[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 08/14] x86/traps: Enable FRED when requested

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 3 Mar 2026 13:44:18 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ktuf5dn7Bil6+PtW9UXZZgqOUX3cL1WSNTzz7iLmfZQ=; b=esqSLEoezPD0r0ZOHVATPpDGLADQyHM2lDyaNWdZx/z8knO0mrSMB5gOsMEg4I52pDi8frok5aDycsLNmBDdGtS8xbpyFWCL03w/OrKJMA61Dw4Pkw0+IoPFemLo4rTRuXBRt1z/ZWvmd6bHqbjfSzjR6ZsWhjqUB+oUd0hP6igF6+XtAY5zL3UAtJk64HS/wt4RL+EKJTe+3W6w3Uc9dbQrgKUmSHxdfzqE/soHj2V1gn6VEBOf5ILYdjfsGoiNNQ6HP6m4NgbI9DlxZ/McXKG5DPX8byMZklkD39uHNeiz+jLo5ANdXYLfG1eFERUbIBYhRSPgm7OIFztJX7UxLA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fcjxqzTDm44/i4dbYLm7dbT/1r95675K+oFP+jDFfc3tGV/BcwQorX5TsJgVV7eP243vX93Ebe6bJjRUrZlxNVlfZa8hvlvIwAl4uBtEVYpmv4h2ItKxYto9ytWqxACn34AY0AUPRlLpFQE4Cb8YK0Qx6x1nqpN2GTmSzwDfX5R+KHfGib0QyedjxhkuAA0Ff+auGB46S6QKHtO6W/+B0vZ+hROAvJ5Ev5fm7E7IKQ4CZhDkf2shpaB3cavYHKu2157p/cK3Ro0HJtkUJNXkFymUd872TjbyZwZa1wadqTv1UPwnVqedZLG0gHms0rO+Qn1VkzKplhbn+pKtfKUqYQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 03 Mar 2026 13:44:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02/03/2026 4:12 pm, Jan Beulich wrote:
> On 28.02.2026 00:16, Andrew Cooper wrote:
>> With the shadow stack and exception handling adjustements in place, we can 
>> now
>> activate FRED when appropriate.  Note that opt_fred is still disabled by
>> default until more infrastructure is in place.
>>
>> Introduce init_fred() to set up all the MSRs relevant for FRED.  FRED uses
>> MSR_STAR (entries from Ring3 only), and MSR_FRED_SSP_SL0 aliases MSR_PL0_SSP
>> when CET-SS is active.  Otherwise, they're all new MSRs.
>>
>> Also introduce init_fred_tss().  At this juncture we need a TSS set up, even
>> if it is mostly unused.  Reinsert the BUILD_BUG_ON() checking the size of the
>> TSS against 0x67, this time with a more precise comment.
>>
>> With init_fred() existing, load_system_tables() and legacy_syscall_init()
>> should only be used when setting up IDT delivery.  Insert ASSERT()s to this
>> effect, and adjust the various init functions to make this property true.
>>
>> The FRED initialisation path still needs to write to all system table
>> registers at least once, even if only to invalidate them.  Per the
>> documentation, percpu_early_traps_init() is responsible for switching off the
>> boot GDT, which also needs doing even in FRED mode.
>>
>> Finally, set CR4.FRED in traps_init()/percpu_early_traps_init().
>>
>> Xen can now boot in FRED mode and run a PVH dom0.  PV guests still need more
>> work before they can be run under FRED.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks.

>
>> [*] PVH Dom0 on an Intel PantherLake CPU.
> What other part is this remark connected to?

Ah - the commit message.  Specifically, that I've only tested VT-x, not
SVM PVH dom0.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.