On 8/26/2025 3:17 PM, Sean Christopherson wrote:
+ if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK))
+ wrmsrns(MSR_IA32_FRED_SSP0, vmx->msr_guest_fred_ssp0);
FWIW, if we can't get an SDM change, don't bother with RDMSR/WRMSRNS, just
configure KVM to intercept accesses. Then in kvm_set_msr_common(), pivot on
X86_FEATURE_SHSTK, e.g.
Intercepting is a solid approach: it ensures the guest value is fully
virtual and does not affect the hardware FRED SSP0 MSR. Of course the code
is also simplified.
case MSR_IA32_U_CET:
case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {
WARN_ON_ONCE(msr != MSR_IA32_FRED_SSP0);
vcpu->arch.fred_rsp0_fallback = data;
break;
}
kvm_set_xstate_msr(vcpu, msr_info);
break;
and
case MSR_IA32_U_CET:
case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {
WARN_ON_ONCE(msr_info->index != MSR_IA32_FRED_SSP0);
vcpu->arch.fred_rsp0_fallback = msr_info->data;
break;
}
kvm_get_xstate_msr(vcpu, msr_info);
break;
