On 9/13/2025 7:22 AM, Sean Christopherson wrote:
> From: Yang Weijiang <weijiang.yang@intel.com>
>
> Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if
> XSAVES is supported. host_xss contains the host supported xstate feature
> bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM
> enabled XSS feature bits, the resulting value represents the supervisor
> xstates that are available to guest and are backed by host FPU framework
> for swapping {guest,host} XSAVE-managed registers/MSRs.
>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
> Reviewed-by: Chao Gao <chao.gao@intel.com>
> Tested-by: Mathias Krause <minipli@grsecurity.net>
> Tested-by: John Allen <john.allen@amd.com>
> Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Signed-off-by: Chao Gao <chao.gao@intel.com>
> [sean: relocate and enhance comment about PT / XSS[8] ]
> Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
> ---
> arch/x86/kvm/x86.c | 23 +++++++++++++++--------
> 1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 519d58b82f7f..c5e38d6943fe 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -217,6 +217,14 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs;
> | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \
> | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE)
>
> +/*
> + * Note, KVM supports exposing PT to the guest, but does not support context
> + * switching PT via XSTATE (KVM's PT virtualization relies on perf; swapping
> + * PT via guest XSTATE would clobber perf state), i.e. KVM doesn't support
> + * IA32_XSS[bit 8] (guests can/must use RDMSR/WRMSR to save/restore PT MSRs).
> + */
> +#define KVM_SUPPORTED_XSS 0
> +
> bool __read_mostly allow_smaller_maxphyaddr = 0;
> EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr);
>
> @@ -3986,11 +3994,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> case MSR_IA32_XSS:
> if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
> return KVM_MSR_RET_UNSUPPORTED;
> - /*
> - * KVM supports exposing PT to the guest, but does not support
> - * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than
> - * XSAVES/XRSTORS to save/restore PT MSRs.
> - */
> +
> if (data & ~vcpu->arch.guest_supported_xss)
> return 1;
> if (vcpu->arch.ia32_xss == data)
> @@ -9818,14 +9822,17 @@ int kvm_x86_vendor_init(struct kvm_x86_init_ops *ops)
> kvm_host.xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
> kvm_caps.supported_xcr0 = kvm_host.xcr0 & KVM_SUPPORTED_XCR0;
> }
> +
> + if (boot_cpu_has(X86_FEATURE_XSAVES)) {
> + rdmsrq(MSR_IA32_XSS, kvm_host.xss);
> + kvm_caps.supported_xss = kvm_host.xss & KVM_SUPPORTED_XSS;
> + }
> +
> kvm_caps.supported_quirks = KVM_X86_VALID_QUIRKS;
> kvm_caps.inapplicable_quirks = KVM_X86_CONDITIONAL_QUIRKS;
>
> rdmsrq_safe(MSR_EFER, &kvm_host.efer);
>
> - if (boot_cpu_has(X86_FEATURE_XSAVES))
> - rdmsrq(MSR_IA32_XSS, kvm_host.xss);
> -
> kvm_init_pmu_capability(ops->pmu_ops);
>
> if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))