On Tue, Aug 01, 2023 at 09:28:11AM -0700, Sean Christopherson wrote: > On Tue, Aug 01, 2023, John Allen wrote: > > On Fri, Jun 23, 2023 at 02:11:46PM -0700, Sean Christopherson wrote: > > > On Wed, May 24, 2023, John Allen wrote: > > > As for the values themselves, the kernel doesn't support Supervisor Shadow Stacks > > > (SSS), so PL0-2_SSP are guaranteed to be zero. And if/when SSS support is added, > > > I doubt the kernel will ever use PL1_SSP or PL2_SSP, so those can probably be > > > ignored entirely, and PL0_SSP might be constant per task? In other words, I don't > > > see any reason to try and track the host values for support that doesn't exist, > > > just do what VMX does for BNDCFGS and yell if the MSRs are non-zero. Though for > > > SSS it probably makes sense for KVM to refuse to load (KVM continues on for BNDCFGS > > > because it's a pretty safe assumption that the kernel won't regain MPX supported). > > > > > > E.g. in rough pseudocode > > > > > > if (boot_cpu_has(X86_FEATURE_SHSTK)) { > > > rdmsrl(MSR_IA32_PLx_SSP, host_plx_ssp); > > > > > > if (WARN_ON_ONCE(host_pl0_ssp || host_pl1_ssp || host_pl2_ssp)) > > > return -EIO; > > > } > > > > The function in question returns void and wouldn't be able to return a > > failure code to callers. We would have to rework this path in order to > > fail in this way. Is it sufficient to just WARN_ON_ONCE here or is there > > some other way we can cause KVM to fail to load here? > > Sorry, I should have been more explicit than "it probably make sense for KVM to > refuse to load". The above would go somewhere in __kvm_x86_vendor_init(). I see, in that case that change should probably go up with: "KVM:x86: Enable CET virtualization for VMX and advertise to userspace" in Weijiang Yang's series with the rest of the changes to __kvm_x86_vendor_init(). Though I can tack it on in my series if needed.