hv: Disable XSAVE-managed CET state of guest VM

To hide CET feature from guest VM completely, the MSR IA32_MSR_XSS also
need to be intercepted because it comprises CET_U and CET_S feature bits
of xsave/xstors operations. Mask these two bits in IA32_MSR_XSS writing.

With IA32_MSR_XSS interception, member 'xss' of 'struct ext_context' can
be removed because it is duplicated with the MSR store array
'vcpu->arch.guest_msrs[]'.

Tracked-On: #5074
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>

hypervisor/include/arch/x86/cpu.h

@@ -404,7 +404,6 @@ struct ext_context {
 
 	struct xsave_area xs_area;
 	uint64_t xcr0;
-	uint64_t xss;
 };
 
 struct cpu_context {

hypervisor/include/arch/x86/guest/vcpu.h

@@ -164,7 +164,7 @@ enum reset_mode;
 #define SECURE_WORLD	1
 
 #define NUM_WORLD_MSRS		2U
-#define NUM_COMMON_MSRS		16U
+#define NUM_COMMON_MSRS		17U
 #define NUM_GUEST_MSRS		(NUM_WORLD_MSRS + NUM_COMMON_MSRS)
 
 #define EOI_EXIT_BITMAP_SIZE	256U
@@ -578,8 +578,8 @@ static inline bool is_pae(struct acrn_vcpu *vcpu)
 struct acrn_vcpu *get_running_vcpu(uint16_t pcpu_id);
 struct acrn_vcpu *get_ever_run_vcpu(uint16_t pcpu_id);
 
-void save_xsave_area(struct ext_context *ectx);
-void rstore_xsave_area(const struct ext_context *ectx);
+void save_xsave_area(struct acrn_vcpu *vcpu, struct ext_context *ectx);
+void rstore_xsave_area(const struct acrn_vcpu *vcpu, const struct ext_context *ectx);
 
 /**
  * @brief create a vcpu for the target vm

hypervisor/include/arch/x86/msr.h

@@ -575,6 +575,12 @@
 #define MSR_IA32_MISC_ENABLE_xTPR		(1UL << 23U)
 #define MSR_IA32_MISC_ENABLE_XD_DISABLE		(1UL << 34U)
 
+/* MSR_IA32_XSS bits */
+#define MSR_IA32_XSS_PT				(1UL << 8U)
+#define MSR_IA32_XSS_CET_U			(1UL << 11U)
+#define MSR_IA32_XSS_CET_S			(1UL << 12U)
+#define MSR_IA32_XSS_HDC			(1UL << 13U)
+
 /* Miscellaneous data */
 #define MSR_IA32_MISC_UNRESTRICTED_GUEST	(1U<<5U)