On 9/25/2024 7:12 AM, Sean Christopherson wrote:
On Wed, Sep 18, 2024, Xin Li wrote:
You mean the following patch set, right?
Yep, and presumably the KVM support as well:
I assume it's close to KVM upstreaming criteria :)
https://lore.kernel.org/all/20240219074733.122080-1-weijiang.yang@xxxxxxxxx
https://lore.kernel.org/kvm/20240531090331.13713-1-weijiang.yang@xxxxxxxxx/
...
When FRED is advertised to a guest, KVM should allow FRED SSP MSRs
accesses through disabling FRED SSP MSRs interception no matter whether
supervisor shadow stacks are enabled or not.
KVM doesn't necessarily need to disabling MSR interception, e.g. if the expectation
is that the guest will rarely/never access the MSRs when CET is unsupported, then
we're likely better off going with a trap-and-emulate model. KVM needs to emulate
RDMSR and WRMSR no matter what, e.g. in case the guest triggers a WRMSR when KVM
is emulating, and so that userspace can get/set MSR values.
And this means that yes, FRED virtualization needs to land after CET virtualization,
otherwise managing the conflicts/dependencies will be a nightmare.
No argument.
Thanks!
Xin
