From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Joerg Roedel" Subject: Re: [PATCH] SVM: forbid guest to execute monitor/mwait Date: Thu, 22 Mar 2007 11:17:29 +0100 Message-ID: <20070322101729.GC20139@amd.com> References: <20070321184700.GA20139@amd.com> <46023264.4010105@qumranet.com> <20070322095605.GB20139@amd.com> <46025528.5010707@qumranet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: "Avi Kivity" Return-path: In-Reply-To: <46025528.5010707-atKUWr5tajBWk0Htik3J/w@public.gmane.org> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: kvm.vger.kernel.org On Thu, Mar 22, 2007 at 12:06:32PM +0200, Avi Kivity wrote: > Joerg Roedel wrote: > >On Thu, Mar 22, 2007 at 09:38:12AM +0200, Avi Kivity wrote: > > > >>Joerg Roedel wrote: > >> > >>>From: Joerg Roedel > >>> > >>>This patch forbids the guest to execute monitor/mwait instructions on > >>>SVM. This is necessary because the guest can execute these instructions > >>>if they are available even if the kvm cpuid doesn't report its > >>>existence. > >>> > >>> > >>You're intercepting the instructions unconditionally. What about the case where cpuid does > >>report monitor/mwait support? The guest can legitimately use them then. > >> > > > >I prepared a patch for QEmu to handle this but finally not > >submitted it because QEmu does not set the Monitor bit anyway. But you > >are right. It is possible for userspace to set the Montior bit and the > >guest won't be able to use it. > >I think an architecture dependent cpuid mask feature in the kernel would > >solve this problem. I'll prepare a patch for that. > > > > > > I think I'm misunderstanding something. > > Is there actually an AMD cpu that supports monitor/mwait? If not (understandably, having no Yes, the family 10h processors have support for that. > hyperthreading), then wouldn't executing monitor or mwait generate #UD anyway? I don't think > there's need for the cpuid mask as long as setting the monitor bit cannot endanger the > kernel. There is no danger for the host kernel but for the guest. If the userspace sets the monitor bit the guest will receive an #UD when trying to use it. And we don't want the guest to use it because it is not virtualized yet. Joerg -- Joerg Roedel Operating System Research Center AMD Saxony LLC & Co. KG ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV