Re: [RFC PATCH v2] x86/sev-es: Include XSS value in GHCB CPUID request

[John Allen]

On Thu, Jun 15, 2023 at 01:52:55PM +0200, Borislav Petkov wrote:
> On Wed, May 24, 2023 at 03:56:19PM +0000, John Allen wrote:
> > +	if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx <= 1) {
> > +		unsigned long lo, hi;
> > +		u64 xss;
> > +
> > +		/*
> > +		 * Since vc_handle_cpuid may be used during early boot, the
> > +		 * rdmsr wrappers are incompatible and should not be used.
> > +		 * Invoke the instruction directly.
> > +		 */
> > +		asm volatile("rdmsr" : "=a" (lo), "=d" (hi)
> > +			     : "c" (MSR_IA32_XSS));
> > +		xss = (hi << 32) | lo;
> > +		ghcb_set_xss(ghcb, xss);
> 
> $ git grep ghcb_set_xss
> $
> 
> So this patch needs some tree which I'm not aware of.
> 
> Also, this passing through of host XSS to the guest looks like it is
> bypassing the vcpu->arch.ia32_xss copy which KVM seems to maintain. It
> looks to me like the handling needs to be synchronized with it or so.

Hi Boris,

Yeah, sorry, this is confusing. This patch is logically part of the SVM
shadow stack support series:
https://lore.kernel.org/all/20230524155339.415820-1-john.allen@xxxxxxx/

Since this patch is for the guest kernel, it is meant for the tip tree
rather than the kvm tree so I sent it as a separate patch. However, as
you noted, this patch depends on patch 5/6 of that series to introduce
the ghcb_set_xss function. How would you advise that I handle this
entanglement in the next series?

Thanks,
John