qemu/target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch

From c3e47749fba4418d80bf4314335118452912b29c Mon Sep 17 00:00:00 2001
From: Xin Li <xin3.li@intel.com>
Date: Wed, 8 Nov 2023 23:20:12 -0800
Subject: [PATCH] target/i386: Add get/set/migrate support for FRED MSRs

commit 4ebd98eb3ade5957a842da1420bda012eeeaab9c upstream.

FRED CPU states are managed in 9 new FRED MSRs, in addtion to a few
existing CPU registers and MSRs, e.g., CR4.FRED and MSR_IA32_PL0_SSP.

Save/restore/migrate FRED MSRs if FRED is exposed to the guest.

Intel-SIG: commit 4ebd98eb3ade target/i386: Add get/set/migrate support for FRED MSRs

Tested-by: Shan Kang <shan.kang@intel.com>
Signed-off-by: Xin Li <xin3.li@intel.com>
Message-ID: <20231109072012.8078-7-xin3.li@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
 target/i386/cpu.h     | 22 +++++++++++++++++++
 target/i386/kvm/kvm.c | 49 +++++++++++++++++++++++++++++++++++++++++++
 target/i386/machine.c | 28 +++++++++++++++++++++++++
 3 files changed, 99 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index b03237c305..1b9d922651 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -539,6 +539,17 @@ typedef enum X86Seg {
 #define MSR_IA32_XFD                    0x000001c4
 #define MSR_IA32_XFD_ERR                0x000001c5
 
+/* FRED MSRs */
+#define MSR_IA32_FRED_RSP0              0x000001cc       /* Stack level 0 regular stack pointer */
+#define MSR_IA32_FRED_RSP1              0x000001cd       /* Stack level 1 regular stack pointer */
+#define MSR_IA32_FRED_RSP2              0x000001ce       /* Stack level 2 regular stack pointer */
+#define MSR_IA32_FRED_RSP3              0x000001cf       /* Stack level 3 regular stack pointer */
+#define MSR_IA32_FRED_STKLVLS           0x000001d0       /* FRED exception stack levels */
+#define MSR_IA32_FRED_SSP1              0x000001d1       /* Stack level 1 shadow stack pointer in ring 0 */
+#define MSR_IA32_FRED_SSP2              0x000001d2       /* Stack level 2 shadow stack pointer in ring 0 */
+#define MSR_IA32_FRED_SSP3              0x000001d3       /* Stack level 3 shadow stack pointer in ring 0 */
+#define MSR_IA32_FRED_CONFIG            0x000001d4       /* FRED Entrypoint and interrupt stack level */
+
 #define MSR_IA32_BNDCFGS                0x00000d90
 #define MSR_IA32_XSS                    0x00000da0
 #define MSR_IA32_UMWAIT_CONTROL         0xe1
@@ -1698,6 +1709,17 @@ typedef struct CPUArchState {
     target_ulong cstar;
     target_ulong fmask;
     target_ulong kernelgsbase;
+
+    /* FRED MSRs */
+    uint64_t fred_rsp0;
+    uint64_t fred_rsp1;
+    uint64_t fred_rsp2;
+    uint64_t fred_rsp3;
+    uint64_t fred_stklvls;
+    uint64_t fred_ssp1;
+    uint64_t fred_ssp2;
+    uint64_t fred_ssp3;
+    uint64_t fred_config;
 #endif
 
     uint64_t tsc_adjust;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 12e920bbb4..5f3497e122 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3391,6 +3391,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
         kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, env->kernelgsbase);
         kvm_msr_entry_add(cpu, MSR_FMASK, env->fmask);
         kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar);
+        if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) {
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, env->fred_rsp0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, env->fred_rsp1);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, env->fred_rsp2);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, env->fred_rsp3);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, env->fred_stklvls);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, env->fred_ssp1);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, env->fred_ssp2);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, env->fred_ssp3);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, env->fred_config);
+        }
     }
 #endif
 
@@ -3867,6 +3878,17 @@ static int kvm_get_msrs(X86CPU *cpu)
         kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, 0);
         kvm_msr_entry_add(cpu, MSR_FMASK, 0);
         kvm_msr_entry_add(cpu, MSR_LSTAR, 0);
+        if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) {
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, 0);
+            kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, 0);
+        }
     }
 #endif
     kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, 0);
@@ -4092,6 +4114,33 @@ static int kvm_get_msrs(X86CPU *cpu)
         case MSR_LSTAR:
             env->lstar = msrs[i].data;
             break;
+        case MSR_IA32_FRED_RSP0:
+            env->fred_rsp0 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_RSP1:
+            env->fred_rsp1 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_RSP2:
+            env->fred_rsp2 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_RSP3:
+            env->fred_rsp3 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_STKLVLS:
+            env->fred_stklvls = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_SSP1:
+            env->fred_ssp1 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_SSP2:
+            env->fred_ssp2 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_SSP3:
+            env->fred_ssp3 = msrs[i].data;
+            break;
+        case MSR_IA32_FRED_CONFIG:
+            env->fred_config = msrs[i].data;
+            break;
 #endif
         case MSR_IA32_TSC:
             env->tsc = msrs[i].data;
diff --git a/target/i386/machine.c b/target/i386/machine.c
index 9a1cb8f3b8..7cbfbc0efb 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1544,6 +1544,33 @@ static const VMStateDescription vmstate_msr_xfd = {
 };
 
 #ifdef TARGET_X86_64
+static bool intel_fred_msrs_needed(void *opaque)
+{
+    X86CPU *cpu = opaque;
+    CPUX86State *env = &cpu->env;
+
+    return !!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED);
+}
+
+static const VMStateDescription vmstate_msr_fred = {
+    .name = "cpu/fred",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .needed = intel_fred_msrs_needed,
+    .fields = (VMStateField[]) {
+        VMSTATE_UINT64(env.fred_rsp0, X86CPU),
+        VMSTATE_UINT64(env.fred_rsp1, X86CPU),
+        VMSTATE_UINT64(env.fred_rsp2, X86CPU),
+        VMSTATE_UINT64(env.fred_rsp3, X86CPU),
+        VMSTATE_UINT64(env.fred_stklvls, X86CPU),
+        VMSTATE_UINT64(env.fred_ssp1, X86CPU),
+        VMSTATE_UINT64(env.fred_ssp2, X86CPU),
+        VMSTATE_UINT64(env.fred_ssp3, X86CPU),
+        VMSTATE_UINT64(env.fred_config, X86CPU),
+        VMSTATE_END_OF_LIST()
+            }
+        };
+
 static bool amx_xtile_needed(void *opaque)
 {
     X86CPU *cpu = opaque;
@@ -1768,6 +1795,7 @@ const VMStateDescription vmstate_x86_cpu = {
         &vmstate_pdptrs,
         &vmstate_msr_xfd,
 #ifdef TARGET_X86_64
+        &vmstate_msr_fred,
         &vmstate_amx_xtile,
 #endif
         &vmstate_arch_lbr,
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-30: - Revert "linux-user: Print tid not pid with strace" - gpex-acpi: Remove duplicate DSM #5 - smmuv3: Use default bus for arm-smmuv3-accel - smmuv3: Change arm-smmuv3-nested name to arm-smmuv3-accel - smmu-common: Return sysmem address space only for vfio-pci - smmuv3: realize get_pasid_cap and set ssidsize with pasid - vfio: Synthesize vPASID capability to VM - backend/iommufd: Report PASID capability - pci: Get pasid capability from vIOMMU - smmuv3: Add support for page fault handling - kvm: Translate MSI doorbell address only if it is valid - hw/arm/smmuv3: Enable sva/stall IDR features - iommufd.h: Updated to openeuler olk-6.6 kernel - tests/data/acpi/virt: Update IORT acpi table - hw/arm/virt-acpi-build: Add IORT RMR regions to handle MSI nested binding - tests/qtest: Allow IORT acpi table to change - hw/arm/virt-acpi-build: Build IORT with multiple SMMU nodes - hw/arm/smmuv3: Associate a pci bus with a SMMUv3 Nested device - hw/arm/smmuv3: Add initial support for SMMUv3 Nested device - hw/arm/virt: Add an SMMU_IO_LEN macro - hw/pci-host/gpex: [needs kernel fix] Allow to generate preserve boot config DSM #5 - tests/data/acpi: Update DSDT acpi tables - acpi/gpex: Fix PCI Express Slot Information function 0 returned value - tests/qtest: Allow DSDT acpi tables to change - hw/arm/smmuv3: Forward cache invalidate commands via iommufd - hw/arm/smmu-common: Replace smmu_iommu_mr with smmu_find_sdev - hw/arm/smmuv3: Add missing STE invalidation - hw/arm/smmuv3: Add smmu_dev_install_nested_ste() for CFGI_STE - hw/arm/smmuv3: Check idr registers for STE_S1CDMAX and STE_S1STALLD - hw/arm/smmuv3: Read host SMMU device info - hw/arm/smmuv3: Ignore IOMMU_NOTIFIER_MAP for nested-smmuv3 - hw/arm/smmu-common: Return sysmem if stage-1 is bypassed - hw/arm/smmu-common: Add iommufd helpers - hw/arm/smmu-common: Add set/unset_iommu_device callback - hw/arm/smmu-common: Extract smmu_get_sbus and smmu_get_sdev helpers - hw/arm/smmu-common: Bypass emulated IOTLB for a nested SMMU - hw/arm/smmu-common: Add a nested flag to SMMUState - backends/iommufd: Introduce iommufd_viommu_invalidate_cache - backends/iommufd: Introduce iommufd_vdev_alloc - backends/iommufd: Introduce iommufd_backend_alloc_viommu - vfio/iommufd: Implement [at\|de]tach_hwpt handlers - vfio/iommufd: Implement HostIOMMUDeviceClass::realize_late() handler - HostIOMMUDevice: Introduce realize_late callback - vfio/iommufd: Add properties and handlers to TYPE_HOST_IOMMU_DEVICE_IOMMUFD - backends/iommufd: Add helpers for invalidating user-managed HWPT - Update iommufd.h header for vSVA - vfio/common: Allow disabling device dirty page tracking - vfio/migration: Don't block migration device dirty tracking is unsupported - vfio/iommufd: Implement VFIOIOMMUClass::query_dirty_bitmap support - vfio/iommufd: Implement VFIOIOMMUClass::set_dirty_tracking support - vfio/iommufd: Probe and request hwpt dirty tracking capability - vfio/{iommufd, container}: Invoke HostIOMMUDevice::realize() during attach_device() - vfio/iommufd: Add hw_caps field to HostIOMMUDeviceCaps - vfio/{iommufd,container}: Remove caps::aw_bits - HostIOMMUDevice: Store the VFIO/VDPA agent - vfio/iommufd: Introduce auto domain creation - vfio/ccw: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/ap: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/iommufd: Return errno in iommufd_cdev_attach_ioas_hwpt() - backends/iommufd: Extend iommufd_backend_get_device_info() to fetch HW capabilities - vfio/iommufd: Don't initialize nor set a HOST_IOMMU_DEVICE with mdev - vfio/pci: Extract mdev check into an helper - intel_iommu: Check compatibility with host IOMMU capabilities - intel_iommu: Implement [set\|unset]_iommu_device() callbacks - intel_iommu: Extract out vtd_cap_init() to initialize cap/ecap - vfio/pci: Pass HostIOMMUDevice to vIOMMU - hw/pci: Introduce pci_device_[set\|unset]_iommu_device() - hw/pci: Introduce helper function pci_device_get_iommu_bus_devfn() - vfio: Create host IOMMU device instance - backends/iommufd: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/container: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/iommufd: Implement HostIOMMUDeviceClass::realize() handler - backends/iommufd: Introduce helper function iommufd_backend_get_device_info() - vfio/container: Implement HostIOMMUDeviceClass::realize() handler - range: Introduce range_get_last_bit() - backends/iommufd: Introduce TYPE_HOST_IOMMU_DEVICE_IOMMUFD[_VFIO] devices - vfio/container: Introduce TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO device - backends/host_iommu_device: Introduce HostIOMMUDeviceCaps - backends: Introduce HostIOMMUDevice abstract - vfio/iommufd: Remove CONFIG_IOMMUFD usage - vfio/spapr: Extend VFIOIOMMUOps with a release handler - vfio/spapr: Only compile sPAPR IOMMU support when needed - vfio/iommufd: Introduce a VFIOIOMMU iommufd QOM interface - vfio/spapr: Introduce a sPAPR VFIOIOMMU QOM interface - vfio/container: Intoduce a new VFIOIOMMUClass::setup handler - vfio/container: Introduce a VFIOIOMMU legacy QOM interface - vfio/container: Introduce a VFIOIOMMU QOM interface - vfio/container: Initialize VFIOIOMMUOps under vfio_init_container() - vfio/container: Introduce vfio_legacy_setup() for further cleanups - docs/devel: Add VFIO iommufd backend documentation - vfio: Introduce a helper function to initialize VFIODevice - vfio/ccw: Move VFIODevice initializations in vfio_ccw_instance_init - vfio/ap: Move VFIODevice initializations in vfio_ap_instance_init - vfio/platform: Move VFIODevice initializations in vfio_platform_instance_init - vfio/pci: Move VFIODevice initializations in vfio_instance_init - hw/i386: Activate IOMMUFD for q35 machines - kconfig: Activate IOMMUFD for s390x machines - hw/arm: Activate IOMMUFD for virt machines - vfio: Make VFIOContainerBase poiner parameter const in VFIOIOMMUOps callbacks - vfio/ccw: Make vfio cdev pre-openable by passing a file handle - vfio/ccw: Allow the selection of a given iommu backend - vfio/ap: Make vfio cdev pre-openable by passing a file handle - vfio/ap: Allow the selection of a given iommu backend - vfio/platform: Make vfio cdev pre-openable by passing a file handle - vfio/platform: Allow the selection of a given iommu backend - vfio/pci: Make vfio cdev pre-openable by passing a file handle - vfio/pci: Allow the selection of a given iommu backend - vfio/iommufd: Enable pci hot reset through iommufd cdev interface - vfio/pci: Introduce a vfio pci hot reset interface - vfio/pci: Extract out a helper vfio_pci_get_pci_hot_reset_info - vfio/iommufd: Add support for iova_ranges and pgsizes - vfio/iommufd: Relax assert check for iommufd backend - vfio/iommufd: Implement the iommufd backend - vfio/common: return early if space isn't empty - util/char_dev: Add open_cdev() - backends/iommufd: Introduce the iommufd object - vfio/spapr: Move hostwin_list into spapr container - vfio/spapr: Move prereg_listener into spapr container - vfio/spapr: switch to spapr IOMMU BE add/del_section_window - vfio/spapr: Introduce spapr backend and target interface - vfio/container: Implement attach/detach_device - vfio/container: Move iova_ranges to base container - vfio/container: Move dirty_pgsizes and max_dirty_bitmap_size to base container - vfio/container: Move listener to base container - vfio/container: Move vrdl_list to base container - vfio/container: Move pgsizes and dma_max_mappings to base container - vfio/container: Convert functions to base container - vfio/container: Move per container device list in base container - vfio/container: Switch to IOMMU BE set_dirty_page_tracking/query_dirty_bitmap API - vfio/container: Move space field to base container - vfio/common: Move giommu_list in base container - vfio/common: Introduce vfio_container_init/destroy helper - vfio/container: Switch to dma_map\|unmap API - vfio/container: Introduce a empty VFIOIOMMUOps - vfio: Introduce base object for VFIOContainer and targeted interface - cryptodev: Fix error handling in cryptodev_lkcf_execute_task() - hw/xen: Fix xen_bus_realize() error handling - hw/misc/aspeed_hace: Fix buffer overflow in has_padding function - target/s390x: Fix a typo in s390_cpu_class_init() - hw/sd/sdhci: free irq on exit - hw/ufs: free irq on exit - hw/pci-host/designware: Fix ATU_UPPER_TARGET register access - target/i386: Make invtsc migratable when user sets tsc-khz explicitly - target/i386: Construct CPUID 2 as stateful iff times > 1 - target/i386: Enable fdp-excptn-only and zero-fcs-fds - target/i386: Don't construct a all-zero entry for CPUID[0xD 0x3f] - i386/cpuid: Remove subleaf constraint on CPUID leaf 1F - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word - target/i386: Raise the highest index value used for any VMCS encoding - target/i386: Add VMX control bits for nested FRED support - target/i386: Delete duplicated macro definition CR4_FRED_MASK - target/i386: Add get/set/migrate support for FRED MSRs - target/i386: enumerate VMX nested-exception support - vmxcap: add support for VMX FRED controls - target/i386: mark CR4.FRED not reserved - target/i386: add support for FRED in CPUID enumeration - target/i386: fix feature dependency for WAITPKG - target/i386: Add more features enumerated by CPUID.7.2.EDX - net: fix build when libbpf is disabled, but libxdp is enabled - hw/nvme: fix invalid endian conversion - hw/nvme: fix invalid check on mcl - backends/cryptodev: Do not ignore throttle/backends Errors - backends/cryptodev: Do not abort for invalid session ID - virtcca: add kvm isolation when get tmi version. - qga: Don't daemonize before channel is initialized - qga: Add log to guest-fsfreeze-thaw command - backends: VirtCCA: cvm_gpa_start supports both 1GB and 3GB - BUGFIX: Enforce isolation for virtcca_shared_hugepage - arm: VirtCCA: qemu CoDA support UEFI boot - arm: VirtCCA: Compatibility with older versions of TMM and the kernel - arm: VirtCCA: qemu uefi boot support kae - arm: VirtCCA: CVM support UEFI boot Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit 85fd7a435d8203dde56fedc4c8f500e41faf132c) 2025-04-22 14:34:58 +08:00			`From c3e47749fba4418d80bf4314335118452912b29c Mon Sep 17 00:00:00 2001`
			`From: Xin Li <xin3.li@intel.com>`
			`Date: Wed, 8 Nov 2023 23:20:12 -0800`
			`Subject: [PATCH] target/i386: Add get/set/migrate support for FRED MSRs`

			`commit 4ebd98eb3ade5957a842da1420bda012eeeaab9c upstream.`

			`FRED CPU states are managed in 9 new FRED MSRs, in addtion to a few`
			`existing CPU registers and MSRs, e.g., CR4.FRED and MSR_IA32_PL0_SSP.`

			`Save/restore/migrate FRED MSRs if FRED is exposed to the guest.`

			`Intel-SIG: commit 4ebd98eb3ade target/i386: Add get/set/migrate support for FRED MSRs`

			`Tested-by: Shan Kang <shan.kang@intel.com>`
			`Signed-off-by: Xin Li <xin3.li@intel.com>`
			`Message-ID: <20231109072012.8078-7-xin3.li@intel.com>`
			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`Signed-off-by: Jason Zeng <jason.zeng@intel.com>`
			`---`
			`target/i386/cpu.h \| 22 +++++++++++++++++++`
			`target/i386/kvm/kvm.c \| 49 +++++++++++++++++++++++++++++++++++++++++++`
			`target/i386/machine.c \| 28 +++++++++++++++++++++++++`
			`3 files changed, 99 insertions(+)`

			`diff --git a/target/i386/cpu.h b/target/i386/cpu.h`
			`index b03237c305..1b9d922651 100644`
			`--- a/target/i386/cpu.h`
			`+++ b/target/i386/cpu.h`
			`@@ -539,6 +539,17 @@ typedef enum X86Seg {`
			`#define MSR_IA32_XFD 0x000001c4`
			`#define MSR_IA32_XFD_ERR 0x000001c5`

			`+/* FRED MSRs */`
			`+#define MSR_IA32_FRED_RSP0 0x000001cc /* Stack level 0 regular stack pointer */`
			`+#define MSR_IA32_FRED_RSP1 0x000001cd /* Stack level 1 regular stack pointer */`
			`+#define MSR_IA32_FRED_RSP2 0x000001ce /* Stack level 2 regular stack pointer */`
			`+#define MSR_IA32_FRED_RSP3 0x000001cf /* Stack level 3 regular stack pointer */`
			`+#define MSR_IA32_FRED_STKLVLS 0x000001d0 /* FRED exception stack levels */`
			`+#define MSR_IA32_FRED_SSP1 0x000001d1 /* Stack level 1 shadow stack pointer in ring 0 */`
			`+#define MSR_IA32_FRED_SSP2 0x000001d2 /* Stack level 2 shadow stack pointer in ring 0 */`
			`+#define MSR_IA32_FRED_SSP3 0x000001d3 /* Stack level 3 shadow stack pointer in ring 0 */`
			`+#define MSR_IA32_FRED_CONFIG 0x000001d4 /* FRED Entrypoint and interrupt stack level */`
			`+`
			`#define MSR_IA32_BNDCFGS 0x00000d90`
			`#define MSR_IA32_XSS 0x00000da0`
			`#define MSR_IA32_UMWAIT_CONTROL 0xe1`
			`@@ -1698,6 +1709,17 @@ typedef struct CPUArchState {`
			`target_ulong cstar;`
			`target_ulong fmask;`
			`target_ulong kernelgsbase;`
			`+`
			`+ /* FRED MSRs */`
			`+ uint64_t fred_rsp0;`
			`+ uint64_t fred_rsp1;`
			`+ uint64_t fred_rsp2;`
			`+ uint64_t fred_rsp3;`
			`+ uint64_t fred_stklvls;`
			`+ uint64_t fred_ssp1;`
			`+ uint64_t fred_ssp2;`
			`+ uint64_t fred_ssp3;`
			`+ uint64_t fred_config;`
			`#endif`

			`uint64_t tsc_adjust;`
			`diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c`
			`index 12e920bbb4..5f3497e122 100644`
			`--- a/target/i386/kvm/kvm.c`
			`+++ b/target/i386/kvm/kvm.c`
			`@@ -3391,6 +3391,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)`
			`kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, env->kernelgsbase);`
			`kvm_msr_entry_add(cpu, MSR_FMASK, env->fmask);`
			`kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar);`
			`+ if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) {`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, env->fred_rsp0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, env->fred_rsp1);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, env->fred_rsp2);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, env->fred_rsp3);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, env->fred_stklvls);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, env->fred_ssp1);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, env->fred_ssp2);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, env->fred_ssp3);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, env->fred_config);`
			`+ }`
			`}`
			`#endif`

			`@@ -3867,6 +3878,17 @@ static int kvm_get_msrs(X86CPU *cpu)`
			`kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, 0);`
			`kvm_msr_entry_add(cpu, MSR_FMASK, 0);`
			`kvm_msr_entry_add(cpu, MSR_LSTAR, 0);`
			`+ if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) {`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, 0);`
			`+ kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, 0);`
			`+ }`
			`}`
			`#endif`
			`kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, 0);`
			`@@ -4092,6 +4114,33 @@ static int kvm_get_msrs(X86CPU *cpu)`
			`case MSR_LSTAR:`
			`env->lstar = msrs[i].data;`
			`break;`
			`+ case MSR_IA32_FRED_RSP0:`
			`+ env->fred_rsp0 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_RSP1:`
			`+ env->fred_rsp1 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_RSP2:`
			`+ env->fred_rsp2 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_RSP3:`
			`+ env->fred_rsp3 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_STKLVLS:`
			`+ env->fred_stklvls = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_SSP1:`
			`+ env->fred_ssp1 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_SSP2:`
			`+ env->fred_ssp2 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_SSP3:`
			`+ env->fred_ssp3 = msrs[i].data;`
			`+ break;`
			`+ case MSR_IA32_FRED_CONFIG:`
			`+ env->fred_config = msrs[i].data;`
			`+ break;`
			`#endif`
			`case MSR_IA32_TSC:`
			`env->tsc = msrs[i].data;`
			`diff --git a/target/i386/machine.c b/target/i386/machine.c`
			`index 9a1cb8f3b8..7cbfbc0efb 100644`
			`--- a/target/i386/machine.c`
			`+++ b/target/i386/machine.c`
			`@@ -1544,6 +1544,33 @@ static const VMStateDescription vmstate_msr_xfd = {`
			`};`

			`#ifdef TARGET_X86_64`
			`+static bool intel_fred_msrs_needed(void *opaque)`
			`+{`
			`+ X86CPU *cpu = opaque;`
			`+ CPUX86State *env = &cpu->env;`
			`+`
			`+ return !!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED);`
			`+}`
			`+`
			`+static const VMStateDescription vmstate_msr_fred = {`
			`+ .name = "cpu/fred",`
			`+ .version_id = 1,`
			`+ .minimum_version_id = 1,`
			`+ .needed = intel_fred_msrs_needed,`
			`+ .fields = (VMStateField[]) {`
			`+ VMSTATE_UINT64(env.fred_rsp0, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_rsp1, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_rsp2, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_rsp3, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_stklvls, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_ssp1, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_ssp2, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_ssp3, X86CPU),`
			`+ VMSTATE_UINT64(env.fred_config, X86CPU),`
			`+ VMSTATE_END_OF_LIST()`
			`+ }`
			`+ };`
			`+`
			`static bool amx_xtile_needed(void *opaque)`
			`{`
			`X86CPU *cpu = opaque;`
			`@@ -1768,6 +1795,7 @@ const VMStateDescription vmstate_x86_cpu = {`
			`&vmstate_pdptrs,`
			`&vmstate_msr_xfd,`
			`#ifdef TARGET_X86_64`
			`+ &vmstate_msr_fred,`
			`&vmstate_amx_xtile,`
			`#endif`
			`&vmstate_arch_lbr,`
			`--`
			`2.41.0.windows.1`