On Wed, Feb 07, 2024, Xin Li wrote:
> @@ -7774,10 +7777,12 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
> static void vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu)
> {
> struct vcpu_vmx *vmx = to_vmx(vcpu);
> + bool fred_enumerated;
>
> kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_FRED);
> + fred_enumerated = guest_can_use(vcpu, X86_FEATURE_FRED);
"enumerated" isn't correct. Userspace can enumerate FRED to the guest even if
FRED is unsupported in KVM.
Planning for a future where this becomes guest_cpu_cap_has(), maybe "has_fred"?
> - if (guest_can_use(vcpu, X86_FEATURE_FRED)) {
> + if (fred_enumerated) {
> vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_FRED);
> secondary_vm_exit_controls_setbit(vmx,
>
> SECONDARY_VM_EXIT_SAVE_IA32_FRED |
> @@ -7788,6 +7793,16 @@ static void
> vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu)
>
> SECONDARY_VM_EXIT_SAVE_IA32_FRED |
>
> SECONDARY_VM_EXIT_LOAD_IA32_FRED);
> }
> +
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP0, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP1, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP2, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP3, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_STKLVLS, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP1, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP2, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP3, MSR_TYPE_RW,
> !fred_enumerated);
> + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_CONFIG, MSR_TYPE_RW,
> !fred_enumerated);
> }
>
> static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
> --
> 2.43.0
>
