Re: [PATCH v5 17/19] KVM:x86: Enable guest CET supervisor xstate bit support

From: Yang, Weijiang
Date: Wed Aug 09 2023 - 02:07:55 EST


On 8/5/2023 6:02 AM, Paolo Bonzini wrote:
On 8/3/23 06:27, Yang Weijiang wrote:
      if (boot_cpu_has(X86_FEATURE_XSAVES)) {
+        u32 eax, ebx, ecx, edx;
+
+        cpuid_count(0xd, 1, &eax, &ebx, &ecx, &edx);
          rdmsrl(MSR_IA32_XSS, host_xss);
          kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS;
+        if (ecx & XFEATURE_MASK_CET_KERNEL)
+            kvm_caps.supported_xss |= XFEATURE_MASK_CET_KERNEL;
      }

This is a bit hackish and makes me lean more towards adding support for XFEATURE_MASK_CET_KERNEL in host MSR_IA32_XSS (and then possibly hide it in the actual calls to XSAVE/XRSTORS for non-guest FPU).
Yes, if kernel can support CET_U/S bits in XSS, things would be much easier.
But if CET_S bit cannot be enabled for somehow,  we may have KVM emulation
for it.
Paolo