Re: [PATCH RFC 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs()

[Vitaly Kuznetsov <vkuznets@redhat.com>]

Paolo Bonzini <pbonzini@redhat.com> writes:

> On 27/01/20 16:38, Vitaly Kuznetsov wrote:
>>>> If there are no objections and if we still think it would be beneficial
>>>> to minimize the list of controls we filter out (and not go with the full
>>>> set like my RFC suggests), I'll prepare v2. (v1, actually, this was RFC).
>>> One last idea, can we keep the MSR filtering as is and add the hack in
>>> vmx_restore_control_msr()?  That way the (userspace) host and guest see
>>> the same values when reading the affected MSRs, and eVMCS wouldn't need
>>> it's own hook to do consistency checks.
>> Yes but (if I'm not mistaken) we'll have then to keep the filtering we
>> currently do in nested_enable_evmcs(): if userspace doesn't do
>> KVM_SET_MSR for VMX MSRs (QEMU<4.2) then the filtering in
>> vmx_restore_control_msr() won't happen and the guest will see the
>> unfiltered set of controls...
>> 
>
> Indeed.  The place you used in the RFC is the best we can do, I am afraid.
>

In case we decide to filter out the full set of unsupported stuff
there's basically nothing to change, feel free to just treat the RFC as
non-RFC :-) (and personally, I'd prefer to keep the 'full set' in the
filter as it is less fragile; the 'short list' I came up with is the
result of my experiments on one hardware host only and I'm not sure what
may make Hyper-V behave differently).

I can re-submit, of course, if needed.

-- 
Vitaly