Re: [PATCH v9 08/22] KVM: VMX: Set FRED MSR intercepts

Next message: Hangbin Liu: "Re: [PATCH net v2 3/3] net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled"
Previous message: Yafang Shao: "Re: [RFC PATCH 1/2] locking: add mutex_lock_nospin()"
In reply to: Xin Li: "Re: [PATCH v9 08/22] KVM: VMX: Set FRED MSR intercepts"
Next in thread: Sean Christopherson: "Re: [PATCH v9 08/22] KVM: VMX: Set FRED MSR intercepts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chao Gao

Date: Thu Mar 05 2026 - 21:30:58 EST

On Wed, Mar 04, 2026 at 04:48:52PM -0800, Sean Christopherson wrote:
>On Wed, Nov 12, 2025, Chao Gao wrote:
>> On Sun, Oct 26, 2025 at 01:18:56PM -0700, Xin Li (Intel) wrote:
>> >From: Xin Li <xin3.li@xxxxxxxxx>
>> >
>> >On a userspace MSR filter change, set FRED MSR intercepts.
>> >
>> >The eight FRED MSRs, MSR_IA32_FRED_RSP[123], MSR_IA32_FRED_STKLVLS,
>> >MSR_IA32_FRED_SSP[123] and MSR_IA32_FRED_CONFIG, are all safe to
>> >passthrough, because each has a corresponding host and guest field
>> >in VMCS.
>>
>> Sean prefers to pass through MSRs only when there is a reason to do that rather
>> than just because it is free. My thinking is that RSPs and SSPs are per-task
>> and are context-switched frequently, so we need to pass through them. But I am
>> not sure if there is a reason for STKLVLS and CONFIG.
>
>There are VMCS fields, at which point intercepting and emulating is probably
>more work than just letting the guest access directly. :-/

Just drop the MSR intercepting code and everything should work, right? KVM
needs to handle userspace writes anyway. so, there is no "more work" to me.

>
>Ah, and there needs to be VMCS fields because presumably everything needs to be
>switch atomically, e.g. an NMI that arrives shortly after VM-Exit presumbably
>consumes STKLVLS and CONFIG.

I assume CET's MSR_IA32_INT_SSP_TAB is in the same situation: it has a VMCS
field and needs to be switched atomically.

Either way, it's up to you.