Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp988244lqo; Fri, 17 May 2024 07:36:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXV00/Ai7XZWOsJ0CfvbOy7c7R3oZs18RuJQgp4PD4HMe0ihi7kM1yeg7IOSnA/OLm8ZzSZFj3yukTJvmPreZBqaaAhWC3+s9/qEm9Cjw== X-Google-Smtp-Source: AGHT+IE6isqek9j/3o3adOG9CWIeasrywO6vHkEZ5Ib15WCtul3Ujqt8L8eYRRYOwph9oNWZie8K X-Received: by 2002:a05:6a00:188a:b0:6f3:854c:dedc with SMTP id d2e1a72fcca58-6f4e039d221mr27315729b3a.31.1715956572737; Fri, 17 May 2024 07:36:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715956572; cv=pass; d=google.com; s=arc-20160816; b=hpR3BZz2xbcrX2/P1XmnmvavivdYrVZoONabHQJENYID2cxCseqo4XszWJaSxYLCHM JvhS/aC+RegEXEO9xI89KIPrjHD8EknxwOFEtGZDEPGiWmr/AHx/kd5Bxla3+3Qw4w91 gOSfH3S6tNJnsP4QP+z5RT+UTl4IOBD8Zv2ysq5yosC+8+OjLr3GnQU+regXuoP3DH2X JUAL661GP5vcI4kWvuTl+38akCIWVBeFHI4AGnwlOCd4tdEO3iBTQHLvZ3m0zWHDBzdG wVKubDMyQjXoB4wou7kJjzm7KFqsDNPAD8IedxCmHu9IvVOEh6fhI+KBEtCkhgjJHR40 JlrQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :in-reply-to:date:dkim-signature; bh=jT4nqw0S4zpXFTc9WY81aiwMnvRN0tQtnQdC3noi5G0=; fh=4ja1CVOHD/AP437B6xRWzpC2nnAKmhgGjFvLyGU/pg8=; b=JIod/vkWvbwub0+KaxTPXvo1MYZEZ1URuXF7nyURbVJDltboqMoo3vYL6cZdawZmzs uDVGJlAHrY7LQXHehDaDAQsAV4QjBrFMStwBi7HNrhsBwlybqLcCjI1SVGGQv6wEQPSw lSfNV1my/YZW6zL1k2RK3US8+6iXk+cMvsy/tmcyTaCTwZMmKbEwjfspqDinrPlhvPGR CAPoLUFFCWFwSS/EgQYjFD7/X09Tlqaf3U9ocmaTRf5fRH0GkJu0m+DobYX2DpPdtyId hl5spq69gsb8dfa6Ja78LZiNgggD+qBqW5/+FjwCOpMlSKwfKL6FZ95/tLHlzm2DWUYv nbEw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=q1pMpO4D; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-182204-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182204-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-63409e837a9si17198396a12.102.2024.05.17.07.36.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 May 2024 07:36:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182204-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=q1pMpO4D; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-182204-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182204-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id B5EFCB21E0F for ; Fri, 17 May 2024 14:27:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 50A715FB8B; Fri, 17 May 2024 14:26:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="q1pMpO4D" Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BA5B5820C for ; Fri, 17 May 2024 14:26:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715956014; cv=none; b=ckt0ssVyWJV5WZec8QO20auO7P1S7hbc+gd9cyzygHTaxrprfrURF/juJ0meZFJfugGddQE1hZa/HdCh0pZPZRxQtqJlykpaHRm77YknIrkEWxQynDQP7NIL9LaZGqH4p5pt0aLRLWvpz422HntkXc+SOlSeV/UEpP9rJcIeeo8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715956014; c=relaxed/simple; bh=Dl1P6YnQp8wm8iRfIfHtmRjWQ9ByiknL44FRIVpTL+4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VuXq9TAWQgGcq7X3uPLfTEUcf3RoOfvxOlxqQl2oDbA1B8HciTGjgV7rNuKsPPYmYxDVU0L6XHhWPVCBKrKDpgM7K0eF06mU6CQycc5qn1AV+7+l0+WsezGthFMNd4SP2uVfBRvsoAtVoQ55I+gAtZfv/DORPoutLozVH2dQo5Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=q1pMpO4D; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-61be621bd84so147649257b3.1 for ; Fri, 17 May 2024 07:26:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715956012; x=1716560812; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=jT4nqw0S4zpXFTc9WY81aiwMnvRN0tQtnQdC3noi5G0=; b=q1pMpO4DlHuDnjTQ+ojw3lK68JPCjnycduBv49WwYC76d/I/fZ0QozrVrqxacusE3O 4zRsCc8d881N3EYp9kCvE5xARPXesFxPEV5aKTlcHfw3y85dsD0zpQhhgWdQLKFZqglX UvUTIyjsEpYF84gcFEDOHV6s98qadrfMJlm4uCF4Lz2HiO9tgb2rhnTTNrIWyX6cRdc0 M+vAQEWFH3tixVh/o+8zDlAsLStIEE0+sZDNGjL1GAVvEsuFG865tenPFy8c4ahMTzuX SBa0azYwo9Xljj10TS08KHTEUDl++0vedR1yx3u6VjAt1gvHnMjK7/MC71llrvDokJQO 3pAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715956012; x=1716560812; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=jT4nqw0S4zpXFTc9WY81aiwMnvRN0tQtnQdC3noi5G0=; b=Ri87GdVvPPff11YY/owIEBM046900nqm5hCmVe8UJu0Qrkq9KCgdoNiEWp6kaEBsU1 99TNMQ9Ont1+tM4eLouAIRh5bAZAucSysuzCHr+mm8tWN8TXOGLoCe1bUXK/yyq9xqjH E7hVqb8e+NWSUWFZXLma9AF88uFDzqOfdNHdj7FMlb5G2aYErTnU1/LbW8PvBGqwXGem 6ZIoBqC3NODnXTyyhjAiGWJ7yphJWQwdaRReF4cH6hbB4aJEn2llFiifQU+Lc7nuC5n0 9ecJ4xvgmutYg5r7TQX6watZ0di3Wnwz3uZnxvFmaQXUO9mi5zzlK+uxu1WKGM5ftMPF dmPA== X-Forwarded-Encrypted: i=1; AJvYcCWFXKhVnKOZvIP5fkFd7wDQudxPLs/ZwZUu61LJ41pHZWORu+3Ukr2DlYm4N7MdmHGi3BtAWidDaax3S1iOhwT/lexMwKLUTwRduLCr X-Gm-Message-State: AOJu0YyADOqReY8S0/O09wwK5MTWcuTXdVFk5onVK+3ahoxhNLNoyT7d 2EJmXrIrp2dy4zHybk5adtIWRrXbse7MBxWc1BCCKhBCJiyA6IPjdKtko+OMCw0couqtIGYtZW/ Nkw== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:690c:3804:b0:61b:1d66:61c4 with SMTP id 00721157ae682-622b016d66cmr44336497b3.10.1715956012119; Fri, 17 May 2024 07:26:52 -0700 (PDT) Date: Fri, 17 May 2024 14:26:50 +0000 In-Reply-To: <87r0e0ke8w.ffs@tglx> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240219074733.122080-1-weijiang.yang@intel.com> <20240219074733.122080-25-weijiang.yang@intel.com> <39b95ac6-f163-4461-93f3-eaa653ab1355@intel.com> <87r0e0ke8w.ffs@tglx> Message-ID: Subject: Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace From: Sean Christopherson To: Thomas Gleixner Cc: Weijiang Yang , rick.p.edgecombe@intel.com, pbonzini@redhat.com, dave.hansen@intel.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, peterz@infradead.org, chao.gao@intel.com, mlevitsk@redhat.com, john.allen@amd.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Fri, May 17, 2024, Thomas Gleixner wrote: > On Thu, May 16 2024 at 07:39, Sean Christopherson wrote: > > On Thu, May 16, 2024, Weijiang Yang wrote: > >> We synced the issue internally, and got conclusion that KVM should hon= or host > >> IBT config. In this case IBT bit in boot_cpu_data should be honored.= =C2=A0 With > >> this policy, it can avoid CPUID confusion to guest side due to host ib= t=3Doff > >> config. > > > > What was the reasoning? CPUID confusion is a weak justification, e.g. = it's not > > like the guest has visibility into the host kernel, and raw CPUID will = still show > > IBT support in the host. > > > > On the other hand, I can definitely see folks wanting to expose IBT to = guests > > when running non-complaint host kernels, especially when live migration= is in > > play, i.e. when hiding IBT from the guest will actively cause problems. >=20 > I have to disagree here violently. >=20 > If the exposure of a CPUID bit to a guest requires host side support, > e.g. in xstate handling, then exposing it to a guest is simply not > possible. Ya, I don't disagree, I just didn't realize that CET_USER would be cleared = in the supported xfeatures mask.