On Fri, 2023-11-24 at 00:53 -0500, Yang Weijiang wrote: > Use the governed feature framework to track whether X86_FEATURE_SHSTK > and X86_FEATURE_IBT features can be used by userspace and guest, i.e., > the features can be used iff both KVM and guest CPUID can support them. > > TODO: remove this patch once Sean's refactor to "KVM-governed" framework > is upstreamed. See the work here [*]. > > [*]: https://lore.kernel.org/all/20231110235528.1561679-1-seanjc@xxxxxxxxxx/ > > Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx> > --- > arch/x86/kvm/governed_features.h | 2 ++ > arch/x86/kvm/vmx/vmx.c | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h > index 423a73395c10..db7e21c5ecc2 100644 > --- a/arch/x86/kvm/governed_features.h > +++ b/arch/x86/kvm/governed_features.h > @@ -16,6 +16,8 @@ KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) > KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) > KVM_GOVERNED_X86_FEATURE(VGIF) > KVM_GOVERNED_X86_FEATURE(VNMI) > +KVM_GOVERNED_X86_FEATURE(SHSTK) > +KVM_GOVERNED_X86_FEATURE(IBT) > > #undef KVM_GOVERNED_X86_FEATURE > #undef KVM_GOVERNED_FEATURE > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index d3d0d74fef70..f6ad5ba5d518 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -7762,6 +7762,8 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); > > kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); > + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_SHSTK); > + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_IBT); > > vmx_setup_uret_msrs(vmx); > Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx> Best regards, Maxim Levitsky
