On 22/11/24 07:49, Chao Gao wrote:
>> +static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu)
>> +{
>> + struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
>> +
>> + if (static_cpu_has(X86_FEATURE_XSAVE) &&
>> + kvm_host.xcr0 != (kvm_tdx->xfam & kvm_caps.supported_xcr0))
>> + xsetbv(XCR_XFEATURE_ENABLED_MASK, kvm_host.xcr0);
>> + if (static_cpu_has(X86_FEATURE_XSAVES) &&
>> + /* PT can be exposed to TD guest regardless of KVM's XSS support */
>> + kvm_host.xss != (kvm_tdx->xfam &
>> + (kvm_caps.supported_xss | XFEATURE_MASK_PT |
>> + XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)))
>
> Should we drop CET/PT from this series? I think they are worth a new
> patch/series.
>
>> + wrmsrl(MSR_IA32_XSS, kvm_host.xss);
>> + if (static_cpu_has(X86_FEATURE_PKU) &&
>
> How about using cpu_feature_enabled()? It is used in kvm_load_host_xsave_state()
> It handles the case where CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not
> enabled.
Seems reasonable
>
>> + (kvm_tdx->xfam & XFEATURE_MASK_PKRU))
>> + write_pkru(vcpu->arch.host_pkru);
>
> If host_pkru happens to match the hardware value after TD-exits, the write can
> be omitted, similar to what is done above for xss and xcr0.
>
>> +}
