Re: [PATCH 1/2] KVM: X86: Move ignore_msrs handling upper the stack

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Peter Xu <peterx@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Subject: Re: [PATCH 1/2] KVM: X86: Move ignore_msrs handling upper the stack
Date: Fri, 26 Jun 2020 10:46:57 -0700	[thread overview]
Message-ID: <20200626174657.GF6583@linux.intel.com> (raw)
In-Reply-To: <20200626173750.GA175520@xz-x1>

On Fri, Jun 26, 2020 at 01:37:50PM -0400, Peter Xu wrote:
> On Fri, Jun 26, 2020 at 08:56:57AM -0700, Sean Christopherson wrote:
> > Not really?  It's solving a problem that doesn't exist in the current code
> > base (assuming TSC_CTRL is fixed), and IMO solving it in an ugly fashion.
> > 
> > I would much prefer that, _if_ we want to support blind KVM-internal MSR
> > accesses, we end up with code like:
> > 
> > 	if (msr_info->kvm_internal) {
> > 		return 1;
> > 	} else if (!ignore_msrs) {
> > 		vcpu_debug_ratelimited(vcpu, "unhandled wrmsr: 0x%x data 0x%llx\n",
> > 			    msr, data);
> > 		return 1;
> > 	} else {
> > 		if (report_ignored_msrs)
> > 			vcpu_unimpl(vcpu,
> > 				"ignored wrmsr: 0x%x data 0x%llx\n",
> > 				msr, data);
> > 		break;
> > 	}
> > 
> > But I'm still not convinced that there is a legimiate scenario for setting
> > kvm_internal=true.
> 
> Actually this really looks like my initial version when I was discussing this
> with Paolo before this version, but Paolo suggested what I implemented last.  I
> think I agree with Paolo that it's an improvement to have a way to get/set real
> msr value so that we don't need to further think about effects being taken with
> the two tricky msr knobs (report_ignored_msrs, ignore_msrs).  These knobs are
> even trickier to me when they're hidden deep, because they are not easily
> expected when seeing the name of the functions (e.g. __kvm_set_msr, rather than
> __kvm_set_msr_retval_fixed).

My argument is that it's a KVM bug if we ever encounter do the wrong thing
based on a KVM-internal MSR access.  The proposed change would actually make
it _harder_ to find the bug that prompted this patch, as the bogus
__kvm_get_msr() in kvm_cpuid() would silently fail.

If anything, I would argue for something like:

	if (WARN_ON_ONCE(msr_info->kvm_internal)) {
		return 1;
	} else if (!ignore_msrs) {
		...
	} else {
		...
	}

I.e. KVM-internal accesses should always pre-validate the existence of the
MSR, if not the validity of the MSR from the guest's perspective.

next prev parent reply	other threads:[~2020-06-26 17:47 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-22 22:04 [PATCH 0/2] KVM: X86: A few fixes around ignore_msrs Peter Xu
2020-06-22 22:04 ` [PATCH 1/2] KVM: X86: Move ignore_msrs handling upper the stack Peter Xu
2020-06-25  6:15   ` Sean Christopherson
2020-06-25  8:09     ` Paolo Bonzini
2020-06-25 16:25       ` Sean Christopherson
2020-06-25 17:45         ` Sean Christopherson
2020-06-25 18:44         ` Paolo Bonzini
2020-06-26 15:56           ` Sean Christopherson
2020-06-26 17:37             ` Peter Xu
2020-06-26 17:46               ` Sean Christopherson [this message]
2020-06-26 18:07         ` Peter Xu
2020-06-26 18:18           ` Sean Christopherson
2020-06-26 19:11             ` Peter Xu
2020-06-27 14:24             ` Paolo Bonzini
2020-06-30 15:47               ` Sean Christopherson
2020-07-09 18:22                 ` Peter Xu
2020-07-09 18:24                   ` Paolo Bonzini
2020-07-09 18:34                     ` Peter Xu
2020-07-09 19:24                   ` Sean Christopherson
2020-07-09 21:09                     ` Peter Xu
2020-07-09 21:26                       ` Sean Christopherson
2020-07-09 21:50                         ` Peter Xu
2020-07-09 22:11                           ` Paolo Bonzini
2020-07-10  4:58                             ` Sean Christopherson
2020-06-22 22:04 ` [PATCH 2/2] KVM: X86: Do the same ignore_msrs check for feature msrs Peter Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200626174657.GF6583@linux.intel.com \
    --to=sean.j.christopherson@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=peterx@redhat.com \
    --cc=vkuznets@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.