkNvZhq7QFtZbbAVjljFy4MFQdli3zsYbEhcMGcqVUU1nOO+Hoexbm2iYZNAlCrHxIDivm4Xsaw1HxrhLNigZw4n1lpbnnf12K3Ug2MpuRVWbPAp91EoRRI8= Received: from SN4PR0501CA0042.namprd05.prod.outlook.com (2603:10b6:803:41::19) by DM4PR12MB6160.namprd12.prod.outlook.com (2603:10b6:8:a7::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 8 Sep 2025 20:18:45 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:803:41:cafe::92) by SN4PR0501CA0042.outlook.office365.com (2603:10b6:803:41::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.14 via Frontend Transport; Mon, 8 Sep 2025 20:18:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:44 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 8 Sep 2025 13:18:32 -0700 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v4 4/5] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel Date: Mon, 8 Sep 2025 20:17:49 +0000 Message-ID: <20250908201750.98824-5-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250908201750.98824-1-john.allen@amd.com> References: <20250908201750.98824-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|DM4PR12MB6160:EE_ X-MS-Office365-Filtering-Correlation-Id: 309bc9b3-0241-47d1-ca22-08ddef14e953 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?jAk3Y+CNvUg/iqYzDiavtHzd4HpQUZ+t68qPJfDxz9Q5MrHnsX2A7zt6TD7V?= =?us-ascii?Q?vT2qPMfYV4WFmuU2xfJQj5cnhPHwQOFW6XmkKUnlfB6MwaddtDmwU7+PP9p4?= =?us-ascii?Q?MpmhSFTDYiWDKHBThY6o+RJQm3XT/X0dUUnEtTT1QzLhF3wmegS545f5zupG?= =?us-ascii?Q?q7uZin6ljjEzUPn6tJRTkQyS75S2fMwJP5E/T/I49y7rZdQLRif0Moo9B+8y?= =?us-ascii?Q?DvY1tsZe0j260qAqyWbYr9AvkJCvaXmNV7gnUl2VvIV+nUKwjRJJVYA1HM3F?= =?us-ascii?Q?eOPCltvv9/PxLjPSAgINyTPEuSKOVfwcy99jbdduJbse2kZnCOBNt4QOuj3z?= =?us-ascii?Q?Bdihux57Rs0etFgAcGgDxTdtad5/jqUV8zLGdbIDEuf0wfSn5QttDrsTGKp4?= =?us-ascii?Q?gfztXkk2GBg8M0BR/sgVIa4CP/vC4DCVEWi0Dq4RIaW6jLNrH3E8YObR47tt?= =?us-ascii?Q?+wZw+hx6TLErA5/GfXTcTG64lF9ovBkUJTHYLM/lxUMNQaZS5Gv9zdTl09Bt?= =?us-ascii?Q?xhLxijO6ahGzeshXY2Sf2Kr6H73KzNrQCKHRdGeW553gQXc5ri/OmILaOV7q?= =?us-ascii?Q?/aWNMT6YJ3zUpYml5QzPIOcTzQMuLAY41daBl4+B5MuK6fFoR1gEg3mvQMYl?= =?us-ascii?Q?9kmdCKB/yQz75ADzlupYZ0YYpHjM+prCaGHfZWHrVVAScDxLYWCc01OuuoNG?= =?us-ascii?Q?L/zbZnaJHybzdFLYCV1YTLIRYistAy6G1niB3vuOWQ0q8z+64nSU1ZqPSYg2?= =?us-ascii?Q?ZqR2tExqAz59Ff0M/txIPIZde49XYU8ophS42eYoLQ1hJeaKxEiMTMv/zs5u?= =?us-ascii?Q?j/AandKWDGRNU40SpG1/ql5Cl7h1b76GU8QtvEOwLv+ESdaVp43/TzP2Q/0h?= =?us-ascii?Q?nvEZY8XHQ0f85ZS/Q66DhrnyMZGfVLkD+nLyrKif75I31WEUByxTTvlT+5cv?= =?us-ascii?Q?W0Ivqp/L+dEEHs/NTq4JSP/6cM86iK0wO7VfmKImTqSt9gMeD7o0VEq43ykt?= =?us-ascii?Q?fEtbEgjKBLwKiktycCx2hL3Mu9Qmi7F5gy8qN5eF6evBcrUhCcZ8/kItQp49?= =?us-ascii?Q?Mj5q8bIGdKP/2vxPAlPqfsF6fMCeGKcuEkXmJujdx3gDetywVwU7lFuCnXtA?= =?us-ascii?Q?9Oi21iU1kq0JqxHXQVrPVANN+O6bwuZaOFifGi1YdKfza1PQ2FBrKdmbVLSN?= =?us-ascii?Q?vymfEuLP+ysJ+A6NdKvL20V9wHRhBXOrPFI7TPYnKoErgt+tXmk3XzRkpf/e?= =?us-ascii?Q?9HD3sLFmO+vlzuIFbuioU5gFzdj8zPc1cLuE7jOTD3sfxaVQNwV6vebqmzDQ?= =?us-ascii?Q?Dnu1fgj7uS+soGU6pc6DIycN6CACNyj4635pqNA6gw961f+YEhaY21jHBGbc?= =?us-ascii?Q?pzReYMdCwMhzbjzobd7H8LOonpYUg+DQQpPsbC8L15ryquYRSgoVRIICS0Z4?= =?us-ascii?Q?RSNAadgODXbS3mpm4xPBlmAaXkT/BIi9LZ1X8+OFG4oM2yqBqyoCbwI57dBY?= =?us-ascii?Q?wu0Qhd0PhP4t/7kcWJJCWYkZiQCQCtecFvlx?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2025 20:18:44.8719 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 309bc9b3-0241-47d1-ca22-08ddef14e953 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6160 Content-Type: text/plain; charset="utf-8" When a guest issues a cpuid instruction for Fn0000000D_x0B_{x00,x01}, KVM w= ill be intercepting the CPUID instruction and will need to access the guest MSR_IA32_XSS value. For SEV-ES, the XSS value is encrypted and needs to be included in the GHCB to be visible to the hypervisor. Signed-off-by: John Allen --- v2: - Omit passing through XSS as this has already been properly implemented in a26b7cd22546 ("KVM: SEV: Do not intercept accesses to MSR_IA32_XSS for SEV-ES guests") v3: - Move guest kernel GHCB_ACCESSORS definition to new series. v4: - Change logic structure to be more intuitive. --- arch/x86/kvm/svm/sev.c | 5 +++++ arch/x86/kvm/svm/svm.h | 1 + 2 files changed, 6 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f4381878a9e5..33c42dd853b3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3310,6 +3310,11 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *s= vm) vcpu->arch.cpuid_dynamic_bits_dirty =3D true; } =20 + if (kvm_ghcb_xss_is_valid(svm)) { + vcpu->arch.ia32_xss =3D ghcb_get_xss(ghcb); + vcpu->arch.cpuid_dynamic_bits_dirty =3D true; + } + /* Copy the GHCB exit information into the VMCB fields */ exit_code =3D ghcb_get_sw_exit_code(ghcb); control->exit_code =3D lower_32_bits(exit_code); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 3c7f208b7935..552c58b050f1 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -935,5 +935,6 @@ DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) DEFINE_KVM_GHCB_ACCESSORS(xcr0) +DEFINE_KVM_GHCB_ACCESSORS(xss) =20 #endif --=20 2.47.3 From nobody Wed Sep 10 01:59:52 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2071.outbound.protection.outlook.com [40.107.96.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C65512DAFA3; Mon, 8 Sep 2025 20:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362732; cv=fail; b=uOYrFVvSkKomWbb6sPZMQ8+eFg9YrFKxrKDoa6eAf8815BDgBvPtOJf5Wpnsks+jh2vKxbpVpSZSBlC8Vys0yaAvzWxuRt3G1iSBV9aPWFZNPltLxqoWPH60y3Tox0dTA5pjxHtXV6Ww8vTF6k9dphnZba2JsxkzSuTUGPQ0S9E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757362732; c=relaxed/simple; bh=R/7oePEjy1uqVFaEnokj5ZGdZlOvaf/sADacaF8lYeM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OKdhydltEH74KLDOdHlvzpNJtF1pOEtZ7qgXth4IsSHOY5jo7MwaKz/jZEcyUOjWdytXoVCtiJDqVocHt3lonu6iEu5uVFXn1hAjcJbRydFuC6BohDnfRiQVi289yzJkIyh3AXgIJlsESeU7FJduegyAbLP2qcpMBDXKBn5j5Ws= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BvkzWVXI; arc=fail smtp.client-ip=40.107.96.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BvkzWVXI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XxloiLvqcvBEF5Gnm7JM+9qVtf6ku8PNdJd3oPaDPK1FV8irz52T5tAm9pSAZSZX8LyWJ6v59KzMTpF6dNV0WUCjhbVKOwpp4etCDrFhAZS6+rSTWGhuHyBBgcluGxjh54pVEqyK7/ICcddOuCHpuJrmXdikVhJZ3y35XkRvSitKOrLvmfBjiMAwS1CoGDvSkFsCsDExBAVcWE7tgFbFA19vv8yTC7oSnS1ugyNmHDXJEJB7SjJ8qU5LQUZ1swEFX1PcPhW1e1jZ9PMNdO6RVpbgpVSr6MXBt/dt3YHJG3xP6KPaZtgwG8u3OouSKl8ja8XmlZTH4jiFe5/pHKfoig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HIsbIXjSMhj9bBhIDKJu2MMua14eDOmoFxg79/p0gxg=; b=CwC9pSiIhn9BSuHhvnxIiTLJgrqi2jf5QdFPOm2k15F8+OXzIVnpgX8n+8fsjEaP+EPITHUhG+pFQOUmcb6v9QJy3qzhn8I/rI7Lscr9uwrAYiORRLn53uEMLFIawwxrw+99U7PVjzAGs9V/MJdirTRjW09U1FyCXLSRWQHXy/t3t7HDxRe0FTEN5kUX214XRAeS6oDQHz/YPFuiqcKHrpjJyq+dUt9CJWbFUgN79urIDeytG7pkoTNoWKgqPvGNso1ZSeyFYJP6m1a/pxbRGmRfdnYtyTy0u8Kjx876E7n9AOb7pwZu6W08LY89Hbz1E7xeGQLASxU8P0eK2MwPog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HIsbIXjSMhj9bBhIDKJu2MMua14eDOmoFxg79/p0gxg=; b=BvkzWVXIbv9CKMCF1eJsWdbQCgUwM1/frFg3YsBLTpmUOltyU9GOuEJcmAc1bawo9ezDovTRhFJJy1sGp0nAMZoaC3KfQFf3dI6a+I9Gy+kPEcLHF/OHGxC37+iNXniW6Ufbo4oYgW1bSy8iqgf7OCBSwtKKXWA5K+ZejtkzvO4= Received: from SN4PR0501CA0071.namprd05.prod.outlook.com (2603:10b6:803:41::48) by PH7PR12MB5593.namprd12.prod.outlook.com (2603:10b6:510:133::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 8 Sep 2025 20:18:45 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:803:41:cafe::4e) by SN4PR0501CA0071.outlook.office365.com (2603:10b6:803:41::48) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.14 via Frontend Transport; Mon, 8 Sep 2025 20:18:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.13 via Frontend Transport; Mon, 8 Sep 2025 20:18:45 +0000 Received: from jallen-jump-host.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 8 Sep 2025 13:18:36 -0700 From: John Allen To: , , , , , CC: , , , , , , , , , , John Allen Subject: [PATCH v4 5/5] KVM: SVM: Enable shadow stack virtualization for SVM Date: Mon, 8 Sep 2025 20:17:50 +0000 Message-ID: <20250908201750.98824-6-john.allen@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250908201750.98824-1-john.allen@amd.com> References: <20250908201750.98824-1-john.allen@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|PH7PR12MB5593:EE_ X-MS-Office365-Filtering-Correlation-Id: 731e9415-0291-4f53-a3a1-08ddef14e9a7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|7416014|376014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?MqLXNTPUVrH0rFZpwu2reOop/GxvwIC9RZO2seDXTFyesnqF839YhyKK0Vj2?= =?us-ascii?Q?l04qVUzuyFv1xB44sLUaulT7vYrF54DH9bQulqa8y6BIbI+ry80PPB6ncGKp?= =?us-ascii?Q?R2U0lGNoKr4ZmEUUstY/cA3Qp5DwO9OyfsmW0/7x+12v6Q25V8I3ygNUBnxO?= =?us-ascii?Q?WzIkuFjdbtfshV33sjVvNnsDSHAx7OWlPvcTS8nUDCZjkaPoITya/i3b0+sl?= =?us-ascii?Q?bMJwO0yfeOYfcHkEgul8H1ePrtjc2aYPFD3REwQAyjQkOfMqLvZ3bcgpp5Yk?= =?us-ascii?Q?W5FBBUdg5qnB/FEvbuxZjwFo1yN+2hFJwiEOmsyw9O75zStvKHB4/4SYkeFU?= =?us-ascii?Q?PBakq8KqIWK25ciEVr7BwgnyHHqvl6Vi764YFylXhP7G5CoaXDRhTcRl6E2j?= =?us-ascii?Q?NfH1fDJ11hAb2kD9NO+ffkF4/Fbsc41itnslOwjkA3jmrRjrMezTmsg9arGk?= =?us-ascii?Q?kfnlsh99P4m0PzoihD6SNEN1u8hGXcymhRltZU6oqpn3JoAUpQvtscWefQZr?= =?us-ascii?Q?UT/BMP4cAEbEB4UFdy8sC/SyOnop2Hwfn4kNOvsEzwJ3jTI4gY9SzoBLek5W?= =?us-ascii?Q?x6tdtGerxeS67AGMhi3C6YW1JI8vzZxVFSaE0NEuiYMIPeArwv6lyUQ5Hh0k?= =?us-ascii?Q?c6UDlaO1egHpiXJAWVznKVaSfin/V2p0opIaWVrUMXguR4HBTCiEzhkC+ScM?= =?us-ascii?Q?T8H323xxbljUE1X/Le/2kZZXAf6zsPduSJAEXAXBkE+nvwqNTqiUDmiM8OWP?= =?us-ascii?Q?PtLl717ixfTpGhSIfh8V50EoDZuRN+dkrSIvtMzYFPpSCsx8ssBRTAq8mf12?= =?us-ascii?Q?/WPGUwMF0NTBJLV9b2atS7UDiovG5DQ90L6CSOwVj9YBO2xxlkkk7MCdlqT7?= =?us-ascii?Q?InPweuxVUOX3reb/8j9U8mGUwfRbMp+S98TsqHK7scDl/80SeQzrZ7OLYfNL?= =?us-ascii?Q?E9HcPqVxEw9fUWjyrSFXzsYPos0rC1k/f9LmEVZPeufEZ81kJMasT6BuJiNr?= =?us-ascii?Q?FQ5mXRY5X5jXgJRZV3w6m+XsKqF5ecCQa6nwqjaqwEBwoOqFzVPt0Syomf/A?= =?us-ascii?Q?zXdKpnvD0/exfiBm7Gcm6auXJ4OhmhWO7Tqkkt91XD4DP7iYlDFScQz7kKxe?= =?us-ascii?Q?gV29rsrBj+UKnqjhzFDoUtNjdEgIQ8QBERGZMEKQ+wIOyEbEgk9jBqKgGjl1?= =?us-ascii?Q?smU7qISBDsG12DvHGeJkFd36JVgF01jPU9SscFpOFUFuu5SeegMopXW7SBDx?= =?us-ascii?Q?Co8ZxCrgTnLQ6l4k6grorKPrDXFrNIVjQIqEi8EMoXE3f+YApR+tZnHWVvoU?= =?us-ascii?Q?s/2qbu+ED5YPxg7xKtDel76dnsV9uKYQvzo2GKs9o96FWY931lgBPonCtzeX?= =?us-ascii?Q?Avsc4OSu/+t7erWX47jEu3crQdgzLafWbgR+ky/pTaD9vpH8w9aCjQ+M8sVX?= =?us-ascii?Q?2qwQQoJZi9HmGL9bOIYHLmAjrt0FBiybHlOstq0OLdeAQxd404fpnIX3zglz?= =?us-ascii?Q?jf6HBHEE9i2syT0pXa8ToZuDcrrLKRDFIaD5?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(376014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2025 20:18:45.4221 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 731e9415-0291-4f53-a3a1-08ddef14e9a7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5593 Content-Type: text/plain; charset="utf-8" Remove the explicit clearing of shadow stack CPU capabilities. Reviewed-by: Chao Gao Signed-off-by: John Allen --- v4: - Don't remove clearing of IBT feature. --- arch/x86/kvm/svm/svm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b18573b530aa..304531d6c8b0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5262,10 +5262,7 @@ static __init void svm_set_cpu_caps(void) kvm_set_cpu_caps(); =20 kvm_caps.supported_perf_cap =3D 0; - kvm_caps.supported_xss =3D 0; =20 - /* KVM doesn't yet support CET virtualization for SVM. */ - kvm_cpu_cap_clear(X86_FEATURE_SHSTK); kvm_cpu_cap_clear(X86_FEATURE_IBT); =20 /* CPUID 0x80000001 and 0x8000000A (SVM features) */ --=20 2.47.3