arch/x86/kvm/x86.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-)
Update the comment above is_xstate_managed_msr() to note that
MSR_IA32_S_CET isn't saved/restored by XSAVES/XRSTORS.
MSR_IA32_S_CET isn't part of CET_U/S state as the SDM states:
The register state used by Control-Flow Enforcement Technology (CET)
comprises the two 64-bit MSRs (IA32_U_CET and IA32_PL3_SSP) that manage
CET when CPL = 3 (CET_U state); and the three 64-bit MSRs
(IA32_PL0_SSP–IA32_PL2_SSP) that manage CET when CPL < 3 (CET_S state).
Fixes: e44eb58334bb ("KVM: x86: Load guest FPU state when access XSAVE-managed MSRs")
Signed-off-by: Chao Gao <chao.gao@intel.com>
---
I didn't check the SDM when Xin asked [1] why MSR_IA32_S_CET isn't
xstate-managed. It looks like my reply (and my sample code) misled
everyone into thinking MSR_IA32_S_CET was part of the CET_S state.
I realized this issue when reviewing the QEMU patch [2].
[1]: https://lore.kernel.org/kvm/aKvP2AHKYeQCPm0x@intel.com/
[2]: https://lore.kernel.org/kvm/20251024065632.1448606-12-zhao1.liu@intel.com/
---
arch/x86/kvm/x86.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9cfed304035f..c7592ac8f443 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3877,15 +3877,13 @@ static void record_steal_time(struct kvm_vcpu *vcpu)
/*
* Returns true if the MSR in question is managed via XSTATE, i.e. is context
- * switched with the rest of guest FPU state. Note! S_CET is _not_ context
- * switched via XSTATE even though it _is_ saved/restored via XSAVES/XRSTORS.
- * Because S_CET is loaded on VM-Enter and VM-Exit via dedicated VMCS fields,
- * the value saved/restored via XSTATE is always the host's value. That detail
- * is _extremely_ important, as the guest's S_CET must _never_ be resident in
- * hardware while executing in the host. Loading guest values for U_CET and
- * PL[0-3]_SSP while executing in the kernel is safe, as U_CET is specific to
- * userspace, and PL[0-3]_SSP are only consumed when transitioning to lower
- * privilege levels, i.e. are effectively only consumed by userspace as well.
+ * switched with the rest of guest FPU state.
+ *
+ * Note, S_CET is _not_ saved/restored via XSAVES/XRSTORS. Also note, loading
+ * guest values for U_CET and PL[0-3]_SSP while executing in the kernel is
+ * safe, as U_CET is specific to userspace, and PL[0-3]_SSP are only consumed
+ * when transitioning to lower privilege levels, i.e. are effectively only
+ * consumed by userspace as well.
*/
static bool is_xstate_managed_msr(struct kvm_vcpu *vcpu, u32 msr)
{
--
2.47.3
On Mon, 27 Oct 2025 23:01:41 -0700, Chao Gao wrote:
> Update the comment above is_xstate_managed_msr() to note that
> MSR_IA32_S_CET isn't saved/restored by XSAVES/XRSTORS.
>
> MSR_IA32_S_CET isn't part of CET_U/S state as the SDM states:
> The register state used by Control-Flow Enforcement Technology (CET)
> comprises the two 64-bit MSRs (IA32_U_CET and IA32_PL3_SSP) that manage
> CET when CPL = 3 (CET_U state); and the three 64-bit MSRs
> (IA32_PL0_SSP–IA32_PL2_SSP) that manage CET when CPL < 3 (CET_S state).
>
> [...]
Applied to kvm-x86 fixes, with an opportunistic tweak of the comment (the whole
spiel about the safety was attached to the wrong function). Thanks!
[1/1] KVM: x86: Call out MSR_IA32_S_CET is not handled by XSAVES
https://github.com/kvm-x86/linux/commit/cab4098be418
--
https://github.com/kvm-x86/linux/tree/next
© 2016 - 2026 Red Hat, Inc.