lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <81bb8149-45c7-472a-a240-46d43bd33b5d@linux.intel.com>
Date: Tue, 20 Jan 2026 17:24:54 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: "Xin Li (Intel)" <xin@...or.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
 linux-doc@...r.kernel.org, pbonzini@...hat.com, seanjc@...gle.com,
 corbet@....net, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
 dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, luto@...nel.org,
 peterz@...radead.org, andrew.cooper3@...rix.com, chao.gao@...el.com,
 hch@...radead.org, sohil.mehta@...el.com
Subject: Re: [PATCH v9 02/22] KVM: VMX: Initialize VM entry/exit FRED controls
 in vmcs_config



On 10/27/2025 4:18 AM, Xin Li (Intel) wrote:
> From: Xin Li <xin3.li@...el.com>
> 
> Setup VM entry/exit FRED controls in the global vmcs_config for proper
> FRED VMCS fields management:
>   1) load guest FRED state upon VM entry.
>   2) save guest FRED state during VM exit.
>   3) load host FRED state during VM exit.
> 

Nit:
I think it's worth noting that IA32_FRED_RSP0 and IA32_FRED_SSP0 are treated
differently. The change log might need more context on which MSRs are
atomically switched in order to describe that though.
  

> Also add FRED control consistency checks to the existing VM entry/exit
> consistency check framework.

Reviewed-by: Binbin Wu <binbin.wu@...ux.intel.com>

> 
> Signed-off-by: Xin Li <xin3.li@...el.com>
> Signed-off-by: Xin Li (Intel) <xin@...or.com>
> Tested-by: Shan Kang <shan.kang@...el.com>
> Tested-by: Xuelian Guo <xuelian.guo@...el.com>
> Reviewed-by: Chao Gao <chao.gao@...el.com>
> ---
> 
> Change in v5:
> * Remove the pair VM_ENTRY_LOAD_IA32_FRED/VM_EXIT_ACTIVATE_SECONDARY_CONTROLS,
>   since the secondary VM exit controls are unconditionally enabled anyway, and
>   there are features other than FRED needing it (Chao Gao).
> * Add TB from Xuelian Guo.
> 
> Change in v4:
> * Do VM exit/entry consistency checks using the new macro from Sean
>   Christopherson.
> 
> Changes in v3:
> * Add FRED control consistency checks to the existing VM entry/exit
>   consistency check framework (Sean Christopherson).
> * Just do the unnecessary FRED state load/store on every VM entry/exit
>   (Sean Christopherson).
> ---
>  arch/x86/include/asm/vmx.h | 4 ++++
>  arch/x86/kvm/vmx/vmx.c     | 2 ++
>  arch/x86/kvm/vmx/vmx.h     | 7 +++++--
>  3 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index 1f60c04d11fb..dd79d027ea70 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -109,6 +109,9 @@
>  #define VM_EXIT_LOAD_CET_STATE                  0x10000000
>  #define VM_EXIT_ACTIVATE_SECONDARY_CONTROLS	0x80000000
>  
> +#define SECONDARY_VM_EXIT_SAVE_IA32_FRED	BIT_ULL(0)
> +#define SECONDARY_VM_EXIT_LOAD_IA32_FRED	BIT_ULL(1)
> +
>  #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR	0x00036dff
>  
>  #define VM_ENTRY_LOAD_DEBUG_CONTROLS            0x00000004
> @@ -122,6 +125,7 @@
>  #define VM_ENTRY_PT_CONCEAL_PIP			0x00020000
>  #define VM_ENTRY_LOAD_IA32_RTIT_CTL		0x00040000
>  #define VM_ENTRY_LOAD_CET_STATE                 0x00100000
> +#define VM_ENTRY_LOAD_IA32_FRED			0x00800000
>  
>  #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR	0x000011ff
>  
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 8de841c9c905..be48ba2d70e1 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -2622,6 +2622,8 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>  		u32 entry_control;
>  		u64 exit_control;
>  	} const vmcs_entry_exit2_pairs[] = {
> +		{ VM_ENTRY_LOAD_IA32_FRED,
> +			SECONDARY_VM_EXIT_SAVE_IA32_FRED | SECONDARY_VM_EXIT_LOAD_IA32_FRED },
>  	};
>  
>  	memset(vmcs_conf, 0, sizeof(*vmcs_conf));
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 349d96e68f96..645b0343e88c 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -487,7 +487,8 @@ static inline u8 vmx_get_rvi(void)
>  	 VM_ENTRY_LOAD_BNDCFGS |					\
>  	 VM_ENTRY_PT_CONCEAL_PIP |					\
>  	 VM_ENTRY_LOAD_IA32_RTIT_CTL |					\
> -	 VM_ENTRY_LOAD_CET_STATE)
> +	 VM_ENTRY_LOAD_CET_STATE |					\
> +	 VM_ENTRY_LOAD_IA32_FRED)
>  
>  #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS				\
>  	(VM_EXIT_SAVE_DEBUG_CONTROLS |					\
> @@ -514,7 +515,9 @@ static inline u8 vmx_get_rvi(void)
>  	       VM_EXIT_ACTIVATE_SECONDARY_CONTROLS)
>  
>  #define KVM_REQUIRED_VMX_SECONDARY_VM_EXIT_CONTROLS (0)
> -#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS (0)
> +#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS			\
> +	     (SECONDARY_VM_EXIT_SAVE_IA32_FRED |			\
> +	      SECONDARY_VM_EXIT_LOAD_IA32_FRED)
>  
>  #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL			\
>  	(PIN_BASED_EXT_INTR_MASK |					\

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ