Commit c0a5f298 authored Sep 19, 2025 by Sean Christopherson

KVM: x86: Report XSS as to-be-saved if there are supported features



Add MSR_IA32_XSS to list of MSRs reported to userspace if supported_xss
is non-zero, i.e. KVM supports at least one XSS based feature.

Before enabling CET virtualization series, guest IA32_MSR_XSS is
guaranteed to be 0, i.e., XSAVES/XRSTORS is executed in non-root mode
with XSS == 0, which equals to the effect of XSAVE/XRSTOR.

Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Tested-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-6-seanjc@google.com


Signed-off-by: Sean Christopherson <seanjc@google.com>

parent 06f2969c

arch/x86/kvm/x86.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -332,7 +332,7 @@ static const u32 msrs_to_save_base[] = {
		MSR_IA32_RTIT_ADDR3_A, MSR_IA32_RTIT_ADDR3_B,
		MSR_IA32_UMWAIT_CONTROL,

		MSR_IA32_XFD, MSR_IA32_XFD_ERR,
		MSR_IA32_XFD, MSR_IA32_XFD_ERR, MSR_IA32_XSS,
		};

		static const u32 msrs_to_save_pmu[] = {
		@@ -7503,6 +7503,10 @@ static void kvm_probe_msr_to_save(u32 msr_index)
		if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR))
		return;
		break;
		case MSR_IA32_XSS:
		if (!kvm_caps.supported_xss)
		return;
		break;
		default:
		break;
		}