On Mon, Apr 28, 2025, Chao Gao wrote:
> >I assume the kernel has bigger problems if CET_S is somehow tied to a
> >userspace task.
>
> To be clear, CET_S here refers to the CET supervisor state, which includes SSP
> pointers for privilege levels 0 through 2. The IA32_S_CET MSR is not part of
> that state.
>
> >
> >For KVM, it's just the one MSR, and KVM needs to support save/restore of that MSR
> >no matter what,
Oh, it's not just one MSR. I was indeed thinking this was just IA32_S_CET. But
lucky for me, the statement holds for SSP0-SS2.
> so supporting it via XSAVE would be more work, a bit sketchy, and
> >create yet another way for userspace to do weird things when saving/restoring vCPU
> >state.
>
> Agreed. One more issue of including CET_S into KVM_GET/SET_XSAVE{2} is:
>
> XSAVE UABI buffers adhere to the standard format defined by the SDM, which
> never includes supervisor states. Attempting to incorporate supervisor states
> into UABI buffers would lead to many issues, such as deviating from the
> standard format and the need to define offsets for each supervisor state.
