On Thu, 2023-05-04 at 09:20 +0800, Yang, Weijiang wrote:
On 5/4/2023 1:07 AM, Edgecombe, Rick P wrote:What aspect of the spec is this?
On Fri, 2023-04-21 at 09:46 -0400, Yang Weijiang wrote:I don't know how SVM supports supervisor SHSTK either, here just
+Why is this tied to XFEATURE_MASK_CET_KERNEL? I don't know how the
+ incpt = !is_cet_state_supported(vcpu,
XFEATURE_MASK_CET_KERNEL);
+ incpt |= !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
+
+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB,
MSR_TYPE_RW, incpt);
+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL0_SSP,
MSR_TYPE_RW, incpt);
+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL1_SSP,
MSR_TYPE_RW, incpt);
+ vmx_set_intercept_for_msr(vcpu, MSR_IA32_PL2_SSP,
MSR_TYPE_RW, incpt);
}
SVM
side works, but the host kernel doesn't use this xfeature. Just not
clear on what the intention is. Why not use
kvm_cet_kernel_shstk_supported() again?
follows
the spec.
to add the dependency check. Maybe you're right, I need to useOh, I see the the SVM patch [0] is adding XFEATURE_MASK_CET_KERNEL to
kvm_cet_kernel_shstk_supported()
in my patch set and leave the work to SVM enabling patches. I'll
change
it, thanks!
kvm_caps.supported_xss as long as kvm_cpu_cap_has(X86_FEATURE_SHSTK).
And it does not look to be checking XSS host support like how
kvm_caps.supported_xss is set in your patch. It should depend on host
support, right?
Is that the intent of kvm_caps.supported_xss?
Separate from all that, the code above is in VMX, so not sure how it
affects SVM in any case.
I might be confused here. The code just looked suspicious.
[0]
https://lore.kernel.org/kvm/20221012203910.204793-8-john.allen@xxxxxxx/