Hi, x86 maintainers,
Please review this series for CET virtualization enabling, the series is
considered as a necessary part for supporting guest CET. See related
discussion here [*].
Thanks!
----------------------------------------------------------------------------
CET supervisor state, i.e., IA32_PL{0,1,2}_SSP, are xsave-managed MSRs,
it can be opt-in via IA32_XSS[bit 12]. Currently host supervisor shadow
stack are not enabled and the feature bit is not set. But from KVM usage
perspective, enabling host CET supervisor state is required for guest CET
supervisor MSRs management. The benefits are: 1) No need to manually save/
restore the 3 MSRs when vCPU is switched in/out. 2) Omit manually saving/
reloading the MSRs at VM-Exit/VM-Entry. 3) Make guest CET user mode and
supervisor mode states managed within current FPU framework in consistent
manners.
This series tries to:
1) Fix issues resulted from CET virtualizaiton enabling and CET usage in guest.
2) Add CET supervisor xstate support in kernel.
3) Introduce kernel dynamic xfeature set for CET supervisor state optimization.
4) Change guest fpstate settings to hold kernel dynamic xfeatures.
For guest fpstate, we have xstate_bv[12] == xcomp_bv[12] == 1 in xstate_header,
and CET supervisor mode state are saved/reloaded when xsaves/xrstors runs
on fpstate area.
For non-guest fpstate we have xstate_bv[12] == xcomp_bv[12] == 0, then HW can
optimize xsaves/xrstors operations.
Basic tests done (based on v6.6-rc1 kernel tree):
1. selftests: x86:amx_64/test_fpu, kvm: amx_test,smm_test,state_test etc.
2. Guest launch with IA32_PL{0,1,2}_SSP read/write in host/guest kernel.
3. Guest live migration tests.
No perceivable issues (mainly dmesg) are found in both host and guest during
above tests.
Patch1: Fix a potential CET xstate dependency issue in guest kernel.
Patch2: Fix an inconsistent size issue in guest fpstate allocation.
Patch3: Introduce CET supervisor xstate support.
Patch4: Introduce kernel dynamic xfeature set for optimization.
Patch5: Remove kernel dynamic xfeatures from normal fpstate.
Patch6: Opt-in kernel dynamic xfeatures when resize guest xsave area.
Patch7: Include kernel dynamic xfetures when allocate guest xsave area.
Patch8: Check unexpected/invalid fpstate settings before fire xsave.
[*]: https://lore.kernel.org/all/806e26c2-8d21-9cc9-a0b7-7787dd231729@xxxxxxxxx/
Yang Weijiang (8):
x86/fpu/xstate: Manually check and add XFEATURE_CET_USER xstate bit
x86/fpu/xstate: Fix guest fpstate allocation size calculation
x86/fpu/xstate: Add CET supervisor mode state support
x86/fpu/xstate: Introduce kernel dynamic xfeature set
x86/fpu/xstate: Remove kernel dynamic xfeatures from kernel default_features
x86/fpu/xstate: Opt-in kernel dynamic bits when calculate guest xstate size
x86/fpu/xstate: Tweak guest fpstate to support kernel dynamic xfeatures
x86/fpu/xstate: WARN if normal fpstate contains kernel dynamic xfeatures
arch/x86/include/asm/fpu/types.h | 14 ++++++--
arch/x86/include/asm/fpu/xstate.h | 6 ++--
arch/x86/kernel/fpu/core.c | 56 ++++++++++++++++++++++++++-----
arch/x86/kernel/fpu/xstate.c | 49 ++++++++++++++++++++++++---
arch/x86/kernel/fpu/xstate.h | 5 +++
5 files changed, 112 insertions(+), 18 deletions(-)
--
2.27.0
