On 9/25/2024 7:12 AM, Sean Christopherson wrote:
On Wed, Sep 18, 2024, Xin Li wrote:
You mean the following patch set, right?
Yep, and presumably the KVM support as well:
I assume it's close to KVM upstreaming criteria :)
https://lore.kernel.org/all/20240219074733.122080-1-weijiang.yang@intel.com
https://lore.kernel.org/kvm/20240531090331.13713-1-weijiang.yang@intel.com/
...
When FRED is advertised to a guest, KVM should allow FRED SSP MSRs accesses through disabling FRED SSP MSRs interception no matter whether supervisor shadow stacks are enabled or not.
KVM doesn't necessarily need to disabling MSR interception, e.g. if the expectation is that the guest will rarely/never access the MSRs when CET is unsupported, then we're likely better off going with a trap-and-emulate model. KVM needs to emulate RDMSR and WRMSR no matter what, e.g. in case the guest triggers a WRMSR when KVM is emulating, and so that userspace can get/set MSR values.
And this means that yes, FRED virtualization needs to land after CET virtualization, otherwise managing the conflicts/dependencies will be a nightmare.
No argument.
Thanks! Xin