On 12/13/23 18:30, Sean Christopherson wrote:
For now, all we can do is document our wishes, with which userspace had
better comply. Please send a patch to QEMU that makes it obey.
Discussed this early today with Paolo at PUCK and pointed out that (a) the CPU
context switches the underlying state, (b) SVM doesn't allow intercepting*just*
XSAVES, and (c) SNP's AP creation can bypass XSS interception.
So while we all (all == KVM folks) agree that this is rather terrifying, e.g.
gives KVM zero option if there is a hardware issue, it's "fine" to let the guest
use XSAVES/XSS.
Indeed; looks like I've got to queue this for 6.7 after all.
Paolo