On 04.10.2025 00:53, Andrew Cooper wrote: > With the shadow stack and exception handling adjustements in place, we can now > activate FRED when appropriate. Note that opt_fred is still disabled by > default. > > Introduce init_fred() to set up all the MSRs relevant for FRED. FRED uses > MSR_STAR (entries from Ring3 only), and MSR_FRED_SSP_SL0 aliases MSR_PL0_SSP > when CET-SS is active. Otherwise, they're all new MSRs. > > With init_fred() existing, load_system_tables() and legacy_syscall_init() > should only be used when setting up IDT delivery. Insert ASSERT()s to this > effect, and adjust the various *_init() functions to make this property true. > > Per the documentation, percpu_early_traps_init() is responsible for switching > off the boot GDT, which needs doing even in FRED mode. > > Finally, set CR4.FRED in traps_init()/percpu_early_traps_init(). > > Xen can now boot in FRED mode up until starting a PV guest, where it faults > because IRET is not permitted to change privilege. > > Signed-off-by: Andrew Cooper <[email protected]>
Reviewed-by: Jan Beulich <[email protected]>
