On Sun, Mar 10, 2019 at 08:20:30PM +0800, Yang Weijiang wrote: > On Fri, Mar 08, 2019 at 12:32:04PM +0100, Paolo Bonzini wrote: > > On 28/02/19 09:44, Yang Weijiang wrote: > > >>> if (!vmx_xsaves_supported()) > > >>> return 1; > > >>> + > > >>> /* > > >>> - * The only supported bit as of Skylake is bit 8, but > > >>> - * it is not supported on KVM. > > >>> + * Check bits being set are supported in KVM. > > >> I'd drop the comment altogether, it's pretty obvious from the code that > > >> were checking which bits are supported. > > > you won't see these redundancies in next version ;) > > >>> */ > > >>> - if (data != 0) > > >>> + if (data & ~kvm_supported_xss()) > > >>> return 1; > > > > You should instead check this against CPUID[0xD, 1].EDX:ECX. If CET is > > disabled in CPUID, the guest should not be able to set it in MSR_IA32_CSS. > > > > Paolo > Thanks, OK, will change it. Hi, Paolo, How about change kvm_supported_xss() as below so that CPUID[0xd,1] check is implied in host_xss contents, vmx_supported_xss() now just returns host_xss in vmx.c. The purpose of this change is to make XSS data check common for other XSS based features. +u64 kvm_supported_xss(void) +{ + return KVM_SUPPORTED_XSS & kvm_x86_ops->vmx_supported_xss(); +} +