From: Zhao Liu <zhao1.liu@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
Chao Gao <chao.gao@intel.com>, Xin Li <xin@zytor.com>,
John Allen <john.allen@amd.com>, Babu Moger <babu.moger@amd.com>,
Mathias Krause <minipli@grsecurity.net>,
Dapeng Mi <dapeng1.mi@intel.com>, Zide Chen <zide.chen@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Chenyi Qiang <chenyi.qiang@intel.com>,
Farrah Chen <farrah.chen@intel.com>,
Zhao Liu <zhao1.liu@intel.com>
Subject: Re: [PATCH v4 17/23] i386/cpu: Migrate MSR_IA32_PL0_SSP for FRED and CET-SHSTK
Date: Wed, 3 Dec 2025 16:01:37 +0800 [thread overview]
Message-ID: <aS/uYR8n7j4OjK/p@intel.com> (raw)
In-Reply-To: <3103289d-e86c-486d-a3c0-95d7615099c6@redhat.com>
On Mon, Dec 01, 2025 at 06:01:48PM +0100, Paolo Bonzini wrote:
> Date: Mon, 1 Dec 2025 18:01:48 +0100
> From: Paolo Bonzini <pbonzini@redhat.com>
> Subject: Re: [PATCH v4 17/23] i386/cpu: Migrate MSR_IA32_PL0_SSP for FRED
> and CET-SHSTK
>
> On 11/18/25 04:42, Zhao Liu wrote:
> > From: "Xin Li (Intel)" <xin@zytor.com>
> >
> > Both FRED and CET-SHSTK need MSR_IA32_PL0_SSP, so add the vmstate for
> > this MSR.
> >
> > When CET-SHSTK is not supported, MSR_IA32_PL0_SSP keeps accessible, but
> > its value doesn't take effect. Therefore, treat this vmstate as a
> > subsection rather than a fix for the previous FRED vmstate.
> >
> > Tested-by: Farrah Chen <farrah.chen@intel.com>
> > Signed-off-by: Xin Li (Intel) <xin@zytor.com>
> > Co-developed-by: Zhao Liu <zhao1.liu@intel.com>
> > Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> > ---
> > Changes Since v3:
> > - New commit.
> > ---
> > target/i386/machine.c | 26 ++++++++++++++++++++++++++
> > 1 file changed, 26 insertions(+)
> >
> > diff --git a/target/i386/machine.c b/target/i386/machine.c
> > index 45b7cea80aa7..0a756573b6cd 100644
> > --- a/target/i386/machine.c
> > +++ b/target/i386/machine.c
> > @@ -1668,6 +1668,31 @@ static const VMStateDescription vmstate_triple_fault = {
> > }
> > };
> > +static bool pl0_ssp_needed(void *opaque)
> > +{
> > + X86CPU *cpu = opaque;
> > + CPUX86State *env = &cpu->env;
> > +
> > +#ifdef TARGET_X86_64
> > + if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) {
> > + return true;
> > + }
> > +#endif
> > +
> > + return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_CET_SHSTK);
>
> Can you just make it return "!!(env->pl0_ssp)"? If all of these bits are
> zero the MSR will not be settable, and this way you can migrate VMs as long
> as they don't use PL0_SSP.
Yes, it's a good idea.
Thanks,
Zhao
next prev parent reply other threads:[~2025-12-03 7:36 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-18 3:42 [PATCH v4 00/23] i386: Support CET for KVM Zhao Liu
2025-11-18 3:42 ` [PATCH v4 01/23] i386/cpu: Clean up indent style of x86_ext_save_areas[] Zhao Liu
2025-11-18 3:42 ` [PATCH v4 02/23] i386/cpu: Clean up arch lbr xsave struct and comment Zhao Liu
2025-11-18 3:42 ` [PATCH v4 03/23] i386/cpu: Reorganize arch lbr structure definitions Zhao Liu
2025-11-18 3:42 ` [PATCH v4 04/23] i386/cpu: Make ExtSaveArea store an array of dependencies Zhao Liu
2025-11-18 3:42 ` [PATCH v4 05/23] i386/cpu: Add avx10 dependency for Opmask/ZMM_Hi256/Hi16_ZMM Zhao Liu
2025-11-18 3:42 ` [PATCH v4 06/23] i386/kvm: Initialize x86_ext_save_areas[] based on KVM support Zhao Liu
2025-12-01 16:01 ` Paolo Bonzini
2025-12-03 8:00 ` Zhao Liu
2025-12-03 11:30 ` Zhao Liu
2025-11-18 3:42 ` [PATCH v4 07/23] i386/cpu: Use x86_ext_save_areas[] for CPUID.0XD subleaves Zhao Liu
2025-11-18 3:42 ` [PATCH v4 08/23] i386/cpu: Reorganize dependency check for arch lbr state Zhao Liu
2025-11-18 3:42 ` [PATCH v4 09/23] i386/cpu: Drop pmu check in CPUID 0x1C encoding Zhao Liu
2025-11-18 3:42 ` [PATCH v4 10/23] i386/cpu: Fix supervisor xstate initialization Zhao Liu
2025-11-18 3:42 ` [PATCH v4 11/23] i386/cpu: Add missing migratable xsave features Zhao Liu
2025-11-18 3:42 ` [PATCH v4 12/23] i386/cpu: Enable xsave support for CET states Zhao Liu
2025-11-18 3:42 ` [PATCH v4 13/23] i386/cpu: Add CET support in CR4 Zhao Liu
2025-11-18 3:42 ` [PATCH v4 14/23] i386/cpu: Save/restore SSP0 MSR for FRED Zhao Liu
2025-11-18 3:42 ` [PATCH v4 15/23] i386/kvm: Add save/restore support for CET MSRs Zhao Liu
2025-11-18 3:42 ` [PATCH v4 16/23] i386/kvm: Add save/restore support for KVM_REG_GUEST_SSP Zhao Liu
2025-11-18 3:42 ` [PATCH v4 17/23] i386/cpu: Migrate MSR_IA32_PL0_SSP for FRED and CET-SHSTK Zhao Liu
2025-12-01 17:01 ` Paolo Bonzini
2025-12-03 8:01 ` Zhao Liu [this message]
2025-11-18 3:42 ` [PATCH v4 18/23] i386/machine: Add vmstate for cet-shstk and cet-ibt Zhao Liu
2025-11-18 3:42 ` [PATCH v4 19/23] i386/cpu: Mark cet-u & cet-s xstates as migratable Zhao Liu
2025-11-18 3:42 ` [PATCH v4 20/23] i386/cpu: Advertise CET related flags in feature words Zhao Liu
2025-11-18 3:42 ` [PATCH v4 21/23] i386/cpu: Enable cet-ss & cet-ibt for supported CPU models Zhao Liu
2025-11-18 3:42 ` [PATCH v4 22/23] i386/tdx: Fix missing spaces in tdx_xfam_deps[] Zhao Liu
2025-11-18 3:42 ` [PATCH v4 23/23] i386/tdx: Add CET SHSTK/IBT into the supported CPUID by XFAM Zhao Liu
2025-12-01 17:10 ` [PATCH v4 00/23] i386: Support CET for KVM Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aS/uYR8n7j4OjK/p@intel.com \
--to=zhao1.liu@intel.com \
--cc=babu.moger@amd.com \
--cc=chao.gao@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=dapeng1.mi@intel.com \
--cc=farrah.chen@intel.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=xiaoyao.li@intel.com \
--cc=xin@zytor.com \
--cc=zide.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.