Re: [PATCH v9 15/22] KVM: x86: Mark CR4.FRED as not reserved
From: Sean Christopherson
Date: Wed Mar 04 2026 - 19:59:03 EST
On Wed, Nov 19, 2025, Chao Gao wrote:
> On Sun, Oct 26, 2025 at 01:19:03PM -0700, Xin Li (Intel) wrote:
> >From: Xin Li <xin3.li@xxxxxxxxx>
> >
> >The CR4.FRED bit, i.e., CR4[32], is no longer a reserved bit when
> >guest cpu cap has FRED, i.e.,
> > 1) All of FRED KVM support is in place.
> > 2) Guest enumerates FRED.
> >
> >Otherwise it is still a reserved bit.
> >
> >Signed-off-by: Xin Li <xin3.li@xxxxxxxxx>
> >Signed-off-by: Xin Li (Intel) <xin@xxxxxxxxx>
> >Tested-by: Shan Kang <shan.kang@xxxxxxxxx>
> >Tested-by: Xuelian Guo <xuelian.guo@xxxxxxxxx>
>
> I am not sure about two things regarding CR4.FRED and emulator code:
>
> 1. Should kvm_set_cr4() reject setting CR4.FRED when the vCPU isn't in long
> mode? The concern is that emulator code may call kvm_set_cr4(). This could
> cause VM-entry failure if CR4.FRED is set in other modes.
This has nothing to do with the emulator, KVM will intercept and emulate all
CR4 writes that toggle CR4.FRED. KVM also needs to enforce leaving 64-bit mode
with CR4.FRED=1.
> 2. mk_cr_64() drops the high 32 bits of the new CR4 value. So, CR4.FRED is always
> dropped. This may need an update.
Ugh, I didn't realize FRED broke into bits 63:32. Yeah, that needs to be updated,
and _that_ one is unique to the emulator.
Unless Chao and I can't read code and are missing magic, KVM's virtualization of
FRED is quite lacking.
More importantly, I don't see *any* tests. At a bare minimum, KVM's msrs_test
needs to be updated too get coverage for userspace vs. guest accesses, save/restore
needs to be covered (maybe nothing additional required?), and there need to be
negative tests for things like leaving 64-bit mode with FRED=1. We can probably
get enough confidence in the "happy" paths just by running VMs, but even then I
would ideally like to see tests for edge cases that are relatively rare when just
running a VM.
I'm straight up not going to look at new versions if there aren't tests. Like
CET before it, both Intel and AMD are pushing FRED and want to get it merged,
yet no one is providing tests. That's not going to fly this time, as I don't
have the bandwidth to help write the number of testcases FRED warrants.