Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4;
Message-ID: <8307c089-cff5-db41-5248-7e0f2801143f@intel.com>
Date:   Fri, 15 Sep 2023 10:32:48 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.0
Subject: Re: [PATCH v6 01/25] x86/fpu/xstate: Manually check and add
 XFEATURE_CET_USER xstate bit
Content-Language: en-US
To:     "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
        "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "pbonzini@redhat.com" <pbonzini@redhat.com>,
        "Christopherson,, Sean" <seanjc@google.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
CC:     "peterz@infradead.org" <peterz@infradead.org>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        "Gao, Chao" <chao.gao@intel.com>,
        "john.allen@amd.com" <john.allen@amd.com>
References: <20230914063325.85503-1-weijiang.yang@intel.com>
 <20230914063325.85503-2-weijiang.yang@intel.com>
 <868ea527d82f8b9ab7360663db0ef42e6900dc87.camel@intel.com>
From:   "Yang, Weijiang" <weijiang.yang@intel.com>
In-Reply-To: <868ea527d82f8b9ab7360663db0ef42e6900dc87.camel@intel.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OEQ0bWNsU2hwNHhHRHU5RG4xampGczBhWTVaY3dMK1hMa21UcFlxTUZSWk9D?=
 =?utf-8?B?Z3lodmdQVzlMdHI5TjdrN3NvemRERm5Eb2c1Z2Q5R2REUyszWDVNWFNMZm43?=
 =?utf-8?B?Q0xxTGx4VUo0aDZoa2FZUjNQNHNmamxab25lc1RsRklrOGRnRTNUc3pEWmRB?=
 =?utf-8?B?WUNTdUtFam5sN2U2azkyQjJLR1FtSFBpdThERUowTWhBcE9sTzJiQXVaTG4x?=
 =?utf-8?B?eEZlWmVWOXRWc0svYUpjaEtjNmo2M1hBd0xXeENYZUlXaTBpTEg1U1ViN3Z2?=
 =?utf-8?B?bjd5VU95dWdralRVY0NrRkZoNzdLdnB1amE2STNUMG9xbCtFU0gzYURBdENt?=
 =?utf-8?B?c2lSSFJBK2hsbnZXWElScUtXTHBTemVpYlhNd2VIK2hQdU9QQUV2bVRsWmlx?=
 =?utf-8?B?dFJNTjVGTGVJM3l1c3lhRmdnZnZURWNJKzQ5RFN1V3BlR0x1NTRscTgreWR6?=
 =?utf-8?B?ZVF6TFVVMlVSaHFpNjFJV2xuL2hhT0RrK2labUZtd3NKUWdQRm1yeWUvZGVm?=
 =?utf-8?B?MytudXBFZCtKMWNHVGlpc0FNaFB3V1FFbitYMkNMNU93V1BRMlhOUjhZK2FK?=
 =?utf-8?B?dGhram53ajA2TWdBTEQvd0VWbEJ1NzhnMEtCbFhveDVDVFdLUnpmMHFUd3Fv?=
 =?utf-8?B?bWxhcXRNOHowdkhxTFpjL2plK0pSSHl4QjZ5WXFYV0xvcEZCOVl0NlF5V21I?=
 =?utf-8?B?NTZJN1VvOFRQY1hwYjA5OEVsbUlNMjUwWnNyRHJpTVNCRUw2UjlRdC8wcUs0?=
 =?utf-8?B?cTFhUkZzcklScEFwbkl0c0hvd0ludU0zUWRsb2dZaEJrU0NMYnZQRXpHbVhE?=
 =?utf-8?B?a3laUWt6Y3ZXeEV3M0pPZGxkOW9OMFgvK3loQWRxUjlGaHd4aFhBaUxVajND?=
 =?utf-8?B?MUkxZERLcXozK3NZZDlKL3Mzb2oyd0xSUE5wNy9xdXZNWDVxNjdMUU5VYU5j?=
 =?utf-8?B?VFNrZitQbXYvcVR6a1htSEZxK0JnZGU1M2lTSmgvT1d6TzhHQ2EzSHU4Z1Vv?=
 =?utf-8?B?WlAyMGc4VGJBVXNmVGVteGxxdExQYjN1TUF0K1hnSWVpS0ZaSmUzZlAwYTFO?=
 =?utf-8?B?K2dlSVlzSSttQ1M3d1FPcGFtbVJocWtJaUE1dEswTHNLU1U2MFdFelhmR3d3?=
 =?utf-8?B?NTE3bVNEVkM2WG5tQWY5VGJKdVhPbFZMZWhPdmswdjdEdWxmbHFCNDVQdUtu?=
 =?utf-8?B?bXFXUzJ3aGpFTTgrV0tzRmUxSTB0UzRHOWJrcEQwSWp4aUJBMG5JRi9BZ1dN?=
 =?utf-8?B?aS9pNzNQdEpRbml1eEhJUDhDT1RKa2xHeVM1WEJsVWdvL2VSUmpoRDBjZG1s?=
 =?utf-8?B?MzJxQ2k5djJJQ0N0VFE1RkJPWnlhNTJLQ1RKOUVKRnVGLzNNcHBwRVlxdldP?=
 =?utf-8?B?SjNPOUdaS1Y3UUR2bnZKa2hYMm04Zi9oemVQT2JwSUQ0ditLZlZINTBabENp?=
 =?utf-8?B?eVdlL0xOSnJDZ2ZBMFNyU2tRcHVQNml5eSs1dFVaMlp4WkxueU5odDBOK2Yr?=
 =?utf-8?B?MFU5ZjE3dGhjZDJLbTVxZDFNcXFMb01TeWhGUnk2NUJYQ1FmdDNZODhMdzdQ?=
 =?utf-8?B?TTBvZXM4d1I1SU1RMCtuQ0R6VDlmMEV1UU40bFV4RWNiYXZpZGkxQktONElH?=
 =?utf-8?B?ZU11QWRFVEc2b0RQZVVJUVF1c2g1VDVadXVBKzZ5aGM3bnZBQkpIcVNPcktz?=
 =?utf-8?B?MzRyeFlOL1Rsb09jOGVXZE82UE1CRGRFTEh3Sm9tcTBERW1KR214aFJFbjBZ?=
 =?utf-8?B?NDg0OXV6ckxUWTJWUHRmOU5FZmVRTisxWTIzSmprSVJ2VU8xVTBjOFZMWndW?=
 =?utf-8?B?TTBBOE80aHowK3dFNEhyekhIaHQ4bjJWWWVrbjFaU1o4dTRKSDdhSmdDTlVK?=
 =?utf-8?B?eWRQem82dVBnOVgyVHRkcDZxRStuOHRwSTlGWWtqa2VmZVFXcDJHV3liYTZ4?=
 =?utf-8?B?L21JVDhUREJlUXNnaWIySCtTMnhsck8vczVmT2VsUEFaWEJyb0JvVE00c0RR?=
 =?utf-8?B?UlMwNGZjYW5Ca2ljRnNwcmtMdVI4SC9Nck9KK1RhYTdFc2Q4SVlyUDdBOWtQ?=
 =?utf-8?B?L2gzT1g2QnFiQVlYd1Jtb3lTaW1kWnBkcldlbmY4M1dBTi9XemFWeGpEbU5F?=
 =?utf-8?B?TzFNODV0a2YybExoSC92cEVCQnZ2OXBSVEh5djYvSk8ydStjU2V3MWl3Vkhz?=
 =?utf-8?B?SkE9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: d132d6f0-1d15-4910-2b36-08dbb59412ca
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4965.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2023 02:32:58.0035
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: FqKPNtdNHU4oDaaNNvwtZw2B/+k2d/wEwV8ARnHd+0d7n6gCw4qHGNnFCHYggd/K5XxietTG6v1X4iFiKeR48g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR11MB7912
X-OriginatorOrg: intel.com
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 14 Sep 2023 19:33:09 -0700 (PDT)

On 9/15/2023 6:39 AM, Edgecombe, Rick P wrote:
> On Thu, 2023-09-14 at 02:33 -0400, Yang Weijiang wrote:
>> Remove XFEATURE_CET_USER entry from dependency array as the entry
>> doesn't
>> reflect true dependency between CET features and the xstate bit,
>> instead
>> manually check and add the bit back if either SHSTK or IBT is
>> supported.
>>
>> Both user mode shadow stack and indirect branch tracking features
>> depend
>> on XFEATURE_CET_USER bit in XSS to automatically save/restore user
>> mode
>> xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever
>> necessary.
>>
>> Although in real world a platform with IBT but no SHSTK is rare, but
>> in
>> virtualization world it's common, guest SHSTK and IBT can be
>> controlled
>> independently via userspace app.
> Nit, not sure we can assert it's common yet. It's true in general that
> guests can have CPUID combinations that don't appear in real world of
> course. Is that what you meant?

Yes, guest CPUID features can be configured by userspace flexibly.

>
> Also, this doesn't discuss the real main reason for this patch, and
> that is that KVM will soon use the xfeature for user ibt, and so there
> will now be a reason to have XFEATURE_CET_USER depend on IBT.

This is one justification for Linux OS, another reason is there's non-Linux
OS which is using the user IBT feature.  I should make the reasons clearer
in changelog, thanks for pointing it out!

>> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> Otherwise:
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>