On 04.07.25 10:49, Chao Gao wrote: > The FPU support for CET virtualization has already been merged into the tip > tree. This v11 adds Intel CET virtualization in KVM and is based on > tip/master plus Sean's MSR cleanups. For your convenience, it is also > available at > > https://github.com/gaochaointel/linux-dev cet-v11 > > Changes in v11 (Most changes are suggested by Sean. Thanks!): > 1. Rebased onto the latest tip tree + Sean's MSR cleanups > 2. Made patch 1's shortlog informative and accurate > 3. Slotted in two cleanup patches from Sean (patch 3/4) > 4. Used KVM_GET/SET_ONE_REG ioctl for userspace to read/write SSP. > still assigned a KVM-defined MSR index for SSP but the index isn't > part of uAPI now. > 5. Used KVM_MSR_RET_UNSUPPORTED to reject accesses to unsupported CET MSRs > 6. Synthesized triple-fault when reading/writing SSP failed during > entering into SMM or exiting from SMM > 7. Removed an inappropriate "quirk" in v10 that advertised IBT to userspace > when the hardware supports it but the host does not enable it. > 8. Disabled IBT/SHSTK explicitly for SVM to avoid them being enabled on > AMD CPU accidentally before AMD CET series lands. Because IBT/SHSTK are > advertised in KVM x86 common code but only Intel support is added by > this series. > 9. Re-ordered "Don't emulate branch instructions" (patch 18) before > advertising CET support to userspace. > 10.Added consistency checks for CR4.CET and other CET MSRs during VM-entry > (patches 22-23) > > [...] I tested this with your work-in-progress QEMU support branch from [1] and it worked well on my Alder Lake NUC (i7-1260P). The host kernel has IBT and user shadow stacks enabled, so does the guest kernel. KUT CET tests[2] ran fine on the host as well as in the guest, i.e. nested works too. Therefore, Tested-by: Mathias Krause <minipli@xxxxxxxxxxxxxx> [1] https://github.com/gaochaointel/qemu-dev#qemu-cet [2] https://lore.kernel.org/kvm/20250626073459.12990-1-minipli@xxxxxxxxxxxxxx/ Thanks, Mathias
