KVM: x86: Initialize kvm_caps.supported_xss

Set original kvm_caps.supported_xss to (host_xss & KVM_SUPPORTED_XSS) if
XSAVES is supported. host_xss contains the host supported xstate feature
bits for thread FPU context switch, KVM_SUPPORTED_XSS includes all KVM
enabled XSS feature bits, the resulting value represents the supervisor
xstates that are available to guest and are backed by host FPU framework
for swapping {guest,host} XSAVE-managed registers/MSRs.

[sean: relocate and enhance comment about PT / XSS[8] ]

Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Tested-by: Mathias Krause <minipli@grsecurity.net>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-9-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d142cbc71aaa11d702b7645d627505b06b08c885..831c5e488de3a50e6a299125f1edfd8422048729 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -217,6 +217,14 @@ static struct kvm_user_return_msrs __percpu *user_return_msrs;
                                | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \
                                | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE)
 
+/*
+ * Note, KVM supports exposing PT to the guest, but does not support context
+ * switching PT via XSTATE (KVM's PT virtualization relies on perf; swapping
+ * PT via guest XSTATE would clobber perf state), i.e. KVM doesn't support
+ * IA32_XSS[bit 8] (guests can/must use RDMSR/WRMSR to save/restore PT MSRs).
+ */
+#define KVM_SUPPORTED_XSS     0
+
 bool __read_mostly allow_smaller_maxphyaddr = 0;
 EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr);
 
@@ -3986,11 +3994,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
        case MSR_IA32_XSS:
                if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
                        return KVM_MSR_RET_UNSUPPORTED;
-               /*
-                * KVM supports exposing PT to the guest, but does not support
-                * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than
-                * XSAVES/XRSTORS to save/restore PT MSRs.
-                */
+
                if (data & ~vcpu->arch.guest_supported_xss)
                        return 1;
                if (vcpu->arch.ia32_xss == data)
@@ -9822,14 +9826,17 @@ int kvm_x86_vendor_init(struct kvm_x86_init_ops *ops)
                kvm_host.xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
                kvm_caps.supported_xcr0 = kvm_host.xcr0 & KVM_SUPPORTED_XCR0;
        }
+
+       if (boot_cpu_has(X86_FEATURE_XSAVES)) {
+               rdmsrq(MSR_IA32_XSS, kvm_host.xss);
+               kvm_caps.supported_xss = kvm_host.xss & KVM_SUPPORTED_XSS;
+       }
+
        kvm_caps.supported_quirks = KVM_X86_VALID_QUIRKS;
        kvm_caps.inapplicable_quirks = KVM_X86_CONDITIONAL_QUIRKS;
 
        rdmsrq_safe(MSR_EFER, &kvm_host.efer);
 
-       if (boot_cpu_has(X86_FEATURE_XSAVES))
-               rdmsrq(MSR_IA32_XSS, kvm_host.xss);
-
        kvm_init_pmu_capability(ops->pmu_ops);
 
        if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))