Received: by 2002:a05:7412:8d1c:b0:fa:4c10:6cad with SMTP id bj28csp335949rdb;
        Wed, 17 Jan 2024 03:41:31 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHe/c3udZZxarC/QP04H9877BUpooDwviRMmgZzHas6OEtPuu3rmuH5EJMi+ZiNsuh07EHR
X-Received: by 2002:a05:6512:224f:b0:50e:f73b:fe68 with SMTP id i15-20020a056512224f00b0050ef73bfe68mr2801898lfu.107.1705491691356;
        Wed, 17 Jan 2024 03:41:31 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705491691; cv=pass;
        d=google.com; s=arc-20160816;
        b=O+ybxM899oP9+E2N9VPSmnzarClh6rjqiRPOMUKVTin48i/UqYc2sdwKJ9WBAIOsn8
         VzKW/7WgctmbKPOGcUrj1jPMJb+rHIoA3wyvb6iEtacBHeDZ0mFqsFBSVE8HiAtJHjOT
         hIjb6Ouj7hFda9PzJxhvIMtorBUejmir1qrFb57OE10f8hUtZhZ+a3UgcgIsGsGMGEtU
         hUUJT0z8jqiCoki3EqLZ0Pp5qUUNjUNZua2ec7xESCSS7tZ/omDHNI/pOSP5AIShweFF
         vvc2iFEThyBaelUQ3636D2risDfK8hIX535lyhial6N28fCzMwi5RSA/PeMaYqNoUKbn
         Iong==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:references
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=KV3Nf1OslPnqGyo4HnorgPDWJkSl4vZOZUIXN835h7s=;
        fh=TM7OpvGe0qZyhh15lpmcvF4An9kPKnFMK+Y6IEQyipk=;
        b=KI30HX+XsvE+mvSkwpWFdqV+OtFnbzVJg9PGvkqNxaHQd3HM/LJDkxfrCc5mnFYnjC
         g23RypZEuA0ZmAG9+F4vhhabh1QM6Yhx1bZT2+wKoveOhPlnrANg3c+lc61Di0NyxSSZ
         ml3At7RjBn4t/GUzZ7yPWOkjJ/9vruQW0W6xU5gmzkYhAl2auh/1UaJOnrh+/AMYL5/x
         ej28ffeDE4H2gOX9p3gaKSUR8OeECYafBh1t91emU9LG7LJ8ubNd/ULoK58gkqxc2xb3
         TN1OKgf70CnHa2xxEaZnBBHCBjS012PrYY8Gxs+Dv5oFaOgtStVxzPLbO6ibi3GrkJQH
         imRg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=eaENUTWW;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id et15-20020a056402378f00b00559d99935cdsi561380edb.236.2024.01.17.03.41.31
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 17 Jan 2024 03:41:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=eaENUTWW;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28537-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 4A2691F24E55
	for <linux.lists.archive@gmail.com>; Wed, 17 Jan 2024 05:31:31 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 09FB979C2;
	Wed, 17 Jan 2024 05:31:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="eaENUTWW"
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2648611A;
	Wed, 17 Jan 2024 05:31:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1705469480; cv=none; b=TQepkqsNCbiLnAEE1Z3tP6pSa6OoQA5iMWnKYkWvXfbhvlkAAV5+ukq3ZRrv2F5rVeGWvpeSNY+FhxFuGAsGVkdamSCxdXSaQ48rpx79kbq9n3wJXIfqgYuLXhiprh1InPgM6V+S6RQyKw/TN1DCt+RwWPqB6w/6ImZItk66gKw=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1705469480; c=relaxed/simple;
	bh=S17QIS9EI5/1cfkmtbqBKT9VDRGfC2Wp2/CKgmW+9Sg=;
	h=DKIM-Signature:X-IronPort-AV:X-IronPort-AV:Received:X-ExtLoop1:
	 X-IronPort-AV:X-IronPort-AV:Received:Date:From:To:Cc:Subject:
	 Message-ID:References:MIME-Version:Content-Type:
	 Content-Disposition:In-Reply-To:User-Agent; b=JPxhwmhCIpdmQ1+MH2GOeXr2/GppY9u1CoovPMwuTzHP9ZSUXPS8zt9NwXDk0+nX8lLr89AkpVWEkKjXPdgk0vKs9v6aIsiF43ErHVv5C/cYZ0SPdC2wHtpHmyXB5NosD16epjKl+1uFYstigugWkTz1BMqZMUJU7dqiNxp4c0o=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=eaENUTWW; arc=none smtp.client-ip=198.175.65.13
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1705469478; x=1737005478;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=S17QIS9EI5/1cfkmtbqBKT9VDRGfC2Wp2/CKgmW+9Sg=;
  b=eaENUTWW5lcqZseUDniKtWiXY59fYQVVMSo7SLoRuUsV/DSXoJA8cAEh
   2Klpq19i9J64wxqgQEKe1XXsaKUt2GKOBsoEdlrfu4Sg2vWncU3ePgl5w
   cE++s+zP8VCg+uISAj2QYfAA3PM8ebTMxhNJyBSwbyaViTvMUe+6kuCXu
   oT1jxtxWdFcBRtO2F2ts+KD7H+VLozkfAFj/mdCb10FkvRqW/9DzYrVFw
   +WtvyXzybH5yX9zvr2WCwgrYc5ewXQtSK0NeQTjnF+eO1Fg8sRjg78hep
   4jsinf4TQZQzGppOFDPCGE08zzQXWxpGRokfl972LbF3XsEkysfUGzdNH
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="7167741"
X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; 
   d="scan'208";a="7167741"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2024 21:31:18 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="903413395"
X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; 
   d="scan'208";a="903413395"
Received: from yy-desk-7060.sh.intel.com (HELO localhost) ([10.239.159.76])
  by fmsmga002.fm.intel.com with ESMTP; 16 Jan 2024 21:31:14 -0800
Date: Wed, 17 Jan 2024 13:31:14 +0800
From: Yuan Yao <yuan.yao@linux.intel.com>
To: "Yang, Weijiang" <weijiang.yang@intel.com>
Cc: "seanjc@google.com" <seanjc@google.com>,
	"pbonzini@redhat.com" <pbonzini@redhat.com>,
	"Hansen, Dave" <dave.hansen@intel.com>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"peterz@infradead.org" <peterz@infradead.org>,
	"Gao, Chao" <chao.gao@intel.com>,
	"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
	"mlevitsk@redhat.com" <mlevitsk@redhat.com>,
	"john.allen@amd.com" <john.allen@amd.com>
Subject: Re: [PATCH v8 22/26] KVM: VMX: Set up interception for CET MSRs
Message-ID: <20240117053114.6ykoke6gjp52ehvz@yy-desk-7060>
References: <20231221140239.4349-1-weijiang.yang@intel.com>
 <20231221140239.4349-23-weijiang.yang@intel.com>
 <20240115095854.s4smn4ppfjfa2q2z@yy-desk-7060>
 <ee2c5c91-68bd-4f78-aafc-c14093f05342@intel.com>
 <26258c1a-2908-4931-8d6f-fac6754ca2e8@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <26258c1a-2908-4931-8d6f-fac6754ca2e8@intel.com>
User-Agent: NeoMutt/20171215

On Wed, Jan 17, 2024 at 09:58:40AM +0800, Yang, Weijiang wrote:
> On 1/17/2024 9:41 AM, Yang, Weijiang wrote:
> > On 1/15/2024 5:58 PM, Yuan Yao wrote:
> > > On Thu, Dec 21, 2023 at 09:02:35AM -0500, Yang Weijiang wrote:
> [...]
> > > Looks this leading to MSR_IA32_INT_SSP_TAB not intercepted
> > > after below steps:
> > >
> > > Step 1. User space set cpuid w/  X86_FEATURE_LM, w/  SHSTK.
> > > Step 2. User space set cpuid w/o X86_FEATURE_LM, w/o SHSTK.
> > >
> > > Then MSR_IA32_INT_SSP_TAB won't be intercepted even w/o SHSTK
> > > on guest cpuid, will this lead to inconsistency when do
> > > rdmsr(MSR_IA32_INT_SSP_TAB) from guest in this scenario ?
> > Yes, theoretically it's possible, how about changing it as below?
> >
> > vmx_set_intercept_for_msr(vcpu, MSR_IA32_INT_SSP_TAB,
> > 			  MSR_TYPE_RW,
> > 			  incpt | !guest_cpuid_has(vcpu, X86_FEATURE_LM));
> >
> Oops, should be : incpt || !guest_cpuid_has(vcpu, X86_FEATURE_LM)

It means guest cpuid:

"has X86_FEATURE_SHSTK" + "doesn't have X86_FEATURE_LM"

not sure this is valid combination or not.
If yes it's ok, else just relies on incpt is enough ?