Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace

From: Yang, Weijiang
Date: Fri May 17 2024 - 04:05:23 EST

On 5/16/2024 10:43 PM, Sean Christopherson wrote:
On Thu, May 16, 2024, Weijiang Yang wrote:
On 5/6/2024 5:41 PM, Yang, Weijiang wrote:
On 5/2/2024 7:34 AM, Sean Christopherson wrote:
On Sun, Feb 18, 2024, Yang Weijiang wrote:
@@ -665,7 +665,7 @@ void kvm_set_cpu_caps(void)
          F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
          F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
          F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ |
-        F(SGX_LC) | F(BUS_LOCK_DETECT)
+        F(SGX_LC) | F(BUS_LOCK_DETECT) | F(SHSTK)
      );
      /* Set LA57 based on hardware capability. */
      if (cpuid_ecx(7) & F(LA57))
@@ -683,7 +683,8 @@ void kvm_set_cpu_caps(void)
          F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) |
          F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) |
          F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) |
-        F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D)
+        F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) |
+        F(IBT)
      );
...

@@ -7977,6 +7993,18 @@ static __init void vmx_set_cpu_caps(void)
        if (cpu_has_vmx_waitpkg())
          kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
+
+    /*
+     * Disable CET if unrestricted_guest is unsupported as KVM doesn't
+     * enforce CET HW behaviors in emulator. On platforms with
+     * VMX_BASIC[bit56] == 0, inject #CP at VMX entry with error code
+     * fails, so disable CET in this case too.
+     */
+    if (!cpu_has_load_cet_ctrl() || !enable_unrestricted_guest ||
+        !cpu_has_vmx_basic_no_hw_errcode()) {
+        kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
+        kvm_cpu_cap_clear(X86_FEATURE_IBT);
+    }
Oh!  Almost missed it.  This patch should explicitly kvm_cpu_cap_clear()
X86_FEATURE_SHSTK and X86_FEATURE_IBT.  We *know* there are upcoming AMD CPUs
that support at least SHSTK, so enumerating support for common code would yield
a version of KVM that incorrectly advertises support for SHSTK.

I hope to land both Intel and AMD virtualization in the same kernel release, but
there are no guarantees that will happen.  And explicitly clearing both SHSTK and
IBT would guard against IBT showing up in some future AMD CPU in advance of KVM
gaining full support.
Let me be clear on this, you want me to disable SHSTK/IBT with
kvm_cpu_cap_clear() unconditionally for now in this patch, and wait until
both AMD's SVM patches and this series are ready for guest CET, then remove
the disabling code in this patch for final merge, am I right?
No, allow it to be enabled for VMX, but explicitly disable it for SVM, i.e.

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 4aaffbf22531..b3df12af4ee6 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5125,6 +5125,10 @@ static __init void svm_set_cpu_caps(void)
kvm_caps.supported_perf_cap = 0;
kvm_caps.supported_xss = 0;
+ /* KVM doesn't yet support CET virtualization for SVM. */
+ kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
+ kvm_cpu_cap_clear(X86_FEATURE_IBT);
+
/* CPUID 0x80000001 and 0x8000000A (SVM features) */
if (nested) {
kvm_cpu_cap_set(X86_FEATURE_SVM);

Then the SVM series can simply delete those lines when all is ready.

Understood, thanks!