From: Sean Christopherson <seanjc@google.com>
To: Chao Gao <chao.gao@intel.com>
Cc: "Xin Li (Intel)" <xin@zytor.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
linux-doc@vger.kernel.org, pbonzini@redhat.com, corbet@lwn.net,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
luto@kernel.org, peterz@infradead.org,
andrew.cooper3@citrix.com, hch@infradead.org,
sohil.mehta@intel.com
Subject: Re: [PATCH v9 15/22] KVM: x86: Mark CR4.FRED as not reserved
Date: Wed, 4 Mar 2026 16:58:14 -0800 [thread overview]
Message-ID: <aajVJlU2Zg4Djqqz@google.com> (raw)
In-Reply-To: <aR1xNLrhqEWu+rmE@intel.com>
On Wed, Nov 19, 2025, Chao Gao wrote:
> On Sun, Oct 26, 2025 at 01:19:03PM -0700, Xin Li (Intel) wrote:
> >From: Xin Li <xin3.li@intel.com>
> >
> >The CR4.FRED bit, i.e., CR4[32], is no longer a reserved bit when
> >guest cpu cap has FRED, i.e.,
> > 1) All of FRED KVM support is in place.
> > 2) Guest enumerates FRED.
> >
> >Otherwise it is still a reserved bit.
> >
> >Signed-off-by: Xin Li <xin3.li@intel.com>
> >Signed-off-by: Xin Li (Intel) <xin@zytor.com>
> >Tested-by: Shan Kang <shan.kang@intel.com>
> >Tested-by: Xuelian Guo <xuelian.guo@intel.com>
>
> I am not sure about two things regarding CR4.FRED and emulator code:
>
> 1. Should kvm_set_cr4() reject setting CR4.FRED when the vCPU isn't in long
> mode? The concern is that emulator code may call kvm_set_cr4(). This could
> cause VM-entry failure if CR4.FRED is set in other modes.
This has nothing to do with the emulator, KVM will intercept and emulate all
CR4 writes that toggle CR4.FRED. KVM also needs to enforce leaving 64-bit mode
with CR4.FRED=1.
> 2. mk_cr_64() drops the high 32 bits of the new CR4 value. So, CR4.FRED is always
> dropped. This may need an update.
Ugh, I didn't realize FRED broke into bits 63:32. Yeah, that needs to be updated,
and _that_ one is unique to the emulator.
Unless Chao and I can't read code and are missing magic, KVM's virtualization of
FRED is quite lacking.
More importantly, I don't see *any* tests. At a bare minimum, KVM's msrs_test
needs to be updated too get coverage for userspace vs. guest accesses, save/restore
needs to be covered (maybe nothing additional required?), and there need to be
negative tests for things like leaving 64-bit mode with FRED=1. We can probably
get enough confidence in the "happy" paths just by running VMs, but even then I
would ideally like to see tests for edge cases that are relatively rare when just
running a VM.
I'm straight up not going to look at new versions if there aren't tests. Like
CET before it, both Intel and AMD are pushing FRED and want to get it merged,
yet no one is providing tests. That's not going to fly this time, as I don't
have the bandwidth to help write the number of testcases FRED warrants.
next prev parent reply other threads:[~2026-03-05 0:58 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-26 20:18 [PATCH v9 00/22] Enable FRED with KVM VMX Xin Li (Intel)
2025-10-26 20:18 ` [PATCH v9 01/22] KVM: VMX: Enable support for secondary VM exit controls Xin Li (Intel)
2025-10-26 20:18 ` [PATCH v9 02/22] KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config Xin Li (Intel)
2026-01-20 9:24 ` Binbin Wu
2026-01-22 17:57 ` Xin Li
2025-10-26 20:18 ` [PATCH v9 03/22] KVM: VMX: Disable FRED if FRED consistency checks fail Xin Li (Intel)
2026-03-05 0:25 ` Sean Christopherson
2025-10-26 20:18 ` [PATCH v9 04/22] x86/cea: Prefix event stack names with ESTACK_ Xin Li (Intel)
2025-10-26 20:18 ` [PATCH v9 05/22] x86/cea: Use array indexing to simplify exception stack access Xin Li (Intel)
2025-10-27 15:49 ` Dave Hansen
2025-10-28 2:31 ` Xin Li
2026-01-30 13:42 ` Borislav Petkov
2025-10-26 20:18 ` [PATCH v9 06/22] x86/cea: Export __this_cpu_ist_top_va() to KVM Xin Li (Intel)
2025-10-27 15:50 ` Dave Hansen
2026-01-30 13:46 ` Borislav Petkov
2026-01-30 16:35 ` Xin Li
2026-01-30 17:56 ` Borislav Petkov
2026-03-07 7:38 ` Xin Li
2026-03-09 15:24 ` Sean Christopherson
2026-03-09 22:57 ` Xin Li
2025-10-26 20:18 ` [PATCH v9 07/22] KVM: VMX: Initialize VMCS FRED fields Xin Li (Intel)
2025-11-19 2:44 ` Chao Gao
2026-01-21 6:44 ` Binbin Wu
2026-01-21 18:14 ` Xin Li
2026-01-22 0:45 ` Xin Li
2026-01-22 1:56 ` Binbin Wu
2026-01-22 17:22 ` Xin Li
2026-03-04 16:23 ` Sean Christopherson
2026-03-05 5:27 ` Xin Li
2026-03-05 15:21 ` Sean Christopherson
2026-03-05 17:25 ` Xin Li
2025-10-26 20:18 ` [PATCH v9 08/22] KVM: VMX: Set FRED MSR intercepts Xin Li (Intel)
2025-11-12 5:49 ` Chao Gao
2026-03-05 0:48 ` Sean Christopherson
2026-03-05 5:56 ` Xin Li
2026-03-06 2:30 ` Chao Gao
2026-03-06 15:54 ` Sean Christopherson
2026-01-16 19:49 ` Dave Hansen
2026-01-17 0:43 ` H. Peter Anvin
2025-10-26 20:18 ` [PATCH v9 09/22] KVM: VMX: Save/restore guest FRED RSP0 Xin Li (Intel)
2025-11-12 5:59 ` Chao Gao
2026-01-21 7:23 ` Binbin Wu
2025-10-26 20:18 ` [PATCH v9 10/22] KVM: VMX: Add support for saving and restoring FRED MSRs Xin Li (Intel)
2025-11-12 6:16 ` Chao Gao
2025-12-01 6:20 ` Xin Li
2025-10-26 20:18 ` [PATCH v9 11/22] KVM: x86: Add a helper to detect if FRED is enabled for a vCPU Xin Li (Intel)
2025-11-12 6:19 ` Chao Gao
2026-01-21 8:05 ` Binbin Wu
2026-01-21 16:46 ` Xin Li
2026-01-21 20:24 ` Sean Christopherson
2026-01-21 22:38 ` Xin Li
2025-10-26 20:19 ` [PATCH v9 12/22] KVM: VMX: Virtualize FRED event_data Xin Li (Intel)
2025-11-19 3:24 ` Chao Gao
2026-01-29 17:12 ` Xin Li
2026-01-29 17:21 ` H. Peter Anvin
2026-01-29 22:50 ` Xin Li
2026-03-04 16:42 ` Sean Christopherson
2025-10-26 20:19 ` [PATCH v9 13/22] KVM: VMX: Virtualize FRED nested exception tracking Xin Li (Intel)
2025-11-19 6:54 ` Chao Gao
2026-03-07 2:07 ` Sean Christopherson
2026-03-07 3:05 ` Xin Li
2025-10-26 20:19 ` [PATCH v9 14/22] KVM: x86: Save/restore the nested flag of an exception Xin Li (Intel)
2025-11-19 6:13 ` Chao Gao
2025-10-26 20:19 ` [PATCH v9 15/22] KVM: x86: Mark CR4.FRED as not reserved Xin Li (Intel)
2025-11-19 7:26 ` Chao Gao
2026-03-05 0:58 ` Sean Christopherson [this message]
2026-03-05 7:20 ` Xin Li
2026-03-05 15:35 ` Sean Christopherson
2026-03-05 17:09 ` Xin Li
2026-03-05 17:46 ` Xin Li
2026-03-06 5:33 ` Chao Gao
2025-10-26 20:19 ` [PATCH v9 16/22] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li (Intel)
2025-11-19 7:40 ` Chao Gao
2025-11-30 18:42 ` Xin Li
2025-10-26 20:19 ` [PATCH v9 17/22] KVM: x86: Advertise support for FRED Xin Li (Intel)
2025-11-12 7:30 ` Chao Gao
2026-01-20 6:56 ` Xin Li
2026-01-20 8:07 ` Chao Gao
2026-01-20 9:09 ` Xin Li
2026-01-20 9:46 ` Binbin Wu
2026-01-20 15:25 ` Sean Christopherson
2026-01-20 18:04 ` Xin Li
2026-01-20 17:58 ` Xin Li
2025-10-26 20:19 ` [PATCH v9 18/22] KVM: nVMX: Enable support for secondary VM exit controls Xin Li (Intel)
2025-11-12 13:42 ` Chao Gao
2025-10-26 20:19 ` [PATCH v9 19/22] KVM: nVMX: Handle FRED VMCS fields in nested VMX context Xin Li (Intel)
2025-12-02 6:32 ` Chao Gao
2026-01-20 6:30 ` Xin Li
2026-01-20 16:07 ` Dave Hansen
2026-01-20 18:10 ` Xin Li
2026-01-21 0:44 ` Chao Gao
2026-01-22 16:52 ` Xin Li
2025-12-08 22:37 ` Sean Christopherson
2025-10-26 20:19 ` [PATCH v9 20/22] KVM: nVMX: Validate FRED-related VMCS fields Xin Li (Intel)
2025-11-13 3:00 ` Chao Gao
2026-01-20 9:19 ` Xin Li
2026-01-21 2:33 ` Chao Gao
2025-10-26 20:19 ` [PATCH v9 21/22] KVM: nVMX: Guard SHADOW_FIELD_R[OW] macros with VMX feature checks Xin Li (Intel)
2025-12-02 6:35 ` Chao Gao
2025-12-08 22:49 ` Sean Christopherson
2025-10-26 20:19 ` [PATCH v9 22/22] KVM: nVMX: Enable VMX FRED controls Xin Li (Intel)
2025-11-13 3:20 ` Chao Gao
2025-11-06 17:35 ` [PATCH v9 00/22] Enable FRED with KVM VMX Xin Li
2025-11-13 22:20 ` Sean Christopherson
2025-12-08 22:51 ` Sean Christopherson
2025-12-09 17:08 ` Xin Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aajVJlU2Zg4Djqqz@google.com \
--to=seanjc@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sohil.mehta@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox