From: Sean Christopherson <seanjc@google.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Xin Li <xin@zytor.com>, Binbin Wu <binbin.wu@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH v3 4/6] KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel
Date: Thu, 18 Sep 2025 11:33:53 -0700 [thread overview]
Message-ID: <aMxQkRhuEi-SduTH@google.com> (raw)
In-Reply-To: <76499c2e-8ca9-4e5f-9a34-96eec19a5f6d@intel.com>
On Wed, Sep 03, 2025, Xiaoyao Li wrote:
> On 9/2/2025 10:50 PM, Sean Christopherson wrote:
> > On Mon, Sep 01, 2025, Xiaoyao Li wrote:
> > > On 9/1/2025 3:04 PM, Xin Li wrote:
> > > > On 8/31/2025 11:34 PM, Binbin Wu wrote:
> > > > > > We need to inject #UD for !guest_cpu_has(X86_FEATURE_MSR_IMM)
> > > > > >
> > > > >
> > > > > Indeed.
> > > >
> > > > Good catch!
> > > >
> > > > >
> > > > > There is a virtualization hole of this feature for the accesses to the
> > > > > MSRs not intercepted. IIUIC, there is no other control in VMX for this
> > > > > feature. If the feature is supported in hardware, the guest will succeed
> > > > > when it accesses to the MSRs not intercepted even when the feature is not
> > > > > exposed to the guest, but the guest will get #UD when access to the MSRs
> > > > > intercepted if KVM injects #UD.
> > > >
> > > > hpa mentioned this when I just started the work. But I managed to forget
> > > > it later... Sigh!
> > > >
> > > > >
> > > > > But I guess this is the guest's fault by not following the CPUID,
> > > > > KVM should
> > > > > still follow the spec?
> > > >
> > > > I think we should still inject #UD when a MSR is intercepted by KVM.
> >
> > Hmm, no, inconsistent behavior (from the guest's perspective) is likely worse
> > than eating with the virtualization hole.
>
> Then could we document this design decision somewhere?
Yeah, Documentation/virt/kvm/x86/errata.rst would be the place for that.
> I believe people won't stop wondering why not inject #UD when no guest
> CPUID, when reading the code.
>
> > Practically speaking, the only guest that's going to be surprised by the
> > hole is a guest that's fuzzing opcodes, and a guest that's fuzzing opcodes
> > at CPL0 isn't is going to create an inherently unstable environment no
> > matter what.
> >
> > Though that raises the question of whether or not KVM should emulate WRMSRNS and
> > whatever the official name for the "RDMSR with immediate" instruction is (I can't
> > find it in the SDM).
>
> do you mean because guest might be able to use immediate form of MSR access
> even if the CPUID doesn't advertise it, should KVM emulate it on platform
> doesn't support it, to make sure immediate form of MSR access is always
> supported?
No, I'm calling out that as implemented, KVM doesn't support emulating WRMSRNS
at all. Most of me just doesn't care. The only way to encounter WRMSRNS would
be to disable unrestricted guest and execute WRMSRNS in an odd context, or to
force emulation. Adding emulation support just for forced emulation is absurd,
and adding WRMSRNS emulation for !URG is almost as ridiculous.
next prev parent reply other threads:[~2025-09-18 18:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-05 20:22 [PATCH v3 0/6] KVM: VMX: Handle the immediate form of MSR instructions Sean Christopherson
2025-08-05 20:22 ` [PATCH v3 1/6] x86/cpufeatures: Add a CPU feature bit for MSR immediate form instructions Sean Christopherson
2025-08-05 20:22 ` [PATCH v3 2/6] KVM: x86: Rename local "ecx" variables to "msr" and "pmc" as appropriate Sean Christopherson
2025-08-06 15:42 ` Xin Li
2025-08-05 20:22 ` [PATCH v3 3/6] KVM: x86: Rename handle_fastpath_set_msr_irqoff() to handle_fastpath_wrmsr() Sean Christopherson
2025-08-06 15:48 ` Xin Li
2025-08-05 20:22 ` [PATCH v3 4/6] KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel Sean Christopherson
2025-09-01 4:13 ` Xiaoyao Li
2025-09-01 6:34 ` Binbin Wu
2025-09-01 7:04 ` Xin Li
2025-09-01 7:22 ` Xiaoyao Li
2025-09-02 14:50 ` Sean Christopherson
2025-09-02 15:46 ` Xin Li
2025-09-03 4:43 ` Xiaoyao Li
2025-09-18 18:33 ` Sean Christopherson [this message]
2025-08-05 20:22 ` [PATCH v3 5/6] KVM: VMX: Support the immediate form of WRMSRNS in the VM-Exit fastpath Sean Christopherson
2025-08-05 20:22 ` [PATCH v3 6/6] KVM: x86: Advertise support for the immediate form of MSR instructions Sean Christopherson
2025-08-06 15:38 ` [PATCH v3 0/6] KVM: VMX: Handle " Xin Li
2025-08-19 23:12 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMxQkRhuEi-SduTH@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=xiaoyao.li@intel.com \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.