Remove the explicit clearing of shadow stack CPU capabilities.

Signed-off-by: John Allen <john.allen@amd.com>
---
v3:
  - New in v3.
---
 arch/x86/kvm/svm/svm.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 82cde3578c96..b67aa546d8f4 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5255,11 +5255,6 @@ static __init void svm_set_cpu_caps(void)
 	kvm_set_cpu_caps();
 
 	kvm_caps.supported_perf_cap = 0;
-	kvm_caps.supported_xss = 0;
-
-	/* KVM doesn't yet support CET virtualization for SVM. */
-	kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
-	kvm_cpu_cap_clear(X86_FEATURE_IBT);
 
 	/* CPUID 0x80000001 and 0x8000000A (SVM features) */
 	if (nested) {
-- 
2.34.1

On Wed, Aug 06, 2025 at 08:45:10PM +0000, John Allen wrote:
>Remove the explicit clearing of shadow stack CPU capabilities.
>
>Signed-off-by: John Allen <john.allen@amd.com>
>---
>v3:
>  - New in v3.
>---
> arch/x86/kvm/svm/svm.c | 5 -----
> 1 file changed, 5 deletions(-)
>
>diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
>index 82cde3578c96..b67aa546d8f4 100644
>--- a/arch/x86/kvm/svm/svm.c
>+++ b/arch/x86/kvm/svm/svm.c
>@@ -5255,11 +5255,6 @@ static __init void svm_set_cpu_caps(void)
> 	kvm_set_cpu_caps();
> 
> 	kvm_caps.supported_perf_cap = 0;
>-	kvm_caps.supported_xss = 0;
>-
>-	/* KVM doesn't yet support CET virtualization for SVM. */
>-	kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
>-	kvm_cpu_cap_clear(X86_FEATURE_IBT);

IIUC, IBT should be cleared because KVM doesn't support IBT for SVM.

With this fixed:

Reviewed-by: Chao Gao <chao.gao@intel.com>

> 
> 	/* CPUID 0x80000001 and 0x8000000A (SVM features) */
> 	if (nested) {
>-- 
>2.34.1
>

On Mon, Aug 25, 2025 at 09:33:09AM +0800, Chao Gao wrote:
> On Wed, Aug 06, 2025 at 08:45:10PM +0000, John Allen wrote:
> >Remove the explicit clearing of shadow stack CPU capabilities.
> >
> >Signed-off-by: John Allen <john.allen@amd.com>
> >---
> >v3:
> >  - New in v3.
> >---
> > arch/x86/kvm/svm/svm.c | 5 -----
> > 1 file changed, 5 deletions(-)
> >
> >diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> >index 82cde3578c96..b67aa546d8f4 100644
> >--- a/arch/x86/kvm/svm/svm.c
> >+++ b/arch/x86/kvm/svm/svm.c
> >@@ -5255,11 +5255,6 @@ static __init void svm_set_cpu_caps(void)
> > 	kvm_set_cpu_caps();
> > 
> > 	kvm_caps.supported_perf_cap = 0;
> >-	kvm_caps.supported_xss = 0;
> >-
> >-	/* KVM doesn't yet support CET virtualization for SVM. */
> >-	kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
> >-	kvm_cpu_cap_clear(X86_FEATURE_IBT);
> 
> IIUC, IBT should be cleared because KVM doesn't support IBT for SVM.

Yeah, I wondered about this. The reason I chose to not clear this is
because we don't explicitly clear other features that are not supported
on AMD hardware AFAICT. Is there a reason we should clear this and not
other unsupported features?

Thanks,
John

>> >-	/* KVM doesn't yet support CET virtualization for SVM. */
>> >-	kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
>> >-	kvm_cpu_cap_clear(X86_FEATURE_IBT);
>> 
>> IIUC, IBT should be cleared because KVM doesn't support IBT for SVM.
>
>Yeah, I wondered about this. The reason I chose to not clear this is
>because we don't explicitly clear other features that are not supported
>on AMD hardware AFAICT.

Your series doesn't enable IBT for SVM. If future AMD CPUs add IBT support,
this KVM running on those CPUs will inadvertently advertise IBT support.

>Is there a reason we should clear this and not
>other unsupported features?

I think they should be cleared if they require any KVM enabling beyond just
adding the CPUID bits. At the very least, we can handle IBT correctly.