From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D501E1E0DE3; Wed, 27 Aug 2025 22:25:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756333530; cv=none; b=O7faNNZQ1IsrDU+TAAnrwdIADDw6aNA49T9PQm9x4sBZVQeh6ZF2Rjqa+7Ma3MFWVDDIi9EhYpLp6hYqLjsyDqhS+PwjWGGIZnZx673bKe1Kn8xq0GtCwpoOBLU6B2mOZK21MJPEI5gxhmWshFnEt9vfT3NZA5Nt/nnd3XDa36Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756333530; c=relaxed/simple; bh=IGBw6f+5B1xf5/QSzv1Q2fzVlERKjwE628Jmp2awf6U=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=R6NlpFtpz5+KPLyw0zN7yg9lNc1Dl3FAMGGxByb3biS48jBM7ppQR9R3Qq7J5g6Phd2N9VC7QvpnM38JFBKTU86TtIMNVWohroLD19E58lN1aUEdOHdOdBvQhc5M5cZUg19QZi4IqcIbjzW9e6bXDPeNn92X30wUVLhnbwT2Kok= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=iwRY6+IQ; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="iwRY6+IQ" Received: from [192.168.7.202] ([71.202.166.45]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 57RMOwIS1910154 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 27 Aug 2025 15:24:59 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 57RMOwIS1910154 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025082201; t=1756333500; bh=gmZZLvLa8thUkPawWrdlspY4iU3XSjkjEaMKcMsMj80=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=iwRY6+IQknkmxIGzjshRQyqwReL7Oey4/IT9D4bJZ0iltSz73/AeiqNCQEAAosp/Q CeZGQJ+U5vpFcmUSYfJ/uxzjufWt1YEBSBhXhy4G0uz5ZQIiX7PMJBtw6QPsU/TitC jGJufOgg/hSXI0DAKGoiV/N79HNbyueOCcuExDotJx1mH47VUd+1IqYguNNPTLSiz9 RnssYuwodPSMTSFsrMxgYVv/aikUwc+4WF21s1iwk0wcyMGtMxRgMLNJcL4gLArtZL 6U2732hl6f940l6bvVbIMMp/mfUiCLdmtNcR7FjT/0SknbhiSzL6dVDoWvbNrlW0fJ hXo63sf6R9dNw== Message-ID: <5b1c5f80-bbe1-4294-8ede-5e097e8feda1@zytor.com> Date: Wed, 27 Aug 2025 15:24:58 -0700 Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6 06/20] KVM: VMX: Set FRED MSR intercepts To: Sean Christopherson Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, luto@kernel.org, peterz@infradead.org, andrew.cooper3@citrix.com, chao.gao@intel.com, hch@infradead.org References: <20250821223630.984383-1-xin@zytor.com> <20250821223630.984383-7-xin@zytor.com> <2dd8c323-7654-4a28-86f1-d743b70d10b1@zytor.com> Content-Language: en-US From: Xin Li Autocrypt: addr=xin@zytor.com; keydata= xsDNBGUPz1cBDACS/9yOJGojBFPxFt0OfTWuMl0uSgpwk37uRrFPTTLw4BaxhlFL0bjs6q+0 2OfG34R+a0ZCuj5c9vggUMoOLdDyA7yPVAJU0OX6lqpg6z/kyQg3t4jvajG6aCgwSDx5Kzg5 Rj3AXl8k2wb0jdqRB4RvaOPFiHNGgXCs5Pkux/qr0laeFIpzMKMootGa4kfURgPhRzUaM1vy bsMsL8vpJtGUmitrSqe5dVNBH00whLtPFM7IbzKURPUOkRRiusFAsw0a1ztCgoFczq6VfAVu raTye0L/VXwZd+aGi401V2tLsAHxxckRi9p3mc0jExPc60joK+aZPy6amwSCy5kAJ/AboYtY VmKIGKx1yx8POy6m+1lZ8C0q9b8eJ8kWPAR78PgT37FQWKYS1uAroG2wLdK7FiIEpPhCD+zH wlslo2ETbdKjrLIPNehQCOWrT32k8vFNEMLP5G/mmjfNj5sEf3IOKgMTMVl9AFjsINLHcxEQ 6T8nGbX/n3msP6A36FDfdSEAEQEAAc0WWGluIExpIDx4aW5Aenl0b3IuY29tPsLBDQQTAQgA NxYhBIUq/WFSDTiOvUIqv2u9DlcdrjdRBQJlD89XBQkFo5qAAhsDBAsJCAcFFQgJCgsFFgID AQAACgkQa70OVx2uN1HUpgv/cM2fsFCQodLArMTX5nt9yqAWgA5t1srri6EgS8W3F+3Kitge tYTBKu6j5BXuXaX3vyfCm+zajDJN77JHuYnpcKKr13VcZi1Swv6Jx1u0II8DOmoDYLb1Q2ZW v83W55fOWJ2g72x/UjVJBQ0sVjAngazU3ckc0TeNQlkcpSVGa/qBIHLfZraWtdrNAQT4A1fa sWGuJrChBFhtKbYXbUCu9AoYmmbQnsx2EWoJy3h7OjtfFapJbPZql+no5AJ3Mk9eE5oWyLH+ QWqtOeJM7kKvn/dBudokFSNhDUw06e7EoVPSJyUIMbYtUO7g2+Atu44G/EPP0yV0J4lRO6EA wYRXff7+I1jIWEHpj5EFVYO6SmBg7zF2illHEW31JAPtdDLDHYcZDfS41caEKOQIPsdzQkaQ oW2hchcjcMPAfyhhRzUpVHLPxLCetP8vrVhTvnaZUo0xaVYb3+wjP+D5j/3+hwblu2agPsaE vgVbZ8Fx3TUxUPCAdr/p73DGg57oHjgezsDNBGUPz1gBDAD4Mg7hMFRQqlzotcNSxatlAQNL MadLfUTFz8wUUa21LPLrHBkUwm8RujehJrzcVbPYwPXIO0uyL/F///CogMNx7Iwo6by43KOy g89wVFhyy237EY76j1lVfLzcMYmjBoTH95fJC/lVb5Whxil6KjSN/R/y3jfG1dPXfwAuZ/4N cMoOslWkfZKJeEut5aZTRepKKF54T5r49H9F7OFLyxrC/uI9UDttWqMxcWyCkHh0v1Di8176 jjYRNTrGEfYfGxSp+3jYL3PoNceIMkqM9haXjjGl0W1B4BidK1LVYBNov0rTEzyr0a1riUrp Qk+6z/LHxCM9lFFXnqH7KWeToTOPQebD2B/Ah5CZlft41i8L6LOF/LCuDBuYlu/fI2nuCc8d m4wwtkou1Y/kIwbEsE/6RQwRXUZhzO6llfoN96Fczr/RwvPIK5SVMixqWq4QGFAyK0m/1ap4 bhIRrdCLVQcgU4glo17vqfEaRcTW5SgX+pGs4KIPPBE5J/ABD6pBnUUAEQEAAcLA/AQYAQgA JhYhBIUq/WFSDTiOvUIqv2u9DlcdrjdRBQJlD89ZBQkFo5qAAhsMAAoJEGu9DlcdrjdR4C0L /RcjolEjoZW8VsyxWtXazQPnaRvzZ4vhmGOsCPr2BPtMlSwDzTlri8BBG1/3t/DNK4JLuwEj OAIE3fkkm+UG4Kjud6aNeraDI52DRVCSx6xff3bjmJsJJMb12mWglN6LjdF6K+PE+OTJUh2F dOhslN5C2kgl0dvUuevwMgQF3IljLmi/6APKYJHjkJpu1E6luZec/lRbetHuNFtbh3xgFIJx 2RpgVDP4xB3f8r0I+y6ua+p7fgOjDLyoFjubRGed0Be45JJQEn7A3CSb6Xu7NYobnxfkwAGZ Q81a2XtvNS7Aj6NWVoOQB5KbM4yosO5+Me1V1SkX2jlnn26JPEvbV3KRFcwV5RnDxm4OQTSk PYbAkjBbm+tuJ/Sm+5Yp5T/BnKz21FoCS8uvTiziHj2H7Cuekn6F8EYhegONm+RVg3vikOpn gao85i4HwQTK9/D1wgJIQkdwWXVMZ6q/OALaBp82vQ2U9sjTyFXgDjglgh00VRAHP7u1Rcu4 l75w1xInsg== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 8/26/2025 3:17 PM, Sean Christopherson wrote: >> + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) >> + wrmsrns(MSR_IA32_FRED_SSP0, vmx->msr_guest_fred_ssp0); > FWIW, if we can't get an SDM change, don't bother with RDMSR/WRMSRNS, just > configure KVM to intercept accesses. Then in kvm_set_msr_common(), pivot on > X86_FEATURE_SHSTK, e.g. Intercepting is a solid approach: it ensures the guest value is fully virtual and does not affect the hardware FRED SSP0 MSR. Of course the code is also simplified. > > case MSR_IA32_U_CET: > case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: > if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { > WARN_ON_ONCE(msr != MSR_IA32_FRED_SSP0); > vcpu->arch.fred_rsp0_fallback = data; > break; > } > > kvm_set_xstate_msr(vcpu, msr_info); > break; > > and > > case MSR_IA32_U_CET: > case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP: > if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) { > WARN_ON_ONCE(msr_info->index != MSR_IA32_FRED_SSP0); > vcpu->arch.fred_rsp0_fallback = msr_info->data; > break; > } > > kvm_get_xstate_msr(vcpu, msr_info); > break;