Re: [PATCH v6 01/25] x86/fpu/xstate: Manually check and add XFEATURE_CET_USER xstate bit

[Yang, Weijiang]

On 9/15/2023 6:39 AM, Edgecombe, Rick P wrote:
> On Thu, 2023-09-14 at 02:33 -0400, Yang Weijiang wrote:
> > Remove XFEATURE_CET_USER entry from dependency array as the entry
> > doesn't
> > reflect true dependency between CET features and the xstate bit,
> > instead
> > manually check and add the bit back if either SHSTK or IBT is
> > supported.
> >
> > Both user mode shadow stack and indirect branch tracking features
> > depend
> > on XFEATURE_CET_USER bit in XSS to automatically save/restore user
> > mode
> > xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever
> > necessary.
> >
> > Although in real world a platform with IBT but no SHSTK is rare, but
> > in
> > virtualization world it's common, guest SHSTK and IBT can be
> > controlled
> > independently via userspace app.
> Nit, not sure we can assert it's common yet. It's true in general that
> guests can have CPUID combinations that don't appear in real world of
> course. Is that what you meant?

Yes, guest CPUID features can be configured by userspace flexibly.

> Also, this doesn't discuss the real main reason for this patch, and
> that is that KVM will soon use the xfeature for user ibt, and so there
> will now be a reason to have XFEATURE_CET_USER depend on IBT.

This is one justification for Linux OS, another reason is there's non-Linux
OS which is using the user IBT feature.  I should make the reasons clearer
in changelog, thanks for pointing it out!

> > Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx>
> Otherwise:
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> Tested-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>