On 8/5/2023 6:02 AM, Paolo Bonzini wrote:
On 8/3/23 06:27, Yang Weijiang wrote:if (boot_cpu_has(X86_FEATURE_XSAVES)) { + u32 eax, ebx, ecx, edx; + + cpuid_count(0xd, 1, &eax, &ebx, &ecx, &edx); rdmsrl(MSR_IA32_XSS, host_xss); kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS; + if (ecx & XFEATURE_MASK_CET_KERNEL) + kvm_caps.supported_xss |= XFEATURE_MASK_CET_KERNEL; }This is a bit hackish and makes me lean more towards adding support for XFEATURE_MASK_CET_KERNEL in host MSR_IA32_XSS (and then possibly hide it in the actual calls to XSAVE/XRSTORS for non-guest FPU).
Yes, if kernel can support CET_U/S bits in XSS, things would be much easier. But if CET_S bit cannot be enabled for somehow, we may have KVM emulation for it.
Paolo
