From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Hou Wenlong <houwenlong.hwl@antgroup.com>,
Kechen Lu <kechenl@nvidia.com>,
Oliver Upton <oliver.upton@linux.dev>,
Binbin Wu <binbin.wu@linux.intel.com>,
Yang Weijiang <weijiang.yang@intel.com>,
Robert Hoo <robert.hoo.linux@gmail.com>
Subject: Re: [PATCH v2 46/49] KVM: x86: Replace (almost) all guest CPUID feature queries with cpu_caps
Date: Tue, 9 Jul 2024 12:20:15 -0700 [thread overview]
Message-ID: <Zo2Nb653OcdDge9N@google.com> (raw)
In-Reply-To: <928f893e5069712a6f93c05a167cf43fa166777c.camel@redhat.com>
On Thu, Jul 04, 2024, Maxim Levitsky wrote:
> On Fri, 2024-05-17 at 10:39 -0700, Sean Christopherson wrote:
> > +static __always_inline bool guest_cpuid_has(struct kvm_vcpu *vcpu,
> > + unsigned int x86_feature)
> > {
> > const struct cpuid_reg cpuid = x86_feature_cpuid(x86_feature);
> > struct kvm_cpuid_entry2 *entry;
> > + u32 *reg;
> > +
> > + /*
> > + * XSAVES is a special snowflake. Due to lack of a dedicated intercept
> > + * on SVM, KVM must assume that XSAVES (and thus XRSTORS) is usable by
> > + * the guest if the host supports XSAVES and *XSAVE* is exposed to the
> > + * guest. Although the guest can read/write XSS via XSAVES/XRSTORS, to
> > + * minimize the virtualization hole, KVM rejects attempts to read/write
> > + * XSS via RDMSR/WRMSR. To make that work, KVM needs to check the raw
> > + * guest CPUID, not KVM's view of guest capabilities.
>
> Hi,
>
> I think that this comment is wrong:
>
> The guest can't read/write XSS via XSAVES/XRSTORS. It can only use XSAVES/XRSTORS
> to save/restore features that are enabled in XSS, and thus if there are none enabled,
> the XSAVES/XRSTORS acts as more or less XSAVEOPTC/XRSTOR except working only when CPL=0)
Doh, right you are.
> So I don't think that there is a virtualization hole except the fact that VMM can't
> really disable XSAVES if it chooses to.
There is still a hole. If XSAVES is not supported, KVM runs the guest with the
host XSS. See the conditional switching in kvm_load_{guest,host}_xsave_state().
Not treating XSAVES as being available to the guest would allow the guest to read
and write host supervisor state.
I'll rewrite the comment to call that.
> Another "half virtualization hole" is that since we have chosen to not
> intercept XSAVES at all, (AMD can't do this at all, and it's slow anyway) we
> instead opted to never support some XSS bits (so far all of them, only
> upcoming CET will add a few supported bits).
>
> This creates an unexpected situation for the guest - enabled feature (e.g PT)
> but no XSS bit supported to context switch it. x86 arch does allow this
> though.
next prev parent reply other threads:[~2024-07-09 19:20 UTC|newest]
Thread overview: 185+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 17:38 [PATCH v2 00/49] KVM: x86: CPUID overhaul, fixes, and caching Sean Christopherson
2024-05-17 17:38 ` [PATCH v2 01/49] KVM: x86: Do all post-set CPUID processing during vCPU creation Sean Christopherson
2024-07-05 0:48 ` Maxim Levitsky
2024-07-08 18:46 ` Sean Christopherson
2024-07-24 17:24 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 02/49] KVM: x86: Explicitly do runtime CPUID updates "after" initial setup Sean Christopherson
2024-07-05 0:51 ` Maxim Levitsky
2024-07-09 19:46 ` Sean Christopherson
2024-07-24 17:24 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 03/49] KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX Sean Christopherson
2024-07-05 0:55 ` Maxim Levitsky
2024-07-09 19:58 ` Sean Christopherson
2024-07-24 17:28 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 04/49] KVM: selftests: Update x86's set_sregs_test to match KVM's CPUID enforcement Sean Christopherson
2024-07-05 0:55 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 05/49] KVM: selftests: Assert that the @cpuid passed to get_cpuid_entry() is non-NULL Sean Christopherson
2024-07-05 0:58 ` Maxim Levitsky
2024-07-08 19:33 ` Sean Christopherson
2024-07-24 17:28 ` Maxim Levitsky
2024-11-21 18:57 ` Sean Christopherson
2024-05-17 17:38 ` [PATCH v2 06/49] KVM: selftests: Refresh vCPU CPUID cache in __vcpu_get_cpuid_entry() Sean Christopherson
2024-07-05 0:59 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 07/49] KVM: selftests: Verify KVM stuffs runtime CPUID OS bits on CR4 writes Sean Christopherson
2024-07-05 1:02 ` Maxim Levitsky
2024-07-08 19:39 ` Sean Christopherson
2024-05-17 17:38 ` [PATCH v2 08/49] KVM: x86: Move __kvm_is_valid_cr4() definition to x86.h Sean Christopherson
2024-07-05 1:02 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 09/49] KVM: x86/pmu: Drop now-redundant refresh() during init() Sean Christopherson
2024-07-05 1:02 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 10/49] KVM: x86: Drop now-redundant MAXPHYADDR and GPA rsvd bits from vCPU creation Sean Christopherson
2024-07-05 1:13 ` Maxim Levitsky
2024-07-08 19:53 ` Sean Christopherson
2024-07-24 17:30 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 11/49] KVM: x86: Disallow KVM_CAP_X86_DISABLE_EXITS after " Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-07-08 19:43 ` Sean Christopherson
2024-07-24 17:31 ` Maxim Levitsky
2024-07-25 18:07 ` Sean Christopherson
2024-07-12 7:42 ` Xiaoyao Li
2024-05-17 17:38 ` [PATCH v2 12/49] KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed Sean Christopherson
2024-05-22 5:09 ` Binbin Wu
2024-05-28 18:56 ` Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-07-12 7:51 ` Xiaoyao Li
2024-07-12 13:31 ` Sean Christopherson
2024-05-17 17:38 ` [PATCH v2 13/49] KVM: selftests: Fix a bad TEST_REQUIRE() in x86's KVM PV test Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 14/49] KVM: selftests: Update x86's KVM PV test to match KVM's disabling exits behavior Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 15/49] KVM: x86: Zero out PV features cache when the CPUID leaf is not present Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 16/49] KVM: x86: Don't update PV features caches when enabling enforcement capability Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 17/49] KVM: x86: Do reverse CPUID sanity checks in __feature_leaf() Sean Christopherson
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 18/49] KVM: x86: Account for max supported CPUID leaf when getting raw host CPUID Sean Christopherson
2024-06-19 6:17 ` Yang, Weijiang
2024-06-19 8:07 ` Yang, Weijiang
2024-07-05 1:17 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 19/49] KVM: x86: Add a macro to init CPUID features that ignore host kernel support Sean Christopherson
2024-07-05 1:21 ` Maxim Levitsky
2024-07-08 20:53 ` Sean Christopherson
2024-07-24 17:39 ` Maxim Levitsky
2024-07-08 22:36 ` Sean Christopherson
2024-07-24 17:40 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 20/49] KVM: x86: Rename kvm_cpu_cap_mask() to kvm_cpu_cap_init() Sean Christopherson
2024-05-22 6:23 ` Binbin Wu
2024-05-28 18:54 ` Sean Christopherson
2024-07-05 1:24 ` Maxim Levitsky
2024-05-17 17:38 ` [PATCH v2 21/49] KVM: x86: Add a macro to init CPUID features that are 64-bit only Sean Christopherson
2024-07-05 1:24 ` Maxim Levitsky
2024-07-17 13:31 ` Xiaoyao Li
2024-05-17 17:38 ` [PATCH v2 22/49] KVM: x86: Add a macro to precisely handle aliased 0x1.EDX CPUID features Sean Christopherson
2024-07-05 1:25 ` Maxim Levitsky
2024-07-08 21:08 ` Sean Christopherson
2024-07-24 17:46 ` Maxim Levitsky
2024-07-25 18:39 ` Sean Christopherson
2024-08-05 11:06 ` mlevitsk
2024-08-05 22:00 ` Sean Christopherson
2024-09-10 20:37 ` Maxim Levitsky
2024-09-11 15:37 ` Sean Christopherson
2024-11-22 3:17 ` Maxim Levitsky
2024-11-27 14:38 ` Sean Christopherson
2024-05-17 17:39 ` [PATCH v2 23/49] KVM: x86: Handle kernel- and KVM-defined CPUID words in a single helper Sean Christopherson
2024-07-05 1:28 ` Maxim Levitsky
2024-07-08 21:18 ` Sean Christopherson
2024-07-17 14:00 ` Xiaoyao Li
2024-07-24 17:51 ` Maxim Levitsky
2024-07-25 19:18 ` Sean Christopherson
2024-08-05 11:07 ` mlevitsk
2024-05-17 17:39 ` [PATCH v2 24/49] KVM: x86: #undef SPEC_CTRL_SSBD in cpuid.c to avoid macro collisions Sean Christopherson
2024-07-05 1:30 ` Maxim Levitsky
2024-07-08 21:29 ` Sean Christopherson
2024-07-24 17:54 ` Maxim Levitsky
2024-07-26 23:34 ` Sean Christopherson
2024-08-05 11:11 ` mlevitsk
2024-08-05 21:35 ` Sean Christopherson
2024-09-10 20:37 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 25/49] KVM: x86: Harden CPU capabilities processing against out-of-scope features Sean Christopherson
2024-07-05 1:31 ` Maxim Levitsky
2024-07-09 18:11 ` Sean Christopherson
2024-07-24 17:55 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 26/49] KVM: x86: Add a macro to init CPUID features that KVM emulates in software Sean Christopherson
2024-07-05 1:59 ` Maxim Levitsky
2024-07-08 22:30 ` Sean Christopherson
2024-07-24 17:58 ` Maxim Levitsky
2024-07-27 0:06 ` Sean Christopherson
2024-08-05 11:16 ` mlevitsk
2024-08-05 19:59 ` Sean Christopherson
2024-09-10 20:41 ` Maxim Levitsky
2024-09-11 16:03 ` Sean Christopherson
2024-11-22 3:28 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 27/49] KVM: x86: Swap incoming guest CPUID into vCPU before massaging in KVM_SET_CPUID2 Sean Christopherson
2024-07-05 1:32 ` Maxim Levitsky
2024-07-08 21:37 ` Sean Christopherson
2024-05-17 17:39 ` [PATCH v2 28/49] KVM: x86: Clear PV_UNHALT for !HLT-exiting only when userspace sets CPUID Sean Christopherson
2024-07-05 1:32 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 29/49] KVM: x86: Remove unnecessary caching of KVM's PV CPUID base Sean Christopherson
2024-07-05 1:51 ` Maxim Levitsky
2024-07-09 19:00 ` Sean Christopherson
2024-07-24 17:59 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 30/49] KVM: x86: Always operate on kvm_vcpu data in cpuid_entry2_find() Sean Christopherson
2024-07-05 1:51 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 31/49] KVM: x86: Move kvm_find_cpuid_entry{,_index}() up near cpuid_entry2_find() Sean Christopherson
2024-07-05 1:51 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 32/49] KVM: x86: Remove all direct usage of cpuid_entry2_find() Sean Christopherson
2024-07-05 1:52 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 33/49] KVM: x86: Advertise TSC_DEADLINE_TIMER in KVM_GET_SUPPORTED_CPUID Sean Christopherson
2024-05-22 9:11 ` Binbin Wu
2024-05-28 15:21 ` Sean Christopherson
2024-07-05 2:04 ` Maxim Levitsky
2024-07-09 19:28 ` Sean Christopherson
2024-07-24 18:00 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 34/49] KVM: x86: Advertise HYPERVISOR " Sean Christopherson
2024-07-05 2:04 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 35/49] KVM: x86: Add a macro to handle features that are fully VMM controlled Sean Christopherson
2024-07-05 2:08 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 36/49] KVM: x86: Rename "governed features" helpers to use "guest_cpu_cap" Sean Christopherson
2024-05-22 14:23 ` Binbin Wu
2024-05-17 17:39 ` [PATCH v2 37/49] KVM: x86: Replace guts of "governed" features with comprehensive cpu_caps Sean Christopherson
2024-06-20 2:20 ` Yang, Weijiang
2024-07-05 2:10 ` Maxim Levitsky
2024-07-09 18:30 ` Sean Christopherson
2024-07-24 18:00 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 38/49] KVM: x86: Initialize guest cpu_caps based on guest CPUID Sean Christopherson
2024-06-20 2:24 ` Yang, Weijiang
2024-07-05 2:13 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 39/49] KVM: x86: Extract code for generating per-entry emulated CPUID information Sean Christopherson
2024-07-05 2:18 ` Maxim Levitsky
2024-07-09 0:13 ` Sean Christopherson
2024-07-24 18:00 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 40/49] KVM: x86: Initialize guest cpu_caps based on KVM support Sean Christopherson
2024-07-05 2:22 ` Maxim Levitsky
2024-07-09 0:10 ` Sean Christopherson
2024-07-24 18:01 ` Maxim Levitsky
2024-07-29 15:34 ` Sean Christopherson
2024-08-05 11:16 ` mlevitsk
2024-05-17 17:39 ` [PATCH v2 41/49] KVM: x86: Avoid double CPUID lookup when updating MWAIT at runtime Sean Christopherson
2024-07-05 2:22 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 42/49] KVM: x86: Drop unnecessary check that cpuid_entry2_find() returns right leaf Sean Christopherson
2024-07-05 2:22 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 43/49] KVM: x86: Update OS{XSAVE,PKE} bits in guest CPUID irrespective of host support Sean Christopherson
2024-07-05 2:22 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 44/49] KVM: x86: Update guest cpu_caps at runtime for dynamic CPUID-based features Sean Christopherson
2024-07-05 2:26 ` Maxim Levitsky
2024-07-09 0:24 ` Sean Christopherson
2024-09-10 20:41 ` Maxim Levitsky
2024-09-11 15:41 ` Sean Christopherson
2024-11-22 2:11 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 45/49] KVM: x86: Shuffle code to prepare for dropping guest_cpuid_has() Sean Christopherson
2024-07-05 2:26 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 46/49] KVM: x86: Replace (almost) all guest CPUID feature queries with cpu_caps Sean Christopherson
2024-07-05 2:34 ` Maxim Levitsky
2024-07-09 19:20 ` Sean Christopherson [this message]
2024-07-24 18:01 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 47/49] KVM: x86: Drop superfluous host XSAVE check when adjusting guest XSAVES caps Sean Christopherson
2024-07-05 2:36 ` Maxim Levitsky
2024-07-09 19:15 ` Sean Christopherson
2024-07-24 18:02 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 48/49] KVM: x86: Add a macro for features that are synthesized into boot_cpu_data Sean Christopherson
2024-07-05 2:43 ` Maxim Levitsky
2024-07-09 21:13 ` Sean Christopherson
2024-07-24 18:04 ` Maxim Levitsky
2024-05-17 17:39 ` [PATCH v2 49/49] *** DO NOT APPLY *** KVM: x86: Verify KVM initializes all consumed guest caps Sean Christopherson
2024-05-17 17:54 ` [PATCH v2 00/49] KVM: x86: CPUID overhaul, fixes, and caching Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zo2Nb653OcdDge9N@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@linux.intel.com \
--cc=houwenlong.hwl@antgroup.com \
--cc=kechenl@nvidia.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=robert.hoo.linux@gmail.com \
--cc=vkuznets@redhat.com \
--cc=weijiang.yang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.