Received-SPF: pass (google.com: domain of linux-kernel+bounces-181867-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Message-ID: <0c714b55-4fb8-455e-9f09-6f1f431d1356@intel.com>
Date: Fri, 17 May 2024 16:27:51 +0800
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and
 advertise to userspace
To: Sean Christopherson <seanjc@google.com>, Dave Hansen
	<dave.hansen@intel.com>
CC: <rick.p.edgecombe@intel.com>, <pbonzini@redhat.com>, <x86@kernel.org>,
	<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<peterz@infradead.org>, <chao.gao@intel.com>, <mlevitsk@redhat.com>,
	<john.allen@amd.com>
References: <20240219074733.122080-1-weijiang.yang@intel.com>
 <20240219074733.122080-25-weijiang.yang@intel.com>
 <ZjLNEPwXwPFJ5HJ3@google.com>
 <39b95ac6-f163-4461-93f3-eaa653ab1355@intel.com>
 <ZkYauRJBhaw9P1A_@google.com>
 <f2d6d62d-09be-4940-9c6e-92f80811587f@intel.com>
 <ZkY7PblLmWdFYeSa@google.com>
Content-Language: en-US
From: "Yang, Weijiang" <weijiang.yang@intel.com>
In-Reply-To: <ZkY7PblLmWdFYeSa@google.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?R0psZU5QUzU5cXZHQ082alpjQUNGZ0NHRlBRakRxTDl5ZXJTbHpYT0ZDR21O?=
 =?utf-8?B?UG9wRG8yejZzZmFmM1BIU3Q2NnFDRWZsdGJKQ1ZRRjl1RXZYcDg3SEtyNzlJ?=
 =?utf-8?B?SmJtS3kvcWR6aGFuNEF6dTFDSUsvQzU3YmtRWlg3eWRla1BvcHF4aTJxeWNw?=
 =?utf-8?B?VGVBQkVMYWtsUitzSW91a3ZRNDhvUlNTWmVIMHR1U1hPOHEyUUFESzNianpj?=
 =?utf-8?B?MncxU0hLM3FBbzhPVlNkc2xWLzRSTFdlMEZITWFjWEI5SWNTTmw3TjdRSDNy?=
 =?utf-8?B?TjU3M2FhMVEvd2JMRWJMSG52djFXeG8xeU5vQkJ0QkhBT3FmSVBkcWZKamhD?=
 =?utf-8?B?TTI4SVRWUytRTTIxamRFN2ExcjlwZW5ETkJ6QWFNUWk2Z1lpWERxcU13Y2Mv?=
 =?utf-8?B?WlZOV2twUmZVay96QUNDZThVSkEwdmlwTnZVczBkVU5KQ2ZGOU1tMVZQUGdR?=
 =?utf-8?B?WjJ5QzFnK3Z2QzN2bEV4R2MveWxBZDdycC9vQUdWRDI5OW9QRmhMUzB6c2NX?=
 =?utf-8?B?M1NTb0g4L2E1Yml3T0w2SSs1bFo5UFMxN29tcHBFUWlJK25VZGltS3JIQmIr?=
 =?utf-8?B?K3FYR2MvTWtnb1Rla3FIOUR4Wit5djMzV3ZlN1dGMklHVGV2OEZXV3BCaFVF?=
 =?utf-8?B?YTRsYmVEczhGR25JMkc0ZmsvbGpSL3NYQURtTGx4dCtmaDJqYnEzOUNaVnhs?=
 =?utf-8?B?OUNDK1JPYlpLTTl4enVpazdtakd3WFZReXdSREplWFZ3UW9RTGZ0akhwZUFt?=
 =?utf-8?B?M2lQQjh0QUYzTXFKcExQUFpicUZxeUdVZEhVV1VmcTloTDlzbHhaZ0x3Vjlu?=
 =?utf-8?B?aWtBTlp2TEFKSVpEckxsTWdYZFFHR0RaUHBOYVF6WDNTVVJLWmFKUFFDOExh?=
 =?utf-8?B?ZEcxREtNeERtamJzK2xrL3ZWYWl1c0xlOHptNURLbjBid0NUVmgxWFZVR3Jj?=
 =?utf-8?B?Y1N2bFlyMGtYeFgzM3dXNUU4TVN4UitROTdNUVVMVFF5ZG9kNFljRGlFS2Ni?=
 =?utf-8?B?dW1UTDZFbFBCaUJuMkVaVlB5VllLYlljUURRN0ZEVkxncnhuVGFramlrOGdz?=
 =?utf-8?B?VjIrZzVzN2VWbkhYK1FuUHhpaHArR3hxVnNkZlFJdlBycUxFc255R21mcDh0?=
 =?utf-8?B?K1dXa2VrdE1LMVhXK29MSFVURXNVZ2NqT3UrUkpKOFFEemozRnQrNHdObmNo?=
 =?utf-8?B?NnhHcE5HY2M1SGJYN3BnZURpOFJlQndJNVR0MHo1ejFiekJXNnRIUG0yTHJx?=
 =?utf-8?B?dExGbzA4cUp0MWdDL0dZTjlLcVRqY0NuN2h0dzkvNmQxVyt2SFJ5VXRPdHZv?=
 =?utf-8?B?WXIrSVJUQkdlaTlrWjZyVGpOUUl6SEhLcjdIelFqUTFCd082dlUwc3VQcitS?=
 =?utf-8?B?dDNZR1pnV2hsV0hGRi9UdGpIMjFld0x1WmVodVZNcFJabVVIdU1EZFlMdzhv?=
 =?utf-8?B?TCtOcFZHMzFSd3QzcWdVL1A4azByaHVRV3JpRTd3ck01R3VhQmhCMzREODVn?=
 =?utf-8?B?d0tSbXJJeUlPWFNlb0hjWjVyVTRVcXRmU0hUc3oxaTVpZWVidmNkMGdITjVV?=
 =?utf-8?B?SEN2Y0lXTXB6YVBkQXNiVDBMVHE4N2hIYncvWTM2K2liTTFrVk1MSGlJdHhz?=
 =?utf-8?B?aXpRdUdla21nNXRxS3hJMlkxT0Z1R1FKSEI1amtwUmo2ZkRIaW1GWkRtRmZk?=
 =?utf-8?B?L2YyaUVFblhtZUxaSlFOWjZSU0phT0RFazlDUTVCcWUySkRYdzNyUjliWG53?=
 =?utf-8?B?MUwyM0QyUkN6cWlaYng0NnF3bEs0cENuTUJkdEpqdjFNS2VzU2t3RUg3SDZD?=
 =?utf-8?B?R3hRYmJ0dnVYVTdNdW4wbzc1aWFZK05TOCsrajJsN0VHL2JvUjJNdUFRYk56?=
 =?utf-8?B?NmJ2ZEVvbSt1OXhaNE1WSEJsWS9aTUFHcHc4Wks2LzhxbUQ1ZVRxdWNlQWxG?=
 =?utf-8?B?Qjl4Uk5rY001TUJaYTBnSU1ITlEvTFNudDNaNDNzVmlhdjNTU0JwaUlaQUUr?=
 =?utf-8?B?aTEvWDE0ZzNhdkpvZGVveis4ZENnTlN1Ry9FTjBVdmdDRGNqTjFTYkE4WkNl?=
 =?utf-8?B?d2cxZU8vaUxCVHdWRC9yMHU1OVhZdTd6ZlQvWllKM05KcDNrTTZCNTlpNzly?=
 =?utf-8?B?ajRKM091OVg5NDIwMzFhUk5NYVdJbjIrY1VjdUY4OGVNWmFSUlZqRHRpQlJs?=
 =?utf-8?B?Q3c9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 11b215f0-efe2-4050-a920-08dc764b43f0
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4965.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:28:01.7505
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: keNJMwXQgfsK4VWPeQpYcn+gPzuS7DxcdOVEfVPbJuEvYHR3HPM6CN9RsAu3TlLk2blgoAtAMgNledhxpKjz9Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6793
X-OriginatorOrg: intel.com

On 5/17/2024 12:58 AM, Sean Christopherson wrote:
> On Thu, May 16, 2024, Dave Hansen wrote:
>> On 5/16/24 07:39, Sean Christopherson wrote:
>>>> We synced the issue internally, and got conclusion that KVM should honor host
>>>> IBT config.  In this case IBT bit in boot_cpu_data should be honored.  With
>>>> this policy, it can avoid CPUID confusion to guest side due to host ibt=off
>>>> config.
>>> What was the reasoning?  CPUID confusion is a weak justification, e.g. it's not
>>> like the guest has visibility into the host kernel, and raw CPUID will still show
>>> IBT support in the host.
>> I'm basically arguing for the path of least resistance (at least to start).
>>
>> We should just do what takes the least amount of code for now that
>> results in mostly sane behavior, then debate about making it perfect later.
>>
>> In other words, let's say the place we'd *IDEALLY* end up is that guests
>> can have any random FPU state which is disconnected from the host.  But
>> the reality, for now, is that the host needs to have XFEATURE_CET_USER
>> set in order to pass it into the guest and that means keeping
>> X86_FEATURE_SHSTK set.
>>
>> If you want guest XFEATURE_CET_USER, you must have host
>> X86_FEATURE_SHSTK ... for now.
> Ah, because fpu__init_system_xstate() will clear XFEATURE_CET_USER via the
> X86_FEATURE_SHSTK connection in xsave_cpuid_features.
>
> Please put something to that effect in the changelog.  "this literally won't work
> (without more changes)" is very different than us making a largely arbitrary
> decision.

So I need to remove the trick here for guest IBT, right?

Side topic:
When X86_FEATURE_SHSTK and X86_FEATURE_IBT (no ibt=off set) are available on host side, then host XFEATURE_CET_USER is enabled. In this case, we still *need* below patch: https://lore.kernel.org/all/20240219074733.122080-3-weijiang.yang@intel.com/ to correctly enable XFEATURE_CET_USER in *guest kernel*, because VMM userspace can enable IBT alone for guest by -cpu host -shstk, am I right?