Commit 38c46bdb authored by John Allen's avatar John Allen Committed by Sean Christopherson
Browse files

KVM: SVM: Pass through shadow stack MSRs as appropriate 



Pass through XSAVE managed CET MSRs on SVM when KVM supports shadow
stack. These cannot be intercepted without also intercepting XSAVE which
would likely cause unacceptable performance overhead.
MSR_IA32_INT_SSP_TAB is not managed by XSAVE, so it is intercepted.

Reviewed-by: default avatarChao Gao <chao.gao@intel.com>
Signed-off-by: default avatarJohn Allen <john.allen@amd.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-39-seanjc@google.com


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent c7586aa3

arch/x86/kvm/svm/svm.c

+11 −0
Original line number Diff line number Diff line
@@ -844,6 +844,17 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu *vcpu) 
		svm_disable_intercept_for_msr(vcpu, MSR_IA32_MPERF, MSR_TYPE_R);

	}



	if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {

		bool shstk_enabled = guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK);



		svm_set_intercept_for_msr(vcpu, MSR_IA32_U_CET, MSR_TYPE_RW, !shstk_enabled);

		svm_set_intercept_for_msr(vcpu, MSR_IA32_S_CET, MSR_TYPE_RW, !shstk_enabled);

		svm_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP, MSR_TYPE_RW, !shstk_enabled);

		svm_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP, MSR_TYPE_RW, !shstk_enabled);

		svm_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP, MSR_TYPE_RW, !shstk_enabled);

		svm_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, !shstk_enabled);

	}



	if (sev_es_guest(vcpu->kvm))

		sev_es_recalc_msr_intercepts(vcpu);