>> >- /* KVM doesn't yet support CET virtualization for SVM. */ >> >- kvm_cpu_cap_clear(X86_FEATURE_SHSTK); >> >- kvm_cpu_cap_clear(X86_FEATURE_IBT); >> >> IIUC, IBT should be cleared because KVM doesn't support IBT for SVM. > >Yeah, I wondered about this. The reason I chose to not clear this is >because we don't explicitly clear other features that are not supported >on AMD hardware AFAICT. Your series doesn't enable IBT for SVM. If future AMD CPUs add IBT support, this KVM running on those CPUs will inadvertently advertise IBT support. >Is there a reason we should clear this and not >other unsupported features? I think they should be cleared if they require any KVM enabling beyond just adding the CPUID bits. At the very least, we can handle IBT correctly.
