The purpose of this patch series is to refresh the queued CET KVM patches[1] with the latest dependent CET native patches, pursuing the result that whole series could be merged ahead of CET native series[2] [3]. The patchset has been tested on Skylake(none-CET) and Sapphire Rapids (CET capable) platforms, didn't find breakages to KVM basic functions and KVM unit-tests/selftests. ---------------------------------------------------------------------- The motivations are: 1) Customers are interested in developing CET related applications, they especially desire to set up CET development environments in VM, but suffered by non-trivial native and KVM patch rebasing work. If this series could be merged early, it'll save them tons of energy. 2) The kernel and KVM have evolved significantly since the queued day, it’s necessary to fix up the KVM patches to make them adapted to the recent mainline code. 3) CET native patch series refactored a lot per maintainers’ review and some of the patches can be reused by KVM enabling patches. 4) PeterZ’s supervisor IBT patch series got merged in 5.18, it requires additional KVM patch to support it in guest kernel. ---------------------------------------------------------------------- Guest CET states in KVM: CET user mode states(MSR_IA32_U_CET,MSR_IA32_PL3_SSP) counts on xsaves/xrstors and CET user bit of MSR_IA32_XSS to save/restor when thread/process context switch happens. In virtulization world, after vm-exit and before vcpu thread exits to user mode, the guest user mode states are swapped to guest fpu area and host user mode states are loaded, vice-versa on vm-entry. See details in kvm_load_guest_fpu() and kvm_put_guest_fpu(). With this design, guest CET xsave-supported states retain while the vcpu thread keeps in ring-0 vmx root mode, the instantaneous guest states are not expected to impact host side. Moveover, VMCS includes new fields for CET states, i.e.,GUEST_S_CET, GUEST_SSP, GUEST_INTR_SSP_TABLE for guest and HOST_S_CET, HOST_SSP, HOST_INTR_SSP_TABLE for host, when loading guest/host state bits set in VMCS, the guest/host MSRs are swapped at vm-exit/entry, therefore these guest/host CET states are strictly isolated. All CET supervisor states map to one of the fields. With the new fields, current guest supervisor IBT enalbing doesn't depend on xsaves/xrstors and CET supervisor bit of MSR_IA32_XSS. --------------------------------------------------------------------- Impact to existing kernel/KVM: To minimize the impact to exiting kernel/KVM code, most of KVM patch code can be bypassed during runtime.Uncheck "CONFIG_X86_KERNEL_IBT" and "CONFIG_X86_SHADOW_STACK" in Kconfig before kernel build to get rid of CET featrures in KVM. If both of them are not enabled, KVM clears related feature bits as well as CET user bit in supported_xss, this makes CET related checks stop at the first points. Since most of the patch code runs on the none-hot path of KVM, it's expected to introduce little impact to existing code. On legacy platforms, CET feature is not available by nature, therefore the execution flow just like that on CET capable platform with features disabled at build time. One known downside of early merge is thread fpu area size expands by 16 bytes due to enabling XFEATURE_MASK_CET_USER bit on CET capable platforms. Although native SHSTK and IBT patch series are split off, but we don't want to do the same for KVM patches since supervisor IBT has been merged and customers desire full user mode features in guest. We'd like to get your comments on the practice and patches, thanks! Patch 1-5: Dependent CET native patches. Patch 6-7: KVM XSS Supporting patches from kvm/queue. Patch 8-18: Enabling patches for CET user mode. Patch 19: Enabling patch for supervisor IBT. Change logs: 1. Removed XFEATURE_MASK_CET_KERNEL, MSR_IA32_PL{0,1,2}_SSP and MSR_IA32_INT_SSP_TAB related code since supervisor SHSTK design is still open. 2. Added support for guest kernel supervisor IBT. 3. Refactored some of previous helpers due to change 1) and 2). 4. Refactored control logic between XSS CET user bit and user mode SHSTK/IBT, make supervisor IBT support independent to XSS user bit. 5. Rebased the patch series onto kvm/queue: 8baacf67c76c ("KVM: SEV-ES: reuse advance_sev_es_emulated_ins for OUT too") [1]: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=intel [2]: SHSTK: https://lore.kernel.org/all/20220130211838.8382-1-rick.p.edgecombe@xxxxxxxxx/ [3]: old IBT: https://lore.kernel.org/all/20210830182221.3535-1-yu-cheng.yu@xxxxxxxxx/ Rick Edgecombe (1): x86/fpu: Add helper for modifying xstate Sean Christopherson (2): KVM: x86: Report XSS as an MSR to be saved if there are supported features KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang (12): KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS KVM: x86: Add #CP support in guest exception classification. KVM: VMX: Introduce CET VMCS fields and flags KVM: x86: Add fault checks for CR4.CET KVM: VMX: Emulate reads and writes to CET MSRs KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP KVM: x86: Report CET MSRs as to-be-saved if CET is supported KVM: x86: Save/Restore GUEST_SSP to/from SMM state save area KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace KVM: VMX: Pass through CET MSRs to the guest when supported KVM: nVMX: Enable CET support for nested VMX KVM: x86: Enable supervisor IBT support for guest Yu-cheng Yu (4): x86/cet/shstk: Add Kconfig option for Shadow Stack x86/cpufeatures: Add CPU feature flags for shadow stacks x86/cpufeatures: Enable CET CR4 bit for shadow stack x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states arch/x86/Kconfig | 17 +++ arch/x86/Kconfig.assembler | 1 + arch/x86/include/asm/cpu.h | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 8 +- arch/x86/include/asm/fpu/api.h | 7 +- arch/x86/include/asm/fpu/types.h | 14 ++- arch/x86/include/asm/fpu/xstate.h | 6 +- arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/vmx.h | 8 ++ arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/include/uapi/asm/kvm_para.h | 1 + arch/x86/kernel/cpu/common.c | 14 +-- arch/x86/kernel/cpu/cpuid-deps.c | 1 + arch/x86/kernel/fpu/core.c | 19 ++++ arch/x86/kernel/fpu/xstate.c | 93 ++++++++-------- arch/x86/kernel/machine_kexec_64.c | 2 +- arch/x86/kvm/cpuid.c | 21 +++- arch/x86/kvm/cpuid.h | 5 + arch/x86/kvm/emulate.c | 11 ++ arch/x86/kvm/vmx/capabilities.h | 4 + arch/x86/kvm/vmx/nested.c | 19 +++- arch/x86/kvm/vmx/vmcs12.c | 6 + arch/x86/kvm/vmx/vmcs12.h | 14 ++- arch/x86/kvm/vmx/vmx.c | 134 ++++++++++++++++++++++- arch/x86/kvm/x86.c | 95 ++++++++++++++-- arch/x86/kvm/x86.h | 47 +++++++- 27 files changed, 468 insertions(+), 86 deletions(-) base-commit: 8baacf67c76c560fed954ac972b63e6e59a6fba0 -- 2.27.0