This patch set enables the Intel flexible return and event delivery
(FRED) architecture with KVM VMX to allow guests to utilize FRED.

The FRED architecture defines simple new transitions that change
privilege level (ring transitions). The FRED architecture was
designed with the following goals:

1) Improve overall performance and response time by replacing event
   delivery through the interrupt descriptor table (IDT event
   delivery) and event return by the IRET instruction with lower
   latency transitions.

2) Improve software robustness by ensuring that event delivery
   establishes the full supervisor context and that event return
   establishes the full user context.

The new transitions defined by the FRED architecture are FRED event
delivery and, for returning from events, two FRED return instructions.
FRED event delivery can effect a transition from ring 3 to ring 0, but
it is used also to deliver events incident to ring 0. One FRED
instruction (ERETU) effects a return from ring 0 to ring 3, while the
other (ERETS) returns while remaining in ring 0. Collectively, FRED
event delivery and the FRED return instructions are FRED transitions.


Intel VMX architecture is extended to run FRED guests, and the major
changes are:

1) New VMCS fields for FRED context management, which includes two new
event data VMCS fields, eight new guest FRED context VMCS fields and
eight new host FRED context VMCS fields.

2) VMX nested-exception support for proper virtualization of stack
levels introduced with FRED architecture.

Search for the latest FRED spec in most search engines with this search
pattern:

  site:intel.com FRED (flexible return and event delivery) specification


Although FRED and CET supervisor shadow stacks are independent CPU
features, FRED unconditionally includes FRED shadow stack pointer
MSRs IA32_FRED_SSP[0123], and IA32_FRED_SSP0 is just an alias of the
CET MSR IA32_PL0_SSP.  IOW, the state management of MSR IA32_PL0_SSP
becomes an overlap area, and Sean requested that FRED virtualization
to land after CET virtualization [1].

With CET virtualization now merged in v6.18, the path is clear to submit
the FRED virtualization patch series :).


Changes in v9:
* Rebased to the latest kvm-x86/next branch, tag kvm-x86-next-2025.10.20-2.
* Guard FRED state save/restore with guest_cpu_cap_has(vcpu, X86_FEATURE_FRED)
  in patch 19 (syzbot & Chao).
* Use array indexing for exception stack access, eliminating the need for
  the ESTACKS_MEMBERS() macro in struct cea_exception_stacks, and then
  exported __this_cpu_ist_top_va() in a subsequent patch (Dave Hansen).
* Rewrote some of the change logs.


Following is the link to v8 of this patch set:
https://lore.kernel.org/lkml/20251014010950.1568389-1-xin@zytor.com/


[1]: https://lore.kernel.org/kvm/ZvQaNRhrsSJTYji3@google.com/


Xin Li (18):
  KVM: VMX: Enable support for secondary VM exit controls
  KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config
  KVM: VMX: Disable FRED if FRED consistency checks fail
  KVM: VMX: Initialize VMCS FRED fields
  KVM: VMX: Set FRED MSR intercepts
  KVM: VMX: Save/restore guest FRED RSP0
  KVM: VMX: Add support for saving and restoring FRED MSRs
  KVM: x86: Add a helper to detect if FRED is enabled for a vCPU
  KVM: VMX: Virtualize FRED event_data
  KVM: VMX: Virtualize FRED nested exception tracking
  KVM: x86: Mark CR4.FRED as not reserved
  KVM: VMX: Dump FRED context in dump_vmcs()
  KVM: x86: Advertise support for FRED
  KVM: nVMX: Enable support for secondary VM exit controls
  KVM: nVMX: Handle FRED VMCS fields in nested VMX context
  KVM: nVMX: Validate FRED-related VMCS fields
  KVM: nVMX: Guard SHADOW_FIELD_R[OW] macros with VMX feature checks
  KVM: nVMX: Enable VMX FRED controls

Xin Li (Intel) (4):
  x86/cea: Prefix event stack names with ESTACK_
  x86/cea: Use array indexing to simplify exception stack access
  x86/cea: Export __this_cpu_ist_top_va() to KVM
  KVM: x86: Save/restore the nested flag of an exception

 Documentation/virt/kvm/api.rst        |  21 +-
 arch/x86/coco/sev/noinstr.c           |   4 +-
 arch/x86/coco/sev/vc-handle.c         |   2 +-
 arch/x86/include/asm/cpu_entry_area.h |  70 +++---
 arch/x86/include/asm/kvm_host.h       |  13 +-
 arch/x86/include/asm/msr-index.h      |   1 +
 arch/x86/include/asm/vmx.h            |  48 +++-
 arch/x86/include/uapi/asm/kvm.h       |   4 +-
 arch/x86/kernel/cpu/common.c          |  10 +-
 arch/x86/kernel/dumpstack_64.c        |  18 +-
 arch/x86/kernel/fred.c                |   6 +-
 arch/x86/kernel/traps.c               |   2 +-
 arch/x86/kvm/cpuid.c                  |   1 +
 arch/x86/kvm/kvm_cache_regs.h         |  15 ++
 arch/x86/kvm/svm/svm.c                |   2 +-
 arch/x86/kvm/vmx/capabilities.h       |  25 +-
 arch/x86/kvm/vmx/nested.c             | 343 +++++++++++++++++++++++---
 arch/x86/kvm/vmx/nested.h             |  22 ++
 arch/x86/kvm/vmx/vmcs.h               |   1 +
 arch/x86/kvm/vmx/vmcs12.c             |  19 ++
 arch/x86/kvm/vmx/vmcs12.h             |  40 ++-
 arch/x86/kvm/vmx/vmcs_shadow_fields.h |  37 ++-
 arch/x86/kvm/vmx/vmx.c                | 247 +++++++++++++++++--
 arch/x86/kvm/vmx/vmx.h                |  54 +++-
 arch/x86/kvm/x86.c                    | 131 +++++++++-
 arch/x86/kvm/x86.h                    |   8 +-
 arch/x86/mm/cpu_entry_area.c          |  39 ++-
 arch/x86/mm/fault.c                   |   2 +-
 include/uapi/linux/kvm.h              |   1 +
 29 files changed, 1038 insertions(+), 148 deletions(-)


base-commit: 4cc167c50eb19d44ac7e204938724e685e3d8057
-- 
2.51.0

> On Oct 26, 2025, at 1:18 PM, Xin Li (Intel) <xin@zytor.com> wrote:
> 
> This patch set enables the Intel flexible return and event delivery
> (FRED) architecture with KVM VMX to allow guests to utilize FRED.
> 
> The FRED architecture defines simple new transitions that change
> privilege level (ring transitions). The FRED architecture was
> designed with the following goals:
> 
> 1) Improve overall performance and response time by replacing event
>   delivery through the interrupt descriptor table (IDT event
>   delivery) and event return by the IRET instruction with lower
>   latency transitions.
> 
> 2) Improve software robustness by ensuring that event delivery
>   establishes the full supervisor context and that event return
>   establishes the full user context.
> 
> The new transitions defined by the FRED architecture are FRED event
> delivery and, for returning from events, two FRED return instructions.
> FRED event delivery can effect a transition from ring 3 to ring 0, but
> it is used also to deliver events incident to ring 0. One FRED
> instruction (ERETU) effects a return from ring 0 to ring 3, while the
> other (ERETS) returns while remaining in ring 0. Collectively, FRED
> event delivery and the FRED return instructions are FRED transitions.
> 
> 
> Intel VMX architecture is extended to run FRED guests, and the major
> changes are:
> 
> 1) New VMCS fields for FRED context management, which includes two new
> event data VMCS fields, eight new guest FRED context VMCS fields and
> eight new host FRED context VMCS fields.
> 
> 2) VMX nested-exception support for proper virtualization of stack
> levels introduced with FRED architecture.
> 
> Search for the latest FRED spec in most search engines with this search
> pattern:
> 
>  site:intel.com FRED (flexible return and event delivery) specification
> 
> 
> Although FRED and CET supervisor shadow stacks are independent CPU
> features, FRED unconditionally includes FRED shadow stack pointer
> MSRs IA32_FRED_SSP[0123], and IA32_FRED_SSP0 is just an alias of the
> CET MSR IA32_PL0_SSP.  IOW, the state management of MSR IA32_PL0_SSP
> becomes an overlap area, and Sean requested that FRED virtualization
> to land after CET virtualization [1].
> 
> With CET virtualization now merged in v6.18, the path is clear to submit
> the FRED virtualization patch series :).

Sean, what is the plan for the FRED patch series?

A good news is that we have got acks on all 3 common x86 patches.

Thanks!
Xin

> 
> Changes in v9:
> * Rebased to the latest kvm-x86/next branch, tag kvm-x86-next-2025.10.20-2.
> * Guard FRED state save/restore with guest_cpu_cap_has(vcpu, X86_FEATURE_FRED)
>  in patch 19 (syzbot & Chao).
> * Use array indexing for exception stack access, eliminating the need for
>  the ESTACKS_MEMBERS() macro in struct cea_exception_stacks, and then
>  exported __this_cpu_ist_top_va() in a subsequent patch (Dave Hansen).
> * Rewrote some of the change logs.

On Thu, Nov 06, 2025, Xin Li wrote:
> 
> > On Oct 26, 2025, at 1:18 PM, Xin Li (Intel) <xin@zytor.com> wrote:
> > Although FRED and CET supervisor shadow stacks are independent CPU
> > features, FRED unconditionally includes FRED shadow stack pointer
> > MSRs IA32_FRED_SSP[0123], and IA32_FRED_SSP0 is just an alias of the
> > CET MSR IA32_PL0_SSP.  IOW, the state management of MSR IA32_PL0_SSP
> > becomes an overlap area, and Sean requested that FRED virtualization
> > to land after CET virtualization [1].
> > 
> > With CET virtualization now merged in v6.18, the path is clear to submit
> > the FRED virtualization patch series :).
> 
> Sean, what is the plan for the FRED patch series?

Review and merge it asap.  Unfortunately, "asap" isn't all that soon, mostly
because I've been bogged down with non-upstream stuff.  I'm hoping to dive in
next week (but take that with a grain of salt; I've more or less said that exact
thing to someone else for other patches for three weeks running).

On Sun, Oct 26, 2025, Xin Li (Intel) wrote:
> Xin Li (18):
>   KVM: VMX: Enable support for secondary VM exit controls
>   KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config
>   KVM: VMX: Disable FRED if FRED consistency checks fail
>   KVM: VMX: Initialize VMCS FRED fields
>   KVM: VMX: Set FRED MSR intercepts
>   KVM: VMX: Save/restore guest FRED RSP0
>   KVM: VMX: Add support for saving and restoring FRED MSRs
>   KVM: x86: Add a helper to detect if FRED is enabled for a vCPU
>   KVM: VMX: Virtualize FRED event_data
>   KVM: VMX: Virtualize FRED nested exception tracking
>   KVM: x86: Mark CR4.FRED as not reserved
>   KVM: VMX: Dump FRED context in dump_vmcs()
>   KVM: x86: Advertise support for FRED
>   KVM: nVMX: Enable support for secondary VM exit controls
>   KVM: nVMX: Handle FRED VMCS fields in nested VMX context
>   KVM: nVMX: Validate FRED-related VMCS fields
>   KVM: nVMX: Guard SHADOW_FIELD_R[OW] macros with VMX feature checks
>   KVM: nVMX: Enable VMX FRED controls
> 
> Xin Li (Intel) (4):

I'm guessing the two different "names" isn't intended?

>   x86/cea: Prefix event stack names with ESTACK_
>   x86/cea: Use array indexing to simplify exception stack access
>   x86/cea: Export __this_cpu_ist_top_va() to KVM
>   KVM: x86: Save/restore the nested flag of an exception

> On Dec 8, 2025, at 2:51 PM, Sean Christopherson <seanjc@google.com> wrote:
> 
>> Xin Li (Intel) (4):
> 
> I'm guessing the two different "names" isn't intended?

Not at all :’(

I've switched from using my Intel email to xin@zytor.com due to recipient
threshold limits.  Earlier versions of the patch series were sent to LKML
with the Intel address, while all new patches use xin@zytor.com.