When FRED is advertised to a guest, KVM should allow FRED SSP MSRs
accesses through disabling FRED SSP MSRs interception no matter whether
supervisor shadow stacks are enabled or not.
KVM doesn't necessarily need to disabling MSR interception, e.g. if
the expectation
is that the guest will rarely/never access the MSRs when CET is
unsupported, then
we're likely better off going with a trap-and-emulate model. KVM
needs to emulate
RDMSR and WRMSR no matter what, e.g. in case the guest triggers a
WRMSR when KVM
is emulating, and so that userspace can get/set MSR values.
And this means that yes, FRED virtualization needs to land after CET
virtualization,
otherwise managing the conflicts/dependencies will be a nightmare.
I still plan to send another iteration of the FRED patch set for review,
however I haven't seen your x86 KVM changes land into Linus' tree, it
will happen soon, right?
No argument.
