Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp791193lqm; Wed, 1 May 2024 16:28:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXzCQXaFuV1M8dwcoYaUJhh2Eyr0dL8R5hPP91WR8CRnx0X/2YS7ZW8cxGGu2lx3CXGHXkXm5Glpw6XxjLLjeDfvU4PcoKV35plN8JYbQ== X-Google-Smtp-Source: AGHT+IHsj31Dh3rfFZyTiyecZSG/oAXBA7D/sG6kKVDB1GJirtx/K5Ig8C21QAa2XS3gAuhhalPu X-Received: by 2002:a05:620a:2486:b0:790:ea3e:61cf with SMTP id i6-20020a05620a248600b00790ea3e61cfmr1893321qkn.15.1714606084405; Wed, 01 May 2024 16:28:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714606084; cv=pass; d=google.com; s=arc-20160816; b=ANBh1f5VMq+rsgD8hUWCX4wJkTEfHsjsmdvpXBECknB961DG4jNxCbwyLw6OPMPVYk wMF5N3RjTvoYFURRtw3ctqkPKcWNIaNkbTan+J+ix7khG1buyNhQ99lDFQyccFTqDMMb yDsoQSujjMwWs774ABTg8s5laS35sKwbca2SdH7TidP8Osxnu5YMkwL285Y7y1rnVUKb jyJ291kzMmJbAK974ZwLMJWoO/o1OluxKM7i+sKPJGXS9LmKrDxRy4xk66yaz2kGyzjc mQsn9uK2jfyQzAgLtUS090e7e5hmxiMUKdFeHnIrIfvh2TJqd2v+vb9NUKOuldjSLZZI cy+g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=MXAwrtGLrbcI4VZUxU94il3rKUGPiRgHtzGv9dxe9YQ=; fh=iLJ/2VK/gfy7yoKmwItVwTpDZ0zX5Dm1sEGhsxfTdHk=; b=kHbG4bIObZjhd93F2/xU5bDVHPtQPsS5w3+6yiK1PvzCD9yqUsjsPDmDwK0T8WTr9G CUosRQCOsb3RgN8eMrB/osfNZK8P6fuozm38reBkvYdJ/vrZvED5OSuuPz/cNfRnhsJw nmG2Aj9XB4LV+yQxJ930FgVAijA3STee3naqk5HTd1JDH1ywglPPvQZf+zXfdqTmvpl+ vsjaSe6txWbOszFh83tHGHDoQWxzl7r5HAHqPnJR2/DqceLT7ZPpZM6O+Uh0Vgy8pfnl Oj5EXXcgNqloCcJ1AUTxeooW69sXN3uxPNOkh553+mcUhjcAmzrgjamzSH3MyorxhVDT etXQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=SHIsYObo; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-165851-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165851-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id ow18-20020a05620a821200b00789e3ef2585si26810356qkn.692.2024.05.01.16.28.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 16:28:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-165851-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=SHIsYObo; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-165851-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165851-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 248F11C21002 for ; Wed, 1 May 2024 23:28:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 38FA716C439; Wed, 1 May 2024 23:27:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SHIsYObo" Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BE4B1581E3 for ; Wed, 1 May 2024 23:27:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714606070; cv=none; b=U5+Xvqr+KCniXyNGRh2TxuXhtYmGe2HGeEvHpOm0BuULC+isfJJChcib92gwMOuV8o4EGOpDkA8kaDjD8XWR8oDzlHrZ4k5k3Z7ze/UNIzZy2YxogMu5fnkRYALqHFP4w9T93sQVuBI1ggASyYiGWKN3C/sYiGdjxvfs3qAwAYE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714606070; c=relaxed/simple; bh=xPKTQAY6H9NH4LCGNLAuTIrJpoVGbJlh2oFRm7BmuLA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PUwkKEt9pkdgXY3ypLEGhOieCavYeBhYIgLZW6nDGTqnORaxTGhDB/lNK5ymW4D0bUBovP67wSICIg8M1wkug9PxBzQVrrW2nbgKsbGGs7vqVqgftkeqC8O4TAtRxFsaok7H8C80yBxyb8bo+/apZYueBAvOR0s1G2AjpFx05WA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SHIsYObo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2a49440f7b5so7076876a91.1 for ; Wed, 01 May 2024 16:27:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714606068; x=1715210868; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MXAwrtGLrbcI4VZUxU94il3rKUGPiRgHtzGv9dxe9YQ=; b=SHIsYObocUNELf4CV9FZxpUx69nv7W7TC52LxT0jKwUMQ2SUYNPeBT7V4/rN4g99GR Wbyg+uAgd6x1ZCFStANOfcizhcfSrm7S/RH2S1GPW4q3mb5g2qzYDgfQHHitqP21aExy fHjcIVSRWLqOExMDbuU8y6x3TtL3U7+9xoDF9wu8yKXGK/M5ZTjRRVgohvAmCR5NltdC 4/ST5AeMhLLD1UfC9xvp6dbb3dnBKmtQthhYfzthozYicfkSdtUNI/iKWIn4ZZOjcXSW HbLaZdKQ2e3/uJ9t57OgJtWnPXmlFkdBNpikVFZKrfkHTew/ntOnqfWaxQVyThUzXPgD gUaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714606068; x=1715210868; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MXAwrtGLrbcI4VZUxU94il3rKUGPiRgHtzGv9dxe9YQ=; b=pbTC4kCM7Sm7xBift3EPme9lk5APPLi6CmqsKHmqiVTiFrgZNMkVdMcbIK6/lmKQBP g03YZpByD9jqA8XVwu1G76loDPx49tgxU8m0McdU1n7kyUjqH/C9c0GqubvoTp+HzU2n hk1SgkgHXgQ7tJs5cq9GQUCLc6H1ahA/xILbvX/V28WvUrjZPLEc5FexFYkfwoOo+yyV MnN43dyoC10s/sRxMIui1VC6LbKQZIGCYnKGHt27QuJcA3dq7Xg4eRCGqrPgb7iUoF+M ES2krEq+6W0ca4vhYvuq9FuL4i1IuXqpLIi5Yjuz4pxHqTzVfct7yRC7BqHJSl/Ubrqc doIw== X-Forwarded-Encrypted: i=1; AJvYcCU5yFvf8oNxSN9WMSATIRu9NrdKuY1wyHCMTmQ6e+P8pBH+wlj7Wuj5ogFT32ncrkOJgOv+sWZ3sjBj5c2Qiz3lj06/aa37XWzeg3Uf X-Gm-Message-State: AOJu0Yxlhxzm7qaaPX6AOmduYdEvMiBuTxZtWy5R33MPuHKD7NZFv8qp Y22XKp5OJvYgUWOoavYoYNB3eGwATTGJ83qNjlpu+sb+yTk4ixI9bc+SEjQZRxXZu7zJpliJ04P S2A== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:4d85:b0:2b2:7c77:ec7d with SMTP id oj5-20020a17090b4d8500b002b27c77ec7dmr11147pjb.2.1714606068268; Wed, 01 May 2024 16:27:48 -0700 (PDT) Date: Wed, 1 May 2024 16:27:46 -0700 In-Reply-To: <20240219074733.122080-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240219074733.122080-1-weijiang.yang@intel.com> Message-ID: Subject: Re: [PATCH v10 00/27] Enable CET Virtualization From: Sean Christopherson To: Yang Weijiang Cc: pbonzini@redhat.com, dave.hansen@intel.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com Content-Type: text/plain; charset="us-ascii" On Sun, Feb 18, 2024, Yang Weijiang wrote: > Sean Christopherson (4): > x86/fpu/xstate: Always preserve non-user xfeatures/flags in > __state_perm > KVM: x86: Rework cpuid_get_supported_xcr0() to operate on vCPU data > KVM: x86: Report XSS as to-be-saved if there are supported features > KVM: x86: Load guest FPU state when access XSAVE-managed MSRs > > Yang Weijiang (23): > x86/fpu/xstate: Refine CET user xstate bit enabling > x86/fpu/xstate: Add CET supervisor mode state support > x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set > x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration > x86/fpu/xstate: Create guest fpstate with guest specific config > x86/fpu/xstate: Warn if kernel dynamic xfeatures detected in normal > fpstate > KVM: x86: Rename kvm_{g,s}et_msr()* to menifest emulation operations > KVM: x86: Refine xsave-managed guest register/MSR reset handling > KVM: x86: Add kvm_msr_{read,write}() helpers > KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS > KVM: x86: Initialize kvm_caps.supported_xss > KVM: x86: Add fault checks for guest CR4.CET setting > KVM: x86: Report KVM supported CET MSRs as to-be-saved > KVM: VMX: Introduce CET VMCS fields and control bits > KVM: x86: Use KVM-governed feature framework to track "SHSTK/IBT > enabled" > KVM: VMX: Emulate read and write to CET MSRs > KVM: x86: Save and reload SSP to/from SMRAM > KVM: VMX: Set up interception for CET MSRs > KVM: VMX: Set host constant supervisor states to VMCS fields > KVM: x86: Enable CET virtualization for VMX and advertise to userspace > KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery > to L1 > KVM: nVMX: Enable CET support for nested guest > KVM: x86: Don't emulate instructions guarded by CET A decent number of comments, but almost all of them are quite minor. The big open is how to handle save/restore of SSP from userspace. Instead of spinning a full v10, maybe send an RFC for KVM_{G,S}ET_ONE_REG idea? That will make it easier to review, and if you delay v11 a bit, I should be able to get various series applied that have minor conflicts/dependencies, e.g. the MSR access and the kvm_host series.