From 5148fd6385f2fd7e44a305fae09d308e072973b1 Mon Sep 17 00:00:00 2001
From: Rian McGuire <rian@fly.io>
Date: Thu, 23 Apr 2026 12:16:51 +1000
Subject: [PATCH] vmm: serialize IA32_XSS and CET MSRs

Kernel v6.18 enables shadow stack virtualization for AMD SVM guests (commit
8db428fd5229b, "KVM: SVM: Enable shadow stack virtualization for SVM"). SHSTK
and the CET_USER supervisor xstate are both advertised in the guest's CPUID.

Linux enables every supervisor xstate the CPU enumerates (regardless of whether
CONFIG_X86_USER_SHADOW_STACK is enabled), so guests set MSR_IA32_XSS.CET_USER at
boot.

Firecracker's SERIALIZABLE_MSR_RANGES does not include MSR_IA32_XSS, so it's 0
on resume from snapshot. If MSR_IA32_XSS isn't round-tripped, the first XRSTORS
instruction after resume faults: the processor refuses to restore a buffer whose
XCOMP_BV references CET_USER while IA32_XSS.CET_USER is unset.

Kernel commit c0a5f29891222 ("KVM: x86: Report XSS as to-be-saved if there are
supported features") added MSR_IA32_XSS to KVM's msrs_to_save_base[] for this
reason. Also save the related CET MSRs from the same kernel patch series
(6a11c860d8a4a, "KVM: x86: Report KVM supported CET MSRs as to-be-saved"):
U_CET, S_CET, PL0_SSP..PL3_SSP, INT_SSP_TAB.

Safe on older kernels: get_msrs_to_save() intersects SERIALIZABLE_MSR_RANGES
with KVM_GET_MSR_INDEX_LIST, and pre-v6.18 kernels don't report these MSRs.
---
 src/vmm/src/arch/x86_64/msr.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/vmm/src/arch/x86_64/msr.rs b/src/vmm/src/arch/x86_64/msr.rs
index 39bf0d7486d..46b2b19b7b5 100644
--- a/src/vmm/src/arch/x86_64/msr.rs
+++ b/src/vmm/src/arch/x86_64/msr.rs
@@ -216,8 +216,16 @@ static SERIALIZABLE_MSR_RANGES: &[MsrRange] = &[
     MSR_RANGE!(MSR_CONFIG_TDP_LEVEL_2),
     MSR_RANGE!(MSR_CONFIG_TDP_CONTROL),
     MSR_RANGE!(MSR_TURBO_ACTIVATION_RATIO),
+    MSR_RANGE!(MSR_IA32_U_CET),
+    MSR_RANGE!(MSR_IA32_S_CET),
+    MSR_RANGE!(MSR_IA32_PL0_SSP),
+    MSR_RANGE!(MSR_IA32_PL1_SSP),
+    MSR_RANGE!(MSR_IA32_PL2_SSP),
+    MSR_RANGE!(MSR_IA32_PL3_SSP),
+    MSR_RANGE!(MSR_IA32_INT_SSP_TAB),
     MSR_RANGE!(MSR_IA32_TSC_DEADLINE),
     MSR_RANGE!(APIC_BASE_MSR, APIC_MSR_INDEXES),
+    MSR_RANGE!(MSR_IA32_XSS),
     MSR_RANGE!(MSR_KVM_WALL_CLOCK_NEW),
     MSR_RANGE!(MSR_KVM_SYSTEM_TIME_NEW),
     MSR_RANGE!(MSR_KVM_ASYNC_PF_EN),