On 8/3/23 06:27, Yang Weijiang wrote:Yes, if kernel can support CET_U/S bits in XSS, things would be much easier.
if (boot_cpu_has(X86_FEATURE_XSAVES)) {
+ u32 eax, ebx, ecx, edx;
+
+ cpuid_count(0xd, 1, &eax, &ebx, &ecx, &edx);
rdmsrl(MSR_IA32_XSS, host_xss);
kvm_caps.supported_xss = host_xss & KVM_SUPPORTED_XSS;
+ if (ecx & XFEATURE_MASK_CET_KERNEL)
+ kvm_caps.supported_xss |= XFEATURE_MASK_CET_KERNEL;
}
This is a bit hackish and makes me lean more towards adding support for XFEATURE_MASK_CET_KERNEL in host MSR_IA32_XSS (and then possibly hide it in the actual calls to XSAVE/XRSTORS for non-guest FPU).
Paolo