| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20edc765-d6af-403d-be6e-6f4647c84959@linux.intel.com>
Date: Tue, 16 Sep 2025 15:29:46 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Tom Lendacky <thomas.lendacky@....com>,
Mathias Krause <minipli@...ecurity.net>, John Allen <john.allen@....com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>, Chao Gao <chao.gao@...el.com>,
Maxim Levitsky <mlevitsk@...hat.com>, Xiaoyao Li <xiaoyao.li@...el.com>,
Zhang Yi Z <yi.z.zhang@...ux.intel.com>
Subject: Re: [PATCH v15 08/41] KVM: x86: Initialize kvm_caps.supported_xss
On 9/13/2025 7:22 AM, Sean Christopherson wrote:
> From: Yang Weijiang <weijiang.yang@...el.com>
>
> Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if
> XSAVES is supported. host_xss contains the host supported xstate feature
> bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM
> enabled XSS feature bits, the resulting value represents the supervisor
> xstates that are available to guest and are backed by host FPU framework
> for swapping {guest,host} XSAVE-managed registers/MSRs.
>
> Signed-off-by: Yang Weijiang <weijiang.yang@...el.com>
> Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>
> Reviewed-by: Chao Gao <chao.gao@...el.com>
> Tested-by: Mathias Krause <minipli@...ecurity.net>
> Tested-by: John Allen <john.allen@....com>
> Tested-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
> Reviewed-by: Xiaoyao Li <xiaoyao.li@...el.com>
> Signed-off-by: Chao Gao <chao.gao@...el.com>
> [sean: relocate and enhance comment about PT / XSS[8] ]
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
Reviewed-by: Binbin Wu <binbin.wu@...ux.intel.com>
> ---
> arch/x86/kvm/x86.c | 23 +++++++++++++++--------
> 1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 519d58b82f7f..c5e38d6943fe 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -217,6 +217,14 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs;
> | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \
> | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE)
>
> +/*
> + * Note, KVM supports exposing PT to the guest, but does not support context
> + * switching PT via XSTATE (KVM's PT virtualization relies on perf; swapping
> + * PT via guest XSTATE would clobber perf state), i.e. KVM doesn't support
> + * IA32_XSS[bit 8] (guests can/must use RDMSR/WRMSR to save/restore PT MSRs).
> + */
> +#define KVM_SUPPORTED_XSS 0
> +
> bool __read_mostly allow_smaller_maxphyaddr = 0;
> EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr);
>
> @@ -3986,11 +3994,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> case MSR_IA32_XSS:
> if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
> return KVM_MSR_RET_UNSUPPORTED;
> - /*
> - * KVM supports exposing PT to the guest, but does not support
> - * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than
> - * XSAVES/XRSTORS to save/restore PT MSRs.
> - */
> +
> if (data & ~vcpu->arch.guest_supported_xss)
> return 1;
> if (vcpu->arch.ia32_xss == data)
> @@ -9818,14 +9822,17 @@ int kvm_x86_vendor_init(struct kvm_x86_init_ops *ops)
> kvm_host.xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
> kvm_caps.supported_xcr0 = kvm_host.xcr0 & KVM_SUPPORTED_XCR0;
> }
> +
> + if (boot_cpu_has(X86_FEATURE_XSAVES)) {
> + rdmsrq(MSR_IA32_XSS, kvm_host.xss);
> + kvm_caps.supported_xss = kvm_host.xss & KVM_SUPPORTED_XSS;
> + }
> +
> kvm_caps.supported_quirks = KVM_X86_VALID_QUIRKS;
> kvm_caps.inapplicable_quirks = KVM_X86_CONDITIONAL_QUIRKS;
>
> rdmsrq_safe(MSR_EFER, &kvm_host.efer);
>
> - if (boot_cpu_has(X86_FEATURE_XSAVES))
> - rdmsrq(MSR_IA32_XSS, kvm_host.xss);
> -
> kvm_init_pmu_capability(ops->pmu_ops);
>
> if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))
Powered by blists - more mailing lists