On Fri, Aug 04, 2023, Paolo Bonzini wrote: > On 8/4/23 23:27, Sean Christopherson wrote: > > > > + > > > > + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && > > > > + !kvm_cpu_cap_has(X86_FEATURE_IBT)) > > > > + return false; > > > > + > > > > + return msr->host_initiated || > > > > + guest_cpuid_has(vcpu, X86_FEATURE_IBT) || > > > > + guest_cpuid_has(vcpu, X86_FEATURE_SHSTK); > > > > Similar to my suggestsion for XSS, I think we drop the waiver for host_initiated > > accesses, i.e. require the feature to be enabled and exposed to the guest, even > > for the host. > > No, please don't. Allowing host-initiated accesses is what makes it > possible to take the list of MSR indices and pass it blindly to KVM_GET_MSR > and KVM_SET_MSR. I don't see how that can work today. Oooh, the MSRs that don't exempt host_initiated are added to the list of MSRs to save/restore, i.e. KVM "silently" supports MSR_AMD64_OSVW_ID_LENGTH and MSR_AMD64_OSVW_STATUS. And guest_pv_has() returns true unless userspace has opted in to enforcement. Sad panda. That means we need to figure out a solution for KVM stuffing GUEST_SSP on RSM, which is a "host" write but a guest controlled value.
