On Sun, Mar 10, 2019 at 08:20:30PM +0800, Yang Weijiang wrote:
> On Fri, Mar 08, 2019 at 12:32:04PM +0100, Paolo Bonzini wrote:
> > On 28/02/19 09:44, Yang Weijiang wrote:
> > >>> if (!vmx_xsaves_supported())
> > >>> return 1;
> > >>> +
> > >>> /*
> > >>> - * The only supported bit as of Skylake is bit 8, but
> > >>> - * it is not supported on KVM.
> > >>> + * Check bits being set are supported in KVM.
> > >> I'd drop the comment altogether, it's pretty obvious from the code that
> > >> were checking which bits are supported.
> > > you won't see these redundancies in next version ;)
> > >>> */
> > >>> - if (data != 0)
> > >>> + if (data & ~kvm_supported_xss())
> > >>> return 1;
> >
> > You should instead check this against CPUID[0xD, 1].EDX:ECX. If CET is
> > disabled in CPUID, the guest should not be able to set it in MSR_IA32_CSS.
> >
> > Paolo
> Thanks, OK, will change it.
Hi, Paolo,
How about change kvm_supported_xss() as below so that CPUID[0xd,1] check
is implied in host_xss contents, vmx_supported_xss() now just returns host_xss
in vmx.c. The purpose of this change is to make XSS data check
common for other XSS based features.
+u64 kvm_supported_xss(void)
+{
+ return KVM_SUPPORTED_XSS & kvm_x86_ops->vmx_supported_xss();
+}
+
