| Message ID | 20201013051935.6052-1-weijiang.yang@intel.com |
|---|---|
| Headers | show |
| Series | Enable CET support for guest | expand |
On Tue, Oct 13, 2020 at 01:19:30PM +0800, Yang Weijiang wrote: > With more components in XSS being developed on Intel platform, > it's necessary to clean up existing XSAVE related feature words to > make the name clearer. It's to prepare for adding CET related support > in following patches. > > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > --- > target/i386/cpu.c | 60 ++++++++++++++++++++-------------------- > target/i386/cpu.h | 6 ++-- > target/i386/fpu_helper.c | 2 +- > target/i386/translate.c | 2 +- > 4 files changed, 35 insertions(+), 35 deletions(-) > > diff --git a/target/i386/cpu.c b/target/i386/cpu.c > index 588f32e136..e2891740f1 100644 > --- a/target/i386/cpu.c > +++ b/target/i386/cpu.c > @@ -1050,7 +1050,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > .tcg_features = 0, > .unmigratable_flags = 0, > }, > - [FEAT_XSAVE] = { > + [FEAT_XSAVE_INSTRUCTION] = { The COMP->XCRO change is great, but I don't think XSAVE->XSAVE_INSTRUCTION makes sense. There is no guarantee the word will only be used for instructions; it already blurs the line, e.g. XSAVEC also changes the behavior of XRSTOR, and XSAVES also means the XSS MSR is available. FWIW, I also don't find FEAT_XSAVE to be confusing. > .type = CPUID_FEATURE_WORD, > .feat_names = { > "xsaveopt", "xsavec", "xgetbv1", "xsaves", > @@ -1084,7 +1084,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > .cpuid = { .eax = 6, .reg = R_EAX, }, > .tcg_features = TCG_6_EAX_FEATURES, > }, > - [FEAT_XSAVE_COMP_LO] = { > + [FEAT_XSAVE_XCR0_LO] = { > .type = CPUID_FEATURE_WORD, > .cpuid = { > .eax = 0xD,
On Tue, Oct 13, 2020 at 05:08:54PM -0700, Sean Christopherson wrote: > On Tue, Oct 13, 2020 at 01:19:30PM +0800, Yang Weijiang wrote: > > With more components in XSS being developed on Intel platform, > > it's necessary to clean up existing XSAVE related feature words to > > make the name clearer. It's to prepare for adding CET related support > > in following patches. > > > > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > > --- > > target/i386/cpu.c | 60 ++++++++++++++++++++-------------------- > > target/i386/cpu.h | 6 ++-- > > target/i386/fpu_helper.c | 2 +- > > target/i386/translate.c | 2 +- > > 4 files changed, 35 insertions(+), 35 deletions(-) > > > > diff --git a/target/i386/cpu.c b/target/i386/cpu.c > > index 588f32e136..e2891740f1 100644 > > --- a/target/i386/cpu.c > > +++ b/target/i386/cpu.c > > @@ -1050,7 +1050,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > > .tcg_features = 0, > > .unmigratable_flags = 0, > > }, > > - [FEAT_XSAVE] = { > > + [FEAT_XSAVE_INSTRUCTION] = { > > The COMP->XCRO change is great, but I don't think XSAVE->XSAVE_INSTRUCTION > makes sense. There is no guarantee the word will only be used for > instructions; it already blurs the line, e.g. XSAVEC also changes the behavior > of XRSTOR, and XSAVES also means the XSS MSR is available. > > FWIW, I also don't find FEAT_XSAVE to be confusing. > Thanks for the feedback! I also found it's hard to rename it with a precise one, just wanted to make all XSAVE related feature words more specific. I'll revert it in next version. > > .type = CPUID_FEATURE_WORD, > > .feat_names = { > > "xsaveopt", "xsavec", "xgetbv1", "xsaves", > > @@ -1084,7 +1084,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > > .cpuid = { .eax = 6, .reg = R_EAX, }, > > .tcg_features = TCG_6_EAX_FEATURES, > > }, > > - [FEAT_XSAVE_COMP_LO] = { > > + [FEAT_XSAVE_XCR0_LO] = { > > .type = CPUID_FEATURE_WORD, > > .cpuid = { > > .eax = 0xD,
Control-flow Enforcement Technology (CET) provides protection against Return/Jump-Oriented Programming (ROP/JOP). It includes two sub-features: Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT). This patchset is for guest CET enabling. It enclosed patches for XSS feature report and CET CPUID enumeration, XSAVE support and MSR access interface etc. Related patch series: CET KVM patches v14: https://github.com/sean-jc/linux/releases/tag/kvm-cet-v14-rc1 Intel 64 and IA-32 Architectures Software Developer's Manual: https://software.intel.com/en-us/download/intel-64-and-ia-32- architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4 CET Shadow Stack patches v14: https://lkml.kernel.org/r/20201012153850.26996-1-yu-cheng.yu@intel.com/ [3] Indirect Branch Tracking patches v14. https://lkml.kernel.org/r/20201012154530.28382-1-yu-cheng.yu@intel.com/ v6: - Cleaned up XSAVE related naming for adding XSS features. - Refactored patches based on new QEMU code base. v5: - Checked CET states before access related MSRs. - Added new MSR MSR_KVM_GUEST_SSP for live-migration. - Refactored patches to make them more structured. v4: - Added MSR read/write interface for PL1_SSP/PL2_SSP. - Removed CET structures from X86XSaveArea. - Cleared ebx in return of CPUID.(EAX=d, ECX=1). v3: - Add CET MSR save/restore support for live-migration. v2: - In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds to a bit in MSR_IA32_XSS. - In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds to a bit in MSR_IA32_XSS. - Skip Supervisor mode xsave component when calculate User mode xave component size in xsave_area_size() and x86_cpu_reset(). Yang Weijiang (6): x86/cpu: Rename XSAVE related feature words. x86/cpuid: Enable XSS feature enumeration for CPUID x86/cpu: Enable CET components support for XSAVE x86/cpu: Add user-space MSR access interface for CET x86/cpu: Add CET state support for guest migration x86/cpu: Advise CET bits in CPU/MSR feature words target/i386/cpu.c | 132 +++++++++++++++++++++++--------- target/i386/cpu.h | 57 +++++++++++++- target/i386/fpu_helper.c | 2 +- target/i386/kvm.c | 73 ++++++++++++++++++ target/i386/machine.c | 161 +++++++++++++++++++++++++++++++++++++++ target/i386/translate.c | 2 +- 6 files changed, 384 insertions(+), 43 deletions(-)