From: Sean Christopherson <seanjc@google.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Li RongQing <lirongqing@baidu.com>,
pbonzini@redhat.com, jmattson@google.com, x86@kernel.org,
kvm@vger.kernel.org
Subject: Re: [PATCH][resend] KVM: x86: check steal time address when enable steal time
Date: Tue, 8 Mar 2022 00:57:35 +0000 [thread overview]
Message-ID: <Yiap/zUi2TgGcurq@google.com> (raw)
In-Reply-To: <87sfru9ldk.fsf@redhat.com>
On Mon, Mar 07, 2022, Vitaly Kuznetsov wrote:
> Li RongQing <lirongqing@baidu.com> writes:
>
> > check steal time address when enable steal time, do not update
> > arch.st.msr_val if the address is invalid, and return in #GP
> >
> > this can avoid unnecessary write/read invalid memory when guest
> > is running
Are you concerned about the host cycles, or about the guest triggering emulated
MMIO?
> > Signed-off-by: Li RongQing <lirongqing@baidu.com>
> > ---
> > arch/x86/kvm/x86.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index eb402966..3ed0949 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -3616,6 +3616,9 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> > if (data & KVM_STEAL_RESERVED_MASK)
> > return 1;
> >
> > + if (!kvm_vcpu_gfn_to_memslot(vcpu, data >> PAGE_SHIFT))
> > + return 1;
> > +
>
> What about we use stronger kvm_is_visible_gfn() instead? I didn't put
> much thought to what's going to happen if we put e.g. APIC access page
> addr to the MSR, let's just cut any possibility.
Hmm, I don't love handling this at WRMSR, e.g. the memslot might be moved/deleted,
and it's not necessarily a guest problem, userspace could be at fault. The other
issue is that there's no guarantee the guest will actually handle the #GP correctly,
e.g. Linux guests will simply continue on (with a WARN).
That said, I can't think of a better idea. Documentation/virt/kvm/msr.rst does say:
64-byte alignment physical address of a memory area which must be in guest RAM
But doesn't enforce that :-/ So it's at least reasonable behavior.
prev parent reply other threads:[~2022-03-08 0:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-07 8:16 [PATCH][resend] KVM: x86: check steal time address when enable steal time Li RongQing
2022-03-07 9:12 ` Vitaly Kuznetsov
2022-03-08 0:57 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yiap/zUi2TgGcurq@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=lirongqing@baidu.com \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.